On Sunday, 2005-06-19 at 16:08 (PDT) Steve G linux_4ever@yahoo.com wrote:
Its very easy to do, but you will be running your own distro. :) Just get a RH9 build host and use the rookery build system. It'll let you know which packages need TLC.
Beware of forks masquerading as subsystems. The offer of mandatory access control is seductive, but the SELinux implementation is flawed if it amounts to a fork in the Linux code base.
SE Linux does need some help in managing policy.
...
This what's missing from SE Linux. A good configuration for the non-security expert.
If that were the only problem, it would be enough to preclude the inclusion of SELinux from a general purpose Linux distribution until such time as good management tools are available.
On Monday, 2005-06-20 at 07:10 (PDT) Stephen Smalley sds@tycho.nsa.gov wrote:
Most distributions don't want to have to ship multiple variations of the kernel and userland, so they naturally don't want to have ship a SELinux and non-SELinux variant of kernel, coreutils, etc.
Yikes, I should have anticipated this, given the forum and the topic, but, in the immortal words of Monte Python, "No-one ever expects the Spanish inquisition!"
Let's be clear about one thing. I am neither a devil, nor am I a devil's advocate and I really can't find the time right now for an extended vacation at a U.S. resort in Cuba, or even an unscheduled layover in Syria. I know you guys listen to everything, all the time, everywhere, but when my girl friend said, "Oh, you devil," that was just a figure of speech. Really. Now, let's approach the topic under discussion one step at a time, as a Jesuit would.
Connecting to the internet can be risky, because we don't know who else has an internet connection, or what malicious plans they may have. So intellectual property developers often disconnect clusters used as render farms for movie production, or compile farms used for code production, from external networks. This is as appropriate for protecting open source products from damage as it is for protecting proprietary products from theft. In fact, many private nets don't connect to the internet. SWIFT, the Society for Worldwide Interchange and Funds Transfer, is a case in point.
Isolation provides strong security and we're not likely to stop doing it anytime soon, but it is inappropriate for all cases. That's why we use multi-homed firewalls to interconnect the internet to a DMZ for the servers that provide internet services and to the internal firewalls that protect local area networks. This works pretty well, even better since IP Tables came along, and the proof is that most of the systems compromised by intruders either lack such protection, or don't have it configured properly.
Wouldn't it be nice to have a general purpose operating system that could be pruned and tuned for optimal performance on isolated systems, firewalls, servers, workstations, or laptops for road warriors? Oh, and it must be open source, because we can't validate system security unless we can audit the code. Certification requires certainty. A number of operating systems meet these criteria.
One candidate is Linux (a. k. a. non-SELinux). If I have to roll my own distro from Fedora in order to optimize performance by removing unnecessary subsystems, such as mandatory access control on an isolated system, then Fedora is no longer a general purpose system and it is no longer Linux, now it is SELinux.
These comments are offered in the spirit of constructive criticism. I'm grateful you declared your bias, for your spirited defence of your product and very grateful SELinux was contributed to the open source community, warts and all. However, SELinux isn't the only possible implementation of mandatory access control for Linux (cf. sHype). If my criticicms are valid, SELinux must either be improved, or it'll be replaced by a better implementation. Perhaps I'm wrong. Time will tell. Meanwhile, thanks for listening.
On Thu, 2005-06-23 at 11:58 -0700, stewartetcie@canada.com wrote:
Beware of forks masquerading as subsystems. The offer of mandatory access control is seductive, but the SELinux implementation is flawed if it amounts to a fork in the Linux code base.
It doesn't. SELinux is upstream, in the mainline kernel. No forking here.
If that were the only problem, it would be enough to preclude the inclusion of SELinux from a general purpose Linux distribution until such time as good management tools are available.
Chicken and the egg problem. People aren't motivated to create good management tools until they see that the system is mainstream. What management tools exist for POSIX ACLs on Linux? Yet the kernel mechanism is included, which allows people who want to do so to leverage them. In much the same way, including SELinux with a relatively simple policy (targeted) is a natural first step. And there are certainly other kernel features that have followed the same path.
One candidate is Linux (a. k. a. non-SELinux). If I have to roll my own distro from Fedora in order to optimize performance by removing unnecessary subsystems, such as mandatory access control on an isolated system, then Fedora is no longer a general purpose system and it is no longer Linux, now it is SELinux.
Um, no. First, you can completely disable SELinux, at which point it is no longer registered with the kernel's security framework and imposes no performance overhead. That actually goes well beyond what many kernel features offer, most of which are going to be enabled in a stock Fedora kernel simply because it is intended for general use. Second, you always have the freedom to rebuild the Fedora kernel SRPM or an upstream kernel with SELinux completely omitted. You are applying an unfair criteria to SELinux that doesn't exist for any other kernel feature.
These comments are offered in the spirit of constructive criticism. I'm grateful you declared your bias, for your spirited defence of your product and very grateful SELinux was contributed to the open source community, warts and all. However, SELinux isn't the only possible implementation of mandatory access control for Linux (cf. sHype). If my criticicms are valid, SELinux must either be improved, or it'll be replaced by a better implementation. Perhaps I'm wrong. Time will tell. Meanwhile, thanks for listening.
It is certainly true that SELinux is not the only possible implementation of MAC for Linux, although I think you are misunderstanding the sHype report itself (don't confuse their explanation of how virtualization offers stronger isolation with fewer shared resources vs. finer-grained controlled sharing available via OS-level controls as a criticism of OS-level MAC - they are just explaining the differing roles played by virtualization vs. OS-level controls). And you are certainly free to use any such alternative MAC implementation you wish; just disable SELinux (via selinux=0 in your grub.conf or via /etc/selinux/config SELINUIX=disabled) and load your favorite loadable module (of course, if your alternative MAC implementation requires a kernel patch, then you'd need to rebuild your kernel with that patch, but that is not affected by SELinux in any way). So your freedom is not limited in any manner by SELinux being included in Fedora.
But remember that SELinux is: - upstream (in the mainline Linux 2.6 kernel), - open source (kernel code and userland and policy), - a truly community-based project (with significant contributions by external developers and users) ever since its initial release by the NSA in 2000, - a generalized access control architecture and model suitable for a general purpose operating system, - extensible to support application security needs.
So don't dismiss it too quickly. Thanks ;)
On Thu, 23 Jun 2005, Stephen Smalley wrote:
But remember that SELinux is:
- upstream (in the mainline Linux 2.6 kernel),
When was SELinux included in the mainline Linux 2.6, what version?
- open source (kernel code and userland and policy),
- a truly community-based project (with significant contributions by
external developers and users) ever since its initial release by the NSA in 2000,
I feel that its interesting that NSA, famous for spying on other nations, is helping to make linux more secure. Isnt that counterproductive? :)
I remember the NSA keys in the early windows versions. Not possible to use netscape with more than 40 bit encryption, so I had to run fortify on it to unlock it to 128 bit.
What if some with evil reasons uses SELinux? Or have NSA realized that the old tactic doesnt work and its better to secure so many systems as possible instead. To help millions to have a more secure system is worth more than to possible prevent a few bad guys to also have secure systems. Probably leading that it will be more complicated or impossible for NSA to break in?
Im sure NSA would love to have backdoor to SELinux if someone with evil reasons (what NSA thinks is evil) uses SELinux. Since SELinux is open source it cant be something obviously because it will be found very quickly. Must be something that its really, really well hidden.
I guess you have heard opinions like this before :) It was the first things I thought about when I first heard about SELinux several years ago.
Peter Magnusson wrote:
On Thu, 23 Jun 2005, Stephen Smalley wrote:
But remember that SELinux is:
- upstream (in the mainline Linux 2.6 kernel),
When was SELinux included in the mainline Linux 2.6, what version?
2.6.0 IIRC
- open source (kernel code and userland and policy),
- a truly community-based project (with significant contributions by
external developers and users) ever since its initial release by the NSA in 2000,
I feel that its interesting that NSA, famous for spying on other nations, is helping to make linux more secure. Isnt that counterproductive? :)
NSA has two main missions. See their site
http://www.nsa.gov/home_html.cfm
<snip>
Im sure NSA would love to have backdoor to SELinux if someone with evil reasons (what NSA thinks is evil) uses SELinux. Since SELinux is open source it cant be something obviously because it will be found very quickly. Must be something that its really, really well hidden.
Think about it... It is probably the most examined code in the whole open source world. "many eyes" carried to the extreme!
I guess you have heard opinions like this before :) It was the first things I thought about when I first heard about SELinux several years ago.
Just because you are paranoid doesn't mean someone is not out to get you.
Richard
On Tue, 5 Jul 2005, Richard Hally wrote:
When was SELinux included in the mainline Linux 2.6, what version?
2.6.0 IIRC
Ok.
NSA has two main missions. See their site http://www.nsa.gov/home_html.cfm
"The ability to understand the secret communications of our foreign adversaries while protecting our own communications -- a capability in which the United States leads the world -- gives our nation a unique advantage."
hmm, ok. SELinux still sounds counterproductive :)
Im sure NSA would love to have backdoor to SELinux if someone with evil reasons (what NSA thinks is evil) uses SELinux. Since SELinux is open source it cant be something obviously because it will be found very quickly. Must be something that its really, really well hidden.
Think about it... It is probably the most examined code in the whole open source world. "many eyes" carried to the extreme!
Good to hear.
I guess you have heard opinions like this before :) It was the first things I thought about when I first heard about SELinux several years ago.
Just because you are paranoid doesn't mean someone is not out to get you.
I'll have my tinfoil hat on for the rest of the day ;)
On Mon, 2005-07-04 19:11, Peter Magnusson wrote:
On Tue, 5 Jul 2005, Richard Hally wrote:
NSA has two main missions. See their site http://www.nsa.gov/home_html.cfm
"The ability to understand the secret communications of our foreign adversaries while protecting our own communications -- a capability in which the United States leads the world -- gives our nation a unique advantage."
hmm, ok. SELinux still sounds counterproductive :)
apparently you fail to understand the implications of "foreign adversaries". This means their primary mission is interception of the traffic (which doesn't exist) between the aliens (which don't exist) and decoding it into a human language (which does exist, but is classified, called NEWSPEAK, composed primarily of cute acronyms.
I'll have my tinfoil hat on for the rest of the day ;)
I doubt it... you probably meant aluminum foil. If you've got actual tin foil, where do I get some?
On Tue, 5 Jul 2005, Angela Kahealani wrote:
apparently you fail to understand the implications of "foreign adversaries". This means their primary mission is interception of the traffic (which doesn't exist) between the aliens (which don't exist) and decoding it into a human language (which does exist, but is classified, called NEWSPEAK, composed primarily of cute acronyms.
hehe :PPpp
I'll have my tinfoil hat on for the rest of the day ;)
I doubt it... you probably meant aluminum foil. If you've got actual tin foil, where do I get some?
Yes I ment aluminum foil. However, its almost the same thing: http://en.wikipedia.org/wiki/Tinfoil
Almost all say "tinfoil hat" and not "aluminumfoil hat". Tinfoil hat sounds much better. And its shorter.
On Tue, 2005-07-05 at 06:07 +0200, Peter Magnusson wrote:
On Thu, 23 Jun 2005, Stephen Smalley wrote:
But remember that SELinux is:
- upstream (in the mainline Linux 2.6 kernel),
When was SELinux included in the mainline Linux 2.6, what version?
It was merged in 2.6.0-test3, according to kerneltrap.org: http://kerneltrap.org/node/724
Im sure NSA would love to have backdoor to SELinux if someone with evil reasons (what NSA thinks is evil) uses SELinux. Since SELinux is open source it cant be something obviously because it will be found very quickly. Must be something that its really, really well hidden.
Have you found a bug in Fedora or RHEL SELinux? If so, please file a bugzilla, and we will try our best to fix it.
On Tue, 5 Jul 2005, Ivan Gyurdiev wrote:
When was SELinux included in the mainline Linux 2.6, what version?
It was merged in 2.6.0-test3, according to kerneltrap.org: http://kerneltrap.org/node/724
Oki.
Im sure NSA would love to have backdoor to SELinux if someone with evil reasons (what NSA thinks is evil) uses SELinux. Since SELinux is open source it cant be something obviously because it will be found very quickly. Must be something that its really, really well hidden.
Have you found a bug in Fedora or RHEL SELinux? If so, please file a bugzilla, and we will try our best to fix it.
No, I havent.
On Tue, 05 Jul 2005 06:07:49 +0200, Peter Magnusson said:
Im sure NSA would love to have backdoor to SELinux if someone with evil reasons (what NSA thinks is evil) uses SELinux. Since SELinux is open source it cant be something obviously because it will be found very quickly. Must be something that its really, really well hidden.
No, SELinux is designed properly to be bulletproof, because the NSA has *two* charges, only one of which is spying on others. The SELinux work is for the charge of securing *our* systems.
The back door is elsewhere, where you'll never find it, especially if you're busy looking at the SELinux code looking for backdoors. ;)
Quoting Peter Magnusson iocc@fedora-selinux.lists.flashdance.cx:
What if some with evil reasons uses SELinux? Or have NSA realized that the old tactic doesnt work and its better to secure so many systems as possible instead. To help millions to have a more secure system is worth more than to possible prevent a few bad guys to also have secure systems. Probably leading that it will be more complicated or impossible for NSA to break in?
Actually, the NSA came to correct conclusion that if they give out the tool (be it SELinux or encryption algorithm), most people don't have technical knowledge (and will never bother to obtain it) to use it in a secure way. So basically, their systems (or communications) are not that much more secure (or harder to break) than they were before they were given the tool. They will have false sense of security, so they will store more sensitive information on their systems (or transfer it through communication channels).
Bruce Schneier wrote something similar in one of his books (I believe it was "Secrets and Lies: Digital Security in a Networked World"). From what I remember (somebody with a copy of the book can correct me if I remembered wrong), he wrote that his biggest mistake was publishing the book "Applied Crypthography". While the algorithms in the book and the math behind them were perfect, the way people were implementing them made systems actually less secure.
To summarize, if somebody has false sense of security (he has perfect tools, but used in a wrong way), it will be actually easier for you to spy on him. This is especially true with complex subsystems such as SELinux (what do you think, how many system administrators out there *really* understand it?). I'm not sure if this is the actual (real) backdoor Vladis was refering to in his reply ;-)
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
On Tue, 2005-07-05 at 08:58 -0500, alex@milivojevic.org wrote:
To summarize, if somebody has false sense of security (he has perfect tools, but used in a wrong way), it will be actually easier for you to spy on him. This is especially true with complex subsystems such as SELinux (what do you think, how many system administrators out there *really* understand it?). I'm not sure if this is the actual (real) backdoor Vladis was refering to in his reply ;-)
There is quite a bit of work ongoing to help solve that problem (understanding and configuring SELinux policies effectively). SELinux doesn't create complexity, it just reveals it and allows you to control it. The SELinux mechanism itself isn't very complex; the complexity comes in trying to specify what you want to allow to happen on your computing system, because of the highly complex interactions of existing software on that system (not because of something added by SELinux). Classic case of blaming the messenger - SELinux tells you about all of the complex activity on your system and forces you to think about what you want to allow to happen, so you blame it for creating complexity tht was already there...
Quoting Stephen Smalley sds@tycho.nsa.gov:
There is quite a bit of work ongoing to help solve that problem (understanding and configuring SELinux policies effectively). SELinux doesn't create complexity, it just reveals it and allows you to control it. The SELinux mechanism itself isn't very complex; the complexity comes in trying to specify what you want to allow to happen on your computing system, because of the highly complex interactions of existing software on that system (not because of something added by SELinux). Classic case of blaming the messenger - SELinux tells you about all of the complex activity on your system and forces you to think about what you want to allow to happen, so you blame it for creating complexity tht was already there...
Sorry, it wasn't my intention to blame the messanger. All I wanted to say (and as usually badly expressing myself) was that making system secure is a complex task. Simply having SELinux enabled on the system does not make the system ultimately secure. Making changes to default policies without fully understanding what the changes will introduce just makes it even less secure.
Example: On several Linux-end-users type of lists I already saw posters with good intentions giving advice to include this or that rules into the policy to solve various problems, just to have other people screeming in replies that those including such rules into their policy could just as well disable SELinux completely with about the same effects.
If somebody Googles around to find solution to the specific problem and finds advice to do "chmod -R a+rw /", (s)he is not likely to actually do it. On the other hand, there is many more people that will include some random set of rules into their SELinux policy, giving application(s) way more access then they really need. Nothing to do with SELinux as such, and it would be wrong to blame it. But rather with human nature (which is the weakest link of any security system).
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
On Tue, 2005-07-05 at 10:42 -0500, alex@milivojevic.org wrote:
Sorry, it wasn't my intention to blame the messanger. All I wanted to say (and as usually badly expressing myself) was that making system secure is a complex task. Simply having SELinux enabled on the system does not make the system ultimately secure. Making changes to default policies without fully understanding what the changes will introduce just makes it even less secure.
Example: On several Linux-end-users type of lists I already saw posters with good intentions giving advice to include this or that rules into the policy to solve various problems, just to have other people screeming in replies that those including such rules into their policy could just as well disable SELinux completely with about the same effects.
If somebody Googles around to find solution to the specific problem and finds advice to do "chmod -R a+rw /", (s)he is not likely to actually do it. On the other hand, there is many more people that will include some random set of rules into their SELinux policy, giving application(s) way more access then they really need. Nothing to do with SELinux as such, and it would be wrong to blame it. But rather with human nature (which is the weakest link of any security system).
Yes, understood. And as I say, there is ongoing work to make (correct) policy configuration much more accessible to typical end users.
On Tue, 5 Jul 2005, alex@milivojevic.org wrote:
To summarize, if somebody has false sense of security (he has perfect tools, but used in a wrong way), it will be actually easier for you to spy on him. This is especially true with complex subsystems such as SELinux (what do you think, how many system administrators out there *really* understand it?). I'm not sure if this is the actual (real) backdoor Vladis was refering to in his reply ;-)
Well, thats one way to interpret it :)
On Tue, 2005-07-05 at 06:07 +0200, Peter Magnusson wrote:
When was SELinux included in the mainline Linux 2.6, what version?
2.6.0-test3. And the LSM framework, which we helped to develop, was merged during the 2.5 development series, starting with 2.5.27 iirc.
I feel that its interesting that NSA, famous for spying on other nations, is helping to make linux more secure. Isnt that counterproductive? :)
See http://www.nsa.gov/selinux/info/faq.cfm#I10
What if some with evil reasons uses SELinux? Or have NSA realized that the old tactic doesnt work and its better to secure so many systems as possible instead. To help millions to have a more secure system is worth more than to possible prevent a few bad guys to also have secure systems. Probably leading that it will be more complicated or impossible for NSA to break in?
Improving the security of COTS (commercial off the shelf) systems is necessary to meet the security needs of our customers. Yes, there is the potential for abuse, but such tradeoffs are inevitable.
Im sure NSA would love to have backdoor to SELinux if someone with evil reasons (what NSA thinks is evil) uses SELinux. Since SELinux is open source it cant be something obviously because it will be found very quickly. Must be something that its really, really well hidden.
That would be a rather foolish strategy, given that SELinux is publically associated with NSA and the code is open.
On Tue, 5 Jul 2005, Stephen Smalley wrote:
What if some with evil reasons uses SELinux? Or have NSA realized that the old tactic doesnt work and its better to secure so many systems as possible instead. To help millions to have a more secure system is worth more than to possible prevent a few bad guys to also have secure systems. Probably leading that it will be more complicated or impossible for NSA to break in?
Improving the security of COTS (commercial off the shelf) systems is necessary to meet the security needs of our customers. Yes, there is the potential for abuse, but such tradeoffs are inevitable.
Ok, that was the answer I was looking for.
Im sure NSA would love to have backdoor to SELinux if someone with evil reasons (what NSA thinks is evil) uses SELinux. Since SELinux is open source it cant be something obviously because it will be found very quickly. Must be something that its really, really well hidden.
That would be a rather foolish strategy, given that SELinux is publically associated with NSA and the code is open.
Yes it would.
Quick show of hands, please: how many of you are wearing a tin foil hat[1], right now, at this moment? How many of you are members of The Lone Gunmen[2]?
[1] http://en.wikipedia.org/wiki/Tinfoil_hat, http://tinfoilhat.shmoo.com/ [2] Do Frohike, Byers, or Langley read this list?
This talk of nefarious NSA meddling in Linux to further their aims of keeping tabs on the underworld dealings of the less than scrupulous has me in stitches! Are you all for real?
On Tue, 05 Jul 2005 09:40:37 CDT, "Christofer C. Bell" said:
This talk of nefarious NSA meddling in Linux to further their aims of keeping tabs on the underworld dealings of the less than scrupulous has me in stitches! Are you all for real?
As a matter of fact, some of us (myself included) *don't* trust our government to keep our best interests in mind. On the other hand, I'm not worried about the NSA sneaking in backdoors when the *real* problem is things like the Patriot Act and standardized driver's licenses.....
On 7/5/05, Valdis.Kletnieks@vt.edu Valdis.Kletnieks@vt.edu wrote:
As a matter of fact, some of us (myself included) *don't* trust our government to keep our best interests in mind. On the other hand, I'm not worried about the NSA sneaking in backdoors when the *real* problem is things like the Patriot Act and standardized driver's licenses.....
I don't see the big deal about standardized driver licenses, but as for the Patriot Act, if you think it's a bad thing, you're in the minority. 51% of Americans feel it's a good thing. They re-elected George W. Bush 2004 in a Patriot Act America, and they re-elected their representives in Congress that passed the legislation in the first place. We live in a very conservative America now and that America wants laws like the Patriot Act on the books. It's nothing to do with some nefarious gov't conspiracy to make your life miserable. Remember, it's not the government you need to worry about "trusting to keep your best interests in mind" it's your fellow voter.
Regardless, I think this "tin foil hat" pontificating about the NSA putting backdoor holes in SELinux hysterical. I have a hard time believing there are people that suspect this is what's going on. I'm sure the guys involved in coding that backdoor are the ones that helped stage the moon landings, also.
Of course, all the NSA guys are laughing at the snow job they've pulled over on me, as well.
On Tuesday 05 July 2005 12:36, Christofer C. Bell wrote:
first place. We live in a very conservative America now and that America wants laws like the Patriot Act on the books. It's nothing to do with some nefarious gov't conspiracy to make your life miserable. Remember, it's not the government you need to worry about "trusting to keep your best interests in mind" it's your fellow voter.
(No, not the fellow voter but the fellow NOT voting. )
Have you ever tried to make a decision about something, for other people, where you were geographically not in the vicinity of the situation? You're bound to make some serious mistakes.
The gov is acting nefarious as they often think of themselves above the people, not working for the people. Conspiracies are aplenty. People are all the times found guilty of plotting this and that. Many companies have people plotting to get rid of someone they don't like. Gov people are no different.
Except they are supposed to be in charge and have this idea how things would be so much easier if they could stop everyone. Which is where the problem lies.
No doubt if NSA felt they could get away with it they would take their steps to do what they feel is in national security interest. Hopefully we have enough educated people looking at code that THAT's one thing we don't have to worry about.
In no way am I trying to say that's what all gov's do or all their employee's. But there is a certain amount of people who do. As I said the only difference is that they are in a position of power, and may not necessarily have the education to match.
Well, that is very nicely off list topic...
Christofer C. Bell wrote:
On 7/5/05, Valdis.Kletnieks@vt.edu Valdis.Kletnieks@vt.edu wrote:
As a matter of fact, some of us (myself included) *don't* trust our government to keep our best interests in mind. On the other hand, I'm not worried about the NSA sneaking in backdoors when the *real* problem is things like the Patriot Act and standardized driver's licenses.....
<off topic rant>
I don't see the big deal about standardized driver licenses,
Bet you don't know why your Vote is anonymous, either, huh ?
but as for the Patriot Act, if you think it's a bad thing, you're in the minority. 51% of Americans feel it's a good thing.
Oh ? I hear approval is -much- lower. And, BTW, realizing that 50% of the US have an IQ of about 100.... I am not sure this is really a "mob-rules" thing.
Most of the same people can't even conceive why the 1st and 5th amendment even exist. Really. Thank God for Quorums.
They re-elected George W. Bush 2004 in a Patriot Act America, and they re-elected their representives in Congress that passed the legislation in the first place.
Only because of FUD, GW is now at the 40% approval mark, a new all time low... and the Congress that rode Diebold in, is down to 28% approval rating. Something you don't hear much about.
So the delusion that "everyone approves" is mere propaganda.
We live in a very conservative America now and that America wants laws like the Patriot Act on the books.
So did Nazi Germany, with its new efficient Government, called the Third Reich. It too couldn't understand the need for Civil Rights.
Matter of fact, it even created a slogan for the Nazi Youth,
"Only Criminals don't want to be monitored"
that, and another one you might have heard,
"If you aren't for us, your against us".
It's nothing to do with some nefarious gov't conspiracy to make your life miserable. Remember, it's not the government you need to worry about "trusting to keep your best interests in mind" it's your fellow voter.
Wrong. Government cannot really be trusted, it is not a human, and it is not a person, that it -can- be trusted. It is a bureaucracy, with fiefdoms all over the place. Remember Ruby Ridge.
"Government is not reason; it is not eloquence; it is force! Like fire, it is a dangerous servant and a fearful master." - George Washington.
Regardless, I think this "tin foil hat" pontificating about the NSA putting backdoor holes in SELinux hysterical. I have a hard time believing there are people that suspect this is what's going on. I'm sure the guys involved in coding that backdoor are the ones that helped stage the moon landings, also.
Here, you and I concur.
Of course, all the NSA guys are laughing at the snow job they've pulled over on me, as well.
I doubt they have even noticed you. Most people assume they count in the big picture of things, and they usually don't.
My suggestion is to support the Constitution, and any document that attempts to supersede it, without proper acceptance and ratification by 3/4th the States, as mere trash. The Constitution is the Rule of Law, in America.
Something several Supreme Court Judges have pointed out, already.
http://www.cnn.com/2004/LAW/01/26/patriot.act.ap/
</rant>
On 7/5/05, Richard Irving rirving@antient.org wrote:
So did Nazi Germany, with its new efficient Government, called the
Third Reich. It too couldn't understand the need for Civil Rights.
Goodwin's Law[1] has been reached.
"As an online discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches 1."
[1] http://en.wikipedia.org/wiki/Godwin%27s_law
Christofer C. Bell wrote:
On 7/5/05, Richard Irving rirving@antient.org wrote:
So did Nazi Germany, with its new efficient Government, called the Third Reich. It too couldn't understand the need for Civil Rights.
Goodwin's Law[1] has been reached.
To the literate, that is spelled "Godwin".
* yawn *
The *is* an selinux list, got anything useful, *and* on topic ?
.TIA. .... ... .. ,
"As an online discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches 1." [1] http://en.wikipedia.org/wiki/Godwin%27s_law
On 7/6/05, Richard Irving rirving@antient.org wrote:
Christofer C. Bell wrote:
On 7/5/05, Richard Irving rirving@antient.org wrote:
So did Nazi Germany, with its new efficient Government, called the Third Reich. It too couldn't understand the need for Civil Rights.
Goodwin's Law[1] has been reached.
To the literate, that is spelled "Godwin".
- yawn *
The *is* an selinux list, got anything useful, *and* on topic ?
The thread is about the motives of the NSA in providing / assisting with the development of SELinux so yeah, it's on topic. Your references comparison of the US gov't to Hitler's Germany really does show you're not capable of engaging in a meaningful conversation about it.
.TIA.
You're welcome. Have fun with your shiney tinfoil hat.
Christofer C. Bell wrote:
On 7/6/05, Richard Irving rirving@antient.org wrote:
Christofer C. Bell wrote:
On 7/5/05, Richard Irving rirving@antient.org wrote:
So did Nazi Germany, with its new efficient Government, called the Third Reich. It too couldn't understand the need for Civil Rights.
Goodwin's Law[1] has been reached.
To the literate, that is spelled "Godwin".
- yawn *
The *is* an selinux list, got anything useful, *and* on topic ?
The thread is about the motives of the NSA in providing / assisting with the development of SELinux so yeah, it's on topic.
A better question perhaps is, "..is this thread *really* on topic" ?
Tinfoil Beanie trolls belong elsewhere, *really*.
Your references comparison of the US gov't to Hitler's Germany really does show you're not capable of engaging in a meaningful conversation about it.
Personally, I consider spelling the citation -correctly-, the first sign of a potentially intelligent *meaningful* conversation impending...
* cough *
"neverallow domain domain:goodwin_tinfoil_beanie_class_set ~rw_file_perms;"
.TIA.
You're welcome. Have fun with your shiney tinfoil hat.
Ahhh... Ad Homonym, the sign of the lack of any contrary facts, or a valid counter-argument. Thanks for conceding.
I take it you are not a professional, but a RR zealot, and like the rest of your pseudo-cult movement, not very insightful, -nor- educated on the facts...
... mostly full of propaganda, deflection, distortion, lies, subversion, ad homonym, and utterly unable to control yourself, or restrain your context to the appropriate time and place, such as the recent posts here to a professional list demonstrate.
But, this list does not exist for you to spread your RR propaganda, nor as a tool to satisfy your now personal vendetta.
It is for discussion of selinux implementation issue's.
Ever heard the expression: "Get a Blog!" ?
It applies.
Now returning you to your regular S/N ratio. (Hopefully)
8-)
.TIA.. .... ... .. ,
PPS: 51% approved that the Patriot should be "amended", and _limited_.
That is NOT the same as 51% of the people "approving of the Patriot Act".
(So much so, the limitation bill -passed- the vote in the House.)
http://www.washingtonpost.com/wp-dyn/content/article/2005/06/15/AR2005061501...
---- "There are liars, damned liars, and statisticians!"
:-P
On Wed, 2005-07-06 11:36, Christofer C. Bell wrote:
You're welcome. Have fun with your shiney tinfoil hat.
No, tin foil is dull. And even on aluminum foil, only one side is shiny.
On 7/6/05, Angela Kahealani angela@kahealani.com wrote:
On Wed, 2005-07-06 11:36, Christofer C. Bell wrote:
You're welcome. Have fun with your shiney tinfoil hat.
No, tin foil is dull. And even on aluminum foil, only one side is shiny.
Ha! Good one. :-) I'm not sure what tinfoil hat boy's issue is. He seems to think I'm some sort of right wing extremist for pointing out that 51% of America voted for George Bush. Truth must be painful when you're frothing at the mouth.
Unfortunately for me, I'm part of the other 49% :-(
Anyway, he's free to keep looking for conspiracies where none exist.
Is this the SELinux list?
On Jul 7, 2005, at 10:53 AM, Christofer C. Bell wrote:
On 7/6/05, Angela Kahealani angela@kahealani.com wrote:
On Wed, 2005-07-06 11:36, Christofer C. Bell wrote:
You're welcome. Have fun with your shiney tinfoil hat.
No, tin foil is dull. And even on aluminum foil, only one side is shiny.
Ha! Good one. :-) I'm not sure what tinfoil hat boy's issue is. He seems to think I'm some sort of right wing extremist for pointing out that 51% of America voted for George Bush. Truth must be painful when you're frothing at the mouth.
Unfortunately for me, I'm part of the other 49% :-(
Anyway, he's free to keep looking for conspiracies where none exist.
-- Chris
"With the way things are starting to go in this country, if forced to choose between being caught with a van full of pirated DVDs or heroin you'd actually have to pause and think about it." -- Michael Bell, drunkenblog.com
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-selinux-list
Christofer C. Bell wrote:
On 7/6/05, Angela Kahealani angela@kahealani.com wrote:
On Wed, 2005-07-06 11:36, Christofer C. Bell wrote:
You're welcome. Have fun with your shiney tinfoil hat.
No, tin foil is dull. And even on aluminum foil, only one side is shiny.
Ha! Good one. :-) I'm not sure what tinfoil hat boy's issue is.
I love the name calling, public and private, helps put you into perspective...
He seems to think I'm some sort of right wing extremist for pointing out that 51% of America voted for George Bush.
Please stick to the truth, You didn't make that statement, you stated 51% of the United States approved of the Patriot act.
Here are your own words:
"but as for the Patriot Act, if you think it's a bad thing, you're in the minority. 51% of Americans feel it's a good thing."
And that statistic is *not* correct. That is what is called a "distortion", it is a form of a "lie". I know the difference is hard to comprehend, but give it your best, ok ?
Shoot, 51% don't even approve of "W", -or -the congress' actions. 51% was back during the height of the "chicken little" effect, *much* water has passed under the bridge since then.
For example, it was determined conclusively that there were no WMD's, and that Iraq had nothing to do with 911.
Truth must be painful when you're frothing at the mouth.
See above, what does your statement have to do with truth ?
You published bad information, I correct it, and now *I* am "frothing" ?
Anything but accept and acknowledge that you are *wrong*, I guess, or let this list be used for selinux, instead of a political pulpit.
Don't you have anything better than Ad Homonym ? Or, are you just a "one trick" pony ?
Unfortunately for me, I'm part of the other 49% :-(
Anyway, he's free to keep looking for conspiracies where none exist.
You mean like the Downing Street Memo ?
:-P
Now, back to "Get a Blog!", this list is about selinux, not the ones fools nutty fear that someone has put a back door in the core of selinux, or yours that the Majority of America approves of the assault on Civil Rights, and the Constitution, inherent in the Patriot, and this Administration.
*Neither* are true.
More Signal, Less Noise.
.TIA. .... ... .. .
On Tuesday 05 July 2005 12:10, Valdis.Kletnieks@vt.edu wrote:
On Tue, 05 Jul 2005 09:40:37 CDT, "Christofer C. Bell" said:
This talk of nefarious NSA meddling in Linux to further their aims of keeping tabs on the underworld dealings of the less than scrupulous has me in stitches! Are you all for real?
As a matter of fact, some of us (myself included) *don't* trust our government to keep our best interests in mind. On the other hand, I'm not worried about the NSA sneaking in backdoors when the *real* problem is things like the Patriot Act and standardized driver's licenses.....
Yes, and the worst part of it is that their idea of security is not in fact doing anything to make security any better, but actually worse. (Not talking about SELinux, but laws (like Patriot Act) that supposedly makes the country safer after 9/11.)
Now if we could just get these guys to apply some common sense a'la Bruce Schneier, Founder of Counterpane Internet Security, Inc . there would be some hope for improvements... (Somebody wake me up I'm dreaming!)
selinux@lists.fedoraproject.org