Announcement

**LinuxGamer** · 09 September 2013, 04:20 PM

Originally posted by johnc View Post

How much cheaper is it?

a cool 100$ US

**TheBlackCat** · 09 September 2013, 04:44 PM

Originally posted by johnc View Post

What backdoors have been found in Windows 8?

404 | ZeroHedge

http://www.zerohedge.com/contributed/2013-08-26/german-government-confirms-key-entities-not-use-windows-8-tpm-20-fearing-cont

ZeroHedge - On a long enough timeline, the survival rate for everyone drops to zero

**a user** · 09 September 2013, 05:04 PM

Originally posted by halfmanhalfamazing View Post

Intel has clearly chosen Linux over Ubuntu.

that's the most stupid phrase i ever heared in a linux forum. it is on par with what i usually here from MS fanatics.

**mrugiero** · 09 September 2013, 05:28 PM

Originally posted by dee. View Post

Anyway, at least the Linux kernel doesn't contain any NSA backdoors.

There's no guarantee about it. There were contributors on one of the BSDs introducing back doors for the FBI with actual, useful commits, so it could happen the same to Linux. The idea Linux is completely safe because it's open source is wrong. It only means if you are cautious enough, you could verify it doesn't contain such back doors (IIRC, static analysis can detect most of them), but I don't know of anyone doing so. I hope they do run this kind of tools.

**chrisb** · 09 September 2013, 06:13 PM

Originally posted by mrugiero View Post

There's no guarantee about it. There were contributors on one of the BSDs introducing back doors for the FBI with actual, useful commits, so it could happen the same to Linux. The idea Linux is completely safe because it's open source is wrong. It only means if you are cautious enough, you could verify it doesn't contain such back doors (IIRC, static analysis can detect most of them), but I don't know of anyone doing so. I hope they do run this kind of tools.

That was just the claims of over guy - nobody ever found a backdoor, and fwiw Bruce Schneier thought it wasn't true.

**ryao** · 09 September 2013, 07:16 PM

Originally posted by LinuxGamer View Post

You do understand that systemd is not a Red Hat project?

That is hard to believe. Systemd was created by an employee at Redhat and was almost entirely written by them. If Redhat were to drop it tomorrow, I have difficulty seeing how it would continue.

**ryao** · 09 September 2013, 07:30 PM

Originally posted by Teho View Post

Then again systemd is more collaboratively developed and widely adopted than Upstart ever was so I find that argument bit hard to believe. I mean the original design was developed by Kay Sievers from Novell (at that time) and Lennart Poettering from Red Hat. To my understanding they started the project on their free time.

Regardless of how collaborative development is, the act of collaborating takes effort when someone else has final say over what is committed. The creation of both projects gave their respective creators final say. I consider that to be the real reason they were created.

Originally posted by Teho View Post

The thing is that systemd and Upstart are fundamentally different whereas Wayland and Mir are essentially the same. To my knowledge the only fundamental difference is between client (Wayland) and server (Mir) allocated buffers and even that could be done on Wayland (and has been done apparently). Red Hat did collaborate with Upstart upstream though. Canonical never did the same for Wayland. They _never_ brought up the issues they had with Wayland to its upstream and clearly brought up their lack of understanding of Wayland when they released the Mir spec sheet (that had quite a bit of misinformation about Wayland).

That misses the point. People are free to collaborate as much or as little as they want. It is not our place to criticize them for going their own way.

With that said, I see something of a double standard here. The Wayland developers themselves stated that their work could have been a X11 extension. No one made a single complaint, but when Canonical does the same thing, people here form a lynch mob. In my view, both Wayland and Mir exist because their developers did not want to work on X11 improvements and that is perfectly fine. Their developers should not be criticized for going their own way.

**MartinN** · 09 September 2013, 07:49 PM

Originally posted by mrugiero View Post

There's no guarantee about it. There were contributors on one of the BSDs introducing back doors for the FBI with actual, useful commits, so it could happen the same to Linux. The idea Linux is completely safe because it's open source is wrong. It only means if you are cautious enough, you could verify it doesn't contain such back doors (IIRC, static analysis can detect most of them), but I don't know of anyone doing so. I hope they do run this kind of tools.

a backdoor also doesn't need to be explicit... with enough painstaking combing through the linux source code, one could conceivably find a usable exploit due to a bug (i.e. buffer overflow...or whatever) and use that as a way in, without ever reporting it. By the time everyone else catches up with the exploit (if ever), the damage would be done. Someone who is motivated and well funded could go this route....

On that note, how the hell did this thread deviate from Intel giving the finger to Canonical to Linux security analysis???

**mrugiero** · 09 September 2013, 07:49 PM

Originally posted by ryao View Post

That misses the point. People are free to collaborate as much or as little as they want. It is not our place to criticize them for going their own way.

Actually, it is our place to criticize. Criticize and banning are different things. The latter is not to us. But if we disagree on what they are doing, we have the right to point it out and criticize it.

With that said, I see something of a double standard here. The Wayland developers themselves stated that their work could have been a X11 extension. No one made a single complaint, but when Canonical does the same thing, people here form a lynch mob. In my view, both Wayland and Mir exist because their developers did not want to work on X11 improvements and that is perfectly fine. Their developers should not be criticized for going their own way.

No, they stated themselves it couldn't. Also, it's done by the same people, under the same umbrella, even though it was originally a personal project of a Red Hat employee. In fact, within Wayland, Red Hat doesn't have the final say, as Intel and Collabora doesn't either.

**mrugiero** · 09 September 2013, 07:54 PM

Originally posted by MartinN View Post

a backdoor also doesn't need to be explicit... with enough painstaking combing through the linux source code, one could conceivably find a usable exploit due to a bug (i.e. buffer overflow...or whatever) and use that as a way in, without ever reporting it. By the time everyone else catches up with the exploit (if ever), the damage would be done. Someone who is motivated and well funded could go this route....

On that note, how the hell did this thread deviate from Intel giving the finger to Canonical to Linux security analysis???

The idea is for backdoors to not be explicit. At least, if you want to put them in open source software. Also, I was actually referring to buffer overflows when I mentioned static analysis could detect them. I know Coverity report helped me find some of them in a project I picked up around January.
On the question about how it deviated, I frankly don't remember.

Announcement

Intel Reverts Plans, Will Not Support Ubuntu's XMir

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment