/ca/ - Crypto-Anarchism

Privacy, anonymity, mass surveillance

Posting mode: Reply

Check to confirm you're not a robot
Name
Email
Subject
Comment
Password
Drawing x size canvas
File(s)

Board Rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

Manage Board | Moderate Thread

Return | Magrathea | Catalog | Bottom


Зеркало1 Зеркало2 Капча ЛогиДонаты

Expand All Images


Anonymous 10/01/2018 (Mon) 19:29:20 [Preview] No. 891
Что мешает ЦРУ внедрить своих package maintainers в Debian и добавлять закладки в скомпилированные пакеты?

Seriously, what's stopping the CIA from implanting their own package maintainers, bribing some or even making their own distro?

Imagine how beneficial it'd be for them to own a Debian package maintainer. Just like that, they could implant a package with a malicious patch into almost every Debian based distro, and there's one that's of particularly great interest to them, namely Tails. But even if they don't own a Debian package maintainer, if they had a man in the right position on some popular Debian based distro like Mint or Ubuntu, that would still be extremely beneficial.

Imagine if some newer, smaller distro was actually started and is literally owned by the CIA. Like, some distro that would be appealing to the kind of people who visit this place (because those are the types of people that would probably be quite appealing for them to monitor), like some hot new systemd free distro or free as in freedom distro or something. Like Artix, antiX, Hyperbola, Obarun, MX Linux or some Devuan based distro something.

Less likely, but possible is Void, but even if they hadn't started Void themselves, Void is starving for package maintainers, imagine how easy it'd be for them to push their man in.

Again, less likely, but possible is Mint, I mean Ubuntu and lots of other distros were filling the same niche, Mint wasn't really necessary (which is why it wasn't very likely for "civilians" to start Mint, like nobody really needed it, so why would people waste their effort), and by that time it was obvious that Linux was the OS used by people concerned about privacy and it was still not too late to start a distro that could one day be the most popular normalfag distro, so they could've seen an opportunity to tweak GNOME a bit to make it look like windows and pitch that to the masses and use their CIA powers to spread it and popularize it; that way, they'd have a popular distro to use to monitor most of the tech illiterate people who switched to Linux for privacy for whatever reason.

And how the fuck can anyone trust Fedora is beyond me, I mean RedHat is literally in cahoots with the NSA, imagine how easy it would be for them to put their people in the right positions in the Fedora project through RedHat.

Literally, the only distro I truly feel safe using is Gentoo with ACCEPT_LICENSE="-* @FREE" and a deblobed kernel.

http://oxwugzccvk3dk6tj.onion/tech/res/958767.html


Anonymous 10/02/2018 (Tue) 03:43:32 [Preview] No.896 del
Жесть.


Anonymous 10/02/2018 (Tue) 16:03:53 [Preview] No.897 del
Именно поэтому Debian запустил у себя проект повторяемых сборок
https://wiki.debian.org/ReproducibleBuilds/About

И многие другие к нему присоединились
https://reproducible-builds.org/who/


Anonymous 10/04/2018 (Thu) 23:54:03 [Preview] No.956 del
Зачем ты это говно от гентодебила сюда притащил?


Anonymous 03/08/2020 (Sun) 11:09:43 [Preview] No.1822 del
Ну на первый взгляд маловероятно. Программы разрабатываемые в движении свободного ПО и опенсорса редко разработаны с целью скрыть какие-либо аспекты функционирования от пользователя - все основанно на принципах открытости и прозрачности.
Встроить зонд в отдельный пакет в условиях надежности остальных пакетов дистрибутива практически невозможно - как я сказал, в условиях прозрачности ГНУ/Линукс дистров подозрительная активность программы может быть легко обнаружена утилитами tcpdump, strace, lsof и т.п.


Anonymous 03/08/2020 (Sun) 20:23:20 [Preview] No.1825 del
>>1822
Как же я люблю за это всё свободное программное обеспечение!


Anonymous 12/23/2020 (Wed) 20:22:02 [Preview] No.1937 del
>>891
Это вряд ли - дохуя народу тестирует это всё. Да и размеры одних и тех же пакетов быдут отличаться в разных репозиториях, люди это заметят - сегодня никто уже не пишет на ассемблере!
Не доверяешь Debian системам, есть Arch системы, я например выбрал OpenSUSE и жутко доволен.
Но я просто юзверь, хоть и продвинутый, надо бы мнение программистов послушать!



Top | Catalog | Post a reply | Magrathea | Return