I'm trying to rid my Linux installation of all potential corporate
spyware, seeing as how (A) the companies may be up to no good
for their own purposes and (B) they companies' software may be
conduits for the US government, to allow the Feds to spy
on Linux users. Now that spying is apparently the Feds' #1 priority
(and that of the Democratic whores in Congress) I have to
take this a little more seriously.
My present goal is to avoid the use of Adobe flash plug-in.
I think I saw that there is a free flash compiler out there,
but anybody know if there is a free player?
If not, perhaps one safe thing I can think of to do is to only
run Firefox (Windows version) in Wine, which I assume can't peruse
my system without someone writing a virus specifically to
attack Wine. If I run the Linux version of Firefox with the
plug-in, presumably that gives them a back door into
my entire system.
Or, perhaps I can just create a new user & group for
flash-enabled web browsing that can't access anything
else on my system and put the plug-ins in ~/.mozilla.
Hmm, I think I just solved my problem.
> Hi all,
>
> I'm trying to rid my Linux installation of all potential corporate
> spyware, seeing as how (A) the companies may be up to no good
> for their own purposes and (B) they companies' software may be
> conduits for the US government, to allow the Feds to spy
> on Linux users. Now that spying is apparently the Feds' #1 priority
> (and that of the Democratic whores in Congress) I have to
> take this a little more seriously.
>
> My present goal is to avoid the use of Adobe flash plug-in.
> I think I saw that there is a free flash compiler out there,
> but anybody know if there is a free player?
>
> If not, perhaps one safe thing I can think of to do is to only
> run Firefox (Windows version) in Wine, which I assume can't peruse
> my system without someone writing a virus specifically to
> attack Wine. If I run the Linux version of Firefox with the
> plug-in, presumably that gives them a back door into
> my entire system.
>
> Or, perhaps I can just create a new user & group for
> flash-enabled web browsing that can't access anything
> else on my system and put the plug-ins in ~/.mozilla.
> Hmm, I think I just solved my problem.
Roy S. Schestowitz | "I blame God for making me an atheist" http://Schestowitz.com | GNU is Not UNIX | PGP-Key: 0x74572E8E http://iuron.com - proposing a non-profit search engine
In comp.os.linux.advocacy, plenty560@yahoo.com
<plenty560@yahoo.com>
wrote
on Mon, 20 Aug 2007 18:49:55 -0700
<1187660995.596340.236800@r34g2000hsd.googlegroups .com>:
> Hi all,
>
> I'm trying to rid my Linux installation of all potential corporate
> spyware, seeing as how (A) the companies may be up to no good
> for their own purposes and (B) they companies' software may be
> conduits for the US government, to allow the Feds to spy
> on Linux users. Now that spying is apparently the Feds' #1 priority
> (and that of the Democratic whores in Congress) I have to
> take this a little more seriously.
That it is, and the NSA has SElinux to facilitate its spying.
At least, we think it facilitates its spying. I can't tell
for sure from here, and in any event its patches are now
part of every Linux kernel and hopefully someone's reviewed
them by now.
Of course Vista is perfectly secure, right? :-)
>
> My present goal is to avoid the use of Adobe flash plug-in.
> I think I saw that there is a free flash compiler out there,
> but anybody know if there is a free player?
Gnash is out there. I'm not sure how well it works; the
games I've tested it on universally fail. Might work on
very simple stuff.
>
> If not, perhaps one safe thing I can think of to do is to only
> run Firefox (Windows version) in Wine, which I assume can't peruse
> my system without someone writing a virus specifically to
> attack Wine.
Wine emulates (or does not emulate -- well, anyway,
it's a long story on what precisely it does) Windows well
enough to allow viruses to affect the environment within
which Wine runs, which can be controlled to some extent
by fiddling with the symlinks in the .wine subdirectory.
One can (and probably should) also run winecfg.
> If I run the Linux version of Firefox with the
> plug-in, presumably that gives them a back door into
> my entire system.
Not clear at this time. I would be of the opinion that
the only thing an infected Firefox can destroy is one's
home directory; however, that depends on how deeply NSA
bugs are buried into the Linux kernel.
>
> Or, perhaps I can just create a new user & group for
> flash-enabled web browsing that can't access anything
> else on my system and put the plug-ins in ~/.mozilla.
> Hmm, I think I just solved my problem.
>
On 21 Aug, 06:02, The Ghost In The Machine
<ew...@sirius.tg00suus7038.net> wrote:
> In comp.os.linux.advocacy, plenty...@yahoo.com
> > Or, perhaps I can just create a new user & group for
> > flash-enabled web browsing that can't access anything
> > else on my system and put the plug-ins in ~/.mozilla.
> > Hmm, I think I just solved my problem.
>
> For now.
Such virtualizaton and access control is what virtual hosts (such as
Xen guest domains) and the more fascinating settings of the Apache
suexec tools are for.
> Hi all,
>
> I'm trying to rid my Linux installation of all potential corporate
> spyware, seeing as how (A) the companies may be up to no good
> for their own purposes and (B) they companies' software may be
> conduits for the US government, to allow the Feds to spy
> on Linux users. Now that spying is apparently the Feds' #1 priority
> (and that of the Democratic whores in Congress) I have to
> take this a little more seriously.
>
> My present goal is to avoid the use of Adobe flash plug-in.
> I think I saw that there is a free flash compiler out there,
> but anybody know if there is a free player?
>
> If not, perhaps one safe thing I can think of to do is to only
> run Firefox (Windows version) in Wine, which I assume can't peruse
> my system without someone writing a virus specifically to
> attack Wine. If I run the Linux version of Firefox with the
> plug-in, presumably that gives them a back door into
> my entire system.
>
> Or, perhaps I can just create a new user & group for
> flash-enabled web browsing that can't access anything
> else on my system and put the plug-ins in ~/.mozilla.
> Hmm, I think I just solved my problem.
Do you really think that the Feds (who ever they are) are the least bit
interested in what you get up to? Unless of course you happen to be a drug
dealing torrorist activist called Laden, in which case we would all want
the Feds to know what you get up to so they can stamp you out.
> I'm trying to rid my Linux installation of all potential corporate
> spyware
IMO virtual machines provide the best and universal protection of a
system. Using one for all online activity will only expose the contents
of the VM, and of your activities, of course.
"Nico" <nkadel@gmail.com> wrote in message
news:1187689477.248469.170260@a39g2000hsc.googlegr oups.com...
> On 21 Aug, 06:02, The Ghost In The Machine
> <ew...@sirius.tg00suus7038.net> wrote:
>> In comp.os.linux.advocacy, plenty...@yahoo.com
>
>> > Or, perhaps I can just create a new user & group for
>> > flash-enabled web browsing that can't access anything
>> > else on my system and put the plug-ins in ~/.mozilla.
>> > Hmm, I think I just solved my problem.
>>
>> For now.
>
> Such virtualizaton and access control is what virtual hosts (such as
> Xen guest domains) and the more fascinating settings of the Apache
> suexec tools are for.
qemu seems to be a little lighter-weight way to do that, and seems ideally
suited to this problem.
In comp.os.linux.advocacy, Nico
<nkadel@gmail.com>
wrote
on Tue, 21 Aug 2007 02:44:37 -0700
<1187689477.248469.170260@a39g2000hsc.googlegroups .com>:
> On 21 Aug, 06:02, The Ghost In The Machine
> <ew...@sirius.tg00suus7038.net> wrote:
>> In comp.os.linux.advocacy, plenty...@yahoo.com
>
>> > Or, perhaps I can just create a new user & group for
>> > flash-enabled web browsing that can't access anything
>> > else on my system and put the plug-ins in ~/.mozilla.
>> > Hmm, I think I just solved my problem.
>>
>> For now.
>
> Such virtualizaton and access control is what virtual hosts (such as
> Xen guest domains) and the more fascinating settings of the Apache
> suexec tools are for.
>
Perhaps, although the OP was concerned with the user
agent side (browsers, in other words). To be sure, IBM
was doing virtual hosts when I was in college -- and that
was awhile ago. For them, Linux is a natural. :-)
(To be pedantic: any machine past the 80186 had "virtual
machine" capability anyway; the kernel is called via a
privileged opcode. In the case of the x86, that's INT.)
> That it is, and the NSA has SElinux to facilitate its spying.
> At least, we think it facilitates its spying. I can't tell
> for sure from here, and in any event its patches are now
> part of every Linux kernel and hopefully someone's reviewed
> them by now.
I had no idea the spooks had put code into the
kernel. When did those get put in? And where is the code?
And why would Linus et al tolerate such a thing?
(plenty560@yahoo.com) writes:
>> That it is, and the NSA has SElinux to facilitate its spying.
>> At least, we think it facilitates its spying. I can't tell
>> for sure from here, and in any event its patches are now
>> part of every Linux kernel and hopefully someone's reviewed
>> them by now.
>
> I had no idea the spooks had put code into the
> kernel. When did those get put in? And where is the code?
> And why would Linus et al tolerate such a thing?
>
It's the "NSA patch", that's like a trojan horse because it's promoted
as adding security to the kernel. So the believer adds the patch, and
whamo! their hooked into the NSA's secret sub-net, passing their secrets
directly to the NSA.
What I don't understand is that this is the second post in a month
or so (that I've seen) where someone has suggested that Linux is
a security risk in terms of government or maybe business.
The first time, I thought it was just a conspiracy nut, but seeing
a second message makes me think this is just another one of those
posts to cast doubt on LInux.
In comp.os.linux.advocacy, plenty560@yahoo.com
<plenty560@yahoo.com>
wrote
on Tue, 21 Aug 2007 07:02:55 -0700
<1187704975.929568.188250@o80g2000hse.googlegroups .com>:
>
>> That it is, and the NSA has SElinux to facilitate its spying.
>> At least, we think it facilitates its spying. I can't tell
>> for sure from here, and in any event its patches are now
>> part of every Linux kernel and hopefully someone's reviewed
>> them by now.
>
> I had no idea the spooks had put code into the
> kernel. When did those get put in? And where is the code?
> And why would Linus et al tolerate such a thing?
>
"Michael Black" <et472@FreeNet.Carleton.CA> wrote in message
news:faeu6a$r8n$1@theodyn.ncf.ca...
> (plenty560@yahoo.com) writes:
> The first time, I thought it was just a conspiracy nut, but seeing
> a second message makes me think this is just another one of those
> posts to cast doubt on LInux.
Well, OP was asking about Flash, which perhaps might be something to be
concerned about. It's a little easier to feel warm and fuzzy about open
source code, a little less so when a M$ partner is supplying closed code.
> (To be pedantic: any machine past the 80186 had "virtual
> machine" capability anyway; the kernel is called via a
> privileged opcode. In the case of the x86, that's INT.)
To be more pedantic:
A VM must not have access to other processes and physical devices,
therefore memory management and reentrant instructions
(interruptable/resumable on microcode level) are further requirements
for true virtual machines. No problem nowadays, every OS needs and uses
such features for process isolation and memory management.
On Tue, 21 Aug 2007 14:51:54 +0000, Michael Black wrote:
> It's the "NSA patch", that's like a trojan horse because it's promoted
> as adding security to the kernel. So the believer adds the patch, and
> whamo! their hooked into the NSA's secret sub-net, passing their secrets
> directly to the NSA.
On Aug 20, 9:49 pm, plenty...@yahoo.com wrote:
> Hi all,
>
> I'm trying to rid my Linux installation of all potential corporate
> spyware, seeing as how (A) the companies may be up to no good
> for their own purposes and (B) they companies' software may be
> conduits for the US government, to allow the Feds to spy
> on Linux users. Now that spying is apparently the Feds' #1 priority
> (and that of the Democratic whores in Congress) I have to
> take this a little more seriously.
>
> My present goal is to avoid the use of Adobe flash plug-in.
> I think I saw that there is a free flash compiler out there,
> but anybody know if there is a free player?
>
> If not, perhaps one safe thing I can think of to do is to only
> run Firefox (Windows version) in Wine, which I assume can't peruse
> my system without someone writing a virus specifically to
> attack Wine. If I run the Linux version of Firefox with the
> plug-in, presumably that gives them a back door into
> my entire system.
>
> Or, perhaps I can just create a new user & group for
> flash-enabled web browsing that can't access anything
> else on my system and put the plug-ins in ~/.mozilla.
> Hmm, I think I just solved my problem.
Lock yourself in your basement, they're after you.
On Aug 21, 10:51 am, et...@FreeNet.Carleton.CA (Michael Black) wrote:
> It's the "NSA patch", that's like a trojan horse because it's promoted
> as adding security to the kernel. So the believer adds the patch, and
> whamo! their hooked into the NSA's secret sub-net, passing their secrets
> directly to the NSA.
The way it was phrased I assumed that that the patch
had made it into the kernel tarball, but if not then
that's fine.
However, I suppose it is conceivable that some spook
has infiltrated the Linux project and has placed clever
vulnerabilities into the kernel. Is there any evidence of that?
> On Aug 21, 10:51 am, et...@FreeNet.Carleton.CA (Michael Black) wrote:
>
>> It's the "NSA patch", that's like a trojan horse because it's promoted
>> as adding security to the kernel. So the believer adds the patch, and
>> whamo! their hooked into the NSA's secret sub-net, passing their secrets
>> directly to the NSA.
>
> The way it was phrased I assumed that that the patch
> had made it into the kernel tarball, but if not then
> that's fine.
>
> However, I suppose it is conceivable that some spook
> has infiltrated the Linux project and has placed clever
> vulnerabilities into the kernel. Is there any evidence of that?
We've seen a
if (UID = 0 || GID = 0) {
// do something
}
but this was detected and removed two days later.
However, for C and other highly complex languages with a lot of undefined
behaviour it is comparably easy to insert a vulnerability that only the
author can recognize
Non-Adobe flash player for Firefox? 
Linear Mode
