Skip to main content

View Diary: An NSA-proof operating system. Yes, for real. (171 comments)

Comment Preferences

  •  can we dial back the CT even just a little please? (9+ / 0-)

    and I highly doubt any OS is unhackable

    In the time that I have been given,
    I am what I am
    Shop Kos Katalogue or the Parrot gets it

    by duhban on Fri Jul 12, 2013 at 11:54:59 PM PDT

    •  Amen. Complete and utter CT. (8+ / 0-)

      This diary is bullshit in so many ways.

      Scary prose.

      The NSA owns you.  They own every thought, all your dreams and aspirations.
      Unhackable OSs, based on nothing but your word.
      There is this operating system.
      Provably false statements.
      Security by Isolation is an approach that is newer, and very effective.
      Overlooking the ways in which any computer connected to a network can be compromised.

      And, perhaps worst of all, worrying about the wrong thing, in terms of likelihood--botnets taking over your computer to use for denial of service attacks is more likely than the NSA spying on your computer.

      Stop scaring people.  It's like claiming that because spooks might get into your house at any time without your knowledge, you need to build a concrete bunker with no windows and one door, which you weld shut behind you.

      They might, but are you going to take such extreme precautions that your life becomes unbearably hard to live?

      "Ridicule is the only weapon which can be used against unintelligible propositions." - Thomas Jefferson

      by rfall on Sat Jul 13, 2013 at 12:19:18 AM PDT

      [ Parent ]

      •  Sorry you don't care for my prose. (6+ / 0-)
        Unhackable OSs, based on nothing but your word.
        Bullshit.  Look into it.  Look into Rutkowska.  I've done a couple years worth of homework on this, you have obviously done none.  Who's flinging poo?
        Provably false statements.
        Bullshit again.  Security by isolation (as I pointed out in another comment) - in this case - is indeed newer.  The tech to implement it has only existed since hardware caught up to Xen.  This isn't air-gap isolation - it's hardware-implemented functional isolation.  If you don't understand something, isn't it considered polite to ask before swearing at people?

        It ain't called paranoia - when they're really out to get you. 6 points.

        by Jaime Frontero on Sat Jul 13, 2013 at 12:33:00 AM PDT

        [ Parent ]

        •  Some Qubes Security Bulletins (3+ / 0-)
          Recommended by:
          duhban, CroneWit, Sparhawk

          Qubes Security Bulletin #7

          Discussion
          ------------

          This is not the first time when the overly-complex permission system strikes back and causes more harm than good.

          Qubes Security Bulletin #8
          Xen.org has announced today a security advisory XSA 58, which fixes a bug introduced by... a previous security fix identified as XSA 45 (see [1]).

          The original problem that the XSA 45 was supposed to fix was a timing-based DoS attack.

          It's a security bug that was introduced by trying to fix the previous security bug.

          And here's a list Xen security announcements.

          •  Yes? And those bugs were patched... (5+ / 0-)

            ...immediately.  In fairness, you might have included that information in your quote:  it was just the next paragraph, in both cases.

            Bugs exist.  We do the best we can, and follow the lead of those who can do better.

            It ain't called paranoia - when they're really out to get you. 6 points.

            by Jaime Frontero on Sat Jul 13, 2013 at 01:50:18 AM PDT

            [ Parent ]

          •  A bug doesn't mean it's hackable... (3+ / 0-)
            Recommended by:
            Garrett, quill, J M F

            Only a small number of bugs actually leave a real world system vulnerable.  

            In the examples you are giving, in Bulletin #8, the previous security bug patch was never applied to the released packages, so they say "so the users, up to date, have only been affected by the timing DoS, related to XSA 45 problem."  And since that was a DOS problem, it didn't actually leave the system "hackable" as far as axcess to the system or data.  

            And in Bulletin #7 they say "the impact of the XSA 52-54 does not seem to be so problematic in practice".  Looking at other recent advisories, XSA 55 only applies if you run an untrusted kernel in one of your domains, and XSA 56 also doesn't apply to systems with normal security measures.  Only XSA 57 of the recent advisories has the potential to allow a serious attack.  But there's no evidence yet that potential has been exploited.  

            I do think the diarist is overstating the advantages of this system vs. an ordinary linux.  Nearly all of those things you do to lock down an ordinary linux sytem, you should also do on Qubes.  This just adds an additional layer of security.  

            But some are overstating the capabilities of the NSA if they really think they can get into any system or crack any encryption.  Nothing is 100% guaranteed, but good security can make things very difficult even for the NSA.  

            •  As I see it, the diary title (1+ / 0-)
              Recommended by:
              duhban

              might as well be  "A Perpetual Motion Machine. Yes, for real."

              A diary with a title and theme like that wouldn't be a place I'd want to get into discussions about real-world machine efficiency.  

              •  I guess that depends on interpretation.... (0+ / 0-)

                If you interpret "NSA-proof" as meaning it's perfect, then yeah, that's never going to be.  But, if you interpret it in the way words like "waterproof", "soundproof", and "bullet-proof" are normally used, then I don't think it's that unreasonable a headline.  

                I don't think he ever said in the body that it made a system unhackable.  Though on the whole he does seem to be overselling it. It does seem like a decent security idea, but probably more effective vs. malware than vs. the NSA (which is only collecting data off the internet, and if they do target individual computers, they really wouldn't be permitted to do that to US citizens).  

                And I think it also would likely be more complex, and less for average users, than applying basic security measures to a popular Linux distribution like Mint or Ubuntu.  

        •  I've worked in IT off and on since the 90s (3+ / 0-)
          Recommended by:
          duhban, rfall, Sparhawk

          I've never heard of this shit.

          Were I to be paranoid enough to give a shit about this kind of thing, I'd be using BSD and not Linux.

          Since you are proposing a linux solution why Xen and not KVM?

          Network security and not the security of your local machine is what matters anyway.

          You come off as someone who has a vested interest in promoting this particular software.

          Praxis: Bold as Love

          by VelvetElvis on Sat Jul 13, 2013 at 04:10:11 AM PDT

          [ Parent ]

        •  Wasting your breath. (2+ / 0-)
          Recommended by:
          Jaime Frontero, DeadHead

          Just ignore the trollery.

      •  But if we change a word... (2+ / 0-)
        Recommended by:
        CroneWit, rfall
         It's like claiming that because spooks terrorists might get into your house at any time without your knowledge, you need to build a concrete bunker with no windows and one door, which you weld shut behind you.
        They might, but are you going to take such extreme precautions that your life becomes unbearably hard to live?
        Emphasis mine.

        May you always find water and shade.

        by Whimsical Rapscallion on Sat Jul 13, 2013 at 04:23:04 AM PDT

        [ Parent ]

    •  I would never indulge. (0+ / 0-)

      It isn't - at least in some cases (to which this diary is pertinent) - solely a theory anymore, is it?

      It ain't called paranoia - when they're really out to get you. 6 points.

      by Jaime Frontero on Sat Jul 13, 2013 at 12:24:16 AM PDT

      [ Parent ]

      •  you are going to have clarify (1+ / 0-)
        Recommended by:
        acerimusdux

        what isn't a theory anymore?

        In the time that I have been given,
        I am what I am
        Shop Kos Katalogue or the Parrot gets it

        by duhban on Sat Jul 13, 2013 at 12:55:50 AM PDT

        [ Parent ]

        •  I would humbly suggest you read... (6+ / 0-)

          ...Snowden's interview in Der Spiegel.

          Interviewer: What happens after the NSA targets a user?

          Snowden: They're just owned. An analyst will get a daily (or scheduled based on exfiltration summary) report on what changed on the system, PCAPS 9 of leftover data that wasn't understood by the automated dissectors, and so forth. It's up to the analyst to do whatever they want at that point -- the target's machine doesn't belong to them anymore, it belongs to the US government.

          I'm making the assumption that Snowden is a.) in a position to know, and b.) without any reason to lie that I can fathom.

          Somehow, I get the feeling that your mileage varies...

          It ain't called paranoia - when they're really out to get you. 6 points.

          by Jaime Frontero on Sat Jul 13, 2013 at 01:08:19 AM PDT

          [ Parent ]

          •  I have read the interview (6+ / 1-)

            but that doesn't answer my question

            What isn't a theory anymore?

            That given enough time the NSA or really anyone can break a system? Well of course but that's like saying that since you could have your house robbed you need a concrete bunker with some land mines.

            And I don't put any stock in Snowden's ability to tell the truth not after he sold out to the Chinese and maybe the Russians.

            In the time that I have been given,
            I am what I am
            Shop Kos Katalogue or the Parrot gets it

            by duhban on Sat Jul 13, 2013 at 01:14:06 AM PDT

            [ Parent ]

            •  The prose I used that your compadre... (5+ / 0-)

              ..seems to consider CT: in the first paragraph of the diary.  It wasn't prose, actually - pretty much a stolen quote from Snowden.

              And you have some evidence that Snowden "sold out to the Chinese and maybe the Russians."?

              That's OK.  No need to answer.

              Deny.  Deflect.  Minimize.  Personalize.

              I'll just take it as a given...

              In the meantime - without bringing Snowden into it, which my diary didn't do - there are people here who are in dangerous situations:  activists of various stripes, people in the military or in government service who value progressivism but really don't need to be identified as reading this site (or others).

              This diary is for them.  Not for you.  We're already quite well aware of what you think.

              It ain't called paranoia - when they're really out to get you. 6 points.

              by Jaime Frontero on Sat Jul 13, 2013 at 01:31:32 AM PDT

              [ Parent ]

            •  HRed. Same baseless smear you've repeated (3+ / 1-)
              Recommended by:
              Jaime Frontero, CroneWit, Lost and Found
              Hidden by:
              acerimusdux

              Over and over.

              And no. This isn't just your fucking "opinion" or you just fucking "disagreeing."

              You and others repeat this bullshit smear over and over.

              I've seen YOU, specifically, do this on multiple occasions.

              We know how you fucking feel about Snowden, already.




              Somebody has to do something, and it's just incredibly pathetic that it has to be us. ~ J. Garcia

              by DeadHead on Sat Jul 13, 2013 at 01:42:53 AM PDT

              [ Parent ]

              •  thank you for your insults and abuse of status (3+ / 0-)
                Recommended by:
                johnny wurster, acerimusdux, sviscusi

                I expect nothing else from you

                In the time that I have been given,
                I am what I am
                Shop Kos Katalogue or the Parrot gets it

                by duhban on Sat Jul 13, 2013 at 01:53:04 AM PDT

                [ Parent ]

              •  This is abusive (3+ / 0-)

                First off, your HR amounts to ratings abuse.  Duhban was having a perfectly civil on-topic discussion with the diarist.  there was nothing even remotely inappropriate about the comment you hide rated.

                Seciond, your comment here IS abusive and disruptive, and serves no purpose here other than to persoanlly attack another user with whom you seem to have a prior grudge.

                •  And so you break a rule in the process (0+ / 0-)

                  Using an HR to punish someone for HRing is HR abuse in itself.

                  Don't tell me what duhban was doing. I know full well this posters history. He's in every fucking Snowden/NSA diary spouting the same bullshit smears and debunked talking points.

                  Read my fucking explanatory comment above, for fucks sake.




                  Somebody has to do something, and it's just incredibly pathetic that it has to be us. ~ J. Garcia

                  by DeadHead on Sun Jul 14, 2013 at 05:58:49 AM PDT

                  [ Parent ]

                  •  And I don't need a lecture from you about (0+ / 0-)

                    Being "disruptive," considering the fact I tipped, rec'd and posted to this diary long before you or the person you're defending showed up.




                    Somebody has to do something, and it's just incredibly pathetic that it has to be us. ~ J. Garcia

                    by DeadHead on Sun Jul 14, 2013 at 06:02:11 AM PDT

                    [ Parent ]

                  •  Wrong (0+ / 0-)

                    I've never given anyone an HR for an HR.  Your comment was out of bounds regardless of the rating.  

                    And Duhban's history has no relevance here.  

                    •  Tell me, then (0+ / 0-)

                      what exactly made my comment HRable? Nothing.

                      My HR to duhban was for repeating a lie/smear without ANY evidence to back it up, YET again, meaning, I've seen him do the same shit MULTIPLE times.

                      It matters little, now. Both HRs are irreversible at this point.

                      Not that I cared about one HR -- it was the apparent reasoning behind yours that bugged me.




                      Somebody has to do something, and it's just incredibly pathetic that it has to be us. ~ J. Garcia

                      by DeadHead on Wed Jul 17, 2013 at 03:18:25 AM PDT

                      [ Parent ]

                      •  My reading.... (0+ / 0-)

                        In general the golden rule of hide rating is "rate the comment, not who makes it".  All of the "you and others" and "I've seen YOU do this" is unhelpful.  

                        Also, while language isn't generally policed here, and you are allowed to use such words as "fuck" and "shit", it does matter how you use them.  To me, such phrases as 'your fucking "opinion"' and 'you just fucking "disaggreeing"', and 'we know how you fucking feel' are insulting, and insults always are HR-able.  The overall tone, and lack of substance, is why I thought the comment out of line.

                        I'm not defending his opinion that Snowden "sold out to the Chinese", but if he's factually incorrect, I don't think it rises to the level of a well-know previously debunked conservative talking point, either.  If we hid every comment that had a single error of fact, we wouldn't have as much civil discussion as we have here.  If he is deliberately lying, I don't see the evidence of that.  

                        If you had provided a reasoned explanation of what you thought was inappropriate, I would have left it alone.  But your explanatory comment seemed to me to be long on insults and short on explanation.

                        Simple question, if I rather than duhban had made the above comment, would you have responded in the same way, or would you have enaged civilly and made an attempt to educate me where I was in error?  

                        To me, this just read like a prior personal dispute being brought into a thread where the issue was tangential.  His opinion about Snowden really wasn't the main point here.  And if someone had responded in kind to your comment, I thought it could have been disruptive.  Nothing personal.  

    •  For you, anything (0+ / 0-)




      Somebody has to do something, and it's just incredibly pathetic that it has to be us. ~ J. Garcia

      by DeadHead on Sat Jul 13, 2013 at 12:51:55 AM PDT

      [ Parent ]

    •  and if there was one it would be OpenBSD (0+ / 0-)

      based and not Redhat

      Praxis: Bold as Love

      by VelvetElvis on Sat Jul 13, 2013 at 04:05:13 AM PDT

      [ Parent ]

Subscribe or Donate to support Daily Kos.

  • Recommended (147)
  • Community (57)
  • Baltimore (38)
  • Civil Rights (37)
  • Bernie Sanders (33)
  • Culture (29)
  • Elections (28)
  • Economy (27)
  • Law (25)
  • Texas (23)
  • 2016 (21)
  • Rescued (20)
  • Environment (19)
  • Labor (19)
  • Education (18)
  • Hillary Clinton (18)
  • Racism (17)
  • Freddie Gray (17)
  • Politics (16)
  • Barack Obama (16)
  • Click here for the mobile view of the site