 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
john saylor wrote: > think about open source for a moment. also, i do not think linus [or > linux] can be subject to an NSA security letter as he is not a US citizen. He resides on US soil. This makes him subject to US laws. > but it would be easy to fork any open source project and make the > modifications you would like on it. Why fork? There's already a pile of NSA-written or NSA-sponsored code in the main line Linux kernel and common libraries. Examples include OpenSSL and SELinux. Just because the source code is available does not mean that those who look at the code can recognize weaknesses and back doors. And even if they could, it's no guarantee that the code they see won't acquire weaknesses when compiled. There's a class of kernel vulnerabilities that on paper cannot be exploited but become exploitable due to GCC optimizations at compile time (like the cheddar /dev/net/tun exploit). -- Rich P.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
