Should we talk about security without politics?

An interesting post by a person nicknamed as cynwulf posted this comment which I may disagree in a few tiny remarks, agree over all, and want to clarify what is generally perceived as political and what I consider to be political.

First it is better to read what Cynwulf had to say on the issue of security:

Today 21:55:58

Re: pkgmaster is repository hell

fungus wrote:

Cynwulf, I don’t disagree with much of what you say, but there has been evidence on systemd being a little more than just not “as functional as it claims”, or becoming a monolith mediator between linux and all other software.  It  is about security.  And that becomes automatically political, whether it relates to user and big corporations or the user and the state.

If it’s about security, then don’t use it.  If you don’t trust the software or the developers, you look elsewhere, it’s that simple (and no security is not “automatically political”).

NSA or whoever, don’t need crap like systemd, they have backdoors in all major OS, there are exploits, hidden for decades in common software and even in the silicon itself.  A specific backdoor in a specific “init system” (thingie) for a specific OS and only a subset of distributions at that, is not that useful.

One could say that systemd is “just business”….  makes a lot more sense than the alternative conspiracy shit.  And that’s my take on systemd, always has been  – it’s a business move for Red Hat Inc.

When you have the likes of Intel and AMD building in the IME/PSP to all new chips, security on x86 becomes nothing more than a token thing ( and as most should know from recent revelations at least, security was never a focus there anyway (never mind that numerous experts warned about it’s general crappiness over a decade ago).

“Security” in most fields of computing can in fact be complete and utter bullshit.  Look at Windows AV software.  You don’t need to make something secure, you just have to convince enough people that ‘retroactive security’ is viable, get them to open the wallets and bend minds accordingly…

My point is, that if you don’t like this Linux distribution or how it’s developed, then you have a choice.

I couldn’t agree more on the technical matters and I trust that he know much more than I will ever know.  Cynwulf is not your average linux or non-linux user.  I agree the doors exist in the chip, in the kernel, in firmware, and most importantly in the compiler.  So even when you write your own simple and trustworthy code you may be compiling a binary with a built in backdoor.  All “they” have to do is point to a specific connection of interest and all possible doors open, any combination that is possible, to gain full access to your machine and in a very unnoticeable way.  All this live built in noise a browser creates covers up the whispers of things going in and out.

This is not what we were really talking about in that discussion and anonymity is just a tiny part of digital security but so specific that makes ALL technical analysis above irrelevant.  Consider two people setting up rendezvous points and dates, utilizing some machine you bought 2nd hand, utilizing the many wifi hotspots around town, to quickly send an encrypted message to each other even using one time webmail accounts.  Then destroy or allow others to take possession of that one hit machine, by casually forgetting to pick it up from a public spot.  Tor can only help in a way that you probably won’t get caught red handed and identified jeopardizing also the other party.  Ok, sit on a crowded but shaded by concrete place, covering up from public cameras and silently so you won’t get voice recognized by concealed microphones.  Terrorists, drug dealers, intelligence officers, do things like this.  Do we care?  Of course not, we are law abiding citizens that mean well for all of humanity.

But what is politics and what is this recent modern youth aversion to politics?  You hear it all over the place and predominantly in well to do western urban settings.  The very same apolitical people would refer to office politics, workplace politics, even family politics, in a different sense.  I would say politics are the human relationships formed around issues that relate to what is common.  What pertains to our access to food, water, shelter, health, information and education, our access and freedom on the land we live and move around on.  That is politics.  To refrain from voicing an opinion or acting on those issues is the ultimate conservative and passive submissive act of accepting those in power to control and dictate everything about your life.

In this respect those who may try to terrorize or limit our access to information and the free exchange of information are a security threat, and the issue is political.  It is political because the only way we can act upon a common idea about our common issues is to discuss and exchange information, opinions, arguments, amongst ourselves.  In that sense digital security and anonymity are very political.  It is not the individual’s issue, it is our common issue.  If one of us can be scared to become silent then we all loose that one voice.  Soon more voices are lost, and later there is only the voice of those who have the power to be heard and to rule without any public criticism.

So stop being silent, uninterested in “politics” and speak.  I don’t care what you believe or think but it is better to express something I dislike than be scared and silent.

That is what it is about, and that is the essence of open/free software.  A tool that you can control your ability to speak and be heard, to listen and to debate.  This is where the issue of trust comes in.  Do you trust the medium and the tool you are using to be heard?  Please spare us your naive perception of already having such a freedom protected by a constitution.  Wake up!  Take the red pill if you must.

 

 

3 thoughts on “Should we talk about security without politics?

  1. I don’t recall the exact series title, but “cynwulf” probably the same person had put up a 3 or 4 part series of blog posts at linuxquestions.org. It was really interesting reading, I mean thought-provoking interesting. So, maybe good intentions but in your discussion cynwulf just got all caught up in arguing and being hellbent on winning an argument. Sorry, i can’t swim in that devuan forum, those folks seem so bent on “fighting a fight” that they even fight amongst themselves.

    Like

  2. On the subject of that one line: “security is not automatically political”. There are arguments to the contrary, but note the use of “automatically”.

    I am not a Linux user, I have run various ‘BSDs for about 7 years. I moved away from Linux before the arrival of systemd in popular distributions like Debian. I mainly use OpenBSD these days and I believe that OS’s security focus is at least known to some who move in these circles by now (but still entirely misunderstood by the vast majority of Linux fans).

    OpenBSD is arguably one of the most secure OS there is, it is not however developed by political activists. The OS is developed by interested individuals, many of whom use their it for the own purposes and work on what they want to see improved and is overseen by someone who values “code correctness” and proactive security over performance and feature creep. So if someone has data, valuable data, they may run a business, they may want that data to be secure, then OpenBSD could be running on parts of their network, powering routers, firewalls, etc. This comes from a “security” perspective, not a political one, not an activist one. There is no avoidance/exclusion of any specific software based on any specific vendor. OpenBSD only excludes the following:

    Any new GPL code from the base system – this is because GPL code is by nature encumbered (or “viral” if you will) and hinders how and what OpenBSD can be used for, due to complicated copyleft legal clauses relating to linking, etc.
    Binary blobs. For obvious security reasons. e.g. you can have as secure a hardened Linux as you want, but if you’re going to install a binary only kernel module, that security becomes almost irrelevant.

    (disclaimer: This is not in any shape or form a promo for OpenBSD)

    I touched on Intel management engine and AMD PSP in that post. The threat of those should not be downplayed. This is where it indeed gets very nefarious and very political. There is some decent reading at EFF and at the libreboot website relating to these.

    But the short version is that since the core architecture and later AMD cores/APUs, the x86 platform has been compromised with a “system within a system” which has been proven to contain exploits and cannot be disabled by the end user. In the Intel model, the system runs “out of band” and consists of a modified MINIX OS. We have also seen numerous bugs in x86 over the last few years exploiting side channels and cache. x86 is fundamentally broken, as was pointed out by OpenBSD lead developer Theo de Raadt, over a decade ago. It’s an open door to anyone with the know how and we know that certain government agencies had the know how for decades and made full use of that.

    So, yes I find all that very political indeed, but systemd I regard as a FOSS project, not a political one, a sprawling reinvention yes, but still just a FOSS project. My take on it is that it’s now a Red Hat led thing, it’s a business thing. What it started out as and what it may become are irrelevant at this stage.

    We should be far more worried about this new phenomenon of “system within a system”, the ever extending reach of alphabet/google, facebook and the ‘new’ very friendly MS, stroking the Linux foundation with one hand, beating FOSS over the head with patents with the other, far more worried about the billions of android devices and their spyware/data mining payloads, the IoT, the “home hubs”, very worried indeed about all the corporate reps sitting on the Linux foundation board of directors… of CoCs, being exuberantly instated by “useful idiots” with their strings being pulled by corporate backers… with systemd as the sole focus, we’re in danger of completely missing the wood for the trees…

    “So, maybe good intentions but in your discussion cynwulf just got all caught up in arguing and being hellbent on winning an argument. ”

    You clearly haven’t seen me “hellbent” on winning an argument… I believe I made about two posts in that thread, so your assessment is somewhat of an exaggeration to say the least.

    (Thank you for reading my blog series though)

    Like

If your comment is considered off-topic a new topic will be created with your comment to continue a different discussion. This community is based on open and free communication, meaning we must all respect all in minimizing the exercise of freedom to disrupt such communication. Feel free to post what you think but keep in mind the subject matter discussed. It is just as easy to start a new topic as it is to dilute the content of an existing discussion.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.