Re: Exactly how vulnerable are unsupported versions of Ubuntu?
Originally Posted by
whitesmith
I trust FOSS because there is no central source for a government to coerce into complicity. Say, for instance, you're the NSA and you want to compromise implementation of the PKS in Linux. Who do you turn to for help? Linux is the work of a community, not a company, so carrots and sticks are useless. Even--and this is probably the extreme limiting case--you could persuade Torvalds to cave in the name of "national security" or some such bugaboo, that would have no effect on developers around the world tasked with maintaining the PKS piece. Compare that with the NSA's "black room" at AT&T's San Francisco switch. The NSA asked. AT&T complied. All traffic carried by that network went through the filter, whose existence only became public knowledge after the Justice Department mistakenly put defense lawyers on a cc list in an unrelated FOIA matter. Central points of management are easily exploited. Distributed management makes funny business immeasurably more difficult. That is what I like about Linux.
I'm not saying I don't trust FOSS. I'm saying there's no guarantee of anything, however unlikely it may seem you can not exclude the possibility.
If even some "standard" encryption algorithms have been compromised how can we know anything for sure?
And maybe I should have said: I doubt it that there are no backdoors ON Linux instead of IN Linux.
Let's assume linux itself is "safe". How can I be sure that Opera, the browser I'm writing this in is not compromised? How do I know my filezilla isn't? How can I find out if my router is? How about my nvidia drivers? My flash player? Maybe some of the chips on my mobo even? My networking card/chips? There are so many variables that it's impossible to know anything for sure.
How can I feel so much more secure on Linux now that we know that SSL/https and the whole shebang is already compromised? Now that we know AT&T/intel/google/facebook/microsoft/yahoo ... the list goes on... are all in bed with "the enemy"?
Being on Linux may give a lot of people a false sense of security, just like running viruscheckers, anti-malware programs and a lot of other security measures do. Encrypting my drive or some directory knowing that the encryption is probably compromised doesn't make me feel more secure anymore. So why would I even bother anymore?
Linux is just one element in this complicated and complex equation.
And let's be honest and realistic, linux and ubuntu also have their share of security fixes and therefore security issues, despite all the code monitoring and all the checking and double checking that would - according to you - protect us.
Never underestimate the enemy
Last edited by Mephisto Pheles; September 13th, 2013 at 06:32 PM.
Stick 'em up Punk it's the fun lovin' criminal! (FLC)
The higher you soar, the smaller you seem to those who cannot fly. (Nietzsche)
Bookmarks