Skip to main content

View Diary: An NSA-proof operating system. Yes, for real. (171 comments)

Comment Preferences

  •  Sorry you don't care for my prose. (6+ / 0-)
    Unhackable OSs, based on nothing but your word.
    Bullshit.  Look into it.  Look into Rutkowska.  I've done a couple years worth of homework on this, you have obviously done none.  Who's flinging poo?
    Provably false statements.
    Bullshit again.  Security by isolation (as I pointed out in another comment) - in this case - is indeed newer.  The tech to implement it has only existed since hardware caught up to Xen.  This isn't air-gap isolation - it's hardware-implemented functional isolation.  If you don't understand something, isn't it considered polite to ask before swearing at people?

    It ain't called paranoia - when they're really out to get you. 6 points.

    by Jaime Frontero on Sat Jul 13, 2013 at 12:33:00 AM PDT

    [ Parent ]

    •  Some Qubes Security Bulletins (3+ / 0-)
      Recommended by:
      duhban, CroneWit, Sparhawk

      Qubes Security Bulletin #7

      Discussion
      ------------

      This is not the first time when the overly-complex permission system strikes back and causes more harm than good.

      Qubes Security Bulletin #8
      Xen.org has announced today a security advisory XSA 58, which fixes a bug introduced by... a previous security fix identified as XSA 45 (see [1]).

      The original problem that the XSA 45 was supposed to fix was a timing-based DoS attack.

      It's a security bug that was introduced by trying to fix the previous security bug.

      And here's a list Xen security announcements.

      •  Yes? And those bugs were patched... (5+ / 0-)

        ...immediately.  In fairness, you might have included that information in your quote:  it was just the next paragraph, in both cases.

        Bugs exist.  We do the best we can, and follow the lead of those who can do better.

        It ain't called paranoia - when they're really out to get you. 6 points.

        by Jaime Frontero on Sat Jul 13, 2013 at 01:50:18 AM PDT

        [ Parent ]

      •  A bug doesn't mean it's hackable... (3+ / 0-)
        Recommended by:
        Garrett, quill, J M F

        Only a small number of bugs actually leave a real world system vulnerable.  

        In the examples you are giving, in Bulletin #8, the previous security bug patch was never applied to the released packages, so they say "so the users, up to date, have only been affected by the timing DoS, related to XSA 45 problem."  And since that was a DOS problem, it didn't actually leave the system "hackable" as far as axcess to the system or data.  

        And in Bulletin #7 they say "the impact of the XSA 52-54 does not seem to be so problematic in practice".  Looking at other recent advisories, XSA 55 only applies if you run an untrusted kernel in one of your domains, and XSA 56 also doesn't apply to systems with normal security measures.  Only XSA 57 of the recent advisories has the potential to allow a serious attack.  But there's no evidence yet that potential has been exploited.  

        I do think the diarist is overstating the advantages of this system vs. an ordinary linux.  Nearly all of those things you do to lock down an ordinary linux sytem, you should also do on Qubes.  This just adds an additional layer of security.  

        But some are overstating the capabilities of the NSA if they really think they can get into any system or crack any encryption.  Nothing is 100% guaranteed, but good security can make things very difficult even for the NSA.  

        •  As I see it, the diary title (1+ / 0-)
          Recommended by:
          duhban

          might as well be  "A Perpetual Motion Machine. Yes, for real."

          A diary with a title and theme like that wouldn't be a place I'd want to get into discussions about real-world machine efficiency.  

          •  I guess that depends on interpretation.... (0+ / 0-)

            If you interpret "NSA-proof" as meaning it's perfect, then yeah, that's never going to be.  But, if you interpret it in the way words like "waterproof", "soundproof", and "bullet-proof" are normally used, then I don't think it's that unreasonable a headline.  

            I don't think he ever said in the body that it made a system unhackable.  Though on the whole he does seem to be overselling it. It does seem like a decent security idea, but probably more effective vs. malware than vs. the NSA (which is only collecting data off the internet, and if they do target individual computers, they really wouldn't be permitted to do that to US citizens).  

            And I think it also would likely be more complex, and less for average users, than applying basic security measures to a popular Linux distribution like Mint or Ubuntu.  

    •  I've worked in IT off and on since the 90s (3+ / 0-)
      Recommended by:
      duhban, rfall, Sparhawk

      I've never heard of this shit.

      Were I to be paranoid enough to give a shit about this kind of thing, I'd be using BSD and not Linux.

      Since you are proposing a linux solution why Xen and not KVM?

      Network security and not the security of your local machine is what matters anyway.

      You come off as someone who has a vested interest in promoting this particular software.

      Praxis: Bold as Love

      by VelvetElvis on Sat Jul 13, 2013 at 04:10:11 AM PDT

      [ Parent ]

    •  Wasting your breath. (2+ / 0-)
      Recommended by:
      Jaime Frontero, DeadHead

      Just ignore the trollery.

Subscribe or Donate to support Daily Kos.

  • Recommended (131)
  • Community (66)
  • Elections (25)
  • Environment (24)
  • Media (23)
  • Culture (22)
  • Civil Rights (22)
  • Science (21)
  • Law (21)
  • Trans-Pacific Partnership (21)
  • Josh Duggar (20)
  • Labor (19)
  • Economy (17)
  • Marriage Equality (17)
  • Ireland (17)
  • Bernie Sanders (16)
  • 2016 (15)
  • Rescued (15)
  • Hillary Clinton (15)
  • Climate Change (15)
  • Click here for the mobile view of the site