TdR is the Gordon Ramsey of UNIX. Mad Skilled but he goes APESHIT whenever he sees something he doesn't approve of.
But if you take code and change the authors license that's stealing. Just because you don't like their license to begin with doesn't make it OK. Unless the license was written in such a way that it was permitted to permanently relicense the code and derivative works Theo was in the right here.
The real question is actually, why are so many people stubbornly sticking to gcc when clang has surpassed it in pretty much every way.
I'm all for replacing GCC. Does clang handle all the GCC extensions to C yet? Or is the (better) approach of getting rid of them being taken instead? The last I heard it was still a bit of a mess.
Yep and also the Consulate is legally US territory anyway so they can put what the hell they like on the roof.
But is the air space? I mean if a private jet happened to fly over a city would it need permission from every embassy it flew over? I don't think that's even clear in anyone's law.
Obviously flying 60 meters over a US building is a political stunt anyway. If they want high resolution photos they can take them from the ground and from higher up.
That's a good point actually. The Germans, The British empire, the Ottoman empire, The Roman Empire, and many others, either learned from their mistakes or fell apart. The lesson is you can beat down all comers for a while but you can't do it forever. This is the lesson the US Empire is going to learn.
They taught me about the balance of power. If the stalemate between Russian and the US ever became too lopsided the bigger side would began subjugating other countries to it's side and looting the world. Guess what happened? The US did exactly that.
This is rather insightful, but doesn't stand merit on it's own. Can you find other instances of Linux seemingly deliberately weakening Linux security mechanisms?
Can I find? Maybe. Will I? Hell no! Have you seen the size of the kernel these days? And the size of the LKML? You're asking me to move mountains.
It seems more likely Linus was just plain wrong rather than in the pocket of the NSA. Linus really should have known better then to trust an untrustworthy source of entropy but everyone is stupid every once in a while.
The thing is it always breaks things in ways that make it look like the problem is elsewhere. If system calls returned ESELINUXSAYSNO instead of hiding behind other error messages it would be less of a nightmare.
SElinux causes all kinds of random breakage even on tools that come with the distribution. The last one I got was CentOS 6.4 when SSH would not allow root to login unless the daemon was started manually. Nothing was logged in dmesg or/var/log/messages. strace and ssh debugging gave me nothing to hint at the problem. It looked exactly like sshd was misconfigured, which it wasn't.
SELINUX is unworkable in practice with maybe only a few exceptions. There is no reason it's enabled in any distro.
Point 1 - You're right of course. OpenBSD uses gcc too and it's unknown how much we can trust CPUs made by AMD or Intel. Point 2 - Yep, saw that. I got the impression that backdoor may never have existed or if it did it was wiped out quickly. There isn't an easy way to prove it doesn't exist though. Point 3 - There isn't anything like Ubuntu for OpenBSD, it doesn't 'just work' with modern hardware on things like laptops. OpenBSD is a very nice OS but it's not got cool Linux toys like LVM, ext4, systemd, easy errata updates, and so on. I love OpenBSD and run it on firewalls but it's not the same easy end user OS that Linux is. Conversely OpenBSD's pf beats Linux's iptables hands down so it's horses for courses.
I can't help but feel scared by this SELINUX thing. You can tell me a hundred time that the code was reviewed (was it ?) I still won't trust it. I'd like to be sure that just disabling it altogether is enough to stop it completely from....I don't know, opening backdoor ? Cmon, NSA code in the kernel ?
Plus it breaks things all over the place if you actually try to use it.
Can't we just throw out SElinux and pretend it never existed?
Compile again for the source package and do a binary diff. There will of course be a few differences so it might be hard to find real code differences.
Madness. But gcc isn't the only C compiler that can compile code that contains GNU extensions, there was another that could even compile a working kernel but I forget it's name. Plus if you strip the GNU extensions out there are loads of alternative compilers.
Every encryption protocol you use has been sabotaged to be readable by them. You dont really think they will try 200 trillion keys to break your stream do you? No. They modified the protocols, (to make them more secure) and of course never explained the changes. They just mandated it.
Even the almighty NSA with it's insanely high budget can't crack all the encryption. But it does make me wonder if I should avoid everything they recommend.
I suspect the NSA has developed custom hardware for the more common encryption types. Custom hardware was shown to work extremely well on DES by deep crack. http://en.wikipedia.org/wiki/EFF_DES_cracker
It's sad but you can't trust any mainstream Linux distro created by a US company, and you likely can't trust any created in other countries either. I'm not saying that as a pro-windows troll because you can trust MS's efforts even less.
I believe you can trust OpenBSD totally but it lacks many of the features and much of the convenience of the main Linux distros. It is rock solid and utterly secure though, and the man pages are actually better than any Linux distro I've ever seen.
The possibly bigger problem is that no matter what OS you use you can't trust SSL's broken certificate system either because the public certificate authorities are corruptible. And before someone says create your own CA, sure, for internal sites, but you can't do that for someone else's website.
Slashdot Mirror
Pointless telephone calls and stupid 'do you have a minute' conversations waste about half of my day.
I'm with you on working outside office hours and ideally outside the office.
It's all public show. Improve the security of the dam computers and stop employing American spies!
TdR is the Gordon Ramsey of UNIX. Mad Skilled but he goes APESHIT whenever he sees something he doesn't approve of.
But if you take code and change the authors license that's stealing. Just because you don't like their license to begin with doesn't make it OK. Unless the license was written in such a way that it was permitted to permanently relicense the code and derivative works Theo was in the right here.
PlusFiveTroll was dead on when he said RAID isn't a backup, that ZFS isn't just RAID, it's a whole lot more. ZFS>RAID.
Just so this is totally clear - SSDs die too!
Now we all know we can see the point of RAID-1 (inclusive)OR frequent backups in any critical system.
The real question is actually, why are so many people stubbornly sticking to gcc when clang has surpassed it in pretty much every way.
I'm all for replacing GCC.
Does clang handle all the GCC extensions to C yet? Or is the (better) approach of getting rid of them being taken instead? The last I heard it was still a bit of a mess.
Because GCC is a total mess internally and Clang/LLVM is neat, clean, maintainable, adjustable.
GCC is a dead end. LLVM is the future.
Use metalized tape. Like the aluminum film stuff you are supposed to use on ducts instead of duct tape.
Serious question - what is that tape called?
It's already happening my friend. It is a slow process though.
Yep and also the Consulate is legally US territory anyway so they can put what the hell they like on the roof.
But is the air space? I mean if a private jet happened to fly over a city would it need permission from every embassy it flew over? I don't think that's even clear in anyone's law.
Obviously flying 60 meters over a US building is a political stunt anyway. If they want high resolution photos they can take them from the ground and from higher up.
Most countries don't try to police the world.
Certainly not the Germans...
That's a good point actually. The Germans, The British empire, the Ottoman empire, The Roman Empire, and many others, either learned from their mistakes or fell apart. The lesson is you can beat down all comers for a while but you can't do it forever. This is the lesson the US Empire is going to learn.
Is that what they teach you in American schools?
They taught me about the balance of power. If the stalemate between Russian and the US ever became too lopsided the bigger side would began subjugating other countries to it's side and looting the world. Guess what happened? The US did exactly that.
This is rather insightful, but doesn't stand merit on it's own. Can you find other instances of Linux seemingly deliberately weakening Linux security mechanisms?
Can I find? Maybe. Will I? Hell no! Have you seen the size of the kernel these days? And the size of the LKML? You're asking me to move mountains.
It seems more likely Linus was just plain wrong rather than in the pocket of the NSA. Linus really should have known better then to trust an untrustworthy source of entropy but everyone is stupid every once in a while.
The thing is it always breaks things in ways that make it look like the problem is elsewhere. If system calls returned ESELINUXSAYSNO instead of hiding behind other error messages it would be less of a nightmare.
SElinux causes all kinds of random breakage even on tools that come with the distribution. The last one I got was CentOS 6.4 when SSH would not allow root to login unless the daemon was started manually. Nothing was logged in dmesg or /var/log/messages. strace and ssh debugging gave me nothing to hint at the problem. It looked exactly like sshd was misconfigured, which it wasn't.
SELINUX is unworkable in practice with maybe only a few exceptions. There is no reason it's enabled in any distro.
Point 1 - You're right of course. OpenBSD uses gcc too and it's unknown how much we can trust CPUs made by AMD or Intel.
Point 2 - Yep, saw that. I got the impression that backdoor may never have existed or if it did it was wiped out quickly. There isn't an easy way to prove it doesn't exist though.
Point 3 - There isn't anything like Ubuntu for OpenBSD, it doesn't 'just work' with modern hardware on things like laptops. OpenBSD is a very nice OS but it's not got cool Linux toys like LVM, ext4, systemd, easy errata updates, and so on. I love OpenBSD and run it on firewalls but it's not the same easy end user OS that Linux is. Conversely OpenBSD's pf beats Linux's iptables hands down so it's horses for courses.
So Linus either doesn't know how critical good quality random data is to encryption or was deliberately weakening encryption in the kernel.
Linus rarely seems like he doesn't know what he is talking about.
I tend to agree but... is somebody actually looking at the source and auditing the important bits?
Many people are. Not all of them are on your side.
tl;dr:
Use Gentoo.
If the NSA have backdoors or deliberate exploitable bugs in the kernel it doesn't matter what distro or meta-distro you use.
OpenBSD is the last OS you can really be sure of.
I can't help but feel scared by this SELINUX thing. You can tell me a hundred time that the code was reviewed (was it ?) I still won't trust it. I'd like to be sure that just disabling it altogether is enough to stop it completely from....I don't know, opening backdoor ? Cmon, NSA code in the kernel ?
Plus it breaks things all over the place if you actually try to use it.
Can't we just throw out SElinux and pretend it never existed?
Compile again for the source package and do a binary diff. There will of course be a few differences so it might be hard to find real code differences.
It would be an interesting experiment anyway.
Madness. But gcc isn't the only C compiler that can compile code that contains GNU extensions, there was another that could even compile a working kernel but I forget it's name. Plus if you strip the GNU extensions out there are loads of alternative compilers.
You can sleep soundly if your computer is off and/or unplugged.
That's the good advice that nobody takes. Putin went one step further and recommended using typewriters for confidential data.
Every encryption protocol you use has been sabotaged to be readable by them. You dont really think they will try 200 trillion keys to break your stream do you?
No. They modified the protocols, (to make them more secure) and of course never explained the changes. They just mandated it.
Even the almighty NSA with it's insanely high budget can't crack all the encryption. But it does make me wonder if I should avoid everything they recommend.
I suspect the NSA has developed custom hardware for the more common encryption types. Custom hardware was shown to work extremely well on DES by deep crack. http://en.wikipedia.org/wiki/EFF_DES_cracker
It's sad but you can't trust any mainstream Linux distro created by a US company, and you likely can't trust any created in other countries either. I'm not saying that as a pro-windows troll because you can trust MS's efforts even less.
I believe you can trust OpenBSD totally but it lacks many of the features and much of the convenience of the main Linux distros. It is rock solid and utterly secure though, and the man pages are actually better than any Linux distro I've ever seen.
The possibly bigger problem is that no matter what OS you use you can't trust SSL's broken certificate system either because the public certificate authorities are corruptible. And before someone says create your own CA, sure, for internal sites, but you can't do that for someone else's website.
There was also something about killing all spies when the war ends. It's dangerous to keep those kinds of people in your side.