IgnorantGuru's Blog

Linux software, news, and tips

Biography of a Cypherpunk, and How Cryptography Affects Your Life

For a little over two years, I have been on a strange odyssey into the heart of Linux, and I think now is a good time to summarize that journey for some readers that haven’t followed every step, and to answer some questions that it has opened. Like most users, I came to Linux with the impression that it was an openly and freely developed OS, a saner alternative to the corporate OSes such as Windows. I knew corporations had developed some of the software and had infiltrated the kernel, but I thought Linux was largely driven by users and community development, largely volunteers. And I thought the assertions that Linux took security more seriously were based in facts – that things were basically done smartly, because this is ‘our OS’.

Being semi-retired from such work, I never intended to develop software in Linux. This happened as a result of my first encounter with something ‘not quite right’ in Linux. Originally a user of the KDE version of Ubuntu, I began to see disturbing patterns in how daemons were being used, and generally how the system was being engineered to be increasingly locked down, intrusive, and overly complex. I knew these patterns well because I had used and developed on Windows for many years. With the advent of KDE4, I was driven to abandon KDE and Ubuntu completely, moving to Arch Linux with just Openbox. This was also my first real introduction to the ‘g’ side of Linux (GNOME and GTK apps and daemons), since now I was avoiding any KDE dependencies.

When I first began using Linux, a little over a decade ago, I chose the name “IgnorantGuru” because I was a guru in some areas of computers, certainly not a novice, but I was also a Linux noob and ignorant of plenty! I always feel this way about knowledge: acknowledge both what you know and what you don’t know – this is where learning begins, or continues. The surest way to learn nothing is to believe you know it all. So I got to know bash a bit and started sharing scripts, and eventually set up this blog to maintain my scripts and let people see what I was up to in my own explorations and uses of Linux. This blog also saw some fame in the form of an article I did on the lack of package signing in Arch Linux, a large controversy at the time which established this blog as a controversial news and discussion site. Then as I started hacking the legacy PCManFM so I could add a few custom commands to it, PCManFM-Mod was born. Feedback on this small mod convinced me that I wasn’t the only person interested in simple, flexible software, and this interest eventually grew into the SpaceFM and udevil projects. I am a Linux developer and blogger, when I had set out to be neither! Such is life.

I’m not new to all of this. I don’t usually go into my history much as I prefer a layer of anonymity to work in peace, and it helps me stay on topic. Yet here I would like to share a little of my general background so you can understand where I’m coming from. Sometimes I get the impression that people are confused as to why their file manager developer takes some of these blogging issues so seriously. Why does he care?

I care because I am a cypherpunk, or I was. Much of the software I’ve developed in the past has been in the general area of crypto and various related clients, servers, etc. If you were around back then, you knew my name (alias) – I wrote popular software of the day and had articles published by the EFF, etc. For those of you too young to know or remember, this was the period, and just following the period, when Phil Zimmerman first released strong cryptography into the civilian domain (PGP). The US federal government started a virtual war against this, and did everything they could to make Phil’s life miserable for years – he was persecuted. To help characterize the times for you, the only way he could release the source was to print it in books, then sell the books worldwide. This was still legal (although it infuriated the feds) because printed books had censorship protections and freedoms. People would buy the books, scan in the code (a very tedious and error-prone process, especially for crypto code), and (try to) compile it. This is how strong crypto first left the military domain and found use around the world, even something as simple as the https you now take for granted. Crypto wasn’t just used to keep secrets, but to expose them and to protect people (dissidents, activists, even intelligence agents). Anonymous and pseudonymous remailers, the precursors to today’s tor network, were developed and basically created chaos for those who numbered and controlled everyone. It became much more difficult to suppress information.

It was an exciting time – people are now revisiting some of that excitement with the Snowden affair and such – and we were all eager to master these new tools and free the world. Although some commercial software did exist, the 80s were very much a do-it-yourself time in computers. Much of what you used, you wrote yourself, so adding crypto to that mix created an explosion of new tech. “Conspiracy theory” was not a term then, and no one would have taken it seriously. If you didn’t distrust every government and newspaper, you were simply a damn fool. This is why I still consider most of you damn fools. ;) It’s hard for me to comprehend the naiveté in today’s world, and the easy validity given to people who ‘debunk’ revelations of obvious corruption.

I’ll share two personal anecdotes to give you an idea of those times for me. For one, I personally discovered a crypto key in a widely used crypto server of that day that had most of its bits set to 0×00 (rendering it compromised). No paranoia required – I witnessed it. People had been relying on this sophisticated tool for their anonymity (in some cases their LIVES) for a few years and it hadn’t been detected, despite alleged peer review. I happened to be examining the source to borrow some code and I couldn’t believe my eyes. A chill went down my spine. I immediately published my findings to the mailing list so that I would not become anyone’s target (paranoid? perhaps, but I was scared). The server’s developer quickly corrected it, but it left a lot of serious crypto people shocked and questioning, and it pretty much outed him (or someone he worked with – we didn’t have git in those days to find who did it) as someone’s agent, probably some government’s agent. He was actually a very likable fellow, though, and I had spoken to him on occassion. It was disturbing to see his likely involvement. I have never completely trusted anyone since.

The other event also left an indelible memory. My work was strictly legal (I even did my best to obey the ridiculous code export rules of the day, though they were mostly useless, locking the barn door after the horse had left), so I didn’t often have overt friction with the various agencies harassing people. As with the mailing list event, I tried to use openness to protect me. Release first, explain later. They knew of me and let me know that, and my web pages would routinely be shut down on spurious copyright claims, etc., but it was mostly just annoyances. Although I worked behind a layer of strong anonymity in those days, being a developer, one was always logging into servers and such, and we didn’t have the tools of today, so I knew I wasn’t hidden from serious players. Yet in this case I was sure I had heard from them. Although writing hard crypto (in the mathematical sense) wasn’t my central area, I had combined two crypto algorithms in a unique way. I was excited – it seemed to create an exponentially stronger algorithm and method. As was my habit, I released my notes immediately – everything to reproduce it – don’t want the hot potato. And I promised it would be in my next software release. It was then I received the oddest emails, like I had stepped on someone’s toes. Someone was desperately trying to convince me that I shouldn’t use the algorithm. First, they tried various broken technical arguments (which only revealed to me that they were lying), and then it turned into virtual threats. Who would be this motivated to make me stop using this algorithm, I wondered. I had the impression that the guy in some agency who monitored this area realized it would make a whole lot of new work.

It was almost like he was trying to protect me, to save me from myself. It wasn’t my first contact with ‘weird’ – I had received out-of-place business offers and other questionable things in the past. I got phone calls in the middle of the night, hang ups, just to let you know you were on someone’s list (this was common then among us, before cell phones existed). Yet this was eerie, and we never knew who we dealt with in those days. Intelligence agencies to an extent helped the process, even against the government’s own wishes and laws, because their agents used these same tools as us, and basically all the people using PGP and other tools were creating lots of cover traffic for their spooks. So even within governments there has always been a mixed reception to crypto breaking loose, and we found ourselves in strange company at times.

Long story short, within a few years of that incident, I quit the business and destroyed my PGP keys. It was always stressful having someone’s life depending on your code and keystrokes. (File management is blissfully relaxing by comparison, even though this is generally considered stressful work since you have people’s data in your hands.) After working for quite a few years in this area, I was developing shortness of breath and heart palpitations, and my nerves were simply shot. I had also come to see that the biggest players had developed ways of manipulating our systems. I saw the emergence of the new strategies of keyloggers, plausibly deniable code errors, weak OS security, network sniffing, and other non-brute-force attacks. All of the OSes of the day were simply not up to the task of providing a secure platform for anything. So the greatest algorithms were basically at the mercy of Microsoft’s (deliberately) botched security.

Plus, I had done my part, and I was burned out. Twenty-some years ago, I was working hard to help develop the technologies you’re using today. Now, I can barely follow the manuals I wrote back then – seems like gibberish to me and I simply don’t remember enough detail to understand most of it. When I decided to develop SpaceFM, I figured it would be a relatively relaxing project, with just basic security issues. The last thing I ever expected to be involved with again was spies.

I feel like I’m in one of those movies where the expert tries to retire but his retirement is invaded and he’s pulled back into ‘the game’. I don’t want to be in the game. How did this happen? I’ll tell you.

I’m a problem solver. I can analyze systems, find what’s not working or not optimum, track it down and correct it. I’m very good at this, you might say gifted. That’s why my software generally works well. Yet some aspects of SpaceFM were not working well. As I followed the trail of why they were not working well, I was led right into Red Hat and company.

For those who haven’t followed this blog, here are a few of the steps. I noted how udisks2 was built broken, seemingly deliberately breaking everyone’s work. Even before this, Linus and other kernel developers had noted horrible dev practices in the kernel, with some commenting that it seemed like Red Hat was engineering it to be broken. This is what I saw too – all these Red Hat developers doing surgery on the deepest parts of Linux, breaking it! I asked outright, What Is Red Hat Doing To Linux? It’s unusual seeing such high motivation in Linux developers – usually they have obvious reasons for the changes they take the time to make. Yet many of Red Hat’s changes had no immediate purpose or advantage – it was like watching a chess player putting pieces in place for some later conquest.

Next came my GNOME (et al): Rotting In Threes article, originally based on an email from someone who didn’t want their name involved (gee, that’s odd in open source), which exposed a climate of hostility to users and developers, and basically demonstrated how Red Hat completely controlled GTK and GNOME. This article went viral, bringing over 50,000 visitors to this blog and attracting the attention of Linux Users and Developers magazine’s editor. I eventually wrote my A Linux Conspiracy Theory article for them, extending on the material in the GNOME 3 article. I didn’t really want to write this (writing is a lot of work, especially when you have an editor in a print magazine ;) Yet I felt it was a good opportunity to make people aware of some of these development practices I was seeing, so I did my best to present what I was seeing at the time.

Since then, more has happened to reveal the true story here, the depth of which surprised even me. The GTK development story and the systemd debate on Debian revealed much corporate pressure being brought to bear in Linux, which I ranted about in GTK fesses up – this ain’t for you; Qt takes over the world. In comments there and in Ubuntu To Dump Nautilus, some really startling facts about Red Hat came to light. For me the biggest was the fact that the US military is Red Hat’s largest customer:

“When we rolled into Baghdad, we did it using open source,” General Justice continued. “It may come as a surprise to many of you, but the U.S. Army is ‘the’ single largest install base for Red Hat Linux. I’m their largest customer.” (2008)

This is pretty much what I had figured. I’m not exactly new to this, and I figured that in some way the military-industrial/corporate/intelligence complex was in control of Red Hat and Linux, and was devolving it into a useless, compromised toy. But I didn’t expect it to be stated so plainly. Any fool should realize that “biggest customer” doesn’t mean tallest or widest, it means the most money. IOW, most of Red Hat’s money comes from the military – they have first say in its development. And the connection between the military and spying agencies, etc. should be obvious. Not to mention the fact that dealing with Red Hat developers always creeps me out, just like those weird emails in the 90s. Something just isn’t right there.

Next, a reader posted this FOSDEM: NSA Operation ORCHESTRA Annual Status Report. Well worth watching in its entirety (including the Q&A at the end), to me this turned out to be a road-map detailing how Red Hat is operating on Linux! I recognized so much of it from personal experience at this point (and trust me, Red Hat controls almost every core component in Linux, in case you didn’t know). Presented by FreeBSD developer Poul-Heening Kamp (aka PHK), it does a great job of introducing some very subtle concepts, and I was shocked by how closely the examples he gave matched what I had been seeing Red Hat (and other corporations) doing in Linux the last few years. He also explains that “PSYOPS For Nerds” is a reality – our communities are being engineered and propagandized very effectively, pushing them in the directions desired not by us, but by… whom?

Well, what do you know? Without even trying to get there, my simple explorations into what was broken in Linux led a trail straight to the NSA (or whoever is behind such three-letter agencies). As usual, just follow the money. And these days, they admit much of it openly – secrets are just too hard to keep.

While I don’t use PGP much these days except to sign releases (old, good habit), what is an ex-cypherpunk rebel like me to think of such things? I honestly don’t know. It seems people have become very complacent and accepting of corporations and governments running their lives. We wouldn’t have been so appeasing in the 80s and 90s, but these are different times, and I understand that. Largely people are oppressed and heavily propaganda-fed. PHKs belief that this is not merely a technological problem but a social/political one is a view I have expressed several times, almost verbatim.

I think all of these revelations bring up questions for Linux users. For example, why should I care about encryption if I have no secrets to hide from a government or enemy? Why should I care about them rooting everyone’s system and being in charge of its core engineering decisions? Why should I care that Linux’s security is just a myth, as is the idea that it’s freely and openly developed, and anyone can participate? Why should I tell the truth about it? Why should the reality that Linux is a military- and spy-agency-created OS be important? Here are some of my answers to those questions.

It turns out that cryptography is not just for keeping secrets, and intrusive spying is not just about finding bad guys.

Computer technology, like any technology, has been weaponized. It is not merely used to serve homes and businesses, it is used to gain supremacy and control over people, governments, and other institutions. Today’s computers, the military versions of which are far beyond civilian specs, are very powerful to put it mildly. Anytime you have great power, held in darkness in the hands of a few people, you have a recipe for tyranny. Do you enjoy war and destruction in your neighborhood? If not, you should be paying attention to this, NOW. Because one thing I can tell you: All these people know how to do is create war.

Let’s be clear: This is not a new problem. Humans on earth have been enslaved for thousands of years. Governments and banks have always been corrupt and severe. Every form of communication, even something as simple as a typewriter or printing press, has come under constraints and control designed ultimately to control people. It’s that simple. There are those who would enslave and control the world. While some of them may believe in their causes and feel they are ‘the good guys’ despite the insane things they do every day as ends-to-means, one thing that history has shown is that power corrupts absolutely. And governments abuse every power they assume, without exception. It’s history, including modern history. This is the world we have always lived in, and we always manage to scrape out some small degree of freedom from absolute tyranny (although there has been plenty of it experienced). Where does it end?

While PHK in the video says just use politics to solve this problem, most of us know that politics and media are as crippled as technology. They are largely controlled. I would say use everything to help address these problems: technology, politics, and in general, social change. Many people think they can change something by just voting once a year. But that requires almost no effort or risk, and as such produces almost no result. Real change requires real efforts, affecting every area of our lives. It’s costly – a genuine investment.

Cypherpunks have always advocated using strong cryptography as a tool of social change because it helps level the playing field. It is way to help distribute and balance power and information, rather than having it in the hands of a few people. How does this work?

I am not an advocate of battling the NSA, creating lots of secrets, private armies, and all of that. Rather, what we can do with this technology can be open and free. Cryptography can be used to keep information free, including information on corruption (eg whistleblowers). Simply put, it can empower and protect people who stand up for people. Who is stealing what from the people of this world? Let’s shine some light there.

Cryptography is also used in authentication – webs of trust – so that you can identify someone. Why would this be socially powerful? Ask yourself why we need elected representatives (vastly overpaid, corrupt lawyers) deciding the laws that control our societies? Why can we not simply micro-vote on each issue ourselves? We cannot do this because we are not allowed to, and the technology that could easily make it happen is suppressed. If the current electronically corrupt voting systems were replaced and recreated, many old tricks wouldn’t work. It is simply ridiculous that we have legal representatives in their current form – it is a total failure to use cryptography effectively.

Why is it important to have an OS that is free of rootkits and security holes? Because the computer is a very important tool in the modern world, and for citizens to exercise their power, they need such a tool to be reliable. They must own and control it. Beyond this, there are the many creative freedoms found in computers (or any information-based technology), and all the social growth they represent.

While this may sound strange for a cypherpunk, I am not a big believer in secrets. Rather, I am a big believer in openness (in finance, governments, business), and a believer in the free flow of information. I also feel that most intellectual property schemes do more to hold back progress than any other system – the idea of owning information is simply a system of mind control and exploitation. Many of the people reading this are deeply invested in that exploitation system whether they want to admit it or not, and are inclined to defend it because it serves short-sighted interests. But when you’re a slave breaking rocks, you may not think so much of where that system has brought you. You too are being herded aboard the trains, and your perks are temporary. History will show you this if you look at it.

Cryptography, and especially the larger concepts of distributed, non-centralized systems, open and participatory government and development groups, open accessible hardware, and many other powerful ideas that you see open source people advocating DO affect you. They protect you and everything you value in your life. Using such tools effectively and routinely is investing in your future.

Having grown up in the 80s, I am used to visions of the future – we spent a lot of time thinking about such things back then. We were a generation of dreamers, with nuclear annihilation hanging over us. A lot of our dreams from 20 years ago are now encoded, in your web browser for example, as reality. We lost the war against intrusion, but I believe we did take some steps toward openness and computing freedom. The primary threat today seems to be technological tyranny – the old Big Brother concept coming to living life (and death). Primarily it is an attack on the mind and creativity of man. I don’t see as much dreaming of the future today – the generations today seem to lack vision. Maybe it’s time to get some, to dream a little, and to put those dreams into action with real technology and POWER. The power that large groups of people united in certain principles acquire. This is different from concentrated power that oppresses people. It is distributed power that you share in, and which protects you and everyone.

One of the first and foremost principles is honesty. It’s time to start telling the truth about what’s happening in Linux, despite all the paid disruptors interfering in such discussions. Many Linux users and developers operate from myths that are simply no longer true, and really never were. Linux is a government, military product, right down to its core. There’s a start to truth-telling for you.

I’ll tell you one secret: It’s very, very difficult to control information, and to control people. In the long term it’s impossible. We have an easy advantage in many ways, because information is free by nature, and people are ever recreating themselves, defying control. I wouldn’t want to be a power-monger trying to rule the world! It’s a very tough job. And everything we can do to make that job more difficult is worth it.

The powers that be in this world don’t want to protect you, they want to protect themselves and their power. Nor do they want to share that power with you. They are not creating systems that create security for you and end corruption (stealing from you), they are creating systems that create vulnerabilities and concentrate corruption (wealth) in their hands. The solution is to distribute power, and to reveal the ‘plots’. Terrorists (the favorite theme of the day) don’t want open, authenticated systems anymore than governments do. Thieves always want closed, complex, dark systems where they can hide and manipulate without being exposed for what they are. Governments want the same (surely an amazing coincidence). People should have the wisdom to see that such systems serve no one but thieves.

So that’s my little pep talk. To be honest, I am as overwhelmed by the state of this world as anyone. There are no simple solutions. But I do believe in certain principles, and I do believe in how powerful they are – if you apply them. Learn to use the tools that matter, and use them well. Use them to create nothing less than a new world.

Updated reading:

February 17, 2014 - Posted by | Uncategorized

50 Comments »

  1. Very informative!

    Comment by David E. Anderson | February 17, 2014 | Reply

  2. Great article. You are only as powerful as your mastery of the tools you wield. Most people refuse to believe or cannot comprehend the possibility that they might be something other than the tool-wielders – that they might be the tools wielded by others.

    I hope otherwise, but this might be too late. No one wants to read this as one of the depressing I-told-you-so’s of the past. Not just what DO you expect people to do, what CAN they? We’ve got camps decidedly against the “fragmentation of Linux (and Open Source Software in general)” when fundamentally, FLOSS isn’t as much about implementing as it is about reimplementing. More stable, more featureful, more attractive solutions replace the old ones, and that’s what progress has always been about – the fact that the old solutions could be replaced.

    The difference between open source and binary fades as the difficulty in replacing components increases. The masses don’t say “I want to be able to change everything,” they say “I want it to work and be cool and not get in my way.” The loud and proud say that they want to change it all, to break it until they understand it, to fix it until it’s theirs and still want more – not from their tools, but from themselves. What bothers me is that there is a shift in power and control over people’s computing devices not just because someone wants the power, but because the vast majority of people don’t. Controlling people’s data and directing their actions isn’t just the malicious idea it used to be, it’s the reality that people are paying to have.

    Comment by BwackNinja | February 17, 2014 | Reply

  3. Tell the truth. People are lazy. You will find no end of articles about “peer reviewed” scientific papers that were not reviewed but rubber-stamped. Patches that don’t crash things with kernel panics aren’t looked it.

    Opensource ALLOWS one to review. It doesn’t make anyone review. TruCrypt? There is now a project to review the code.

    As to Gnome, it is horrible. It has been for years. For many years, I just use a HTML5 canvas front end for graphics things – it has all the graphics and more and just needs any browser.

    As to the broken promises and the bloat-rot, I recently tried to reinstall Fedora on my old intel MacBookPro. Can’t be done. Anaconda refuses to detect the partitioning, and yes, the source is somewhwre, but where in 10k lines of obscure python do I short circuilt it? And there are no alternatives, at least not documented.

    A similar problem in the Raspberry Pi. Get one, update it, then try to FIND the source that can build the kernel (as in you will be able to load modules compiled with it).

    GNUmeric has huge icons on Windows (for when I’m forced to use Windows). GTK+, but no easy way to fix them. The values are hardcoded somewhere.

    Even the idealism of the FSF is dead – GNOME proves it – they want to control everything, leave bad and broken or unusable software, or change it for no reason. Where is Richard Stallman?

    There was some controversy when Tivo technically complied with the letter but destroyed the spirit. You had the source but no freedom.

    You now have these complex, big, programs THAT CAN’T BE MODIFIED BY MERE MORTALS. Or github haystacks with 1000 versions and more every day. RMS would have trouble. He complained he didn’t have source to a printer driver. What if the printer driver was 100000 lines of public domain spaghetti that would take him 3 years to change a simple action? Or was one of 1000 files in a repository, but there was absoutely no indication which one, and you needed the right one to work with the printer?

    Like security, openness needs to be built in and maintained. And it has to be part of the original specification and ideal of the design. It has to be designed to be understood and modified.

    The four broken promises:

    1. The freedom to run the program, for any purpose (freedom 0).

    You can run it for what the author intended it, but it is so narrow that there can be no other purpose.

    2. The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this.

    But obfuscate it, make it excessively complex (the compiler will optimize it out!), and use so many side-effects or other techniques so you can change it, but it will never do as you wish, or if it does, it will do other things that you regret.

    3. The freedom to redistribute copies so you can help your neighbor (freedom 2).

    Malware, viruses, and worms redistribute copies too. It is better to give than to receive. Make it either irrelevant or malicious to redistribute copies. Doesn’t everyone love 10G attachments for a simple text sort routine?

    4. The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this.

    This is the most important freedom. But there is nothing that can cause things to get adopted. Two of the most evil parts of GNOME concern wireless – bluetooth and wifi. The former (semi-fixed) wouldn’t let you specify a PIN originally but was trying to use a database of devices. Wifi is still horribly broken (NetworkManager) where it will remember every AP on my way to work but won’t find the AP I just turned on my desk for several minutes.

    Fix it? Easy. But then even if I fork it, the GNU gods at the FSF won’t accept the patch, and/or no one will use my fork.

    And this is a malicious freedom. Ubuntu. (Or RedHat).

    I don’t know about RedHat. If they were doing things as bad as you suggest, then exposing them on the kernel list should suffice if their behavior is evil. Just because they want to do something different (as does Google – wake-locks?) doesn’t make it evil. You could do more with three, much less a dozen examples of bad or malicious code checked in by @redhat.com than the longest rant.

    “Freedom isn’t free” is a truism, as is “The cost of liberty is eternal vigilance”.

    Entropy rules. Decay must be fought with energy. It is unnatural for something to improve without effort.

    But as I opened with, the cardinal, deadly sin of Sloth pulls us all down.

    Comment by tz2026 | February 17, 2014 | Reply

  4. Great article.

    So, do you see anything fishy with the amount of effort RedHat has been pushing systemd? Also, what are your thoughts about systemd?

    Comment by anonymous | February 18, 2014 | Reply

    • Yes, I see a lot about the way Red Hat is pushing systemd adoption and using it. It was very controversial when they combined the systemd and udev sources, since udev is such a common core component now. And they asserted they would not support udev unless systemd was installed. Basically they are forcing its adoption using every bit of leverage they can muster. They even tried to make GTK and GNOME require it (just because) – not sure where that is now but they hit snags because not every system that uses GTK is Linux, so it broke GTK compatbility. They’re reaching for total ownership.

      You can read sporkbox’s experiences on Arch Linux. The Arch community was very unhappy with Arch’s decision to force systemd on everyone, normally a very do-it-yourself distro. And gentoo users were furious, and that thread discusses many of the finer points. There is even a udev fork happening largely because of this.

      By owning the init system in Linux, they now have a stack of system tools that they are locking people and distros into. The init system affects packaging systems, hence Debian’s big debate over it. Currently there isn’t a good technology for allowing admins to choose an init system – it’s a distro level choice. And Red Hat is basically saying you must use systemd, because of the way they’re combining it with other core components.

      On its isolated technical merits alone, I haven’t reviewed it in detail. Some users seem excited about the features, but there are some troubling issues, such as its dependence on dbus, and its use of PID 1. But they managed to engineer the whole systemd vs whatever debate into a fanboy mega-wrestling match, where the outcome was known in advance. Lots of hype, little substance. Overall I don’t find it an impressive technology, just something whipped up to look attractive on features. Bait.

      I think once they have systemd well entrenched, there will be further unwelcome changes, perhaps in using it in DRM and other technologies that restrict use of hardware. Red Hat has Linux in a very well-established strangehold, and despite all the noise, users really have no traction in the issue at all. They’re being dictated to – business as usual from Red Hat.

      Comment by IgnorantGuru | February 18, 2014 | Reply

    • Also, one thing in the paranoia department to note about the technologies Red Hat pushes, they are always complex. The Linux permissions system, by contrast, is very simple. If you don’t have root, you’re stuck, and most of the ways to get root will leave a trace. If you’re trying to build a system that’s easy to intrude into, it just won’t do. You want lots of little rules and means of gaining permissions, a complex array of access restrictions (consolekit, policykit, systemd, xorg, etc) that few people can even understand, much less secure, in order to create the kind of system they want. Lots of dark shadows to hide in, not just a clean concrete wall that shows every mark. This is where realizing how and why they’re engineering it as they are is important. They want access, but can’t just leave access wide open, so they need to be able to hide access. Plus beyond mere access it, complex systems help keep users as just helpless users – no one can really change the system because they don’t have hundreds of hours to devote to understanding, and it changes frequently, breaking any custom approaches.

      Open source? For real open source review, you want simple, clean code that changes very slowly and carefully. People can actually follow it. Most of these Red Hat/NSA technologies in Linux are simply beyond review. PHK pointed out that OpenSSL is 300,000 lines of complex code, pretty much impossible to read, and no one does. I reviewed 4,000 lines of code last week and it was a lot of work – wiped me out! And that was clearly written GUI API code, not undocumented crypto. You would need an army. These things have been put on a top shelf where we little children can’t reach.

      They targeted the init system for obvious reasons, and systemd is complex with integration with dbus. If I wanted to root a system or create backdoors, I’d love it.

      Linux is riddled with backdoors, especially xorg. You see these revealed on the Debian security advisories every week: “A vulnerability has been found that allows the execution of arbitrary code.” You’ll note that corporate products from Adobe (guess who), for example, have a continuous train of these coming out. Now imagine you have a map that lists all of these. Forget even needing to insert code yourself – you can just use your massive army of eyes to examine all the code and create a map of existing vulnerabilities. The Linux community only finds a few at a much slower pace – much less manpower involved. And no accountability – they are programming ‘mistakes’, some for real, or some very easy to craft. Only if you look honestly at the pattern over years is it seen for what it is.

      So Linux is easily compromised from several angles, just from yet-to-be-found (by us) exploits that are always being found, aided by increasingly complex, poorly documented, poorly implemented infrastructure. And having Red Hat maintaining core components is definitely the fox guarding the chicken coop – they simply have too much traction to avoid, by design.

      Comment by IgnorantGuru | February 18, 2014 | Reply

  5. Well, first off Red Hat isn’t “Linux”. It’s just one of many distributions.

    Secondly, the Linux “Kernel” is maintained and contributed to by thousands of programmers from hundreds of private companies and some government agencies.

    Thirdly, as a user and contributor to the Linux “Kernel”, it’s pretty obvious you really don’t know what you’re talking about.

    Comment by Jerry | February 18, 2014 | Reply

    • He has already talked about Red Hat maintaining many serious components in the GNU/Linux stack – its not about a distribution (and obviously not about the Red Hat distribution – why would Debian be affected if it was?).

      In terms of the kernel, yes it feels like a safer deal from my irrelevant perspective – lets hope Linus lives forever :)

      Comment by omegaphil | February 18, 2014 | Reply

      • So… Red Hat is forcing changes to the kernel? Really? I’ve been envolved with Linux since sometime in early 1992. There’s not much that is forced onto the kernel developers. You need to spend some time on the developers list.

        This whole thread is really nothing more than conspiracy theory. No proof. Lots of conjecture.

        Comment by Jerry | February 18, 2014 | Reply

        • To me at least, it doesn’t matter who the “bad guy” is, or if one even exists. I bear no grudge against Red Hat, but that’s also because I strive to understand what creations like the fabled systemd are all about – what they do and why they do it. I watch the development, and I enjoy watching it, but I can’t expect that others do the same. People care about using, not contributing or even understanding. Systemd and the design decisions associated with it are undeniably more complex than sysvinit. The question is “why?” That’s not to say that it shouldn’t be as complex as it is, but rather pointing to the fact that so many people don’t know. They spew what’s at the end of the day nothing more than propaganda regardless of whoever put in what was once genuine effort to help people understand. Even the wisest words are mere propaganda to the masses because all it does is control them, not direct their studies, not expand their understanding. They don’t have the basis and don’t want it, but still want to be a part of the conversation. We end up with two sides who can’t argue correctly because they can only mimic their leaders and don’t actually understand what they’re talking about.

          I don’t want to think I know what I’m doing. I want to actually know, and I want to know when I don’t know. In terms of reasons to explore Linux, I hope more for curiosity than fear. We’ve reached a dreadful place if the reason for wanting to understand open source systems is being afraid of them as opposed to just wanting to expand one’s knowledge. Those who label systemd as a mere init system are fools. It is far more than that if you take any classic definition of init system. Of all the detractors of systemd, the only one to do anything of note to oppose it and know enough about it to say why some pieces are important is Ubuntu. Please point to another program that manages one or more programs through their lifecycles not as processes, but as sets of processes and can react accordingly to restart the program if/when necessary. It is important, but there are none other than systemd (and openrc, though that’s stayed gentoo-specific and STILL part of the init system I might add…). The biggest problem with systemd isn’t that its in one big repository, it isn’t that it has such a broad scope, it isn’t any security or political concern. The biggest problem is that for all the detractors there are, it has no real competition. That isn’t it’s own fault.

          Comment by BwackNinja | February 19, 2014 | Reply

          • I think you would do well to consider that Linux has lots of problem areas, and corporations like Red Hat, with huge budgets and teams of developers, are more than happy to provide us with candy. Ever heard the advice, “don’t take candy from strangers?” Arguing the technical merits of such technologies is largely missing the point, and even the technical arguments miss many functional problems in this tech. None of Red Hat’s contributions are good in my view – their engineering is horrible.

            > To me at least, it doesn’t matter who the “bad guy” is, or if one even exists.

            So you abdicate any social or ethical responsibility, you just want to play with toys. A common attitude, in fact.

            I think many people dismiss “NSA spying” as routine, it doesn’t really concern them. They’re just innocent intelligence agencies looking for bad guys. Makes them feel safer.

            If they are so innocent, why with all their massive funding and beyond-state-of-the-art technology, are they powerless to have any effect in our world? We pay for them, why are they not helping at all? Why is political and corporate corruption more rampant than ever before? Why are voting machines so hackable? With all their sophisticated ears, why do they hear nothing about any of this, and do nothing to change it or reveal it? Isn’t that the alleged purpose of intelligence gathering? Why are criminal, multi-national corporations proceeding to poison food supplies, drug populations, and so forth with NO resistance? Why are banks heavily involved in money laundering, with no awareness by the NSA or other three letter agencies? Why does war continue and grow unabated, with young people (including Americans) having their heads and limbs blown off? Why do the rich grow richer while 40,000 children die of starvation every day on this planet, and the middle class is reduced to poverty levels, even within the US? Why is mainstream media able to orchestrate continous, sophisticated propadanga on all of these subjects, by all evidence even manufacturing complex events, with no revelations or contrary evidence brought to light? In short, why is nothing changing for the better, despite every cell phone call being analyzed, every email read, and every OS rendered vulnerable?

            Epic failure? Mere extreme incompetence? Hardly – it seems they are quite competent where they want to be.

            All of this is still occuring, and growing worse, despite the growing dark powers and budgets of the NSA-type agencies, obviously because they are complicit in these activities, and more. They would have to be complicit and allowing of them, because certainly they hold massive evidence of all these criminal organizations. Thus, they represent and support all of these activities.

            And you support them with your attitude.

            It’s time to grow up, BwackNinja, and take some responsibility for the world you live in.

            I too take spying with a certain amount of ‘that’s the way it is’. But this is going beyond spying. Linux is being fundamentally engineered by these people, right down to removing useful applications, and turning Linux into a limited, vulnerable toy a la Windows. Where do you draw the line on the influence these people have to engineer every aspect of your life? Address the problem now, or address it in years to come when it is that much more deeply entrenched, and you’re that much more powerless. It’s not going away.

            Comment by IgnorantGuru | February 19, 2014 | Reply

            • > So you abdicate any social or ethical responsibility, you just want to play with toys. A common attitude, in fact.

              I like to play with toys, but I think you need to read a little closer to what I’m saying. It shouldn’t matter whether or not there is a villain to fight. These behaviors are the ones that should be taken REGARDLESS. You shouldn’t be lax in security just because you think no one is listening. You shouldn’t stop programming because you think that what everyone else has done is adequate. These ideals aren’t so special that they should only be applied in what’s thought of as a time of crisis brought on by some outside force. The crisis isn’t that some entity is taking control – it’s that individuals are refusing to try to keep a hold of control at all.

              Time to grow up and take some responsibility for the world I live in? Don’t make me laugh. That’s why I contribute code, and not just for one project, but for many. That’s why I don’t just try to understand one system I agree with most, I try to understand a multitude of them. That’s why I don’t run a system put together by someone else, I run one that I took the time to learn enough to hand-compile and hand-tune to fit my needs… and I’m starting that process over again to learn more and to do better. That lecture is for someone, and that someone isn’t me. You know better.

              Comment by BwackNinja | February 19, 2014 | Reply

              • “If you are not interested in politics, sooner or later politics would be interested in you”. – Vladimir Lenin

                I have nothing more to add.

                Comment by Long-time reader | February 19, 2014 | Reply

              • I think you’re an excellent asset to the Linux community BwackNinja – that’s why I’m encouraging you and others in this area. If you value the choices you say you do, then be mindful of technologies that limit choices.

                > it’s that individuals are refusing to try to keep a hold of control at all.

                That’s because many people don’t yet see the implications and how it all applies to them in real ways. Once that becomes more apparent, they’ll be plenty motivated, don’t worry. But by then the job will be much harder. Early awareness and response pays. The hole we’re in is getting pretty deep – lots of unilateral control of very powerful tools in secret, while open civilian tools are being stripped of any real power, not to mention being continuously dumbed down (social engineering). That’s the reason for the hypothesizing and trying to identify patterns well in advance of them becoming more obvious. The stakes are high. And this isn’t just about Linux of course. It’s an example of how things in the larger world are impacting Linux in tangible ways.

                I don’t have a lot of hope for Linux – we simply have no traction, no say in it. We’re observers now for the critical aspects – Red Hat is in charge. But awareness of that and honesty are important in terms of our next steps, whatever they will be.

                Comment by IgnorantGuru | February 19, 2014 | Reply

                • There is, so to speak, a big echo of our every action that goes far beyond our immediate surrounding and capabilities of our own hearing.

                  Everything from good to bad happens as the result of this. Somewhere a new war gets started. Somewhere someone gets “accidentally” drowned in a bathtub, or beaten to death by “random” strangers, just because enough people (or even software developers) were indifferent or thought that they couldn’t make a difference.

                  I’d like to quote a letter from a German trooper, being surrounded under Stalingrad. (Not sure if he made it alive, probably, he didn’t):

                  I’m the One guilty of what’s happening. My guilt is only the one seventy-millionth of the guilt of the whole German Nation, but I’m going to pay for it with my life.

                  Everything is done so that people, especially the smart and capable ones, feel completely disconnected with this echo. As if they are surrounded by the consequences of anyone else’s actions but their own.

                  But it is, IMO, impossible to pass this understanding. Person either gets it, or not.

                  Comment by Long-time reader | February 19, 2014 | Reply

                  • That’s why I don’t run a system put together by someone else, I run one that I took the time to learn enough to hand-compile and hand-tune to fit my needs… and I’m starting that process over again to learn more and to do better.

                    BwackNinja, you seem like a nice person, but I think you’re wrong in not caring about default option, as long as you personally are able to tweak stuff.

                    Comment by Long-time reader | February 20, 2014 | Reply

        • Jerry wrote:

          > So… Red Hat is forcing changes to the kernel? Really? I’ve been envolved with Linux since sometime in early 1992. There’s not much that is forced onto the kernel developers. You need to spend some time on the developers list.

          > This whole thread is really nothing more than conspiracy theory. No proof. Lots of conjecture.

          Normally I wouldn’t respond to this level of comment (just a self-proclaimed expert/priest using ridicule and arrogance to attempt to quickly end any discussion, while providing nothing of substance to the discussion), but in fact it represents what’s largely wrong with the Linux community – arrogance and willful stupidity – so perhaps it’s worth breaking it down a bit.

          So you’re a developer who’s been working in some corner of the kernel for 20+ years, yet you think “Red Hat” is a distribution, and that it has no effects on Linux users in general. In fact “Red Hat” refers to a billion dollar corporation with deep ties to other large corporations as well as the US military (their largest customer), and thus by very simple deduction, military intelligence (the NSA, etc). Their teams of developers do significant engineering across almost every major part of Linux (simple fact), certainly in the core components and tools used in every popular Linux distribution in use today, not to mention the BSDs. You don’t know anything about any of this – you thought “Red Hat” only referred to Red Hat Enterprise Linux (that IS a distribution) throughout this entire discussion, yet you’re our expert here to declare with arrogance and insult that I don’t know what I’m talking about.

          The question shouldn’t be “How can Red Hat be involved in NSA spying?”, but “How can Red Hat not be involved in NSA spying?” If someone is positing that the NSA simply ignores Linux, a major and growing business and home user platform, ignores the encryption algorithms in it, ignores and has no influence on its core engineering and assessment/exploitation of its vulnerabilities, and doesn’t interfere with it continuously like they do with every other OS and have done for decades, I would say that person is a complete idiot, and hasn’t really been following what’s happening in their world (for decades, but especially recently). Rather than being some wild stretch, logic shows that Red Hat seems like a very, very likely candidate, easily the mostly likely one. And in fact without even trying to, I was led right there as they are a source of erratic, uncontrolled, undocumented engineering in many parts of core Linux and desktop technologies. Surprising? Hardly. Yet the opposite would trigger no small surprise.

          You talk of “proof” like an innocent child, but you’re not going to find “NSA exploit” stamped on a Red Hat commit. Do you believe in Santa Claus too? The problem isn’t that simple, it requires actual intelligence to address, including discrimination in patterns of behavior, deductive reasoning, and careful observations. That is what this discussion is about. Yes, this is indeed a theory of conspiracy. Your cognitive faculties did not abandon you on that simple point.

          I find this ‘conspiracy’ (corruption) blindness common today. Most reasonable people will agree that surely players like the NSA are doing something in Linux, probably something heavily. Yet if you begin discussing specific points of entry, patterns of involvement, and other concrete aspects that even affect the software YOU use, then many people just can’t imagine it, and will deny it until the day they die. It’s real on the TV and in a theoretical sense, but has no possible reality in applied examples – that’s just too unbelievable! This willful ignorance and denial is the perfect setting for corruption – it basically gives a free pass to anyone who wants to tamper inside Linux, asking them to only cover their tracks with the most unsophisticated techniques. And it would be a mistake to think the techniques are all that sophisticated – they’re downright blunt. In many ways they don’t even need to try, because people like yourself are more than willing to keep their heads up their asses.

          You’re a developer in the kernel, yet you’re also completely unaware of the growing and frantic friction between Linus Torvalds (a kernel developer if I’m not mistaken) and Red Hat developers, to the point where he’s calling their work bullshit and YELLING:

          Stop this crazy. FIX UDEV ALREADY, DAMMIT.

          Who maintains udev these days? Is it Lennart/Kai, as part of systemd?

          Lennart/Kai, fix the udev regression already. Lennart was the one who
          brought up kernel ABI regressions at some conference, and if you now
          you have the *gall* to break udev in an incompatible manner that
          requires basically impossible kernel changes for the kernel to “fix”
          the udev interface, I don’t know what to say.

          “Two-faced lying weasel” would be the most polite thing I could say.
          But it almost certainly will involve a lot of cursing.

          That’s just to give two examples of this friction (and I applaud Linus for calling them out, and apologize for using his clear frustration so coldly, but it needs to be shown.) Yet Jerry hasn’t heard a word about this, or any word of “Red Hat” – they’re just a small distribution affecting no one, certainly not the kernel. And Linus isn’t the only one making such comments. I’ve read comments from other kernel developers, including from the mailing list, describing Red Hat’s practices as malicious and engineered to be. (I don’t have those links handy, but the curious can search for similar discussions, and there were some links in earlier posts and comments on this blog.) You’re not even tangentially aware of ANY of this, yet I don’t know what I’m talking about.

          Addle-brained and unaware is the best description I can think of for such a stupid response to this important issue, or you’re just a paid disruptor. Paid or a “witless volunteer”, such responses are exactly why the Linux community has completely failed to address this issue in any way.

          I am not claiming to prove anything. I don’t think that kind of ‘proof’ applies here, as we’re dealing with changes expertly designed to be non-obvious and deniable (not all that hard to do in code and social engineering of development communities – see PHK’s video). Although I would say it has reached a level where their involvement is neither plausible nor deniable, it’s overt. It’s no longer just spying, but is transforming Linux, right up to the desktop level. Yet it does require some basic pattern matching and intelligent thought to assemble the pieces. There I can’t help you much – it’s up to you.

          I have assembled the pieces to my satisfaction, and this is my report on my working conclusions after making careful observations and analyzing these patterns for several years, and after working in most of these parts of the Linux ‘ecosystem’ personally. I’m not an investigative journalist and I’m not providing proof, or even much in the way of hard evidence, though there are plenty of facts here to absorb and collate. I’m bearing witness, describing the patterns I see, for those who may wish to be alerted to what’s happening, or take some action in response. My mind is open to alternative explanations as well. Such explanations should include an alternate vector where the NSA is entering Linux (if not Red Hat, who? or who else? and how?) I’m open-minded, yet you’re providing nothing of that caliber, nor has anyone else as I’ve published these findings over the last few years. My view is based on years’ worth of direct observations; it’s not going to change just because Jerry says I’m a fool. You’ll need to do better than that – a lot better.

          Comment by IgnorantGuru | February 19, 2014 | Reply

    • Not convinced Linus is not slapped down by NSA with Nth NDA’s and so forth actually. The fact kernel.org never really came back to the NSA compromise is very suspicious.. not even suspicious but a tell. Anyway, the guy over at opensll revealed he/they had been slapped with 200 NDA’s lol…. I’m amazed not just by the fact only NSA would require that many, but 200 even .. hilarious. No, Given Linus is suddenly protecting the linux patches and so on, when we know better, is cause for concern.

      But the world doesn’t care, humans never did… too thick in the head.

      Comment by lolcat | February 24, 2014 | Reply

      • s/linux/intel/

        Comment by lolcat | February 24, 2014 | Reply

      • > The fact kernel.org never really came back to the NSA compromise is very suspicious.. not even suspicious but a tell.

        I haven’t heard about that. Yet I too wonder what Linus has been told he is/is not allowed to do.

        Yes, most people don’t care, which is why it’s easier to just deny. But they’ll care eventually. The more you ignore things, the bigger the job becomes to correct them (see World War II). Linux is riddled with a continuous train of systemic security problems. Core components never reach a stable state, and are thus always vulnerable, certainly to those with the resources to research and exploit them.

        Beyond the spying, most of the core engineering and toolkits are now done by large corporations with obvious govt/intel influence – huge codebases that are never effectively peer-reviewed. Not many people want to take the time to develop and maintain (or even use) simple, effective tools when they are handed pre-made candy by Big Brother, who has lots of paid developers at its disposal. Dependency by design.

        Comment by IgnorantGuru | February 24, 2014 | Reply

  6. Speaking of Phil Zimmermann, here’s his latest venture. Hard to believe he would use a version of android – let’s hope he reviews the code. ;)

    Comment by IgnorantGuru | February 19, 2014 | Reply

  7. >If you didn’t distrust every government and newspaper, you were simply a damn fool. This is why I still consider most of you damn fools. ;) It’s hard for me to comprehend the naiveté in today’s world, and the easy validity given to people who ‘debunk’ revelations of obvious corruption.

    I don’t know where are you from, always supposed US. In the land where i was born and raised (Italy), conspiracy theories are a forty-years old business. In ICT is easier to spot out or ignore BS, in other fields it’s common practice to spread FUD through press and media to damage competitors or entire parts of the economy, or simply to generate revenue (press partnership, books, TV programmes, even votes to reach the Parliament and a safe four figures monthly salary) to incompetent journalists and writers. It has been done with food, biomedical research, science, fate, politics, military affairs, afaik without changing nothing in the public environment, or worsing it. Thus, quoting a very longeve political leader dead not very much ago, supposing for the worse is a sin, but is a right guess. The US people is getting this mindset in the media only from recent times (excluding lonely voices), and maybe will accustom sometimes to asking proofs to everything.
    In the IT world, as said, at the worst you can peer review with the spectrometer and be good, but not everyone (you included) is aware of this, and can distinguish snake oil and snakeoil.run.sh.deb.ebuild. And will then redo the EU people errors, following and paying the bills of charlatans and snake oil sellers. If you will stand afterwards, those wounds will make you grow stronger.
    If I mistook you for a US person and included you in the US people, please accept my apologizes.

    >Why can we not simply micro-vote on each issue ourselves? We cannot do this because we are not allowed to, and the technology that could easily make it happen is suppressed. If the current electronically corrupt voting systems were replaced and recreated, many old tricks wouldn’t work. It is simply ridiculous that we have legal representatives in their current form – it is a total failure to use cryptography effectively.

    Another advice, even if not asked, from an EU person: people are shit. Having a military force or the epitome of a state should be an asset for everyone as individual, think that there is always an “us” is good, but you must prove the faith you keep in your neighbors and expect to be proven.

    How I can comment this article… To protect the EU nations from the madness of the megacorps in US, our governments are splitting the net and modifying TCPs in the carrier, bridging/proxying at the ISPs, while Asians are using IPv6. I really understand you when you say you don’t want to have anything to do with this shit, but you learnt how to use the rifle, and civil war is starting. Don’t completely get out of this, at least defend whom you care.

    Comment by Theodore | February 19, 2014 | Reply

    • Interesting the splitting of the net and such, but if their OS is compromised (and all appear to be) it doesn’t do much. History (a few decades) have shown that most of these attempts to thwart spying fail. The systems we use are overall designed to be very leaky, and strict control of information is very difficult. Even spy agencies have to spread FUD rather than just try to keep things completely secret.

      I applaud their becoming aware and getting to know some tools (twenty years ago would have been better), but the new mad rush for enforceable privacy is a war for more secrets, our secrets vs their secrets. I would prefer to see more interest in openness and transparency – that’s really what’s needed.

      I think anyone who has been at this awhile has strong doubts about the Snowden affair – it’s likely a manufactured event. Lots of indications of that, such as the way the media was immediately so cooperative in creating a circus. They don’t do that when they really want something to disappear – ask any real whistleblower how they were treated by the media. Militaries love to probe defences and inject false intelligence, and it’s likely a psyop to control perception of what the NSA is up to – “we’re just spying, invading your privacy”, when the rabbit hole really goes much deeper. So just don’t swallow everything at face value. There was nothing really pithy revealed by Snowden.

      The reason I believe in micro-voting concepts isn’t because I think mobs of people always make wise choices. It’s because most of society’s perception of itself is manufactured, with polls, elections, and media creating perceptions rather than providing an accurate mirror. Big money controls perception of opinion very tightly, globally. Accurate polling is critical for our evolution. Even if you disagree with the majority, it’s better to know what their views really are, what their numbers really are. Then you can work from reality in affecting change. And people can surprise you – most people wouldn’t tolerate what is done in their name if there was more transparency, especially if they saw how they are being robbed. And the basic concept of self-rule, and the larger the number of people involved in a decision, the less likely one group can have unilateral control, is basically sound. It’s the only way to grow – make your own choices and mistakes. Decentralize polling and use crypto to make it much more accurate. Then at least you’re facing and addressing the real limitations and problems in your culture, the actual people, rather than being primed and controlled by manufactured perceptions. Then you will see mandates for real change.

      And part of this involves opening up anonymous and protected speech – give everyone a channel. Get the information flowing as freely as possible (even the FUD). Allow.

      Rifles will never succeed. You just wind up shooting someone on the other side who is really very much like you. You’ve been played, divided and conquered. Your real enemy is the puppet master getting you to fight each other. You can’t defeat that with a rifle, but there are powerful tools for it (it’s no accident crypto was once controlled like munitions, and still is to an extent.)

      Thanks for all the comments – it’s great to see people discussing and considering these things with intelligence, no pun intended.

      Comment by IgnorantGuru | February 20, 2014 | Reply

  8. BTW, thanks for an amazing article! I feel honored to be your reader and to be able to comment here.

    The issue of living year after year under constant government surveillance is not exactly unknown to me, so to speak. I think the best One can do is to accept that anything bad can happen at any moment (lots of the most horrible things can happen only once, after all…) and just don’t think about it any more, continuing to live a happy life and pursue your goals. Some parts can be annoying but I think that being a good person and the One that strives to make a difference is worth it.

    Having a purpose in life is what makes you happy, after all.

    Comment by Long-time reader | February 19, 2014 | Reply

  9. @Long-time-reader — this is Eloi talk. did they send you after Jerry was refuted? It does not matter if people call you good or bad or if you’re happy or have a purpose. the discussion is about the hidden hand messing with your neighbors behind their backs.

    Comment by WalksLikeADuck | February 20, 2014 | Reply

    • @Long-time-reader — this is Eloi talk. It does not matter if people call you good or bad or if you’re happy or have a purpose. the discussion is about the hidden hand messing with your neighbors behind their backs.

      You are right. Few hours after I posted the comments above it has occurred to me that they were stupid. Sorry! I have a bad habit of posting random thoughts before considering how people will understand them (if at all). Sorry again!

      Comment by Long-time reader | February 21, 2014 | Reply

  10. Incredible post, IG! I never knew that you were a cypherpunk, but given your interest in maintaining OS integrity and power to the people, I had wondered about it. I’m too young to have been part of that culture (born in ’85), but I read about it in Julian Assange’s “Underground”, which I found gripping and very damning for the powers-that-be. It kindled a fire in me that strengthened my cynicism and distrust for the government (and any agency that works with them), and inspired me to learn more about security and programming. I’m honored to be mentioned and befriended by you, and hope that I can learn enough as a programmer to keep transparency alive where it matters.

    Debian and Ubuntu recently fell to systemd’s political influence. I’ve even been part of a discussion that’s taken place on Gentoo’s mailing list (I’m lists@sporkbox.us in the archives, if you’re interested), where I never thought I’d see it pushed or seriously discussed. I’m relieved to know that Gentoo mostly has their head screwed on straight when it comes to the systemd issue, but you’re right that it goes far beyond systemd. It’s just one of the many “players” that are encroaching on GNU/Linux and “boiling the frog”, so to speak. I’ve strongly believed — ever since I first came across the FOSS world — that for-profit companies had no place in the FOSS world except when providing device drivers or something else that they typically have better access to. Of course, that would be better handled if hardware specs were opened up, but that’s another discussion entirely. But I digress..

    For-profit companies have a profit agenda, which can be influenced by any outside entity that, for example, has money but lacks technical savvy. A prime example of this would be the Red Hat and US government relationship. It’s almost too perfect: The US govt has money and muscle, while Red Hat has a well established reputation (that’s currently undergoing flux, thankfully) and a hand in many pivotal projects. To do that, they need lots of developers, so that means they have the technical manpower. From there, it’s painfully obvious. The military wants to be able to do X in the kernel, or Y with their workstations? Red Hat to the rescue! Hype up a junior developer, promise a raise and a bonus if s/he can pull of the software or killer feature and get it accepted, and Red Hat’s work is done. The rest will be handled socially, because a lot of the FOSS world, as I’ve been learning for the past year or more, is almost bankrupt in social (and political) intelligence. Though their dedication to the finer technical points is great (and is valuable when bikeshedding is taking place), they *completely miss* when things are being injected into their community, when important software is getting feature-creep, when projects swallow other projects for no logical reason, and when companies swing by with money and “a few requests”.

    One day, in the not-so-distant future, they will be surrounded by software that doesn’t functionally enslave them like Windows, et al, but *intellectually* enslaves them. As you mentioned, they’ll have the source but have no freakin’ clue how to change it, improve it, or “defuck” it, for lack of a better word. (Pardon my speech) When that day comes, they’ll have nobody but themselves to blame for not listening to people like us, who may not be 100% correct on the *details*, but are certainly pointing out legitimate threats to the software ecosystem, the culture, and perhaps even our liberty.

    I have to wonder if a “new age” or “offshoot” of FOSS needs to be born. One where each change to code is defended/rationalized, tools are decoupled, developers are held accountable, users and community members are respectful but still have a dose of cynicism, and last but not least: No business or government is allowed to contribute. I’m very interested in founding and/or cultivating such a community. If I had the resources, I would commit to helping to build its first distribution.

    Again, great post! I may end up linking to it in a blog post this weekend. You make some incredible points, putting them into better words than I could muster. I consider you one of the few developers who not only writes free software, but lives according to its principles. We should correspond over e-mail some time!

    Comment by sporkbox | February 20, 2014 | Reply

    • Hey sporkbox, thanks for your comments – you’ve got some clear thinking there. You would have made a fine cpunk, I’m sure – spork@anon.penet.fi. ;) I agree that many scientific/elitist people developing much of Linux are very naive in human and social affairs. It’s a problem that affects and corrupts many science-related disciplines. Basically very bright but narrow-minded people are easily manipulated because they have very little ‘people savy’, and because they are just so arrogant. They are so easily played. Plus if they do become active ‘outside the box’, they can lose a scientific career or corporate job (I’ve seen it happen) – that’s why they tow the line. I think we need to largely abandon them and do for ourselves.

      As PHK said, if we want a non-rooted OS, we need to start acting like grown-ups, writing code that is simple and readable, and I would add, that changes slowly and carefully. Basically the opposite of everything Red Hat and company are doing. But I don’t know that there are enough active, aware people for this to occur on a larger scale. Maybe when things get worse it will evolve. Yet it’s also true that such a system could be much easier to maintain. We simply don’t need many of the time-wasting changes that are continuously pushed on everyone. It’s anti-progress (by design). We should make a real OS for ourselves. Easy to talk about.

      Small companies are one thing, but these multi-billion-dollar corporations with deep govt involvement are another. I agree we need to keep them completely out of ‘our Linux’, if we ever get ‘our Linux’. Or some OS. Gosh Linux is due for some real evolution, instead of these mostly-broken stop-gap measures.

      At the very least, I feel better now that I have a grip on the real story. It finally ‘clicked’. I’d rather see the full scope of the problem; denial has never satisfied me. But our options are pretty limited at this point. Sign of the times. And I don’t see any simple easy solutions to this. Just start building better bridges.

      Keep creating. Email always welcome, though I don’t always get to respond much these days, so as long as you don’t hold your breath. ;)

      Comment by IgnorantGuru | February 21, 2014 | Reply

    • Jason Donenfeld, Gentoo Project Infrastructure Administrator, has stated that Gentoo will probably switch over to systemd.

      > We’ll likely switch to systemd, over at Gentoo, when we need to. As we discussed at FOSDEM, it’s a matter of ‘when’ rather than ‘if’.

      Comment by Zoopy | February 21, 2014 | Reply

  11. Trackback from Soylent News: Linux Security, Red Hat and Systemd Conspiracy.

    Comment by Zoopy | February 21, 2014 | Reply

  12. I think that corporations try to put Linux ecosystem in their control. I also
    think, that it does not matter. Currently Linux ecosystem is so complex, that
    not only because of intentional wrongdoing, but also because of increased
    popularity and general mediocrity of developers not understanding Unix
    philosophy.

    Cycle of all technologies is similar. New invention is generally quite simple
    and probably simpler, then previous invention of it’s type. At the same time
    it’s also worse in many cases. It can be slow or dirty. It’s not optimized,
    it’s new and it shows. Conservatives don’t want to hear about this new thing
    noticing it’s many downsides. Innovation gets better and it’s moving past it’s
    infancy. Most probably it will beat what was previously known. At this stage
    there will come some new problems, something which shows that new thing did
    not solve every problem after all. Then things are starting to get really
    complex. It’s time for new extensions and never ending optimizations. It’s no
    longer simple and elegant solution.

    I think that Linux ecosystem and even modern computing hardware (look at how
    Intel tries to maintain Moore’s law) is at this stage. More layers, complex
    optimizations and backwards compatibility at the same time. I think that
    motorization industry is at the same stage. Few years ago, car engines were
    quite simple. Many engines from that time still work after 20 years. Nowadays
    it’s often impossible to service one’s own car – no longer simple. After big
    boom there are only few mega-corporations left (like in software industry).
    It’s cycle of life. It’s time for next big thing.

    There is very interesting book of C. N. Parkinson titled “Parkinson’s Law:
    The Pursuit of Progress”. In one chapter he described how can you recognize
    organizations in state of decline. You can measure it in height of carpet in
    director’s office. If everything is looking so good at surface it’s near the
    end. Bible says something similar: “Their heart is as fat as grease…”.

    They are destroying Linux ecosystem, but we let them. It’s time for next thing.

    Cycle of life.

    I identify with suckless.org community. I think that we can only move on to BSD
    or create something new and simple like sta.li. What suckless project tries to
    achieve now is to make sane interface to many common things like ‘dwm’ for X11
    or ‘st’ for VT100 and to some extent ‘surf’ for Web. So we can move on and
    build something new. I don’t know if this will make sense, but I have hope.
    What’s left?

    Comment by wh | February 21, 2014 | Reply

    • While I certainly appreciate and enjoy the suckless philosophy, I wholly disagree with their shunning of UTF-8 and Unicode. It’s important to support a wide variety of glyphs and languages. I don’t know how they plan on supporting other languages if it’s not through something like Unicode. Will they re-invent it in a new, simpler, logical way? Can font creation be made simpler, too? BDFs are a pain to write and I can’t figure out how to make vector fonts in any efficient manner. I’d gladly try out whatever the suckless guys can come up with for fonts and multiple languages.

      Comment by sporkbox | February 27, 2014 | Reply

      • > While I certainly appreciate and enjoy the suckless philosophy, I wholly disagree with their shunning of UTF-8 and Unicode.

        + 1000

        Comment by Zoopy | February 27, 2014 | Reply

      • What do you mean by shunning of UTF-8 and Unicode? For example st (suckless terminal) is UTF-8 only. There is libutf available in suckless.org repositories.
        Sta.li will use musl libc which has UTF-8 locale only.

        Suckless.org creations are quite low level. At this level there is no place for translations, mostly because there is nothing to translate. There is however place for correct display of UTF-8 encoded text as st already does.

        System for lusers based on suckless tools would probably add some user facing apps. This would be the place for translations.

        Font creation and multiple language support indeed need some suckless solutions. Same thing for GUI systems, webbrowsing, image manipulation etc. Suckless.org is not centrally managed. Community members share code and what gets momentum stays as long there is maintainer. I’m currently on and off with development of minimal make implementation, minimal pipe based personal http rewriting proxy and few minimal utilities. I plan to create something luser facing, but first things first.

        Comment by wh | February 28, 2014 | Reply

        • Looking over the suckless website again, I can’t seem to find a statement against UTF-8. I have to wonder now where I saw that… :(

          If the suckless community indeed values UTF-8 and would instead relegate translation to userland (which makes sense), I look forward to a translation library from them. They may be one of the few groups that has a clear goal and can offer a real alternative to GNU/Linux.

          Comment by sporkbox | March 22, 2014 | Reply

          • Maybe you’re searching for the byte order mark of utf-8, in the list of the things so harmful and useless that don’t need an alternative, in harmful.cat-v.org

            Comment by Theodore | March 23, 2014 | Reply

  13. Two months and running isn’t bad for a high severity bug that stops you from booting, right? We don’t even need Windows anymore – they’ve brought the best of it to us! Well, at least Lennart marked 5 bugs as duplicates of this one – not bad for 2 months work.

    Comment by IgnorantGuru | February 23, 2014 | Reply

  14. I have had a run-in with some systemd disciples recently. The funny thing was I got answers from two of them, one in private email and a bit later from another one on the public mailing list where this started. Both used the same type and sequence of cheap emotional manipulation but apparently did not know of each other. My impression that somebody was working from a script was there immediately, but the second message gave a pretty strong confirmation.

    By now I am convinced of two things:
    a) They were working for the same set of instructions for psychological manipulation, whether they know it or not (likely they just have seen this used against enemies of systemd in the past).
    b) Many people in the tech field will not have the emotional maturity or skills to recognize these attacks for what they are and may well cave. (They just immediately pissed me off though….)

    One thing that was very telling was that the guy via email still laboriously kept the communication line open, trying to keep the “dialog” flowing and trying to get me to come over to “his” view of things after I had told him he was complete scum, the second time in terms that absolutely nobody can misunderstand. That is what you do if you want to manipulate somebody according to a psych-script, but not if you actually have an exchange between people. Another thing was a stance of “due to what you said, I have now lost all respect for you, but admit you are wrong and I will respect you again”, a transparent attempt to threaten with exclusion. Completely ridiculous in that setting, but apparently these tactics work well on many people.

    Now, reading the info, your conclusions and the many insightful comments here, I see that they do fit my own observations strikingly well, even if I have only looked at this for about 2 months now. (I read about systemd, looked at it and immediately decided that there was no way this atrocity would get onto any of my systems…) I now strongly suspect that Red Hat, and in particular the systemd-people there, currently have support from PsyOps in forcing people and distros over to systemd. What is pathetic is how fast they all fall to these rather primitive and obvious tactics.

    The ulterior motive may not so much be control over the init-system, but having a bloated, unreliable atrocity in there, with a wealth of security issues for the NSA’s targeted access people to exploit, without even the need to plant them. Using a know-incompetent head designer (Poettering, of PulseAudio infamy) that has the intelligence to create such a complex thing as systemd, but does not even come remotely close to mastering the issues it creates, is sheer genius.

    Comment by Celos | February 24, 2014 | Reply

  15. http://ewontfix.com/15/

    Comment by lennfart | March 4, 2014 | Reply

  16. Great article.

    I recently came to a similar conclusion that we have seen the creation of one of the most efficient enslavement and oppression tools in human history: Linux. I go one step further and I’m suspecting, that the the whole “software freedom”, “copyleft” bla bla was a planned PsyOp in for itself, so I don’t trust the FSF either.

    Without the numerous naive volunteers this total-surveillance mega-project could never have been realized. So basically people striving for “freedom” created the technology to imprison them in an Orwellian 1984-like scenario. Congratulations!

    Debian’s systemd decision was my personal Pearl Harbor. I decided to completely pull out of Linux after twenty years and switch back to the commercial mainstream. That doesn’t make any difference, because the whole ‘I am in control of my computers’ was a complete illusion from the start, and the Linux desktop is dead anyway. So the effort is not worth it and it keeps me from concentrating on important things. At least my decision keeps me from further contributing to “FOSS” by accident and saves me from the BS streaming down from RH. Also the “Linux community” has become a very hostile place, so it’s a good time to say farewell…

    In the long run I’m now aiming at becoming independent from computers again and being able to disconnect from the Internet. I’m sure, it will feel like a big relief, when I’m finally able to pull the plug.

    So long…

    Comment by Anonymous | March 13, 2014 | Reply

    • Yeah the FOSS myth is really something, and I agree the FSF is a fraud intended to control/limit the opposition. Not to say there’s aren’t some great independent projects, but almost all of Linux is a corporate product, and its core engineering is decided by that layer.

      This Has The Quest For Hi-Tech Become a Form of Psychosis? article covers some interesting ground – got me thinking how it relates to Linux and the trend of ever greater complexity with less control. And I can relate to the comments there about drawing a line around technology in your life, keeping it in its place as a controllable tool, rather than a tool used to control you.

      I avoid a lot of tech, and really I always have. I find a simple life is much more enjoyable, and I live a fairly active real-world/outdoor life too. For me a simple lifestyle includes a simple but capable computer, because today a computer is a library, communication device, entertainment system, shopping tool, etc. But the key word is simple – most people don’t need most of the junk attached, like the example the article gave of all the ridiculous electronics being added to vehicles, making them unreliable, costly, etc. This is not engineered by ‘us’ or for our benefit (systemd leaps to mind).

      Comment by IgnorantGuru | March 14, 2014 | Reply

  17. This comment belongs over on the SandFox page, but I wondered whether it would be seen there.

    IG, have you looked into LXC and/or pFlask (github.com/ghedo/pflask) ?
    I’m hopeful that a method of easily restricting network access on a per-application basis is finally on the horizon.

    Comment by Anonymous | March 14, 2014 | Reply

    • I haven’t had a chance to look into namespaces much, but there’s an interesting article here with some methods for using them from scripts.

      I too would like to see finer control of network access in Linux – an area that has never been handled well.

      Comment by IgnorantGuru | March 15, 2014 | Reply

    • Thanks for this, I am finally looking into sandboxing stuff now. Using this on the main permanently running net programs and SSH to access internal services, I should finally be secure.

      Comment by omegaphil | March 15, 2014 | Reply

  18. New EFF Article March 13, 2014 New NSA Slides Reveal Tailored Access Run Amok

    The NSA has seen the future of mass surveillance, and it appears they believe that the future lies in malware…

    The Intercept reported on… the NSA’s “more aggressive” approach to signals intelligence, which circumvents encryption such as web browsing via HTTPS and email using PGP, by installing spyware directly onto targets’ computers. The NSA’s Tailored Access Operations Unit… develops and deploys malware tools…

    TURBINE enables “exploitation on an industrial scale,” by automating onerous tasks such as the collection of surveillance data from infected systems. Furthermore, evidence suggesting that NSA exploits Internet chokepoints for man-in-the-middle attacks and develops software to manage millions of “Computer Network Attack” implants at once demonstrates that their intent is to compromise computer security on a massive scale

    Full EFF Article
    Original The Intercept Article

    Of course malware can’t work if a system is genuinely secure, or if entry is obvious. It needs to be an overly complex, security-hole ridden mess like Windows and increasingly Linux (a current example in Red Hat’s udisks code).

    Comment by IgnorantGuru | March 16, 2014 | Reply

  19. So what OS do you use if you cannto trust Linux? Kolibri ?

    Comment by wolfgang | March 16, 2014 | Reply

  20. Theodore Tso’s (ext4 maintainer) views on systemd:

    https://plus.google.com/+TheodoreTso/posts/4W6rrMMvhWU

    Basically, he isn’t too impressed and would rather use shell scripts.

    Comment by Anonymouse | April 2, 2014 | Reply

  21. Linus issues a stern warning to Kay Sievers (systemd developer) to mend his ways.

    http://www.phoronix.com/scan.php?page=news_item&px=MTY1MzA

    H. Peter Anvin, known kernel dev and syslinux maintainer says:

    I have observed that the system becomes undebuggable on a dracut/systemd system.

    Comment by Anonymous | April 3, 2014 | Reply


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 94 other followers