Crazy x-post about how insecure the net (and society at large) really is. Very interested in discussion

This was posted yesterday on /r/programming

The basis of the article is that Linux as a whole is fundamentally compromised as the core components (ie, what is used regardless of distribution) are largely built by Red Hat - and Red Hat is funded largely by the US Government/Military. What does that mean for things like tails?

What can be done? The comments mention OpenBSD and 'static linux' (which seems to be still in the prototype phase) - as well as a script from the author of the article called sand fox which aims to run programs in a sandbox, only allow access to explicitly permitted portions of the file system.

thoughts?


Comments


[3 Points] firstreddituserever:

Interesting read. It's always a good idea to look at it, you know. But government funding into open source projects certainly isn't new or revelatory. It's not a clear indication of deceit. Theoretically, if there were such a backdoor in something like SELinux, straight from the NSA, it wouldn't take long for people to figure out that something isn't right. There are actually quite a lot of people who review the updates before it's pushed out to the rest of us. It would be hard to get away with that after the fact, and they would lose all credibility in the matter. That said, there is no such thing as "trust" in what we're doing and I think netsec should be prioritized considering how much all of us have to lose. As far as we're concerned, I'd like to think that this is all much better than the alternative of buying off the street. But I'll tell you this: I'm not ANY less paranoid than I was back then.

Anyways, while we cannot even dream of going through every line of code by ourselves, we can subscribe to the people who are doing just that. IMO, I think the US Federal Government funds these guys because they're using the software themselves. That is more of an endorsement than anything else. And you know, as far as fedora is concerned, that is a pretty impressive OS in terms of security when you read about it. But I wouldn't put all my eggs in one basket. Thanks for sharing, man.