Segment Suggeston: OutlawCountry


#1

I keep hearing about this…from non tech and Gnu/Linux sources mostly (more the “tinfoil hat” crowd). I’m curious if this is what Torvalds meant when he said no but nodded his head in the affirmative when asked
https://youtu.be/dGMPDBITApQ
and do distributions such as Trisquel and Parabola scrape the module from the kernel. Alternatively, is it all bunk?

//edit: can’t spell worth s_ _ t :frowning:


#2

The question wasn’t “does Linux have a backdoor”, it was “have any of you been approached by the US for a backdoor”. There’s a difference between federal agencies requesting backdoor access, and it being granted and implemented.


#3

Well, yeah, I haven’t seen any source for how the module got there either. Also, one must admit that was a rather humorous answer and humour can be used as deflection. I honestly don’t know, which is why I’m just speculating with the questions I personally have regarding OutlawCountry (i.e. did distros like trisquel, debian, and parabola get rid of it when they got rid of proprietary blobs?) and suggested it as a topic for the show. The preceding post was the questions I have as a non-technical user, I’ve posted this in general chit chat because I’m assuming people actually versed have more. I’ve read a few things from the FOSS related blogosphere but more from tin foil hat sources. Actually, that leads to another question; Because we are so decentralized (which I LOVE about GNU/Linux ! :)) is there a duty of care to address subjects like CIA planted modules even more so than in the proprietary software world (yup, I get how weird that sounds given the context) ?


#4

What module(s) are you talking about?


#5

Oh, Here’s a direct link to wikileaks.


#6

Ah, OK, I know what you’re talking about now, sorry.

Got where? From what I can tell, this is a kernel module that is installed after you’ve owned a machine (needs root access) and is only functional on a stock CentOS 2.6 kernel. It’s not shipped with CentOS, it’s something that has to be introduced to a system like any other malware.


#7

Oh no, I don’t think it was a case of Whitehurst saying “Sure, I’ll ship this for xyz dollars HA HA HA! >:D” either and certainly did not mean to imply anything of the sort! It is malware.

But I do realise that the source is a leaked operators manual and in no way do I consider it a complete snapshot of the situation (First rule of paranoia: There is always more than what you can confirm ;)).

If anything, I see this as an opportunity though. What are the dependencies?, are they in the proprietary blobs? (how would anyone know?) and is running a fully Free distro an assurance you can take comfort in? Actually, reaching out to Ruben from Trisquel on this topic to see if they’ve looked into it at all would be interesting (actually again, Ruben as a guest would be entertaining in itself :))


#8

The dependencies seem to be “do you run a 2.6 kernel and iptables”, nothing more. Not sure where the chat about binary blobs is coming from.


#9

Tee hee, at the risk of sounding like a 4 year old, but whhhy? and how? Now, by no means would I be able to tell any of that by looking at the code (available? where? those are some more questions) but I do rely on the kindness of strangers to satisfy my curiosity (i.e. Garrett’s blog and sources like the show) when something catches my interest. I dunno, just thought it would be an interesting show topic.


Please respect our code of conduct which is simple: don't be a dick.