A word from the Developers:
Hello dear users, dear enemies, dear n00bs, and dear idiots
well I'll be directing my speech to the users as they concern me more, I don't give a damn about others
first off, I guess anyone can look for malicious and suspicious binaries, after our QA team explained earlier what is the oba script that sends data to the QA team, and they cleared that it's a bug reporting script, It's our turn "the developers" to troll on the some ignorant subjective bastards, well, where to begin with, first off, the claims were made by a guy who ports unity to archlinux "let's not talk about malicious Ubuntu products and introducing it to the arch users"
well, that guy is benchmarking us, I'd love to see him complete his work, as it seems unfinished and subjective, he simply analyzed some scripts that does normal stuff (bug reporting, real mac address probing, discrete graphics card switching off/on, cpu architecture probing, etc)
then he comes out with a brilliant idea, well If I can't disprove that SphinUX is better, let's just claim it has malicious features, classic, let's see his scripts analysis,

note: our comment will start with a # sign

/sbin/au
Grabs MAC addresses of all network interfaces

# and how is that bad ?

/sbin/auther
Segfaults

# one of the main reasons why you should learn C programming language, is not embarrassing yourself when testing a binary file

/sbin/besbes-otta
Fake tool that benchmarks the time it takes to allocate a certain amount of memory

# how did you find out that it's fake? see the sourcecode:


/sbin/getarch
Prints 'x86_64' or 'i686'

# probing the cpu architecture is a good thing

/sbin/koko-wawa
(Removed boost, so can't test right now)

# too bad

/sbin/lsx
Symlink to /dist/sbin/
/sbin/sau
Sends /dist/usr/share/misc/tune to http://www.sphinux.org/stats.php, however that file doesn't exist (Screenshot: http://i.imgur.com/XcDOKk8.png)

# deprecated script that does nothing since the file never exists

/sbin/sendstat
Downloads http://www.sphinux.org/56734 and does a string comparison with "SphinUS rocks other suck". The downloaded output is never used in an exec statement so command execution is not possible.

# two words, server authentication, please refer to the previous post by the QA Team for more information

/bin/autodriver
Detects graphics card and installs proprietary drivers

# this is a deprecated script since we only use FOSS drivers, but it's there in case someone needed some help installing proprietary drivers which is something discouraged by us

/bin/lsx
Symlink to /dist/bin/

# I'd love to see him analyzing our recursive symlinks, basically he couldn't understand it so he skipped it

/bin/oba
Also downloads http://www.sphinux.org/56734 and does the same string comparison
Sends the following to http://www.sphinux.org/bug_report.php
date
lspci
lsusb
lscpu
lshw
lshal
lsmod
dmesg
lsblk
/var/log/boot.log
whoami
xwd -root ***WARNING: This takes a screenshot of the current Xorg session***
This script presents a fake "# Authenticating ..." text when sending the data

# already answered by the QA team

/bin/readme
Prints out /usr/share/horus/scripts/readme and pipes it to less

# what's wrong with a readme?

/bin/xhost
***WARNING: Potentially dangerous: Calls "xhost +"***
Runs "/etc/init.d/autofs start"

# not dangerous unless you understand it, xhost + disables the access control to X server, means that anyone can connect to your X server and use it, well unless the connection is refuesd, basically this script is used only by the user to disable access control LOCALLY, means it has no network effect since you get a connection refused when you try to connect remotely, and starting autofs which
automounts the file system, this fixes an issue that KDE has which is not being able to mount the partitions even when entering the password, it keeps asking for password everytime you try to mount any filesystem, example for same issue in archlinux:


/opt/Synaptics/HKLM_Kernel
Dump of Synaptics registry entries from Windows (includes some device IDs unrelated to touchpads)
/opt/Synaptics/HKLM_User
Some more Synaptics registry entries
/opt/Synaptics/**/*.so
Lots of libraries here. I have no idea what they are for

# touchpad, touchscreens, wacom tablets need these shared objects and registry dumps to work

/opt/firefox
Custom(?) Firefox build. Tarball here: http://ubuntuone.com/2Xa1ggYqd7YvN5IDtBdFi6

# it's the default firefox with nothing more , the customization can be found under /etc/skel/.mozilla
as supporters of the Mozilla project, we'd like to send these configurations and tarball to the mozilla team to approve it

/usr/bin/4L-cli
Broken symlink
/usr/bin/4L-gui
Broken symlink

# 4L for those who don't know it, is the Lightscribe discs solution for linux
see: http://www.lacie.com/download/manual...erLinux_en.pdf

/usr/bin/au
Same as /sbin/au
/usr/bin/auther
Same as /sbin/auther
/usr/bin/disoff

# genius

Calls some ACPI methods to supposedly turn of the discrete graphics card

# he didn't even try it out to see if it works

/usr/bin/dison
Opposite of above
/usr/bin/edu
echos a short description of readme, rkhunter, nmap, ip, nbtscan, besbes-otta

# we are educating our users about the basic unix tools to protect themselves from malwares and remote attacks

/usr/bin/getarch
Same as /sbin/getarch, except last line has "&>/dev/null 2>&1"
/usr/bin/mangui
Shows /usr/share/horus/scripts/readme with kdialog
/usr/bin/powercontrol
Performs some power management tweaks (CPU freq, VM write back timeout, SATA ALPM, etc)

# and how is that bad?

/usr/bin/sau
Same as /sbin/sau

Bottom line is, these guys are scared by the fact that we are better yes it's too early to judge that knowing that the project is still young, and has lots of work to be done, yet this doesn't justify the flame war that is about to start

and now we challenge you to two benchmarks :
- bring a core2duo machine with 2 GB of RAM, install the SphinUX DVD and the Linux distribution that you prefer "with KDE please", then try to run as much applications as you could, on both platforms, the first to die or have increased degradation of performance is the loser

- we "the developers" are using the same version of SphinUX that you say is malware infested, since you seem a good l33t h4x0r we challenge you to find out the malware itself and use it against us, you'll find that we have secrets file that includes all passwords and login data to our servers and it's located inside all developers machines under /home/$user/Documents/secrets "pretty much careless isn't it "
so the stakes are high, either you prove that you are a loooooser fanatic to the spyware Ubuntu who couldn't have good time with it's lousy performance, so you switched to the powerful archlinux and tried porting Canonical's malicious products "I quote RMS" to it so you can have more users' private data flowing into Amazon's servers, real classic, and look who talks about malicious products based on Linux?

now the first challenge will prove our claim, the second will disprove yours

finally I will talk some more about the kernel, what's wrong if our OS is based on the Linux kernel? isn't Google doing so with Android? the benchmarks you are doing indicates that you have
no understanding of how Operating Systems should be benchmarked, we are already in our way to drop the apt/dpkg into a more solid solution, we are already working on several customizations
to the Linux kernel itself to run better in virtualized environments and have better performance and smarter drivers support, we are already doing stuff that no one wants to do anymore,
why would you call us scammers unless you have a proof that we are doing so? why don't you just push our development forward, our work will be good for the whole GNU/Linux based technologies
instead of doing so, a non-subjective Free software supporter who benchmarks a community product should help and co-operate with the developers, one day our work might be a good base for most Linux distributions, one day, someone
will create forks and distributions of our work, the same way we forked and redistributed Linux, this is why the Freesoftware movement started in the first place, to allow freedom for us
the guys who believe that knowledge should be transferred and it's not ethical to stop technologies from being evolved by the shared ideas of different people, this is what I heard from
a guy named RMS 17 years ago, I believed in him, I supported him, and I will always support his idea as long as I live, what's wrong with allowing people from different cultures cooperate
to achieve the better good for all of us, is it me or I am feeling that corporations have a hand in this diversion of the Linux world, I am getting the feeling that most of Linux users
stopped caring about freedom anymore, Corporation based opensource products are not the good alternative to the community based development model, we have a large community that reviews our
code and stops any not intended action from controlling the user, we don't have fancy corporations supporting us to milk our minds in exchange for technologies, we are already fighting Canonical
, Rehat, Microsoft and Apple inside Egypt, we are constantly being bothered by the regime to stop us from spreading our word and reach more users, and now you call us scammers? you should be
ashamed of yourself, you sir support Canonical that violates the user's privacy and use him to generate more profits, you sir are fighting the GPL license, Linux should be redistributed under
GPLv3.0, and those who fights this, are the bad guys, not us, too shame that you are supporting the bad guys.
I am sure most of users don't care about the license nor the name, they care about good quality software that doesn't violate their privacy, you care more about brands and names, and technical
superiority of corporations, well in that case, I would like to make a comparison, when the world found out that Canonical violates the users privacy and RMS talked about it
most of you defended Canonical being the poor angel of FOSS, when some unknown guy in phoronix calims something without a proof, and we reply with proofs, most of you ignored our reply, and became satisfied
with his claims that we have backdoors or whatever, without finding out what is his proof, but now we are the bad guys, who tricks users into using malicious software and collect their data?
finally I would like to add that either that guy accepts our challenge, or we'll be releasing a series of videos benchmarking Ubuntu vs SphinUX in a cam recorded HD video with all the proofs needed to prove that SphinUX is the evolution of the Linux Kernel, we'll be contacting the FSF to help us remove any closed source binaries and give us legal consultations on how to relicense our forks on the Linux kernel to be compatible with the GPLv3 to make sure that freedom will prevail, either we go aggressive and fight back, or he proves that we are scammers that violates their users

sorry for the long word and excuse me for any grammar or typos, I wrote this while I was talking on the phone and eating lunch

Sincerely Yours,

Ahmed G. Elnil
SphinUX Community Founder
Alexandria, Egypt