PDA

View Full Version : Linux distributions: How distanced to the hacker scene are they?



js31
October 13th, 2010, 10:25 AM
Hey guys,

this is something unusual. For long time now I was wondering, how likely it is that a hacker gets exploitable code into the kernel, or some software package.

Let me explain in short, what I mean:
Ok, there's the code of honor and Matrix-spirit, etc., but I've never experienced a hacker really fighting against some state or injustice. Right now WikiLeaks and all the other sites like that endanger the free human rights scene more than anything else, because they catch all the attention with their trashbin of US army-material, and the real activists are endangered to get buried in oblivion. WikiLeaks people use file sharing + anonymization techniques, Tor/onion routing etc.. We human rights people are in fights with the hacker scene about it, because no matter what they say, onion routing indeed hurts us. We can't guarantee the security of our contacts anymore, in the lack of possible reports about it in case we get attacked. And we are kind of broke + starving; no donations, while WikiLeaks can, for illegal material. -

If you engage against hacker groups, the question what system you can trust is essential. So, are there differences in the distributions, how much e.g. Ubuntu/Debian/RedHat etc. check if the packages are clean, and who is working on what, I mean the personal background of staff?

This is the first time I post something like this, so please be fair. I'm online in a few hours again, and will answer replies, then. :)

Thanks / J.

Grenage
October 13th, 2010, 10:27 AM
What?

realzippy
October 13th, 2010, 10:34 AM
what?
+1

js31
October 13th, 2010, 10:37 AM
They say there are no stupid answers. - Well, sometimes they're wrong.

Grenage
October 13th, 2010, 10:41 AM
Your post was a bit.. all over the place. What are you asking? Is the question "How can we be sure that Ubuntu packages are free of malicious code"?

The answer to that would be, we can't - not easily. There is a level of trust involved, and it applies to all software. Short of manually inspecting all source code and compiling it yourself, you can't be sure.

PaulReaver
October 13th, 2010, 10:50 AM
Linuz torvalds himself and the kernel team check every piece submitted to the linux kernel and the ubuntu package maintainers compile the apps from source, the apps are then tested for months in the pre-release version of the distro eg.. natty narwhal

so by the time we get round to using it its pretty much guaranteed safe.




it doesn't answer all you questions but its an attempt at some

js31
October 13th, 2010, 10:52 AM
@Grenage Ok, I take that back. It was more the "+1", because you know how everyone says WikiLeaks is cool as it entertains them, but we have to face the consequences, and then it's not funny, just abuse.

Anyway - my question was, since the scenes seem to be close -> how likely is it that there are ways to hack e.g. Ubuntu, if you got connections?

I guess in a Windows-forum I'd get crongratulations for that question LOL however it's not meant to be...

js31
October 13th, 2010, 10:59 AM
@PaulReaver Thank you, you even hinted to the other problems, that was real nice! <3

I guess it's a very fundamental question, which Microsoft-close companies often kind of use as an argument against Linux.

I want to add, my main concern is, that people misunderstand actions, and feel threatened, so a person way up high might be mislead. I trust Ubuntu, I'm not sure about BSD (because of the people I've met, not generally).

cascade9
October 13th, 2010, 11:17 AM
@Grenage Ok, I take that back. It was more the "+1", because you know how everyone says WikiLeaks is cool as it entertains them, but we have to face the consequences, and then it's not funny, just abuse.

I dont know why you are so against wikileaks. They do good work, and its not just US military they put out info about. If it wasnt for wikileaks, a lot of people in the country where I live would have a different idea about Our Overlords Internet Filter (dear gawds, somebody think of the children!)


Anyway - my question was, since the scenes seem to be close -> how likely is it that there are ways to hack e.g. Ubuntu, if you got connections?

'Hacker scene'? Thats about as fragmented as the 'goth scene'. Possibly more. LOL

There is always the chance that some sort of malware will get into any linux distro. Unlikely, but possible. A better way to get malware into a linux system is by social engineering.

Spice Weasel
October 13th, 2010, 11:49 AM
Don't you mean cracker? I know many Linux 'hackers' that would be offended by you using it as a term for someone that causes damage with their skills.

undecim
October 13th, 2010, 01:14 PM
Don't you mean cracker? I know many Linux 'hackers' that would be offended by you using it as a term for someone that causes damage with their skills.

I often use the phrase "black hat hacker" or simply "black hat" to discern between that and a derogatory term for a caucasian.

But yes. "Hackers" are not the people who write viruses and break into computer systems. That's just a term the media picked up that was already in use that they started using to refer to criminals.

If someone in the Linux community calls you a hacker, you should take it as a compliment. Hackers are like the "go to guys" of writing code. (I'm sure there's a programming joke in here somewhere).

Though it can also refer to anyone who uses technology in an innovative way in which it was not intended to be used. For example, the people that come up with the projects on http://hackaday.com/.

True, that "innovative way" might be something illegal such as gaining access to a SQL database through a flaw in PHP code, and that's where you can be correct calling some cyber criminals hackers, but most of them nowadays just use well-known exploits or methods and don't do any kind of innovation for themselves, simply because it is easier and more profitable.

Mark Phelps
October 13th, 2010, 05:18 PM
Well ... if you make the argument that Linux is safe from "black hat hackers" because all the source code is visually inspected by other folks before it goes into the kernel (and I'm guessing that IS true)...

You could make the same argument for MS Windows -- in which, inside MS, all the source code is undoubtedly inspected by others folks ...

And before you say the second is not true, I should point out that I've been personally involved in commercial software development, both inside and outside large-scale companies, for my entire career (spanning decades) and in ALL cases, source code was "visually inspected by others" long before it made it into the actual product.

So, that being the case, we should NOT be seeing MS "patch Tuesdays" anymore, right? Why? Because all these visual inspectors should have detected the vulnerabilities and weeded them out BEFORE they made it into the final product.

I think the fact that such vulnerabilities still DO exits only serves to demonstrate the weakness of relying on visual inspection to guarantee the correctness of code.

But, hey, it's just my opinion .. and others will vary, I'm sure.

MonolithImmortal
October 13th, 2010, 05:37 PM
ITT: OP misunderstands hackers, wikileaks, and tor.

Are you paranoid that the super 1337 haxorz who add code to the linux kernel work for wikileaks and are going to snatch all your data up? I may have some tinfoil for you.

Your first post really doesn't make any sense at all.

Lucradia
October 13th, 2010, 06:27 PM
I wonder how distanced this is to being locked... (or moved to recurring)

It basically asks, in a nutshell, "Why do people consider Linux an 'operating system' for hackers? Will it continue to be as such? How many people actually consider Linux as such?"

roggenschrotbrot
October 13th, 2010, 06:30 PM
Ok, there's the code of honor and Matrix-spirit, etc., but I've never experienced a hacker really fighting against some state or injustice.
well, you could ask your lokal CCC on this. imo they did a lot for your and mine citizen-rights and to make problems known to the puplic.

Right now WikiLeaks and all the other sites like that endanger the free human rights scene more than anything else, because they catch all the attention with their trashbin of US army-material, and the real activists are endangered to get buried in oblivion.
how so? though the us documents might get a lot of media coverage they publish a lot of other informations as well and reveal a lot of lies by politicians and media.

WikiLeaks people use file sharing + anonymization techniques, Tor/onion routing etc..
true..


We human rights people are in fights with the hacker scene about it, because no matter what they say, onion routing indeed hurts us.
so they should not protect their sources?

We can't guarantee the security of our contacts anymore, in the lack of possible reports about it in case we get attacked. And we are kind of broke + starving; no donations, while WikiLeaks can, for illegal material. -
while i see the problem with lacking founds, attacking wl for their "illegal" content is ********. this content is the whole reason why wl exists, and why it is extremely important. full knowledge on what your government has done and is doing is a basic right every human beeing should be able to life.

If you engage against hacker groups, the question what system you can trust is essential.as your image of "hackers" seems to be a bit off i'd again suggest to contact you local CCC. they can propably give you a pretty good impression on what to use (if you decide to thrust them).

ps: as an human rights activist you should be well aware your enemy aren't some "hackers"

Chame_Wizard
October 13th, 2010, 08:51 PM
Hacker?You mean crackers.

Dustin2128
October 13th, 2010, 09:47 PM
Don't you mean cracker? I know many Linux 'hackers' that would be offended by you using it as a term for someone that causes damage with their skills.
yeah, I kinda was. But you get used to it after a while, sadly.
Most of the hackers I know use either linux or BSD, backtrack linux being the most awesome OS ever for penetration testing. Not quite sure what you're asking though...

bodhi.zazen
October 14th, 2010, 02:25 AM
Hey guys,

this is something unusual. For long time now I was wondering, how likely it is that a hacker gets exploitable code into the kernel, or some software package.

Let me explain in short, what I mean:
Ok, there's the code of honor and Matrix-spirit, etc., but I've never experienced a hacker really fighting against some state or injustice. Right now WikiLeaks and all the other sites like that endanger the free human rights scene more than anything else, because they catch all the attention with their trashbin of US army-material, and the real activists are endangered to get buried in oblivion. WikiLeaks people use file sharing + anonymization techniques, Tor/onion routing etc.. We human rights people are in fights with the hacker scene about it, because no matter what they say, onion routing indeed hurts us. We can't guarantee the security of our contacts anymore, in the lack of possible reports about it in case we get attacked. And we are kind of broke + starving; no donations, while WikiLeaks can, for illegal material. -

If you engage against hacker groups, the question what system you can trust is essential. So, are there differences in the distributions, how much e.g. Ubuntu/Debian/RedHat etc. check if the packages are clean, and who is working on what, I mean the personal background of staff?

This is the first time I post something like this, so please be fair. I'm online in a few hours again, and will answer replies, then. :)

Thanks / J.

If you have to ask ...

Unless you personally wrote the code you can not trust it, better to assume it is vulnerable. This can be mitigated, but never eliminated, if you review the code before you compile it.

Real {white,gray,black} hats trust no one, build from source, and identify the exploits.

MechaMechanism
October 14th, 2010, 04:05 AM
Malicious code has made it into free software projects within the last few years. There was one (can't remember the name) where the source was tainted, but it was caught early and never made it downstream to distributions. If anybody knows who I'm talking about, let me know. It happened within the last 2 years I think.

inobe
October 14th, 2010, 04:33 AM
i didn't read the op's post but only the title because honestly it's an impossible question, over many years "who knows the future" we know now the way we like it "secure" !

linux with a decent de and secure user base system "much easier" to improve rather then some other platforms that are in fact wide open to the equivalent of a freeway, we have something to work with and improve over time.....

that should be all i have to say till of course the devs and community cease to give a damn which i doubt.

Khakilang
October 14th, 2010, 06:24 AM
Hackers to me are people who write code, test it, improve it and find how it works to their ability. However a cracker is a thief who crack your computer system like they crack your safe and steal all your belonging.

js31
October 14th, 2010, 11:03 AM
Thanks for all the cool comments! :) And sorry for me turning up so late, again. I've been sitting over court stuff till 5:00 AM (CET), by far longer as planned. |-)

@cascade9 I agree that there are positive side effects of WikiLeaks, but for us here in Germany (I mean human rights people), projects like WikiLeaks and Pirate Party mean death, because we get beaten up by authorities for what reactions they provoke, and 0 media reports about us in many rural regions. You loose friends, and teeth.
Not that close (I feel you read that between the lines), just - they all accentuate to be with BSD or Linux, so it's - yeah: a fear.

@Spice Weasel I meant cracker, but I used what most people (outside the scene) know, as a term for it all, not to be offensive. peace.
#undecim gets it correctly, here in Germany hacker is a compliment for sure (Matrix1).

@Mark Phelps I agree. btw., little anecdote: I'm an ex "telemarketing specialist" (not really), that's the people who call IT staff to sell development and security tools e.g.. We indeed were the most vulnerable point, all details we got by companies lay open on the desk in an office where 500 minimum wage people had access. :D It's more like duty to me, I want to do all I can to not get hacked.

@MonolithImmortal No, I'm not. Just, I engage against WikiLeaks, and I got in part sensitive data on my PC, that's why I asked, in particular since at the moment, I can't afford all hardware I personally would wish to have in order to make it more secure, though I'm real careful, already. And I wanted some newbies to be able to take part.

@Lucradia That's not my intention. I wanted to bring a question many people in human rights (and officials) have. I believe such a thread is not harmful to Ubuntu, in opposite might clear prejudices countries like Microsoft spread.

(have to take a break/some appointments, I'll continue in ~5 hours)

ssam
October 14th, 2010, 11:05 AM
anyone can check the changes that go into the kernel (or any other open source project). have a look at http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=summary

you would have to be sneaky to get anything in.

there is a commercial source code scanner called coverity. the makers like to scan open source projects and report any bugs they find to the projects, as a way of showing off their software. http://en.wikipedia.org/wiki/Coverity

roggenschrotbrot
October 14th, 2010, 11:40 AM
I agree that there are positive side effects of WikiLeaks, but for us here in Germany (I mean human rights people), projects like WikiLeaks and Pirate Party mean death, because we get beaten up by authorities for what reactions they provoke, and 0 media reports about us in many rural regions. You loose friends, and teeth.

i still don't get it. the human rights movement is not endangered by the civil rights movement, the opposite is true, as there are more people aware of the problem the society faces and develop a healthy distrust tu the authorities. dubious groups like innocence in danger are hurting them. they are catching all the media coverage, they are collection a lot of the donation that would go to real human rights groups instead. i highly doubt wikileaks or the pirate party gain their donations from your traditional supporters pool.

also i don't see what reaction the pirate party is supposed to have provoked, care to elaborate?


I meant cracker, but I used what most people (outside the scene) know, as a term for it all, not to be offensive. peace.
#undecim gets it correctly, here in Germany hacker is a compliment for sure (Matrix1).
unless you are asking at some school yard in germany "hacker" will most likely refer to the chaos computer club. there is a reason why they have such a good reputation, even with rather computer illiterate folks.


ps: looking at yesterdays newspaper i see four different topics on human rights, maybe six or seven articles in total - none on wikileaks or the pirate party.

t0p
October 14th, 2010, 01:31 PM
I am confused by the OP's differentiation between the civil liberties groups and the human rights groups. These groups seem to have an awful lot in common: eg when the civil liberties movement try to protect your civil liberties, they are almost always trying to protect your human rights. They are both on the side of the angels (fairies/elves/protectors of humanity).

I understand the OP's use of the word "hackers" in this context. Originally, "hacker" meant someone interested in something, not computer criminal. However, the term "hacker" has now been co-opted by the media and the general public to mean a computer criminal. Language is an ever-evolving phenomenon, therefore the majority of the public now associate the word "hacker" with "computer criminal". Our specialized use of the term is no longer relevant to most people. In a tech forum sych as this, users should perhaps continue to use the word "hacker" in its original sense. But that ain't gonna happen.

The CCC, Wikileaks, 2600 and others are a force for good, not evil. Just because your government calls those movements "evil" doesn't make it so. And so what if they do? You may lose teeth, but dentures are easy to come by, and NHS dental treatment is free in the UK, if you're an EU citizen.

Being scared of authority is sensible, if that authority is authoritarian. But it is ridiculous to let that fear stop you from doing what is right. Anyone remember "The Flashing Blade"?


You've got to fight for what you want
For all that you believe
It's right to fight for what we want
To live the way we please
------------
As long as we have done our best
Then no one can do more
And life and love and happiness
Are well worth fighting for
------------
And we should never count the cost
Or worry that we'll fall
It's better to have fought and lost
Than not have fought at all
------------
Let's always take whatever comes
And never try to hide
Face everything and anyone
Together side by side
------------
You've got to fight for what you want
For all that you believe
It's right to fight for what we want
To live the way we please
------------
As long as we have done our best
Then no one can do more
And life and love and happiness
Are well worth fighting for
They're well worth fighting for


(with thanks to www.thechestnut.com (http://www.thechestnut.com/flashing.htm))

cascade9
October 14th, 2010, 04:29 PM
To be honest, I'm a bit suprised at the amount of 'dont you mean cracker' comments on here. Personally, I view 'hacker' as a neutral term, neither good or bad.


@cascade9 I agree that there are positive side effects of WikiLeaks, but for us here in Germany (I mean human rights people), projects like WikiLeaks and Pirate Party mean death, because we get beaten up by authorities for what reactions they provoke, and 0 media reports about us in many rural regions. You loose friends, and teeth.
Not that close (I feel you read that between the lines), just - they all accentuate to be with BSD or Linux, so it's - yeah: a fear.

@MonolithImmortal No, I'm not. Just, I engage against WikiLeaks, and I got in part sensitive data on my PC, that's why I asked, in particular since at the moment, I can't afford all hardware I personally would wish to have in order to make it more secure, though I'm real careful, already. And I wanted some newbies to be able to take part.

OK, this doesnt make much sense. there are "positive side effects of WikiLeaks" but still you "engage against WikiLeaks"?

*edit- I'd probably say more about the whole "beaten up by authorities" comment, but I'd be going to political. Lets just say that the (country) police here were called 'brownshirts' up till at least the late 1970s, and are still called that by somepeople now.

@ t0p and roggenschrotbrot- I pretty much agree with what you both said. I think that js31 might have a very meaning for "human rights" to what you do. Check js31s Profile-> Interests, then follow the link to the myspace page.......

js31
October 14th, 2010, 05:32 PM
part2 (try to keep it short by not quoting too much) :)

@roggenschrotbrot I did have contact to CCC people; it's hard to talk to them, many here are ultraconservative when it comes to all things other than hacking. But yeah, they did a lot for IT security, I agree.
What I meant with threat by WikiLeaks (I'm not a political type, and I don't want this post to be, but certainly neccessary to mention these things) is they boost stories leaked to them. However, behind every single one is an intention. Anti-American stuff hurts us, because it distracts people from problems where they live. But the people who care find themselves without the publicity they'd need to give their contacts a feeling of safety. In my opinion, Onion routing right now is more damage than protection, because there are ethics in authorities. These officials don't want to bring you down with spy tactics, that would be no fun. This sort of convention could be at risk if one side takes use of such methods.
You're absolutely right that my image of hackers has suffered over disappointments>more harm than cooperation, it seems to me.

@bodhi.zazen @MechaMechanism Thank you, expressed exactly what I feared when writing the first post.

@inobe To be true, I was very unsatisfied with the title, but couldn't find a better one. What I wanted with that was to express the question most people have who were told you can't trust, and through the heading I wanted to provoke the opposite, hints that there is very much safety and awareness. I figured that the special requirement could be of interest to others. When you file a complaint against an underground-project, you have to signal honestly+very directly, but it may sound different to e.g. a cracker, potentially to be misunderstood. What you wrote, I too believe in, that open source is more secure, esp. in the mix with solid company-backing as in case of Ubuntu.

@Khakilang Good you said that in case others don't know. Interesting the direction inbetween, like cascade9 pointed out at the beginning, social influencing and cooperation.

@ssam Didn't know about Coverity, thanks! :) Brings up another question: After the breach by Chinese hackers in many companies, one could be better off with open solutions? I mean, how likely is it that all the millions of lines company code get completely checked by a limited staff of engineers, with the presure today to fire new versions showing phantastic features every year?

@roggenschrotbrot(2) I'd define human/civil rights pretty much the same, with the difference that the second is understatement, you don't want to be quoted saying your country has "human rights violations", that would sound insane. The people I worked with had no common term for themselves. Disillusion, e.g. divorced or other hardships, kind of collides with naive+riskless demonstrations. You're absolutely right about that, WikiLeaks' supporters are not typical for the more humanistical people, but they catch so much attention everything else dies. To be fair (as you wrote), they're just the newest branch. Pirate Party (I hope this not to seem a political statement, I hate politics) chooses the same tactics as these student young PR-groups, they have "innovative concepts" = and others alledgedly not. It wouldn't be fair to not mention this, that's why I brought it.

unless you are asking at some school yard in germany "hacker" will most likely refer to the chaos computer club. there is a reason why they have such a good reputation, even with rather computer illiterate folks.
Yeah, I agree. Funny story to that, inbetween: I once called them. Our agency had made a mistake and picked the wrong (cheap) address CD without telling us, automated dialer... So I called to sell a pricy certificate for the company CCC just had driven a SSL registration campaign against, because they saw our contractor having way too high rip-off prices. Well, what should you do, you're in the call with some CCC guy, and already named the company. But the guy was so high, he didn't even get the irony! :D


ps: looking at yesterdays newspaper i see four different topics on human rights, maybe six or seven articles in total - none on wikileaks or the pirate party.They're inbetween, since next WL release around the corner, then such stuff comes up; in the messy rural media purposely the naive things.

roggenschrotbrot
October 14th, 2010, 06:07 PM
@roggenschrotbrot I did have contact to CCC people; it's hard to talk to them, many here are ultraconservative when it comes to all things other than hacking. But yeah, they did a lot for IT security, I agree.
reducing them to it security doesn't realy get it covered. shure they, as anybody, might have their view narrowed down to their "own" topics, but in the result they achive a lot for your civil rights.

What I meant with threat by WikiLeaks (I'm not a political type, and I don't want this post to be, but certainly neccessary to mention these things) is they boost stories leaked to them. However, behind every single one is an intention. Anti-American stuff hurts us, because it distracts people from problems where they live. But the people who care find themselves without the publicity they'd need to give their contacts a feeling of safety.
maybe wikileaks have an agenda on what they release and what not, who hasn't? nevertheless reducing wikileaks to ant-americanism is shortsighted, as germany for example gets a lot of coverage as well. of curse news on other countrys sell better, as nobody has to feel bad. but you can't honestly expect an unbiased media coverage by springer or berthelsmann, can you?

In my opinion, Onion routing right now is more damage than protection, because there are ethics in authorities. These officials don't want to bring you down with spy tactics, that would be no fun. This sort of convention could be at risk if one side takes use of such methods.
distrust for the government is the base of democracy, and there can't be a civil/human rights movement if there is no civil disobedience. private communication and free jurnalism, including pretection for your sources/informants _are_ human rights. if you have to use onion routing and encryption to protect your rights, there is absolutely nothing wrong with it!

I'd define human/civil rights pretty much the same, with the difference that the second is understatement, you don't want to be quoted saying your country has "human rights violations", that would sound insane.
why? "my" country is violating human rights as we speak, why shouldn't i speak about it?

The people I worked with had no common term for themselves. Disillusion, e.g. divorced or other hardships, kind of collides with naive+riskless demonstrations.
demonstration have never been riskless, nor are they naive.

You're absolutely right about that, WikiLeaks' supporters are not typical for the more humanistical people, but they catch so much attention everything else dies. To be fair (as you wrote), they're just the newest branch. Pirate Party (I hope this not to seem a political statement, I hate politics) chooses the same tactics as these student young PR-groups, they have "innovative concepts" = and others alledgedly not. It wouldn't be fair to not mention this, that's why I brought it.
without getting too political here, but how do you intend to change things without caring for the politics behind?

Cobracommand0
October 14th, 2010, 06:18 PM
:popcorn:

perspectoff
October 14th, 2010, 06:20 PM
I have a completely different take on the question.

A zero-day exploit is one in which a defect in the software code is discovered by a very smart programmer and then exploited maliciously before anyone else discovers the vulnerability.

If there were no such possibilities in Linux code, then there would be no need for "bug updates" and "upgrades".

I'm not at all in line with the "ostrich-head-in-the-sand" advice of people who assert that Linux is free from the possibility of zero-day attacks just because the code is reviewed by multiple eyes.

In reality, there are actually very few people who are able to review all the Linux code adequately.

There are indeed reasons to use firewalls to limit backdoor transmissions. There are indeed reasons to limit permissions to certain users. There are indeed reasons to monitor port traffic.

Hey, if you are merely a game player and a facebook blogger, who cares?

But if you have critical files on your computer, one has to be circumspect about what apps are allowed to run "willy-nilly" without supervision.

An increasing number of apps are installed as Linux binaries, or from unsupervised PPAs, or even from private repositories not supervised by anyone from the Linux world.

It doesn't matter how many people are examining the Linux kernel if an app that is not part of the Linux kernel provides the security breach.

So guard your daughters, close those firewalls, and watch your port traffic. Backdoors exist in the Linux world, too.

Personally, I install two (K)Ubuntu Linux partitions. I use one for games and relatively insecure stuff, and one for secure stuff. That way I limit the risk of backdoors in my secure installation to apps that are more likely backdoor free (such as those checked by the kernel team).

js31
October 14th, 2010, 06:47 PM
@t0p Yes, it's confusing since I rather mean engaged officials, professors etc., people in the background, humanists, intelligence contacts, than organized groups.

I'm also not sure with the hacker terminology, many people today use terms as they feel they might apply, often overseeing the deeper connotations. There's no way around it other than to use the same, and correct in the threads? =)


The CCC, Wikileaks, 2600 and others are a force for good, not evil. Just because your government calls those movements "evil" doesn't make it so.
They have good intentions, what we (>people like...) fear is them overseeing the back-side of ideology, if they get chances because some people use them. So they are easy to manipulate, and it gets rather political too soon. If you want to reach safety for clients e.g. you feel bad if you see WL picking one big issue and that's it. Means others have to fill the gap, but how? I once wrote a text about feelings/linux at university, perhaps explains better what I mean -> http://my.opera.com/js27/blog/show.dml/3112614

That's beautiful what you wrote, one should always be true and never give up. <3
Problem for many is, the heath problems get so triggering each other that they have to change their life and income situation, like a devil's circle. I should have said that, the sort of when medicals speak their mind openly, that you should consider change or somewhen face stomach cancer, third teeth, etc.

@cascade9
To be honest, I'm a bit suprised at the amount of 'dont you mean cracker' comments on here. Personally, I view 'hacker' as a neutral term, neither good or bad.
+1 Perhaps we are all concerned about the climate becoming more restrictive?

OK, this doesnt make much sense. there are "positive side effects of WikiLeaks" but still you "engage against WikiLeaks"?
Yes, some profit, but not us, that's what I mean. - You named it lateron, different approaches to human rights, detected very good! Ideal would be a world without political opinions, just people trained to care/being neutral, and no fights.

@roggenschrotbrot
reducing them to it security doesn't realy get it covered. shure they, as anybody, might have their view narrowed down to their "own" topics, but in the result they achive a lot for your civil rights.
It was more a hint on experiences. Quite a few I met were so tough on others, and you say to them: Guys, you name yourself after "chaos", do you really want to say I should write accurate new orthography? LOL


maybe wikileaks have an agenda on what they release and what not, who hasn't? nevertheless reducing wikileaks to ant-americanism is shortsighted, as germany for example gets a lot of coverage as well. of curse news on other countrys sell better, as nobody has to feel bad. but you can't honestly expect an unbiased media coverage by springer or berthelsmann, can you?I I What I meant was, the moment you go life, it has consequences, and there is no game, just like with software. People should talk to each other, before, and do what's neccessary to carefully integrate this new program. What I see is them having fun, and there is a price for that, as you waste chances, or provoke.


if you have to use onion routing and encryption to protect your rights, there is absolutely nothing wrong with it!
I never had the feeling it brought me somewhere. The hot things you never write emails about, you talk in person. I'm more the type -> as soon as I can afford it, to use a commercial proxy service.


why? "my" country is violating human rights as we speak, why shouldn't i speak about it?
Because this could be used to say one's paranoid or craving for attention. Just as a precaution. Civil rights sounds a bit like Martin Luther king and people remember this peaceful movement; if so, that's real cool. <3


demonstration have never been riskless, nor are they naive.
Compared to "in the background", it might seem not so dangerous. -> The emotional feelings of people way up, easily to hurt so that they turn away and say it's not worth it.


without getting too political here, but how do you intend to change things without xaring for the politics behind?
If I understand your (interesting!) question correctly - maybe a religious thing. Groups which have no between personal responsibility and official, instead non-dialectic style. That's of course a problem, because democracy (though only in the definition of evil politology) is believed to work like that: people fight and out comes something moderate, theoretically. The other approach would be to try care, professional training for human rights as second branch of politics (a bit like open source in software) telling people how to avoid wounds=no need to hurt, etc.. Till then, careful oldstyle talks in the background, and when it's ready, one decisive demonstration people will remember much longer. I have to admit, sounds idealistic, but in my impression, it already works, networks of trust. After 13 years school one gets kind of suspicious about conflicts being really neccessary as they said.

js31
October 14th, 2010, 06:53 PM
@perspectoff Thanks for this great posting! <3

98cwitr
October 14th, 2010, 07:11 PM
Hack the planet! I am in opposition to the OP. Hackers gonna hack, s0n

If you engage against hackers, you will be perma-pwn3d...let's play with fire and see what happens ;)

roggenschrotbrot
October 14th, 2010, 07:18 PM
It was more a hint on experiences. Quite a few I met were so tough on others, and you say to them: Guys, you name yourself after "chaos", do you really want to say I should write accurate new orthography? LOL
if it would be for names pretty much all of our political parties would have to be abolished ;)


I I What I meant was, the moment you go life, it has consequences, and there is no game, just like with software. People should talk to each other, before, and do what's neccessary to carefully integrate this new program. What I see is them having fun, and there is a price for that, as you waste chances, or provoke.
the thinking should happen before the things reported on happen. it is never wrong to point your fingers at problems, it causes far more damage if everybody is quite about it. it is right to ask for wikileaks papers to be autonomous,


I never had the feeling it brought me somewhere. The hot things you never write emails about, you talk in person. I'm more the type -> as soon as I can afford it, to use a commercial proxy service.
i was born in the former gdr, and my father wasn't quite your perfect citizen. i have seen the stasi-documents on him and my family, so i do indeed care about my privacy. there is no grey-zone in privacy.

why would you thrust a comercial service btw?


Because this could be used to say one's paranoid or craving for attention. Just as a precaution. Civil rights sounds a bit like Martin Luther king and people remember this peaceful movement; if so, that's real cool. <3
if you don't call things by their name because you are afraid of the reactions you have allready lost imo.


If I understand your (interesting!) question correctly - maybe a religious thing. Groups which have no between personal responsibility and official, instead non-dialectic style. That's of course a problem, because democracy (though only in the definition of evil politology) is believed to work like that: people fight and out comes something moderate, theoretically. The other approach would be to try care, professional training for human rights as second branch of politics (a bit like open source in software) telling people how to avoid wounds=no need to hurt, etc.. Till then, careful oldstyle talks in the background, and when it's ready, one decisive demonstration people will remember much longer. I have to admit, sounds idealistic, but in my impression, it already works, networks of trust. After 13 years school one gets kind of suspicious about conflicts being really neccessary as they said.
religions are about as political as it gets. you can't just establish a parallel society ignoring politics, as politics are an integral part of every society. every civil movement is indeed a political one.

mainerror
October 14th, 2010, 10:26 PM
Linus Torvalds

Corrected that for you. :)



@MonolithImmortal No, I'm not. Just, I engage against WikiLeaks, and I got in part sensitive data on my PC, that's why I asked, in particular since at the moment, I can't afford all hardware I personally would wish to have in order to make it more secure, though I'm real careful, already. And I wanted some newbies to be able to take part.

This might be a military sentence too. "If you don't want to get attacked don't draw attention." Reworded. "The louder you scream the higher the chance to get heard."

Basically I want to say that if you don't draw attention chances are better not to get hacked.

Noz3001
October 15th, 2010, 12:33 AM
The "don't you mean cracker" comments are annoying. A hacker is someone who reverses or "hacks" the code of a program, eg. the kernel. So


hacker gets exploitable code into the kernelIs entirely correct.

js31
October 26th, 2010, 02:44 PM
I guess the subscription notifications got stuck in the spam filter - just saw your answers, sorry for reply 1week+!


it is never wrong to point your fingers at problems, it causes far more damage if everybody is quite about it. it is right to ask for wikileaks papers to be autonomous,
I wished the one had first given the material to CID -> if nothing happens then, more understandable to use other means (conflict of conscience). Without haven done that, it might taste like a game, and makes things like filesharing a bit political. Weak comparison, but many people sympathize with linux partly because of the unfair market competition by Microsoft; the other way around and it is harder to defend, if friends say "Why don't you just buy a used Windows XP for 10€?! You just waste loose time!". I mean, if you don't have the energy to become a hacker yourself, and people either would expect that or you saving your time using Windows.


why would you thrust a comercial service btw?
(respect/what you wrote about your family!)
I trust companies because those I've known, they cared and had a financial standing to do so without, you know, risk of sudden existential pressure, so were continuously able to ensure that.


if you don't call things by their name because you are afraid of the reactions you have allready lost imo.
True. Just, all I've seen who tried have suffered because today people can be a bit over-the-top convenient in their prejudices, I kind of fear that. The other way so far rarely been gone, because one would expect that from science, it's their work. If there's a vacuum (scientists jsut naming problems without intention to accentuate them sufficiently though they should), the ideological questions flow into all kind of things, e.g. also this thread. (: And software is of such importance that people associate with it aspects like security more than perhaps neccessary?


religions are about as political as it gets. you can't just establish a parallel society ignoring politics, as politics are an integral part of every society. every civil movement is indeed a political one.
cool! Little idea: Churches tend to be political, cults (definition: smaller churches/all religions are cults) less. Sounds strange, but true. Open Office thanks to dependency (Sun/Oracle) is more political than the RTF and source code editors. Some cults completely avoid politics, for them personal integrity doesn't allow it. That would be the real humanists/open source free of how one sees this world?


This might be a military sentence too. "If you don't want to get attacked don't draw attention." Reworded. "The louder you scream the higher the chance to get heard."
Right, and I realized it before posting this thing. Perhaps one of these situations when your are hopelessly overnightied (most of us), has problems with conscience (because never wanted to), and then things come to light which normally you wouldn't talk about, though included by nature. I considered to send a PM to the moderator saying it would be absolutely ok for me if this thread deleted, as I wasn't sure myself about the whole thing. But I agree, normally one shouldn't even say what OS used. - Strange, that the openness of encryption methods doesn't really make sense to the user, I mean saying what software he engaged. When I posted it I was full of doubts, and I guess the thread reflects these typical ones a bit. Some people don't realize that Windows had been developed by hackers, just the market behavior is mean enough to trust? ;)

@ Noz3001 Thank you. :)
To be honest, I wanted to kind of try diplomacy, to avoid this discussion, but it didn't feel good. I also meant hacker.

Old_Grey_Wolf
October 27th, 2010, 01:07 AM
I didn't read every reply, so excuse me if the points I make have already been stated.

If you are asking if someone can use Linux for hacking, the answer is yes. However, any OS can be used for hacking. There are security engineers that do intrusion and fuzz testing using tools that run on several OS environments.

If you are asking if someone could slip some malicious code into an OS to collect data, then send it to a remote server, the answer is that they could; however, it will probably be detected. For example:


I was running the Beta of Windows 7 in a virtual machine. I was monitoring my network using EtherApe, and I saw a frequent connection to a server. I blocked the IP address in my firewall. That caused the Beta of Windows 7 to crash. I removed the block in my firewall; however, I used Wireshark to sniff the packets sent to that IP address, and did a whois on the IP. What I discovered was the IP was a server Microsoft was using to collect data on crashes of the Beta software. The packets were sending information to Microsoft identifying if the computer was shut down by the user or if it was a crash. It was not malicious in any way. I LOL'ed because blocking their crash collecting server caused the OS to crash.

Any OS has vulnerabilities. They can be exploited by vulnerabilities in the applications that are installed on them. I feel that the Linux kernel is written well for defending against them; however, a user with root or sudo privileges can install whatever they what on the computer.

phrostbyte
October 27th, 2010, 02:40 AM
To get malware directly into Ubuntu, you'd need Ubuntu's private key and/or covertly become a Ubuntu developer and upload malware to the repository. It's certainly possible, but you'd probably get caught quickly and could end up in jail.

js31
November 2nd, 2010, 01:05 PM
@phrostbyte Yes, that was my fear, someone temporarily accessing repositories/the file servers at Debian's. Though very unlikely to happen/professional ethics.


What I discovered was the IP was a server Microsoft was using to collect data on crashes of the Beta software. The packets were sending information to Microsoft identifying if the computer was shut down by the user or if it was a crash. It was not malicious in any way. I LOL'ed because blocking their crash collecting server caused the OS to crash.
:biggrin:

Reminded me of something. -> Once had the pleasure to be in a meeting with employees of a certain software corporation our agency worked for. The marketing guy wanted to copy us material on an USB stick. Having trouble to open the welded plastic package around it said: "Why on earth do these tiny things require a CD+box?!" - A salesman from our team replied in a mix of dry-witted and provocative gesture:
"It's because of your OS [version=year] ..." :tongue:

Renée Jade
November 3rd, 2010, 03:22 PM
The real question is, has anyone really been far even as decided to use even go want to do look more like?