I just read an interesting article on Very linux where its author makes us see the possibility that GNU / Linux also have a back door to the NSA.
The question is, and I quote verbatim a fragment of that article:
Broadly speaking, there is a proprietary element -that is, closed source, without the possibility of being analyzed- in Linux, created by Intel and imposed in the kernel by Linus Torvalds himself, contrary to the opinion of Matt Mackall, maintainer from that area. This element is responsible for generating random numbers for different types of operations, among others, data encryption and communications. And it is suspected that one of those "things that happen" has happened: Linux could be 'trojanized' by the NSA.
Thus, two years ago Mackall resigned precisely because of the refusal of Torvalds, who was convinced of the technical superiority of Intel's contribution. But Mackall returned to star in a conversation in July that has not raised much dust - the proof is that we found out through a social network more than a month later - but that would be a blow to the penguin system if it were confirmed . Because it is not confirmed.
O_O
Ok, let's say it's true, that somehow Intel has put a Backdoor which Linus Torvalds has included in a part of the Kernel that cannot be changed, and I wonder:
- To what extent is this true?
- How come distributions that claim to be 100% free include something like this in the kernel? Or is it that they don't include it?
- Do you really think Linus can lend himself to something like that?
I do not put my hands in the fire for anyone, because many things have been seen in this life, but something like this I think would not have gone unnoticed previously.
I leave the debate open, I do not want to delve too deeply into the subject. Yes or no, I am already cutting a piece of stick (wood), and with that I am going to work. Let's see if there are any termites that work for the NSA ¬_¬
Nothing, Big Brother doing his thing.
So it means that neither one nor the other is the same as an easy target
For sure it is not known! This may be simple gossip.
In fact, it IS simple chatter, nobody knows for sure how real it is, this is an old topic that has been reborn because of the NSA question 😀
Look for me this is FUD because if it is proprietary and "inauditable" then there is no way to corroborate that, precisely, there is a backdoor. Right? Therefore, for me, all those who publish about this (almost all the ones I have read on Hispanic blogs, not necessarily you, don't get me wrong) have made banana articles with nothing to support them.
Ehm, regarding the 100% free distros, because they simply do not suffer this, that element was obviously eliminated and replaced or it is dispensed with (which I doubt is possible with what importance it has) so, if someone swallows all this and go with "the big brother", "the devil", "the empire" or whatever, you can simply switch to using a distro with kernel-linux-libre and remove that concern from your head.
Bro, I recommend you, as a friend, that you just go from such nonsense unless you get a good article argued, with evidence and explained, because most of what you will get is the typical chatter.
As I well indicated in the article, I do not go in depth because I do not master the subject nor have I documented myself about it, so I leave the debate open in case "someone" knows more about this and wants to argue with more solid bases.
I clarify, just to leave everything right that, when I say FUD, I mean it because of the theme that has flooded lately blogs and networks, not because of the article itself, which in fact is one of the few that I see that it prides itself on simply broadcasting a question and not to assume anything without having evidence at hand 😉
Yes it is important, but not to put yourself in paranoid despair, because this is not new, and control is not something that has come up with computers. Since the era of the post office, the telegraph, the telephone, etc., this has been done. In fact we are born with an ID document and we use credit cards, bank accounts, we pay taxes. Why the paranoia now with this?
Being aware of the world we live in and taking preventive measures is not bad, in fact it is the most advisable, you just have to know how to do it and what attitude to take in the face of the facts.
You cannot enter a backdoor in a random number generator. Although a vulnerability can be created that allows predicting those numbers in order to break cryptography. It is possible to analyze the behavior of the code (even if the sources are not available) to see if it is predictable, however I have no idea how reliable this analysis can be.
Just in case, as I say below, how to enter can be entered, but it would be too obvious. Anyone who disassembles the software can get to see if it has effects outside the stack frame or any memory segment that is not driven by that same code. It is supposed to be a small component with functions to generate numbers, they should have almost no "side effects".
Linus' response, quite forceful:
“Where do I start a petition to raise the IQ and kernel knowledge of people? Guys, go read drivers / char / random.c. Then, learn about cryptography. Finally, come back here and admit to the world that you were wrong. Short answer: we actually know what we are doing. You don't. Long answer: we use rdrand as _one_ of many inputs into the random pool, and we use it as a way to _improve_ that random pool. So even if rdrand were to be back-doored by the NSA, our use of rdrand actually improves the quality of the random numbers you get from / dev / random. Really short answer: you're ignorant. "
I would add that when it says "even if rdrand had a back-door", it means not a back-door but a vulnerability posted.
In short, it is FUD.
Clearer than that, impossible
Well, it would taste very bad to me ...
It will be time to move to BSD ... 😉
I think that's worse: /
Archers, if you want to follow the San Ignucio debiangel, install Parabola GNU / Linux-Libre.
Just Kidding
No thanks, I'll pass. I tried Trisquel once. It lasted about two hours. Maybe I can't get the bcm4312 that I had at that time to work, and when I did, updating it damaged 🙁
Broadcom has only proprietary drivers .., I don't know how I wanted it to work xD .. I always recommend better to buy a usb wifi skewer that costs like 10 dollars, with an atheros xd chip
It worked, for half an hour, but it worked: ') Also, I was just looking at it, so it wasn't worth buying something to make it work.
In fact I could transform Arch into Parable without installing ... but ... how lazy ... xD
FreeDOS? D:
Typewriter.
Minix ...
Like what worse? OpenBSD does not have binary blobs, and the code has gone through multiple audits.
Would you seriously use OpenBSD for everyday use?
Well, I was talking about security, not functionalities. Although it is not that OpenBSD is not functional, in fact it has features that there are not in Linux, although the latter has things that make it more user-friendly.
Yes, it is that I would not leave Linux OpenBSD just for this al after all, when I open the internet browser my privacy goes to hell, no matter what system I am on.
The subject goes a long way, but there is a question, the "Linux-libre" version of FSFLA ( http://www.fsfla.org/ikiwiki/selibre/linux-libre/ ) does not contain any Binary Blob, for a long time the Vanilla Kernel, the normal one, of all popular distributions, contains them, WiFi drivers, graphics, power management, among other things that may seem "harmless", this is nothing new.
There is a whole long list of things that can be taken as measures to avoid it, I am preparing an article detailing the subject, I still do not know where to publish it, but as soon as I do I will comment here on the link, it is not only about the Kernel, which is something basic. (Another alternative is OpenBSD, which since 2005 I believe, does not accept any binary blog in its base system, therefore it is considered the safest system there may be).
regards
It is not that I am paranoid, but there are several users who prefer that type of security, be it because we deal with sensitive issues, or for simple privacy, without reaching fanatic extremism is something important, and it will become more and more essential to defend it.
It is true. And there are several GNU / Linux users who use distros with blobs for mere convenience and not precisely for privacy.
In fact, I have been using Parabola GNU / Linux-libre for 2 days, and I don't miss anything, I see flash normally with Gnash, the free drivers work perfect, and when I'm not thinking about it, I think that I continue to use the Arch of all my life It doesn't show much (I am not the type of user who puts a zillion thousand plugins, addons, extras, or customizations with themes to my system, I leave it very "vanilla", usable, simple).
Well, since I have not been aware of the advancement of gnash, as well as its advancement in terms of compatibility on systems that use Flash 11, gnash was really a nuisance. First I will learn how to use Arch and then install Parabola, and incidentally, do a tutorial about the installation of Parabola.
As for the applications, we are the same, because to work I work with what is necessary, and I am barely with one or another game (and if a desktop environment fails, I change it for another 🙂).
Well, if you like, you can publish it here on this blog. 😉
Ok, I'll send it when I have it ready, I've only published a couple of articles on "redactalo.com" like this guide ( http://redactalo.com/27/guia-de-arch-linux-%28tutorial-de-instalacion-configuracion-etc%29-%282013%29/ ) in which there was a bug in the forums that deleted all the corrections and updates that I had made for a couple of months that I kept up to date and they placed the backup of the first version that I published, also due to travel and lack of time I was discouraged from continuing to create articles and I dedicated myself only to continue monitoring the group in FB in which I am one of the administrators (Free Software for a Free Society) https://www.facebook.com/groups/linuxparatodos
It will be a pleasure to contribute to DL, without a doubt the best blog in Spanish speaking about SL 😉
We will have to use GNU / Hurd and free hardware
Good point, and who saves us from NAS code, on the hardware
Not to mention SELinux. Created by the NSA, with GPL code. That is in the free kernel.
In the end, we will return to the field and become farmers. We will forget about a digital life, we will go back to being analog !! hehehe !!
I believe them if they publish a post on the Stallman website, but they did not and it is not worth fueling that flame (even Diazepan and Pandev know how to make better flames than me, you and the one who wrote that article on Somoslibres.org).
The truth is that if we really used software recommended by the FSF, we would be struggling to adapt proprietary components to it.
In one way or another we depend on proprietary hardware and software, and if there was a real interest in promoting free hardware such as Leemote laptops or Rasperry Pi, then we would be more and more users of free distro such as Trisquel or Parabola (the latter shares the nature of Debian despite being a favorite of the FSF).
And if you prefer OpenBSD, congratulations, as you will learn to use a direct child of UNIX.
I don't think that's possible:>
You cannot enter a backdoor in a random number generator. What you can do is create a vulnerability that allows you to predict those numbers in order to break crypto. That can be analyzed without having the code, although it is beyond my knowledge to estimate with what level of reliability.
Watch out for the louse, it's a matter of software, not hardware. I would never dare to predict that something cannot be done ... The ever-present saying, "made the law, made the trap"
Regards!
Yes, it is a matter of software, but if you disassemble the binary (because you don't have the code) you can get to see if it has effects outside the stack frame or any memory segment that is not driven by that code. It is supposed to be a small component with functions to generate numbers, they should have almost no "side effects". To be clear, if they put a backdoor there it should be evident that at least there is not something coherent.
Charting a course to Debian / Hurd, Debian / kfreeBSD or Arch / Hurd ..
Arch / Hurd still? I thought that with the move to systemd the project would die.
Just because of an unfounded assumption? xD
The backdoor in the random number generator seems pretty fuzzy information to me.
Random number generation is presumably only compromised if the microprocessor's microcode is too, but standard paranoia had already communicated this to me.
Modern random number generators that I know pass the Die Hard tests. A generation of random numbers capable of skipping these tests has to be insidious on the nose.
I did not put everything, I got this comment from esdebian, since I am not proficient in this topic.
Like someone who says: Nothing to do here.
100% free distros don't use the vanilla kernel, they use free linux, so that component is not in them.
It is not that Linux has lent itself to put some of this in the kernel and that, afterwards, 100% of the distributions have included it. I explain.
To implement a random number generator, frequently used, for example, when generating new cryptographic keys, there were two options:
1.- implement a software algorithm. Free software whose code would be visible to whoever wanted to read it.
2.- use an intel chip (hardware) specialized in this task.
And this is where the controversy arose: this Mackall wanted to opt for a software implementation because he did not trust what this chip could do; but Linus decided that using a specialized chip was more optimal.
So the latest news about the NSA has revealed the possibility that Intel has collaborated by creating a generator of not so random numbers. So the cryptographic keys and encryption systems that are based on the work of these Intel chips could be vulnerable.
But in reality the gate would be in the hardware (not in the software). Not long ago, in addition, the news also came out that all Bitcoin wallets for Android were vulnerable precisely because of a failure in the random number generator. Then supposedly Google fixed it.
Right. Very well explained.
Man, is that this randomness also happened with the iphone at the beginning, in iTunes I think it was that they had set for when the user pressed random list they got a random list, logical right?
But the users began to complain that it was not random, that the same song appeared several times, others did not appear one they wanted for 3h ... but that is randomness xD so the Apple had to modify the program to that will generate less random but more random random lists in view of the client.
Linus Torvalds answers:
“Where do I start a petition to raise the IQ and kernel knowledge of people? Guys, go read drivers / char / random.c. Then, learn about cryptography. Finally, come back here and admit to the world that you were wrong. Short answer: we actually know what we are doing. You don't. Long answer: we use rdrand as _one_ of many inputs into the random pool, and we use it as a way to _improve_ that random pool. So even if rdrand were to be back-doored by the NSA, our use of rdrand actually improves the quality of the random numbers you get from / dev / random. Really short answer: you're ignorant. "
OMG .. Always so blunt! 😀
Come on now! ... Do you understand now why I defended a few days ago that the comments be shown in the same order in which they were made ?; I believe that most of those who have commented on this post have not read this answer by Linus Torvalds and continue with ridiculous speculations on a subject they know little about.
On the other hand, I am struck by the commotion that this particular "news" has raised, which I think is due more to "snowdenmania" than a legitimate concern about security issues and I say this because it is now fashionable and It is cool to rampage against the NSA or any other 3 letter acronym, but we refuse to acknowledge that this is done (or tried to do) by ALL governments, of course, to the best of their ability (technological and financial). We worry about this random number generator, but we don't do it because of the closed firmware of the routers and switches we use (mostly made in China), or in the case of Windows users, because of the Kaspersky software code ( "Former" KGB agent and personal friend of Putin), just to give a couple of examples ... come on gentlemen, let's be serious, whoever really wants to feel safe and with their privacy safe, go live to Mars, but hurry up before NASA fills you in with that of robot explorers ...
Hahaha, A CAPO.
The problem with those who _genuinely_ run screaming with their heads on fire is that they scare the rest who are not internalized on the subject.
Luckily there are people like Linus. hyper smart, practical, certified trolls and zero tolerance for idiocy.
Someday I'd like to buy you a beer.
That is absolutely true. Also, you have to learn that not everyone is always right and the truth is that there are plenty of fanboys.
God save you that day from not spouting nonsense, because it burns you alive xD
How come distributions that claim to be 100% free include something like this in the kernel? Or do they not include it? "
The 100% free distributions use free Linux, and this possible back door would be in a proprietary part of Linux. Thus, a 100% free distribution does not have this problem. It is drawer.
Indeed, distributions like Blag, Parabola, and Similar use a blob-free kernel.
Well, this is old news, the existence of them in the kernel has been known for a long time, of the little importance that Mr. Linus gives to the values of free software and that if they want to spy on you, they can do it directly from the hardware by skipping, kernels and OS, or from the backbone of the internet, which are the servers that support DNS worldwide and are in the power of…. yes! You guessed it
+1
Right now you are all suffering from the same symptoms that New Yorkers suffered on September 11th. They are reasoning more with fear than with their heads in the face of devastating attacks that are unlikely to occur. Read this article.
http://libertymcg.com/2013/07/23/this-is-your-brain-on-terrorism/
EXCELLENT.
Thank you for posting the article, it is what I always maintained:
In gringoland they manipulate the cattle, sorry, the mass through terrorism, threats of war and similar cataclysms.
Meanwhile here in Latin America, where if someone talks to us about terrorism, we take it out shitting with a "don't give me nonsense I have to work!" They manipulate us through insecurity: violent robberies, rapes, kidnappings, shootings, street fights, bigotry, blah blah blah.
In both cases, the result is exactly the same, although adapted to the region and type of society in particular that you want to manipulate and direct like cows to the slaughterhouse.
Hello!
Insecurity is a sensation
AntiKs in 3… 2… 1…
Until you come to Venezuela and realize that the masses are manipulated with imperialist conspiracy theories, assassinations and
penis multiplicationother things 😉It could not be more true. Surely that was written from a Mac or from Windows (Oh Wait!).
It seems to me that I am going to stop using the PC and go back to the abacus
That that .. 😀
Or learn about The Guardian Project and how to deal with the new global cyber espionage scenario.
Or stop biting your nails to the skin and read more before eating the shit that many shit, that's not good for anyone.
Hello, regarding that topic, I just read a very good post!
http://www.taringa.net/posts/linux/17132368/Decepcion-Usuarios-en-GNU-Linux.html
Is there any evidence that this is so?
The short answer: NO
The long answer: NOOOOOOOOOOOOOOOOO
The very short answer: N
xD
The smart answer is: There can be no answer to that: it is about analyzing a code that is closed to any audit, so I can't tell you if YES or NO.
let's all go all to Free BSD goodbye to linux XD
If it does not bother the moderators of the page, I would like to leave a reflection that I wrote about the subject and how some users were reacting:
http://www.taringa.net/posts/linux/17132368/Decepcion-Usuarios-en-GNU-Linux.html
An apology if there is a problem and in that case I will understand that my comment is deleted.
Greetings.
Before the stick, pull the network cable. Compatible with all operating systems 😛
😀 True .. But since the Laptop has Wi-Fi capable of activating it there, deactivating the Power LED first so that I do not realize it and well .. Goodbye to my privacy xDD
Check out Linux's answer to the random number generator thing.
http://www.change.org/en-GB/petitions/linus-torvalds-remove-rdrand-from-dev-random-4/responses/9066
"Really short answer: you're ignorant"
XD
Well, it is a hard and certain answer from Linus.
Why does it last? Why is he not patting on the back and condescending?
linus rulez.
Look at my Linus it seems like a real hpd but in this case they are accusing him of something very serious. The answer does not seem harsh at all.
It is so HDP that it mentions the mother in Finnish and nobody says anything (but if you do it in Spanish and more in this forum, the admins and mods obviously take your mind off).
The best phrase:
"Where do I start a petition to raise the IQ and kernel knowledge of people?"
In fact, it is possible that the random number generator is proprietary because then nobody should (in theory) how to decipher something because they would not know how to generate the correct numbers, however, be sure that the NSA asked Intel and well, they can decrypt anything because they have all the keys (random encryption numbers)
"If" this backdoor exists, then it would be on Intel's HW. Linux runs on many architectures: AMD, Power, ARM,… an infinity. So if it turns out to be true, it will be enough to treat it as an architecture bug (and there are many) and surround / avoid the "problematic" code 🙂
Take it easy.
Excellent Linus answer, I had not seen it until now 🙂 http://www.change.org/en-GB/petitions/linus-torvalds-remove-rdrand-from-dev-random-4/responses/9066
All this issue of the back door in Linux, seems taken from the block of "Let's talk without knowing ..." on TV xD
Let's see, if they put you in: either you end up like Bradley Manning or you take this briefcase full of money, especially being the NSA, what is more likely to happen? Nonetheless, the Linux code must have been reviewed by so many people in this vast world that ONE of them should have seen that piece of code.
In case it is confirmed, ok that piece of code cannot be read and modified, can it be deleted? then the problem is not so bad, at least if we don't use intel.
Regards. First of all, I want to take the opportunity to tell you that I usually like your posts a lot, and I find this one completely out of place, following the theme of the blogs on this page.
I think we should first wait for the words of people who really know before we get into a fuss over a story that has no more foundation than the fuss that is being made around this series of news from the United States and the NSA. I also think that it is necessary to listen to Linus's words before making such a fuss. But hey, this is my personal opinion.
Now, if you will allow me to continue, I will try to give a very brief analysis of how bad it is that, in the event that it occurs, there is malicious code in the kernel.
What is / dev / random?
/ dev / random is a generator of random values based on various factors. Yes, it is true that it uses intel code to obtain random values, but it ALSO has other factors to fill its pool of "entropy", it is what it endows with random values. That is based on several factors:
- Hard disk writing / reading
- Mouse movement
- The intel chip, which I understand is based on the current variations obtained by the clock (not sure about this).
- Etc…
But hey, assuming that Intel managed to insert malicious code into the kernel, we can draw these deductions:
- Anything done with random is not compromised, unless someone has disabled all other ways to get random values, but this is infeasible because:
a) / dev / random would take much longer to load your "entropy" pool, and
b) I would be limiting the hardware only to intel devices
- It is unlikely that Intel is trying so hard to create this, since it will not be able to take advantage of it in any way.
But hey, now let me show you some proofs:
The code for random is in: https://github.com/torvalds/linux/blob/fc76a258d41eea7953bb763397c3d1e589d3bb98/drivers/char/random.c
- In line 787 there is the function in charge of adding entropy from the disk.
- From lines 66 to 76 explain the ways to obtain entropy.
But on line 1064 it warns of the possibility of back-doors from the NSA !!
Maybe yes, maybe not. I've heard it too, and it says it's Linus's fault. Well, the story is simple, change the kernel of your GNU. Well, it is not GNU that has the door, if there is one. It's from Linux. So you have two other cores to choose from, don't you think?
regards
Give me the source code for that stick!
https://github.com/torvalds/linux/blob/fc76a258d41eea7953bb763397c3d1e589d3bb98/drivers/char/random.c
It is not the code of the suit, but now you know how to make a random suit! (?)
Hello everyone,
First, the article that elav cites is original from MuyLinux, not from the portal that has shot us the entire article, without linking us as the original source of the news (ergo, breaching our license) and what is worse, without linking any of the many references that I have put.
http://www.muylinux.com/2013/09/09/puerta-trasera-nsa-linux/
As for your questions, the first is asked by all of us, the second is more complex as you ask it and would require an important explanation from someone who knows, and the third does not have to be the way you ask it (I don't think Linus has lent to nothing, but there are many possibilities that do not have to understand that assumption).
Anyway, greetings to all!
Well said.
SeamosLibres.org pursues its own political agenda then. What better way to misrepresent than with a "Freedom" speech?
That is why I am not so aware of that page.
Well, MetalByte excuse me but I had not seen the article in MuyLinux, if I had, I would have quoted you without any problem. What's more, I change the font right now. 😉
Ok, nothing happens and thanks for the change 😉 But what a crappy place, SomosLibres that ...
Ahh, because they say: We are free to copy as we please .. HAHAHA
Well, you're taking a topic with a grain of salt. If that is discovered, there are two paths: the first would be to create a fork of the Linux Kernel, something that I consider very feasible thanks to the fact that it is open source. The second would be to use a totally free kernel like the one used by Parabola. There would even be a third, which would be to use Linux distributions that are focused on security. The most common would be Fedora, and the most advanced would be Gentoo.
From now on I tell you that those who are concerned about security should not use anything from the Ubuntu family, since they contain spyware.
On whether Torvalds is capable of such a thing, I'd say yes. I've never seen him fight for computer freedom. Mr. Stallman always takes care of that. Also, Linux is just the kernel of the operating system. A new core could well be created.
For more information about what software to use those who are interested in their privacy or security, http://prism-break.org is an amazing resource and best of all made by people who know much more than me about the topic.
Well, I'm using Debian and the truth is that it's great. Good thing Arch was dethroned.
??
Well, before was Arch as the first option and Debian in second place on the website. Now, Debian is topping the list of OS's recommended by prism-break.
Why create a fork if you already have Linux-libre? they would end up being the same.
On what do you base to say that the * buntu has spyware?
Otherwise, in agreement.
technical question, how do they do in free linux if this random number generator is so important ???
I know that free linux removes any proprietary module it may contain from the kernel, but if they remove a random number generator that is partly used to encrypt data ... how do they encrypt it? by protecting the pc on the one hand, you make it vulnerable on the other ??? is this how it works ???
meditating some time ago I came to the conclusion that stallman is right, but his ideas are not applicable, if I applied them I spent 1500 $ on a machine and could only use half of this because the chipset is nvidia ...
Well, I suggested the fork because it would be the way to go if this news were remotely true and the code in question was actually embedded in the kernel. I highly doubt that it is necessary to do so.
Where do I get that the Ubuntu family of distributions and derivatives have Spyware, is from Prism Break (see the link I suggested in my previous comment). In that community there are hackers from all over the world exploring software in detail and giving recommendations on what to use and what not. They are the ones who say (and prove) that Ubuntu has Spyware.
Be careful, the Chrome browser also has it.
But what an obsession with the NSA and surveillance ... after all, who does not owe it does not fear it, right? Let them see what they want, what's more, if they want, I'll install TeamViewer for them and they don't have to spend work anymore!
Illusions those who believe that the clutches of the government (of ANY government in ANY part of the world) can be fooled by this or more which operating system!
Totally agree, personally I have nothing to hide from them so I am not interested in whether they spy on me or not.
Trojans are used for this type of thing.
http://lapupilainsomne.wordpress.com/2010/10/18/la-guerra-cibernetica-y-el-imperio-del-mal/
There are two problems with that way of looking at things.
1st and main, which is very widespread.
2. That it is a lie that no one believes, if you agree so let us put cameras in your bathroom to be sure that you, your sisters or wife do nothing. (Am I exaggerating? Remember the webcams on computers that we have in our rooms, they can easily be activated remotely and record what happens in your privacy)
That we cannot prevent espionage (Because we no longer talk about: whether they spy or not, that is already a proven fact.) Does not mean that we should support it, it is a matter of human rights and ethics, national sovereignty, personal integrity and many more things.
In addition, that "nothing should" is very relative, having mp3 or videos with copyright, which we do not buy, whether we like it or not, is taken as a crime, so with something as simple as that, the majority already owes it and you should worry about some frivolous lawsuit for a few hundred or thousands of dollars.
mmm ... well if we pay just a little attention to Linus, we should be suspicious of a code that we cannot read and anyone in his place would find the intelligent way to show that there is no hidden code ... but if he could not say anything intelligent and useful he would surely keep quiet and we will all end up working with a stick ...
As far as I know, 100% free distros include absolutely NOTHING whose code is not available and its license is at least permissive.
At least Parabola GNU / Linux-Libre is free of it as is Debian too, although the former uses the GNU / Linux-Libre kernel and Debian the common GNU / Linux kernel (aka Vanilla), but with fewer blobs. .
I would like to try a Leemote netbook, which I have been told is free hardware.
Debian uses the free.
debian uses free if you install it by leg, otherwise use normal
Since squeeze the free kernel is used. The firmware comes separate and is available in the contrib and non-free repos. There are also unofficial CDs with the included firmware.
No wonder I'm doing wonders, although I'll give Parabola a taste to make a difference in performance.
Debian does not use free kernel in its entirety, I know because I use Debian Testing and in each installation always create blobs for network drivers.
I also use Debian Testing and it does not contain blobs. Do you use testing since Lenny or before?
Really? So, If so, I will try to install Parabola GNU / Linux-Libre on my Real PC in case I change the hard disk and my Windows Vista partition does not work for me (although I doubt it because I am still rooted with MS Office, the Creative Suite by Adobe and CorelDraw).
I've been using Debian since Squeeze and it has always installed blobs for my network drivers.
You probably did the installation with the unofficial CD that included the firmwares
The free linux kernel also makes use of the RDRAND instruction, which in turn is part of the Intel Secure Key code and so that it does not use that instruction, both in the normal and free linux kernel it must be disabled ... that 'normal' users do not do because to begin with we had not foreseen this possibility, that the NSA and Intel go hand in hand in the Intel Secure Key and in who knows what code else
Do not be alarmed until it is properly witnessed and proven it is not true.
Pablo: It can never be properly confirmed since that code cannot be audited. In fact, the engineer who developed the code David Johnston defends its cleanliness. The problem is, you can't prove your good faith on this. Ahroa, if we take into account what Snowden revealed that the NSA forces (with its foreign intelligence court) the company that it wants to get involved in espionage (it does with MS, Google, etc etc) and if we add two more two …… it is perfectly possible that Intel is also involved …… .one question that occurs to me is: Valve installs binaries through steam in linux? I say this because when they announced valve for linux I had a certain idea ... and snowden was not even in the news at that time ......
It seems to me a very serious accusation to go around affirming something like that without any proof.
We'll see. The Linux kernel is succeeding, and it is only 12 months away from becoming the most used kernel in the world, not because it is free or free but because of Linus Thorvalds' commitment to efficiency at all costs. So when it comes to choosing between random numbers generated by programming (slow) or generated by an integrated circuit (fast), it is not surprising that Thorvalds chooses faster even if that means using programming without sources, inauditable.
Code auditability has not seemed to matter much to Thorvalds for years now; in fact, Linux has included object code without sources for a few years now. The response of the proponents of free programming, led by the Free Programming Foundation, is Free Linux: you take every new version of Linux that is released and clean it up by removing those parts; Based on this debugged Linux Libre there are several distributions, for example Trisquel. The logical thing would be that now they include in that cleaning the calls to random number generators of integrated circuits.
It is best to use the following version: "Stick with a nail."
With "Stick with a nail" you can defend yourself better. You drive away Simpson-type aliens for intimidation without any problem. Which you can't do with the predecessor «Palo» (or «Palo just plain»)
Guys let's see if we stop crap reading stupid things out there. They already commented on it above. Here they have the translation «into Spanish» http://www.espaciolinux.com/2013/09/linux-la-nsa-y-la-desinformacion/
And those who said free linux ... had no idea what they were talking about. Sorry for the aggressiveness of the comment. Scheme after reading that nepomuk is spyware .. you want to hold your balls against the door
At least he already knew that so much yellowness could not be true.
What a good article brother, people like you are what we need, thank you.
Stallman will give us HURD and GNU will be perfect.
In fact, he has let it dust himself off. As soon as the Debian project begins to play with it.
To your question: «How is it that the distributions that claim to be 100% free include something like this in the kernel? Or do they not include it? "
The 100% free distros do not include the "linux" kernel, they include the "Linux-libre" kernel, which is the linux kernel but without the software that does not include source code, as well as obfuscated source code or published through proprietary licenses.
"Do you really think Linus can lend himself to something like that?"
I think Linus can be used for anything.
As if it was difficult to disable it ...
$ zcat /proc/config.gz | grep CONFIG_HW_RANDOM
# CONFIG_HW_RANDOM is not set
As Linus explains, not only the hardware is used if it is available, the entropy of several system variables is mixed plus that of the random generator hardware if it is enabled in the kernel configuration, as you will see, I chose to disable it. and the whole process cost me less than 10 minutes.
$ su
# cd / usr / src / linux
# make menuconfig
disable CONFIG_HW_RANDOM option and save
# make
# make modules_install
# mount / boot this is necessary only if they have a separate / boot partition
# make install
# umount / boot
You can restart and sleep peacefully ...
As Linus says, you can go to the source and see in the random.c file of your kernel sources how this works and that it not only uses the hardware but also mixes them, starting from line 948 of random. c starts mixing.
$ gedit /usr/src/linux-3.11.0-gentoo/drivers/char/random.c
/*
* If we have an architectural hardware random number
* generator, mix that in, too.
*/
for (i = 0; i <LONGS (EXTRACT_SIZE); i ++) {
unsigned long v;
if (! arch_get_random_long (& v))
break;
hash.l [i] ^ = v;
}
memcpy (out, & hash, EXTRACT_SIZE);
memset (& hash, 0, sizeof (hash));
}
I think it is a problem yes, but not so serious or impossible to solve, in addition, as the comments of the random.c file explain, a single font is not used to create the random number.
Taking into account that we are respectable citizens, who have nothing to hide, I don't care; Now, if the NSA or the CIA offer me work in Databases, Servers or things of my specialty, I have no problems with sniffers looking at my university assignments or my photos of Lucho, leave that Feis and go to sleep , or my PDFs of Zuperación Perzonal .. uu
Kind regards.
They can also disable it by passing the nordrand parameter to the kernel.
nordrand [X86] Disable the direct use of the RDRAND
instruction even if it is supported by the
processor. RDRAND is still available to user
space applications.
In the case of grub it is done like this:
$ su
# nano / etc / default / grub
GRUB_CMDLINE_LINUX = »nordrand»
control + o to save control + x to sair
# mount / boot
# grub-mkconfig -o /boot/grub/grub.cfg
then restart, if you want you can see how the parameter was added
pressing the e key to edit while in the grub window.
and if we learn a little more? I mean, they are talking about changes, and modifications to the kernel. Of making a fork and I don't know how much more nonsense. Read: http://www.espaciolinux.com/2013/09/linux-la-nsa-y-la-desinformacion/
The CANNOT CHANGE is already a fallacy.
Being Exposed is another, and finally ... Privacy is important, I am not interested in others being able to access my information, not because it hides something, but because it is MIA. But I wonder is it necessary to come to this? Knowing the tools, and knowing their limits, it is easier to know where we are exposed.
I think that random is the least of it, there are things much more obvious and nobody does anything ... Facebook, Google and all those companies and especially the ISPs ... those actually spy on us. People give their data, their entire life through those social networks and "FREE!" ... I don't think they also need to put a "backdoor" in the linux kernel ... with the "legal" they have us checked ...
Beyond the fact that there are people who like to be watched, I think the right thing to do would be to carry out an investigation (especially by the FSF) to support those people who believe in the right to privacy and that they are interested in a A country like the United States is very dissimilar to those of developing nations. But see what was Dilma Rousseff's reaction when the espionage activities in Brazil became known.
Greetings.
In the world of GNU / Linux there are people with extensive programming knowledge who would have discovered something related to this news. I just don't think there is such a back door.
edzaconne is not about believe or not. It is not a matter of faith. This is very serious: the way things are encrypted in Linux. It is not new news or a discovery. It is that the current maintainer of / dev / random questions the validity of using only the Intel License Key to generate random numbers, because it is a code that cannot be audited as it is linked to the intel hardware and therefore it will never be released by this company. Perhaps in Spanish there is little news, but in English in prestigious newspapers it has been published how the NSA has worked hand in hand with the most important companies and institutions that encrypt data on the internet, to leave back doors, that is known thanks to Snowden . Now if that is documented: why should it not be valid to question whether or not there is a very similar agreement with Intel, to compromise cryptography in Linux? ... It will not be possible to discover unless the NSA expressly admits it, which they will not do if they even deny what snowden has already made public through genuine documents ……
The answer summarized by Linus himself:
http://www.change.org/en-GB/petitions/linus-torvalds-remove-rdrand-from-dev-random-4/responses/9066
Elav, I can't believe you didn't know that the kernel that almost all distros carry comes with binary blobs, that's why there are 2 kernels (Linux Kernel and Linux-libre Kernel).
Yes I know. I've been living through the Debian drama with the FSF for a long time. The question was rather rhetorical.
Okay, I almost had a heart attack thinking you didn't know, XD !. By the way, Debian since Squeeze uses the free kernel.
That's right .. 😀
This is not on the kernel side but on the hardware side, and it is not the only case. The kernel also gives the ability to support motherboard embedded TPM chips (like windows / osx)… but I haven't seen anyone get alarmed by this. The scaremongering may be due to the wrong idea Intel = NSA ... meanwhile they use VIA, Winbond, SiS or other brands, which are the same: closed chips, with the probability that the random is not "so" random (and that the NSA it is also inside). As long as the closed hardware exists, that threat will exist, whatever the brand,
ps: I withdraw what was said "but I have not seen anyone be alarmed by this." There is a topic similar to this, but instead of linus T, it is involved, microsoft, TPM, the NSA, and all the brands that make these chips. http://investmentwatchblog.com/leaked-german-government-warns-key-entities-not-to-use-windows-8-links-the-nsa/
The truth is I think that Linus t. Does not include in the kernel lines of code, proprietary or has not realized that Intel wants to create a back door.
http://www.change.org/en-GB/petitions/linus-torvalds-remove-rdrand-from-dev-random-4/responses/9066
LAST MINUTE: Linus calls all of us who have speculated on the RANDR subject idiots
Intel's RANDR is used as one more "Ingredient" in the mix to come up with a truly random number, so even if it had a back door, it would still increase the randomness of the total.
Conclusion: GNU / Linux is still mostly safe, because the Hand of Thief thing? Another trigger.
source: Linux Magazine
calm elav so much distrust you have of linux now.
click on «Previous comments»… yesterday I spoke with Linus
That I don't distrust .. That they were rhetorical questions .. uff
Ignorance of the rdrand may be just as rhetorical.
I didn't know that Fedora was sooo slow that even the news comes as if it had MSIE.
and fedora that has to do.
there is no doubt elav that there are some users who no longer respect.
Fanboy detected haha!
lol asshole detedisimo, only mind those who know me well know.
Privacy is a right, it is not something that should be demanded ... the problem is that this new world has them used to saying, and what? It doesn't matter if he spies on me .. .. it doesn't matter that… but ahh life turns into this .. to go crazy for something like that .. no longer there security, it is difficult even to trust what could be trusted before .. = (
That's just what I was thinking when I read the article. If we don't trust linux then What do we have left?
It is more if we go further, although all I use is OpenSurce, if I do not understand a programming knob, I will not know how it works more than a proprietary software, in fact, nobody assures you that all updates are reviewed especially of not so popular programs Who says that Tint2 does not steal information from you and send it to who knows what organization.
I think that we should not exaggerate the question or, as elav says, we will end up like the Flintstones, using a graphical environment stick.
PS: A suggestion: comments should be listed in reverse with respect to time. In other words, the newest that are left on top, then they are within those shown (I think there were 15) and you do not have to load the others to see the last ones.
Using a stick sounds interesting. A question: to code an HTTP GET instruction in spades, do we have to use morse code or can we continue using binary? because if it is binary, I need to know the milliseconds of pause between one stroke and the next, to see if I am training my arm. 😀
P.S. My apologies for commenting from Windows, it is not my machine.
We are going to grab you with shovels, but for using Windows, heretic! xD
naaah sorry to whom, let everyone use what they want, here we are not Taliban 😉
In muylinux they went overboard with that article, although the NSA has made quite a mess with privacy and anonymity, it is not to become paranoid and even less without proof.
To me this sounds like disinformative garbage ... if we fall into the issue of conspiracies (which will or will not be, I don't get involved) we are going wrong ... it gives more the feeling that this article intends to damage Linux, we should know the intentions of who wrote it and who paid him to do it ...
Hello, regarding the article and the comments, there is no 100% certain thing, and stop arguing about distros and that one is better than blah, use what they best dominate and feel comfortable I do not know why some believe the great thing for using some "complicated" media distro, I recommend as always :), try BSD :), greetings and long live GNU / Linux and free software in general, if we don't hide anything we don't have to be afraid of anything.
Linux Torvalds response to all this:
“Where do I start a petition to raise the IQ and kernel knowledge of people? Guys, go read drivers / char / random.c. Then, learn about cryptography. Finally, come back here and admit to the world that you were wrong. Short answer: we actually know what we are doing. You don't. Long answer: we use rdrand as _one_ of many inputs into the random pool, and we use it as a way to _improve_ that random pool. So even if rdrand were to be back-doored by the NSA, our use of rdrand actually improves the quality of the random numbers you get from / dev / random. Really short answer: you're ignorant. "
FUD
SM GB +1
The explanation is simple, Linux had always used a series of data to create "random" numbers (remember that a computer does not understand chance), now it uses that data AND ALSO the ones provided by RDRand.
The result is more secure encryption, and if the NSA knows the RDRand data, we will continue to have the security of software encryption. We would have the real problem if 100% of the encryption were generated by hardware, and it is not.
Hello elav, coming back here after a long time, well with regard to this, I think that if it is entirely true in the matter of "proprietary things" that exist in the kernel, as I had heard there, "even free software freer than it exists, you have to spread a little bit of what is proprietary "and at such a point it may be true, but then I have done my studies and everything and I know that for example the modified kernel that Trisquel has if it is completely clean and has nothing proprietary, that is why in some cases there are some problems with respect to the drivers because some of these are proprietary and for example that uses Ubuntu (the location is for ubuntu but it's my turn), let's say it this way a 50/50 of things private and free things, the system as such, both kernel and libraries, although I know that richard stallman has not fought for so long for GNU to also have private things. well in general I think that linus torvalds will never sell his precious kernel but if he adds his own little things to make it work much better. Cheers!
Let's focus a bit: It is not said that it is the source code of Intel Troyanice Linux for the NSA, what I understand, and that is criticized, is that Linus, using the "operability" of that closed code, introduces it without further ado and not of neither information nor alternative to the user. I think what is criticized and what must have angered Mr Mackall is that this is just allowed. I think the reference to the NSA will have been one of anger and has been decontextualized, it is almost like saying "we put what Intel tells us without looking, because nothing already put in that attitude we can put an NSA Trojan if they ask us to."
And going one step higher, it is logical, given what has been uncovered to the public recently and spinning it with Intel, that now it does not seem unreasonable to people that Linus Torval pressed or did not introduce a backdoor for the NSA.
Come on I say, if so much that he has said "my source code" "free" blah blah blah and then not even a "post it" warning that he had no choice but to accept the work of intel because of how specific and laborious it would be .
Come on, for me, Linus rises from Olympus, and see that I like the screwed up.
he's just a "tabloid blogger" and that site leaves a lot to be desired. When I entered it cleaned the cookies and data from the site because it fills your browser with tracking cookies and not to mention all the advertising yuck.
Better not link there that place has other goals than software freedom ...
Surely the cookies are from the advertising shown on the page (even Google knows how to make better cookies).
And by the way, at the top it suggests whether or not you want cookies to be entered for you.
And by the way, here the same author of the article taking a 2nd. part clearing up this misunderstanding >> http://www.muylinux.com/2013/09/10/puerta-trasera-nsa-linux-2/ << and links (in addition to giving himself the luxury of translating) what Linus Trovals said about it.
I have good ones, although the nsational shit agency managed to attack Linux was between June 2011-2012 !!!
We have already returned to the Free generator, now we avoid armageddon, the advantage of open source, we avoid disaster !!
But that Linux is spying there is no doubt but only for proprietary !:
*flase gay player
* spy
and what you see in wine «but that's only wine and it doesn't fall into Linux»
without gay flase or spype we'll be fine!
The truth is that this issue has not been entirely clear to me, according to this man, in the kernel, there would be some programming lines that correspond to Microsoft, if so, can you see them? Can you detect if the lines have a back door? Can it be cleared from the kernel? Because if they are programming lines, they can be erased by the kernel maintainer, in case there is a back door / s.
I have already read about this and from a point of view it is good (it is much more efficient to generate random numbers from hardware than software). But it has that but that you mention in the post.
There is a way to deactivate it luckily. You only have to pass a parameter to the kernel boot 🙂
I leave the link so you can see it http://www.espaciolinux.com/2013/09/linux-la-nsa-y-la-desinformacion/
Regards!
I agree with many of those who have already commented, this is informative garbage, precisely disinformation and I know that nobody knows everything so I suggest you read the scare in depth, approach people who know how to read the kernel code, not a writer of muylinux -.- (it's like approaching a healer when you think you have cancer XD).
So… Let's go to FreeBSD ???
BSD, any of them, would be the penultimate system you would use:
http://aboutthebsds.wordpress.com/2013/03/31/bsd-vs-linux/
The problem as already mentioned is the SElinux embedded in the Linux Kernel since version 2.3….
baked! already 7000 degrees Celsius!
it's time to make a new OS without NSA / Illuminati intervention.
I don't know how to program / develop but I would make an OS for myself and that's it.
But ... what does it matter? all edge routers are tapped by the NSA (illuminati / Zionist / Masona) then? is the same….
we should build a new internet ...
There is no distribution that is outside the intervention of the NSA.
Everything is seen by "them."
so: NSA FUCK YOU !!!