una de paranoies...
-----BEGIN PGP SIGNED MESSAGE-----
Què en penseu d'això?
Julian Assange: Debian Is Owned By The NSA
April 8, 2014
In his Q&A to his keynote address at the World Hosting Days Global
2014 conference in April, the world?s largest hosting and cloud event,
Julian Assange discussed encryption technology in the context of
hosting systems. He discussed the cypherpunk credo of how encryption
can level the playing field between powerful governments and people,
and about 20 minutes into his address, he discussed how UNIX-like
systems like Debian (which he mentioned by name) are engineered by
nation-states with backdoors which are easily introduced as ?bugs?,
and how the Linux system depends on thousands of packages and
libraries that may be compromised.
I recommend watching his 36 minute Q&A in its entirety, keeping in
mind my recent warnings about how GNU/Linux is almost entirely
engineered by the government/military-affiliated Red Hat corporation.
The Voice of Russia website has an article on Assange?s address with a
?To a degree this is a matter of national sovereignty. The news is
all flush with talk about how Russia has annexed the Crimea, but the
reality is, the Five Eyes intelligence alliance, principally the
United States, have annexed the whole world as a result of annexing
the computer systems and communications technology that is used to run
the modern world,? stated Julian Assange in his keynote address?
Don?t just read the short article, listen to the address yourself,
because Assange goes into many areas, and the work being done in these
Assange mentions how Debian famously botched the SSL random number
generator for years (which was clearly sabotaged ? a known fact).
Speaking of botched security affecting Red Hat, Debian, Ubuntu,
Gentoo, SuSE, *BSD, and more, the nightmarish OpenSSL recently botched
SSL again (very serious ? more comments). It?s very hard to believe
this wasn?t deliberate, as botching the memory space of private keys
is about as completely incompetent as you can get, as this area is
ultra-critical to the whole system. As a result, many private keys,
including of providers, were potentially compromised, and much private
info of service users. Be sure to update your systems as this bug is
now public knowledge. (For more on how OpenSSL is a nightmare, and why
this bug is one among many that will never be found, listen to FreeBSD
developer Poul-Heening Kamp?s excellent talk at the FOSDEM BSD
- From the start, my revelations on this blog about Red Hat?s deep
control of Linux, along with their large corporate/government
connections, hasn?t been just about spying, but about losing the
distributed engineering quality of Linux, with Red Hat centralizing
control. Yet as an ex-cypherpunk and crypto software developer, as
soon as I started using Linux years ago, I noted that all the major
distributions used watered-down encryption (to use stronger encryption
in many areas, such as AES-loop, you needed to compile your own kernel
and go to great lengths to manually bypass barriers they put in place
to the use of genuinely strong encryption). This told me then that
those who controlled distributions were deeply in the pockets of
intelligence networks. So it comes as no surprise to me that they
jumped on board systemd when told to, despite the mock choice
publicized to users ? there was never any option.
A computer, and especially hosting services (which often run Linux),
are powerful communication and broadcasting systems into today?s
world. If you control and have unfettered access to such systems, you
basically control the world. As Assange notes in the talk, encryption
is only as strong as its endpoints. eg if you?re running a very secure
protocol on a system with a compromised OS, you?re owned.
As Assange observed:
?The sharing of information, the communication of free peoples,
across history and across geography, is something that creates,
maintains, and disciplines laws [governments].?
http://info.nodo50.org/4137 | error al sistema
a internet la llibertat no és gratuïta
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
-----END PGP SIGNATURE-----