Quoting Marko Vojinovic <vvmarko@xxxxxxxxx>:
On Fri, 6 Sep 2013 17:58:03 +0200
Heinz Diehl <htd@xxxxxxxxxx> wrote:
On 06.09.2013, Javier Perez wrote:
> My beef is given the NSA origin of this software, It could very
> well have a backdoor to turn itself off under the appropriate
> circumstances like an NSA-sponsored breach an allow unrestricted
> access to my system..
Every person contributing to free open source software could do
that. You're talking about the NSA: they could easily pay
somebody to do that for them. Everybody with a lot of money could do
the same. If that's your concern, you can never ever be
shure, unless you have reviewed all of the sourcecode running on your
machine by yourself, and recompiled the software using this source
afterwards.
That's not enough, because the compiler may be rigged to reintroduce
backdoors straight into binaries. You need to check the compiler source
code, and then bootstrap it from a simpler compiler that you have wrote
yourself in machine code (and I mean machine code, not the assembly
language).
However, this also isn't good enough, since the bios, CPU (firmware and
hardware in general) might have an undocumented set of instructions
that can remotely trigger total control over the machine. It's quite
simple, actually --- NSA pays some money to rig Intel, AMD, ARM and PPC
architectures in this way, and they can access anything remotely.
So in order to go around that, you need to build a computer yourself
from scratch, in particular the CPU. After bootstraping Linux on that
hardware (LFS distro comes to mind...), you're safe against the NSA.
As for the tinfoil hat, it needs two layers --- the inside layer needs
to be orientend shiny-side in, which would prevent the NSA from spying
on your brain waves. But the outside layer needs to be oriented
shiny-side out, to prevent the NSA from feeding your brain with
undesired signals. The two layers need to be well insulated against
each other --- it's obvious that a short-circuit between them will
leave you completely vulnerable...
HTH, :-)
Marko
I think Rahul nailed it, this is a political problem with no technical
solution.
Dave
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
--
Advertising is the rattling of a stick inside a swill bucket - George Orwell
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
