Being sure.

A question…

We hear much about “eyes on the code” and how Open Source is safer and more secure. We hear about the big Corporations stuffing their products with spyware, etc.
And now I hear that TOR is compromised too (never trusted it myself - it always seemed like a really good way to draw attention to yourself - “here I am, over here, trying to hide from you”). Given that the ISP’s hand everything we do and say over to the Feds, attempts to install “do not track me” plugins and “https everywhere” plugins seems like a waste of time.

How can we be sure that Linux is free of such stuff?
I gather that Firefox has quite a lot of lines of code in it and that’s one browser. It seems fairly safe to assume that the average Linux OS contains hundreds of millions, if not billions of lines of code? So, are they all really audited? Regularly? Does every patch submitted get examined?

Could something nasty get slipped in and go unnoticed?

Could something nasty get slipped in and go unnoticed?

I’d say unlikely that it would be there for long … it’s not just the “eyes on the code”, it’s also the fact that Linux users tend to keep an eye on processes, network traffic, etc.

Then if anything looks out of place … THEN the source code is available to look into.

There’s also the fact that most software and patches are openly peer reviewed … certainly kernel patches.

After some further reading on the FSF site it would seem as though the difference between your “ordinary” distro and the FSF recommended distros is that “ordinary” distros carry some binary blobs, in order to provide functionality, where needed. These binary blobs contain proprietary code, usually encrypted in some way and as such there can be no guarantee that there isn’t either spyware or backdoors within them (observable behaviour nothwithstanding). Granted, spyware probably has fairly predictable behaviour in that it will report back somewhere at some point or other. But backdoors are a different matter. A backdoor could lay hidden and not be obvious until it’s used.

So it would appear that there’s only one way to be sure and that’s to use a distro that’s made of entirely open source code.
Which means no flash - oh how will I cope?

Perhaps I have not quite understood. But it would appear to be this way.

Perhaps I have not quite understood. But it would appear to be this way.

Absolutely.

Turning the argument on it’s head, from what we’ve seen recently, if you don’t use free software you can be pretty sure that your system will contain a back-door of some kind (!) If you want to be ‘really’ safe, you could always use “Gentoo” and compile all your software from source … so as long a the original author’s software hasn’t been poisoned in some way - you should be secure :slight_smile:

Incidentally, for anyone who’s not tried Gentoo, one of the main features is performance. Because you are able to tune the compiler to your specific CPU, then compile everything for your CPU, you will generally see a 15-35% performance boost over a standard Ubuntu distro install. (generally I see the high side of this range …) For some applications, it can sometime double your performance depending on what apps you’re running.

Be aware that any time saved by Gentoo performance benefits may be offset by the time it takes you to get it up and running in the first place … certainly if you’re going to have to learn how to compile :wink:

If you have masochistic tendencies, and like everything running quickly, sure Gentoo is for you.

If you prefer your performance gains in a more user friendly manner … just use a light distro … I could suggest one, but I’ll refrain :wink:

Sorry, couldn’t resist … your average user needs some kind of warning before being pointed at Gentoo … hell it should come with some kind of mental health warning on the pack :o

Something along the lines of:-

BEWARE: Gentoo will fry your brain, or turn you into an addict … there is no middle ground.

If you prefer your performance gains in a more user friendly manner .. just use a light distro .. I could suggest one, but I'll refrain ;)

Yeah I know what you mean it’s not easy knowing what distro to recommend is it Mark so much choice ;D

I wouldn’t know where to start, or what you’re suggesting :slight_smile:

To submit or not to submit that is the question
Whether tis nobler in the mind to suffer the slings and arrows of outrageous Corporations
Or to take arms against a sea of patents,
And by opposing end them?