[Trisquel-users] Julian Assange: Debian Is Owned By The NSA
nux at blueyonder.co.uk
nux at blueyonder.co.uk
Wed Aug 13 09:55:50 CEST 2014
A bit late in the day, but...
If you were going to compromise a distro then Debian and Red Hat would be the
obvious ones to go for as they're more or less the root distros of all others
(Arch and Slackware aside). Compromise Debian and you compromise Ubuntu and
all it's spin offs. Compromise Red Hat and you have the Corporate sector in
the palm of your hand. That's a lot of distros and a lot of data that's yours
for the taking.
Further - given that the current kernel has around 15 million lines of code
in it, just how many hundreds of millions of lines of code are in the average
distro? And these are all watched? All the time? And everyone watching them
is 100% open hearted, honest and uncorruptible? Seems a little unlikely.
Particularly given the fact that much of what is in GNU/Linux is Corporately
developed or payrolled and the levels of double-mindedness that Corporate
employees display are more than well documented.
There is the now infamous incident where Linus Torvalds was asked if he had
been approached by the NSA and he said "no" whilst nodding. And it all seems
so gentlemanly, as though they said "We don't suppose you'd be willing to
compromise the kernel? No? We didn't think so, oh well it was worth a try"
and not "if you value your children's lives, you'll do as you're told" or,
far more likely, they found someone on the kernel dev team who had a
weakness, or need of money and as such was turnable. And no one is going to
submit a patch with the P.S - "I've been approached by the NSA and they asked
me to put a back door in this, so be aware..."
And even if none of this is true, fear and suspicion will destroy a community
far more effectively than infiltrating it will. So a whisper here and a
carefully crafted blog post there and suddenly everyone's behaving like that
scene in the Clint Eastwood movie where we're all standing in a graveyard,
eyeing each other warily, hands hovering over guns, waiting for someone to
make the first move. Divide and rule has been practiced for millenia and
whilst those who practice such methods have millenia of archives and manuals
on how to do it, those who resist seem to have to relearn, from the ground
up, in each and every generation.
That said, it's now known that backdoors are being built into the hardware
and are deisnged to be OS agnostic, so it matters little whether Debian has
been compromised, if it's running on compromised hardware. And to my mind,
the development of OS agnostic backdoors in the hardware is a direct response
to OpenSource software. "Think you've outsmarted us, just because you use
I read the article and the lengthy debate. It comes down to paranoia (a very
healthy attitude considering all we now know) vs trust. All the arguments for
trust are based on an appeal to the majority or on a specific lack of
evidence of corruption. Neither are valid arguments.
So, either I learn all the necessary languages and then audit the code myself
(for who else can I really trust?) or I have to 'hope for the best' despite
overwhelming evidence to the contrary. The former is impossible and the
latter is no choice worth making. I have zero expectations of privacy.
Regardless of what software I use, there is no escape from State
surveillance. Even if there was a 100% clean OS, my ISP is spying on me
anyway. This post I'm typing on my nice 100% libre OS, will still be sent
through servers, in a series of packets and it's almost certain that they can
be read by those I have not given permission to.
So why bother at all then?
For me, it's about personal morality. I believe in marriage, but I don't
entertain ideas that because I believe in marriage that this will lead to an
end to one night stands, or divorce. But neither will I say "marriage is
going out of fashion so I won't bother either". I tend to regard the majority
as unsavable. They are blind, deaf and dumb; deprived of the wherewithall to
make informed decisions and programmed to despise those who do. So all we
have is our little corner of the world and it's good to find others who feel
the same way, albeit in varying degrees. But changing the world for the
better? Not going to happen. That doesn't mean don't try, it just means be
realistic about our chances and be ruthlessly discerning over who says what
and why. If your first reaction to "Debian owned by the NSA" was anger, then
you're almost certainly not thinking straight about the deeper issues. The
title was intentionally provocative, to get people to read it, to try to get
people to think beyond the badges and sales slogans that we're all familiar
with and over which we should, by now, be very questioning, regardless of who
states them. When a High Street Bank says "the name you can trust" anyone who
watches the news will fall about laughing. Even the Co-Op bank (here in the
UK) has abandoned ethical practices and is now going down the Corporate
dishonesty route. Why should Debian be any different? Becuse it uses the
words "open source"? So do Microsoft.
Should there be a panel of code reviewers? Yes. Could they be trusted? For
about a week or two, then suspicion would have to return, because such a body
would arguably be a target for compromise and as such would be compromised,
as every other body set up to "keep an eye on things" has been. Corporate law
has to be changed and that requires a legislature that is also not
compromised and that in itself is a problem as old as humanity.
All of which is a long winded way of saying, to my mind, suspicion is the
default setting. If you can prove trustworthiness to me then so much the
better, but it's for you to prove I can trust something and not for me to
prove that you cannot trust it. Because the evidence for the argument that
very little is not compromised is all around us.
More information about the Trisquel-users