You are not logged in.
It was the Cia also don't trust anonymouse hackers they are the government they got the most powerful hacking computers! They want to put back doors in every communication, it's like what they did in Windows. They try to take over Linux but they failed, we should improve arch Linux with better security checking packages Pacman needs something like Paccheck script.
Read this it's the famous NSA backdoor in XP!
http://en.wikipedia.org/wiki/NSAKEY
I recommend not to use any windows if you care about privacy.
Watch out Bigbrother is watching you!!
Last edited by xunil9025 (2011-09-13 17:33:03)
Offline
They try to take over Linux but they failed, we should improve arch Linux with better security checking packages Pacman needs something like Paccheck script.
How do we know they failed? Has the kernel been verified line by line to make sure it has not been tampered with? Is anyone working on this now? I have the exact same suspicion as you. My feeling is that checksum verification will not work / is not good enough to know for sure.
Offline
xunil9025 wrote:They try to take over Linux but they failed, we should improve arch Linux with better security checking packages Pacman needs something like Paccheck script.
How do we know they failed? Has the kernel been verified line by line to make sure it has not been tampered with? Is anyone working on this now? I have the exact same suspicion as you. My feeling is that checksum verification will not work / is not good enough to know for sure.
Again, kernel.org is / was a regular mirror, it had all official Arch packages, not just the kernel.
Have you read https://bbs.archlinux.org/viewtopic.php … 32#p984932 and the next couple posts about how git works? To me it seems that the source code for kernel was not tampered with.
Not to sound rude, but do you know something about creating checksum collision we don't i.e. it's pretty damn hard to do?
Offline
xunil9025 wrote:They try to take over Linux but they failed, we should improve arch Linux with better security checking packages Pacman needs something like Paccheck script.
How do we know they failed? Has the kernel been verified line by line to make sure it has not been tampered with? Is anyone working on this now? I have the exact same suspicion as you. My feeling is that checksum verification will not work / is not good enough to know for sure.
Emotions feed emotions, logic subdues them. Put your anxiety based upon feeling aside due to statistical improbability. While it is certainly probable (theory not yet proven that I am aware of) that two files of different content can have the same checksum, having these same files be YOUR WORKING kernel are so fantastically improbable that checksum verification can offer a LEVEL of security in 2011. In reality, the only true way to be 100% certain is to be dead. Most do not consider this to be an acceptable option to security, though, as the usability of the computer while the user is in the state of "dead" has not yet been deemed plausible.
Linux.com and kernel.org shared the same "locks". We are witnessing someone using a found key in multiple doors... (yes, my opinion)
Last edited by Griemak (2011-09-13 18:52:55)
There are only two ways to live your life: One is as though nothing is a miracle. The other is as though everything is a miracle. - Albert Einstein
How wonderful it is that nobody need wait a single moment before starting to improve the world. - Anne Frank
Offline
Not to sound rude, but do you know something about creating checksum collision we don't i.e. it's pretty damn hard to do?
@karol & @Griemak
I guess I would just feel more comfortable if it was analysed that's all. You guys are probably right. It does seem like it would be a very hard thing to accomplish. It probably won't happen (analysis of the kernel I mean) anyway because of how much work it entails.
Offline
It was the Cia also don't trust anonymouse hackers they are the government they got the most powerful hacking computers! They want to put back doors in every communication, it's like what they did in Windows. They try to take over Linux but they failed, we should improve arch Linux with better security checking packages Pacman needs something like Paccheck script.
Read this it's the famous NSA backdoor in XP!
http://en.wikipedia.org/wiki/NSAKEY
I recommend not to use any windows if you care about privacy.
Watch out Bigbrother is watching you!!
are you concerned? YOU can check the validity of our packages by using pacman 4 beta or pacman-git right now! Over 58% packages are signed from core+extra
Last edited by wonder (2011-09-13 19:28:15)
Give what you have. To someone, it may be better than you dare to think.
Offline
xunil9025 wrote:It was the Cia also don't trust anonymouse hackers they are the government they got the most powerful hacking computers! They want to put back doors in every communication, it's like what they did in Windows. They try to take over Linux but they failed, we should improve arch Linux with better security checking packages Pacman needs something like Paccheck script.
Read this it's the famous NSA backdoor in XP!
http://en.wikipedia.org/wiki/NSAKEY
I recommend not to use any windows if you care about privacy.
Watch out Bigbrother is watching you!!
are you concerned? YOU can check the validity of our packages by using pacman 4 beta or pacman-git right now! Over 58% packages are signed from core+extra
Awesome, it's like a forum infomercial. Do I get a set of cutlery with that at no additional cost?
I laugh, yet the joke is on me
Offline
wonder wrote:are you concerned? YOU can check the validity of our packages by using pacman 4 beta or pacman-git right now! Over 58% packages are signed from core+extra
Awesome, it's like a forum infomercial. Do I get a set of cutlery with that at no additional cost?
Only if you download now. Seeders are standing by to take your order.
aur S & M :: forum rules :: Community Ethos
Resources for Women, POC, LGBT*, and allies
Offline
It was the Cia also don't trust anonymouse hackers they are the government they got the most powerful hacking computers! They want to put back doors in every communication, it's like what they did in Windows. They try to take over Linux but they failed, we should improve arch Linux with better security checking packages Pacman needs something like Paccheck script.
Read this it's the famous NSA backdoor in XP!
http://en.wikipedia.org/wiki/NSAKEY
I recommend not to use any windows if you care about privacy.
Watch out Bigbrother is watching you!!
https://wiki.archlinux.org/index.php/Fo … ng_Systems
And besides that - at least get some proper technical basis for your paranoia....
Allan-Volunteer on the (topic being discussed) mailn lists. You never get the people who matters attention on the forums.
jasonwryan-Installing Arch is a measure of your literacy. Maintaining Arch is a measure of your diligence. Contributing to Arch is a measure of your competence.
Griemak-Bleeding edge, not bleeding flat. Edge denotes falls will occur from time to time. Bring your own parachute.
Offline
@Wonder it's great to see the package check into Pacman thanku!
@Ngoonee
There are backdoors in all windowses!!
Here some more prove....
http://www.commondreams.org/headline/2010/09/27-8
http://www.youtube.com/watch?v=VeYdr6P68H4
http://www.osnews.com/story/22511/Micro … _Windows_7
Last edited by xunil9025 (2011-09-14 09:15:05)
Offline
@Ngoonee
There are backdoors in all windowses!!
Here some more prove....http://www.commondreams.org/headline/2010/09/27-8
http://www.youtube.com/watch?v=VeYdr6P68H4
http://www.osnews.com/story/22511/Micro … _Windows_7I recommend not to use any Windows if you care about privacy!!
Watch out Bigbrother is watching you!!
I recommend following forum rules. What's the point in convincing Linux users they should not use windows, anyway?
Allan-Volunteer on the (topic being discussed) mailn lists. You never get the people who matters attention on the forums.
jasonwryan-Installing Arch is a measure of your literacy. Maintaining Arch is a measure of your diligence. Contributing to Arch is a measure of your competence.
Griemak-Bleeding edge, not bleeding flat. Edge denotes falls will occur from time to time. Bring your own parachute.
Offline
Some people are using Windows dualboot, so for privacy reasons it's perhaps better to remove it...
Last edited by xunil9025 (2011-09-14 08:58:14)
Offline
@xunil9025
I am sure Archers do know about this. Please stop ranting and do what ngoonee told you.
To know or not to know ...
... the questions remain forever.
Offline
Sorry did I break the forum rules?
May I ask what did I do wrong? so next time it won't happen...
Offline
Sorry did I break the forum rules?
May I ask what did I do wrong? so next time it won't happen...
To know or not to know ...
... the questions remain forever.
Offline
Sorry did I break the forum rules?
May I ask what did I do wrong? so next time it won't happen...
Well, empty accusations come to mind... Besides, have you heard of RHEL/Fedora and this SELinux thing?
I think you need to switch to openbsd asap
Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd
Offline
xunil9025 wrote:Sorry did I break the forum rules?
May I ask what did I do wrong? so next time it won't happen...
I still Don't see it, which forum rule did I broke?
@Leonid.I
Yes the SElinux thing made by the NSA it seems some backdoor for me, I wouldn't use it apparmor seems better.
Last edited by xunil9025 (2011-09-14 17:58:07)
Offline
If the NSA had all Windows machines compromised, you'd be screwed anyway. To actually sift through the data from all those machines, the NSA would need a bona fide quantum computer - which would mean that, if they have any interest in you at all, your password is toast.
(Mind, I'm not going to say they don't have a working quantum computer. The fact that AT&T was pumping a good faction of the world's internet traffic into NSA boxen, and the NSA were apparently able to deal with it, is awfully suggestive, no?)
Last edited by Gullible Jones (2011-09-14 18:20:31)
Offline
bernarcher wrote:xunil9025 wrote:Sorry did I break the forum rules?
May I ask what did I do wrong? so next time it won't happen...I still Don't see it, which forum rule did I broke?
The rule you are breaking is this one: https://wiki.archlinux.org/index.php/Fo … ng_Systems
The NSA key backdoor is speculation and MS has stated no such backdoor exists. Saying that MS is lying is an issue for the courts, not a discussion forum such as this one. Please do not further derail this thread. I strongly recommend you read and understand the forum rules. If you have any questions, feel free to email me or any of the other moderators. Thank you.
aur S & M :: forum rules :: Community Ethos
Resources for Women, POC, LGBT*, and allies
Offline
If the NSA had all Windows machines compromised, you'd be screwed anyway. To actually sift through the data from all those machines, the NSA would need a bona fide quantum computer - which would mean that, if they have any interest in you at all, your password is toast.
(Mind, I'm not going to say they don't have a working quantum computer. The fact that AT&T was pumping a good faction of the world's internet traffic into NSA boxen, and the NSA were apparently able to deal with it, is awfully suggestive, no?)
Omitting all the details, I can safely assure you that noone on this planet has a large scale quantum computer, so let the paranoia die
Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd
Offline
Hmm, maybe I should invest in the manufacturers of foil given some of the recent posts in this thread. Anyways, in my lame attempt to redirect it back on track, has there been any additional information regarding the breach? Lately, the flow of news has tapered to a trickle.
Last edited by ssri (2011-09-18 07:32:15)
Offline
Anyways, in my lame attempt to redirect it back on track, has there been any additional information regarding the breach? Lately, the news has tapered to a trickle.
I'll add another drop (although you probably know it already): kernel development moved (temporarily) to github https://github.com/torvalds/linux
Seriously, that's all I know and it's not really breach-related.
Offline
Well, most likely they are currently restoring from backups while making sure they have plugged the security hole before going online again. I'm guessing the site maintainers are a bit shaken and wants to make sure nothing like this happens again. I certainly would find it interesting to learn just how the breach was done, was it some software exploit, or was someone's credentials hacked somewhere else and used to compromise these sites? I really liked how they came out and said 'Hey, we've been hacked' together with (what I assume) all that they knew at the time. I hope they will continue with full disclosure as it's something I find reassuring.
As for Linux itself, short of someone hacking Linus machine and getting his private signing key it's not as if they can really tamper with the official kernel given the way git and Linux kernel development works.
Offline
(too much paranoia, not enough constructive thought)
Offline
This seems connected to kernel.org security breach:
Important server in the Frugalware infrastructure was compromised: http://frugalware.org/
and: http://article.gmane.org/gmane.linux.fr … devel/9899
Offline