galtsev at kicp.uchicago.edu
Sun Jan 27 17:14:44 UTC 2019
On 1/26/19 6:37 PM, Polytropon wrote:
> On Sat, 26 Jan 2019 16:09:44 -0700, JD wrote:
>> IMHO, today, there are no OS'es available to the public,
>> sans backdoors, spyware and other malware.
> What does make you believe this is true?
> Taking FreeBSD as an example, in how far does it include
> either a backdoor, a piece of spyware, or a piece of
> I'm explicitely _not_ talking about something that you
> can install afterwards, or you can be "talked into"
> installing. I'm also not talking about web technologies
> for tracking and spying, because they use the web browser
> and its complexity, which is comparable to the complexity
> of a whole OS. And I'm not talking about the means an ISP
> can use to track its users or modify their traffic.
> Regarding backdoors, considering exploitable errors
> (which we don't know of yet) is different from mechanisms
> intendedly placed into the OS to circumvent security
> barriers provided by the OS or added by the user.
> This is not a sarcastic question. I'm really asking
> myself (and you) why FreeBSD could _not_ be considered
> to be available to the public _without_ containing
> backdoors, spyware, or malware.
I 100% agree with Polytropon, and would just add one simple point:
FreeBSD is open source system. Everyone in the World can (and some/many
do) go and audit the code for backdoors and/or vulnerabilities. This
significantly adds to the point that there are none, and it is hard to
introduce one that will not be noticed by anyone. To the contrary to
proprietary systems which not only hide the source, but also will do all
to put you in jail if you reverse engineer (disassemble) their binary
code and attempt to publicize spy part if you discover one. Just to
mention one example: google's android system. It is _based_ on open
source kernel, but has closed source proprietary chunk in it. So, you
can re-consider your trust to your android smartphone (if you ever had one).
Of course we all learned mathematics, and logically it is difficult to
prove FreeBSD does not have malicious code. However for those who claim
an opposite: that FreeBSD does have malicious code in it, it is very
easy to prove their point. It is sufficient to point to one of them. If
one can not point even to single malicious chunk in FreeBSD, one
shouldn't insist there is one.
Just my $0.02
> Sure, as soon as you add a web browser to the mix, you
> can get at least the commonly accepted (!) "crap of the
> web" if you wish - but that's not something the OS will
> contain in a default installation. :-)
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
More information about the freebsd-questions