I apologize in advance for the subject and length of this reply. I debated
just letting things pass without comment. But, security has many levels. And
the first level is recognition of the threat.
Whether we recognize it or not. Whether we agree of disagree with the politics
that lie beneath this situation or not; Whether we consider this a
non-technical issue or not; By virtue of our employment we are all
involuntarily caught up in a global conflict between the agents of extremely
powerful states versus the talents, minds and beliefs of principled
individuals. For better or for worse the chosen battleground is the software
we use and the hardware we run it upon.
It is my belief that we as a community are not well served by individuals that
decry every attempt to highlight the fundamentally terrible positions our
governments have placed us in.
On Fri, October 10, 2014 13:33, William Woods wrote:> So claim made, nothing to back it up. Got it.
>
> all I need to say is
BASH , OpenSSL
..>
> I am sure there are more.
>
> But really, if you are going to claim something, at least be willing to
back
> up what you claim is that asking to much ?
>
Of course, plausible deniably is the standard MO when a government does
something that even their own subject populace would take exception to. That
said one must give thought to the reality behind the following well documented
controversy that goes back to 1999:
https://en.wikipedia.org/wiki/NSAKEY
But more recently we have:
http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data
and this:
http://techcrunch.com/2014/05/13/nsa-docs-detail-efforts-to-collect-data-from-microsofts-skype-skydrive-and-outlook-com/
This sort of publicity is sort of bad for business, which is really, really
starting to bite the U.S. tech giants. So we now have these 'stand-up and
be
counted' responses like the following:
http://www.cnn.com/2013/12/05/tech/web/microsoft-nsa-snooping/
http://www.wired.com/2013/12/microsoft-nsa/
Which are about as trustworthy as . . . well, I cannot think of anything
off-hand that I would consider as untrustworthy as the public statements of a
corporation gagged by a secret court and suffering economically from the
public revelations of that fact.
After, what we have in the U.S. (and the rest of the AABCNZ / 5-eyes network
for that matter) at the moment is a totally out-of-control, irresponsible, and
self-righteously belligerent security apparatus that is milking billions of
dollars annually out of their populaces. Its leaders and employees have
suborned the courts, committed perjury, and repeatedly and egregiously
violated the very constitution (where such exist, the UK being a notable
exception) that as public officials they are sworn to uphold.
This consortium has accumulated a vast collection of private data on every
present, past, and probably future elected official in the U.S.A.; and quite
likely of the rest of the world as well. I am not sure that such capability
in the hands of people shown to put institutional interests above the law
bodes well for public oversight.
Of course, maybe suggesting a tinfoil hat for everyone who ponders the
implications of all in public this will make all of that unpleasant stuff just
go away. When one cannot or will not address the central issue then attack
the credibility of the opponent. Call for evidence and then dismiss it out of
hand when confronted with it. Old news, shall we say. Never mind that
dismissive response begs the question that these thing have happened and
continue to happen.
Personally, I am beginning to wonder just who employs "William Woods"
<woods.w at gmail.com>. A nice nondescript name with no signature block
from an
anonymous email address. Maybe he is a tinfoil salesman?
Anyone who attended the C3 Congress in Berlin this past December was exposed
to an awful lot information and revelations from some highly respected privacy
advocates. They were also made aware of the fact the various agencies
actively monitor and participate in a range of online forums, including
technical mailing lists and MMOGs.
Given CentOS's importance to the information infrastructure of todays
business
and scientific communities (about twice as many servers run CentOS than RHEL
http://constantmayhem.com/ty-stuff/linuxsurvey/2013.html) it would not be
surprising to me to discover one or more of said individuals skulking about.
And, one has to admit, casting doubt upon and disparaging lines of enquiry
into things contrary to their employer's interest might be among their
assigned jobs.
Not that Mr. Woods is one of these mind you. He could very well be just be a
mailing list troll of the everyday garden variety. Or, perhaps, he is a
RedHat employee that takes any implied criticism of his employer a little too
personally.
Whatever the case may be it is interesting that:
1. W. Woods first posted to the mailing list (under that name) this past July.
2. He has an utter fascination with things to do with SystemD and its
detractors. Indeed that was the subject of his first post.
3. He has never asked, answered or added to a question of a technical nature
in such a fashion as to provide a proposed solution or elaborate on a
constructive approach to a problem.
4. The vast majority of his postings can, with the most charitable
interpretation, be considered as snide deprecation of people who express
opinions that he evidently feels compelled to comment on. Usually having to do
with security. And without actually contributing anything in the way of useful
information.
I am just saying, sometimes paranoia is induced by other people's behaviour,
not by any internal mental defect.
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3