Originally posted by DrYak
View Post
Announcement
Collapse
No announcement yet.
Learn More About The Zinc Crypto API, Which Hopes To Get Into Linux 5.0 With WireGuard
Collapse
X
-
Originally posted by Cape View PostI don't trust either Zinc nor WireGuard.
There is something fishy about it. Also the recent CoC thing made me even more suspicious 🤔
Some options would be:- reduce the trust that is required. Learn more about this technology and maybe even check some of the code.
- learn about the people involved with this project. Are there people working on the project and the code which you do think are trustworthy?
- ask yourself what software and what developers you currently trust and why. Objectively compare that software to wireguard and its developers to see if there is actually any reasonable or identifiable cause for your concern.
- consider learning how to compile your own kernel (if you haven't already). Distributions like Arch and Gentoo are built around easily allowing this kind of activity. You then have the option of not including these Wireguard options.
- reduce the amount of damage that this code can do if you suspect it could be nefarious. e.g. If a system doesn't need to be online, then airgap it: don't connect it to the internet. If you trust NetBSD more, then use that on a critical system instead of GNU/Linux. You could use virtual machines: IE your base/host OS could be very minimal, not much software installed and a lightweight kernel. The guest operating systems could be single purpose and could include more features.
Last edited by cybertraveler; 03 October 2018, 08:36 AM.
- Likes 3
Comment
-
Originally posted by cybertraveler View Post
There are many organisations out there which seek to compromise our systems and reduce our security and our privacy. You're probably aware of some of these negative organisations. This is probably why you get this instinct. I think it's a good instinct to have, but it may be worth asking yourself now: what can I do to reduce my suspicion and resolve the concern I have?
Some options would be:- reduce the trust that is required. Learn more about this technology and maybe even check some of the code.
- learn about the people involved with this project. Are there people working on the project and the code which you do think are trustworthy?
- ask yourself what software and what developers you currently trust and why. Objectively compare that software to wireguard and its developers to see if there is actually any reasonable or identifiable cause for your concern.
- consider learning how to compile your own kernel (if you haven't already). Distributions like Arch and Gentoo are built around easily allowing this kind of activity. You then have the option of not including these Wireguard options.
- reduce the amount of damage that this code can do if you suspect it could be nefarious. e.g. If a system doesn't need to be online, then airgap it: don't connect it to the internet. If you trust NetBSD more, then use that on a critical system instead of GNU/Linux. You could use virtual machines: IE your base/host OS could be very minimal, not much software installed and a lightweight kernel. The guest operating systems could be single purpose and could include more features.
- Likes 1
Comment
-
Originally posted by Cape View Post
You perfectly described what i had in my mind. I just hope i'm not alone in this one, because i'm not really a programmer... Will look more into it though.
I've seen Open Source projects before where my spidey senses have flared up because the reasons for actions being given just don't seem to be valid or the logical course of action for achieving their stated goals. This has led me to consider that they are up to something else.
So far, so good!
- Likes 2
Comment
-
We've got papers and security proofs and such, if you're interested in that kind of thing: https://www.wireguard.com/papers/wireguard.pdf https://www.wireguard.com/formal-verification/
It's always funny reading these conspiracy theory allusions though (this thread and more so others too). The thing that strikes me is how they refer to me/theproject/whatever as so distant, as such an other, as this far-removed hidden-in-a-bunker-somewhere entity, inaccessibly evaluable. But in reality, here I am, hanging out on Phoronix and stressing about PRIME render offloading on my Nvidia binary blob graphics driver, tweaking out about mesa bugs, running a gazillion benchmarks for random things... the same as everyone else here pretty much. So, well, hi 👋 -- I'm a person too.
(Also, I mail stickers for free if anybody wants some.)
- Likes 2
Comment
-
Originally posted by zx2c4 View Post
(Also, I mail stickers for free if anybody wants some.)
jk
Comment
-
Originally posted by zx2c4 View PostWe've got papers and security proofs and such, if you're interested in that kind of thing: https://www.wireguard.com/papers/wireguard.pdf https://www.wireguard.com/formal-verification/
It's always funny reading these conspiracy theory allusions though (this thread and more so others too). The thing that strikes me is how they refer to me/theproject/whatever as so distant, as such an other, as this far-removed hidden-in-a-bunker-somewhere entity, inaccessibly evaluable. But in reality, here I am, hanging out on Phoronix and stressing about PRIME render offloading on my Nvidia binary blob graphics driver, tweaking out about mesa bugs, running a gazillion benchmarks for random things... the same as everyone else here pretty much. So, well, hi 👋 -- I'm a person too.
(Also, I mail stickers for free if anybody wants some.)
Don't take the concern personally. People are understandably worried about infiltration in this day and age.
Comment
-
The Zinc author is making a good impression in this talk but he is acting very hostile aproach against other people in the coding community who make open-source implementations based off his work. His actions and non-proffesional behavior and personal attacks on the offical WireGuard mailing-list against a guy that made Windows c++ user-space implementation of the WireGuard protocol is a good example. It really turned me off.
Comment
-
Originally posted by fontana_73 View PostThe Zinc author is making a good impression in this talk but he is acting very hostile aproach against other people in the coding community who make open-source implementations based off his work. His actions and non-proffesional behavior and personal attacks on the offical WireGuard mailing-list against a guy that made Windows c++ user-space implementation of the WireGuard protocol is a good example. It really turned me off.
Comment
-
I just generally don't trust people who claims to be in the security industry but act on feelings and not facts. The same day the Windows client, TunSafe, was released he banned the author from the #wireguard IRC channel. Some days later he posted in the mailing-list that he has reverse-engineered the client and found security issues. Instead of informing the community or the TunSafe author with facts about the security issues so it can be fixed, he's put up warnings on the wireguard homepage and other places where people discuss TunSafe. When people ask information about what the security issues are he refuses to anwer and demand them to stop asking.
The least I expect from someone in the security industry is that they provide information to the creator of a software if they find security holes. The Zinc author publicly refuses to do this. It's not my personal feeling.
The Windows client author is not an unknown. It's the same guy coded uTorrent and the Spotify core.
Comment
Comment