1:58 p.m.
On Sunday, 2005-06-19 at 16:08 (PDT)
Steve G <linux_4ever(a)yahoo.com> wrote:
Its very easy to do, but you will be running your own
distro. :) Just get a RH9 build host and use the
rookery build system. It'll let you know which
packages need TLC.
Beware of forks masquerading as subsystems. The offer
of mandatory access control is seductive, but the
SELinux implementation is flawed if it amounts to a
fork in the Linux code base.
SE Linux does need some help in managing policy.
...
This what's missing from SE Linux.
A good configuration for the non-security expert.
If that were the only problem, it would be enough to
preclude the inclusion of SELinux from a general
purpose Linux distribution until such time as good
management tools are available.
On Monday, 2005-06-20 at 07:10 (PDT)
Stephen Smalley <sds(a)tycho.nsa.gov> wrote:
Most distributions don't want to have to ship
multiple variations of the kernel and userland, so
they naturally don't want to have ship a SELinux and
non-SELinux variant of kernel, coreutils, etc.
Yikes, I should have anticipated this, given the forum
and the topic, but, in the immortal words of Monte
Python, "No-one ever expects the Spanish inquisition!"
Let's be clear about one thing. I am neither a devil,
nor am I a devil's advocate and I really can't find the
time right now for an extended vacation at a U.S.
resort in Cuba, or even an unscheduled layover in
Syria. I know you guys listen to everything, all the
time, everywhere, but when my girl friend said, "Oh,
you devil," that was just a figure of speech. Really.
Now, let's approach the topic under discussion one step
at a time, as a Jesuit would.
Connecting to the internet can be risky, because we
don't know who else has an internet connection, or what
malicious plans they may have. So intellectual property
developers often disconnect clusters used as render
farms for movie production, or compile farms used for
code production, from external networks. This is as
appropriate for protecting open source products from
damage as it is for protecting proprietary products
from theft. In fact, many private nets don't connect to
the internet. SWIFT, the Society for Worldwide
Interchange and Funds Transfer, is a case in point.
Isolation provides strong security and we're not likely
to stop doing it anytime soon, but it is inappropriate
for all cases. That's why we use multi-homed firewalls
to interconnect the internet to a DMZ for the servers
that provide internet services and to the internal
firewalls that protect local area networks. This works
pretty well, even better since IP Tables came along,
and the proof is that most of the systems compromised
by intruders either lack such protection, or don't have
it configured properly.
Wouldn't it be nice to have a general purpose operating
system that could be pruned and tuned for optimal
performance on isolated systems, firewalls, servers,
workstations, or laptops for road warriors? Oh, and it
must be open source, because we can't validate system
security unless we can audit the code. Certification
requires certainty. A number of operating systems meet
these criteria.
One candidate is Linux (a. k. a. non-SELinux). If I
have to roll my own distro from Fedora in order to
optimize performance by removing unnecessary
subsystems, such as mandatory access control on an
isolated system, then Fedora is no longer a general
purpose system and it is no longer Linux, now it is
SELinux.
These comments are offered in the spirit of
constructive criticism. I'm grateful you declared your
bias, for your spirited defence of your product and
very grateful SELinux was contributed to the open
source community, warts and all. However, SELinux isn't
the only possible implementation of mandatory access
control for Linux (cf. sHype). If my criticicms are
valid, SELinux must either be improved, or it'll be
replaced by a better implementation. Perhaps I'm wrong.
Time will tell. Meanwhile, thanks for listening.
3:12 p.m.
New subject: not installing SELinux with Fedora
On Thu, 2005-06-23 at 11:58 -0700, stewartetcie(a)canada.com wrote:
Beware of forks masquerading as subsystems. The offer
of mandatory access control is seductive, but the
SELinux implementation is flawed if it amounts to a
fork in the Linux code base.
It doesn't. SELinux is upstream, in the mainline kernel. No forking
here.
If that were the only problem, it would be enough to
preclude the inclusion of SELinux from a general
purpose Linux distribution until such time as good
management tools are available.
Chicken and the egg problem. People aren't motivated to create good
management tools until they see that the system is mainstream. What
management tools exist for POSIX ACLs on Linux? Yet the kernel
mechanism is included, which allows people who want to do so to leverage
them. In much the same way, including SELinux with a relatively simple
policy (targeted) is a natural first step. And there are certainly
other kernel features that have followed the same path.
One candidate is Linux (a. k. a. non-SELinux). If I
have to roll my own distro from Fedora in order to
optimize performance by removing unnecessary
subsystems, such as mandatory access control on an
isolated system, then Fedora is no longer a general
purpose system and it is no longer Linux, now it is
SELinux.
Um, no. First, you can completely disable SELinux, at which point it is
no longer registered with the kernel's security framework and imposes no
performance overhead. That actually goes well beyond what many kernel
features offer, most of which are going to be enabled in a stock Fedora
kernel simply because it is intended for general use. Second, you
always have the freedom to rebuild the Fedora kernel SRPM or an upstream
kernel with SELinux completely omitted. You are applying an unfair
criteria to SELinux that doesn't exist for any other kernel feature.
These comments are offered in the spirit of
constructive criticism. I'm grateful you declared your
bias, for your spirited defence of your product and
very grateful SELinux was contributed to the open
source community, warts and all. However, SELinux isn't
the only possible implementation of mandatory access
control for Linux (cf. sHype). If my criticicms are
valid, SELinux must either be improved, or it'll be
replaced by a better implementation. Perhaps I'm wrong.
Time will tell. Meanwhile, thanks for listening.
It is certainly true that SELinux is not the only possible
implementation of MAC for Linux, although I think you are
misunderstanding the sHype report itself (don't confuse their
explanation of how virtualization offers stronger isolation with fewer
shared resources vs. finer-grained controlled sharing available via
OS-level controls as a criticism of OS-level MAC - they are just
explaining the differing roles played by virtualization vs. OS-level
controls). And you are certainly free to use any such alternative MAC
implementation you wish; just disable SELinux (via selinux=0 in your
grub.conf or via /etc/selinux/config SELINUIX=disabled) and load your
favorite loadable module (of course, if your alternative MAC
implementation requires a kernel patch, then you'd need to rebuild your
kernel with that patch, but that is not affected by SELinux in any way).
So your freedom is not limited in any manner by SELinux being included
in Fedora.
But remember that SELinux is:
- upstream (in the mainline Linux 2.6 kernel),
- open source (kernel code and userland and policy),
- a truly community-based project (with significant contributions by
external developers and users) ever since its initial release by the NSA
in 2000,
- a generalized access control architecture and model suitable for a
general purpose operating system,
- extensible to support application security needs.
So don't dismiss it too quickly. Thanks ;)
--
Stephen Smalley
National Security Agency
11:07 p.m.
New subject: NSA motives
On Thu, 23 Jun 2005, Stephen Smalley wrote:
But remember that SELinux is:
- upstream (in the mainline Linux 2.6 kernel),
When was SELinux included in the mainline Linux 2.6, what version?
- open source (kernel code and userland and policy),
- a truly community-based project (with significant contributions by
external developers and users) ever since its initial release by the NSA
in 2000,
I feel that its interesting that NSA, famous for spying on other nations,
is helping to make linux more secure. Isnt that counterproductive? :)
I remember the NSA keys in the early windows versions. Not possible to use
netscape with more than 40 bit encryption, so I had to run fortify on it to
unlock it to 128 bit.
What if some with evil reasons uses SELinux? Or have NSA realized that the
old tactic doesnt work and its better to secure so many systems as possible
instead. To help millions to have a more secure system is worth more than
to possible prevent a few bad guys to also have secure systems. Probably
leading that it will be more complicated or impossible for NSA to break in?
Im sure NSA would love to have backdoor to SELinux if someone with evil
reasons (what NSA thinks is evil) uses SELinux. Since SELinux is open
source it cant be something obviously because it will be found very
quickly. Must be something that its really, really well hidden.
I guess you have heard opinions like this before :)
It was the first things I thought about when I first heard about SELinux
several years ago.
11:30 p.m.
New subject: NSA motives
Peter Magnusson wrote:
On Thu, 23 Jun 2005, Stephen Smalley wrote:
> But remember that SELinux is:
> - upstream (in the mainline Linux 2.6 kernel),
When was SELinux included in the mainline Linux 2.6, what version?
2.6.0 IIRC
> - open source (kernel code and userland and policy),
> - a truly community-based project (with significant contributions by
> external developers and users) ever since its initial release by the NSA
> in 2000,
I feel that its interesting that NSA, famous for spying on other
nations, is helping to make linux more secure. Isnt that
counterproductive? :)
NSA has two main missions. See their site
http://www.nsa.gov/home_html.cfm
<snip>
Im sure NSA would love to have backdoor to SELinux if someone with evil
reasons (what NSA thinks is evil) uses SELinux. Since SELinux is open
source it cant be something obviously because it will be found very
quickly. Must be something that its really, really well hidden.
Think about it... It is probably the most examined code in the whole
open source world. "many eyes" carried to the extreme!
I guess you have heard opinions like this before :)
It was the first things I thought about when I first heard about SELinux
several years ago.
Just because you are paranoid doesn't mean someone is not out to get you.
Richard
12:11 a.m.
New subject: NSA motives
On Tue, 5 Jul 2005, Richard Hally wrote:
> When was SELinux included in the mainline Linux 2.6, what
version?
2.6.0 IIRC
Ok.
NSA has two main missions. See their site
http://www.nsa.gov/home_html.cfm
"The ability to understand the secret communications of our foreign
adversaries while protecting our own communications -- a capability in
which the United States leads the world -- gives our nation a unique
advantage."
hmm, ok. SELinux still sounds counterproductive :)
> Im sure NSA would love to have backdoor to SELinux if someone
with evil
> reasons (what NSA thinks is evil) uses SELinux. Since SELinux is open
> source it cant be something obviously because it will be found very
> quickly. Must be something that its really, really well hidden.
Think about it... It is probably the most examined code in the whole open
source world. "many eyes" carried to the extreme!
Good to hear.
> I guess you have heard opinions like this before :)
> It was the first things I thought about when I first heard about SELinux
> several years ago.
Just because you are paranoid doesn't mean someone is not out to get you.
I'll have my tinfoil hat on for the rest of the day ;)
6:39 a.m.
New subject: NSA motives
On Mon, 2005-07-04 19:11, Peter Magnusson wrote:
On Tue, 5 Jul 2005, Richard Hally wrote:
> NSA has two main missions. See their site
> http://www.nsa.gov/home_html.cfm
"The ability to understand the secret communications of our foreign
adversaries while protecting our own communications -- a capability
in which the United States leads the world -- gives our nation a
unique advantage."
hmm, ok. SELinux still sounds counterproductive :)
apparently you fail to understand the implications of
"foreign adversaries". This means their primary mission is interception
of the traffic (which doesn't exist) between the aliens (which don't
exist) and decoding it into a human language (which does exist, but is
classified, called NEWSPEAK, composed primarily of cute acronyms.
I'll have my tinfoil hat on for the rest of the day ;)
I doubt it... you probably meant aluminum foil.
If you've got actual tin foil, where do I get some?
--
All information and transactions are non negotiable and are private
between the parties. All rights reserved without prejudice, Copyright
2005 Angela Kahealani http://www.kahealani.com/
8:38 a.m.
New subject: NSA motives
On Tue, 5 Jul 2005, Angela Kahealani wrote:
apparently you fail to understand the implications of
"foreign adversaries". This means their primary mission is interception
of the traffic (which doesn't exist) between the aliens (which don't
exist) and decoding it into a human language (which does exist, but is
classified, called NEWSPEAK, composed primarily of cute acronyms.
hehe :PPpp
> I'll have my tinfoil hat on for the rest of the day ;)
I doubt it... you probably meant aluminum foil.
If you've got actual tin foil, where do I get some?
Yes I ment aluminum foil. However, its almost the same thing:
http://en.wikipedia.org/wiki/Tinfoil
Almost all say "tinfoil hat" and not "aluminumfoil hat". Tinfoil hat
sounds
much better. And its shorter.
11:35 p.m.
New subject: NSA motives
On Tue, 2005-07-05 at 06:07 +0200, Peter Magnusson wrote:
On Thu, 23 Jun 2005, Stephen Smalley wrote:
> But remember that SELinux is:
> - upstream (in the mainline Linux 2.6 kernel),
When was SELinux included in the mainline Linux 2.6, what version?
It was merged in 2.6.0-test3, according to kerneltrap.org:
http://kerneltrap.org/node/724
Im sure NSA would love to have backdoor to SELinux if someone with
evil
reasons (what NSA thinks is evil) uses SELinux. Since SELinux is open
source it cant be something obviously because it will be found very
quickly. Must be something that its really, really well hidden.
Have you found a bug in Fedora or RHEL SELinux? If so, please
file a bugzilla, and we will try our best to fix it.
12:13 a.m.
New subject: NSA motives
On Tue, 5 Jul 2005, Ivan Gyurdiev wrote:
> When was SELinux included in the mainline Linux 2.6, what
version?
It was merged in 2.6.0-test3, according to kerneltrap.org:
http://kerneltrap.org/node/724
Oki.
> Im sure NSA would love to have backdoor to SELinux if someone
with evil
> reasons (what NSA thinks is evil) uses SELinux. Since SELinux is open
> source it cant be something obviously because it will be found very
> quickly. Must be something that its really, really well hidden.
Have you found a bug in Fedora or RHEL SELinux? If so, please
file a bugzilla, and we will try our best to fix it.
No, I havent.
1:05 a.m.
New subject: NSA motives
On Tue, 05 Jul 2005 06:07:49 +0200, Peter Magnusson said:
Im sure NSA would love to have backdoor to SELinux if someone with
evil
reasons (what NSA thinks is evil) uses SELinux. Since SELinux is open
source it cant be something obviously because it will be found very
quickly. Must be something that its really, really well hidden.
No, SELinux is designed properly to be bulletproof, because the NSA has *two*
charges, only one of which is spying on others. The SELinux work is for the
charge of securing *our* systems.
The back door is elsewhere, where you'll never find it, especially if you're
busy looking at the SELinux code looking for backdoors. ;)
8:58 a.m.
New subject: NSA motives
Quoting Peter Magnusson <iocc(a)fedora-selinux.lists.flashdance.cx>:
What if some with evil reasons uses SELinux? Or have NSA realized
that the old tactic doesnt work and its better to secure so many
systems as possible instead. To help millions to have a more secure
system is worth more than to possible prevent a few bad guys to also
have secure systems. Probably leading that it will be more
complicated or impossible for NSA to break in?
Actually, the NSA came to correct conclusion that if they give out the
tool (be
it SELinux or encryption algorithm), most people don't have technical
knowledge
(and will never bother to obtain it) to use it in a secure way. So basically,
their systems (or communications) are not that much more secure (or harder to
break) than they were before they were given the tool. They will have false
sense of security, so they will store more sensitive information on their
systems (or transfer it through communication channels).
Bruce Schneier wrote something similar in one of his books (I believe it was
"Secrets and Lies: Digital Security in a Networked World"). From what I
remember (somebody with a copy of the book can correct me if I remembered
wrong), he wrote that his biggest mistake was publishing the book "Applied
Crypthography". While the algorithms in the book and the math behind
them were
perfect, the way people were implementing them made systems actually less
secure.
To summarize, if somebody has false sense of security (he has perfect
tools, but
used in a wrong way), it will be actually easier for you to spy on him.
This is
especially true with complex subsystems such as SELinux (what do you
think, how
many system administrators out there *really* understand it?). I'm not
sure if
this is the actual (real) backdoor Vladis was refering to in his reply ;-)
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
9:38 a.m.
New subject: NSA motives
On Tue, 2005-07-05 at 08:58 -0500, alex(a)milivojevic.org wrote:
To summarize, if somebody has false sense of security (he has perfect
tools, but
used in a wrong way), it will be actually easier for you to spy on him.
This is
especially true with complex subsystems such as SELinux (what do you
think, how
many system administrators out there *really* understand it?). I'm not
sure if
this is the actual (real) backdoor Vladis was refering to in his reply ;-)
There is quite a bit of work ongoing to help solve that problem
(understanding and configuring SELinux policies effectively). SELinux
doesn't create complexity, it just reveals it and allows you to control
it. The SELinux mechanism itself isn't very complex; the complexity
comes in trying to specify what you want to allow to happen on your
computing system, because of the highly complex interactions of existing
software on that system (not because of something added by SELinux).
Classic case of blaming the messenger - SELinux tells you about all of
the complex activity on your system and forces you to think about what
you want to allow to happen, so you blame it for creating complexity tht
was already there...
--
Stephen Smalley
National Security Agency
10:42 a.m.
New subject: NSA motives
Quoting Stephen Smalley <sds(a)tycho.nsa.gov>:
There is quite a bit of work ongoing to help solve that problem
(understanding and configuring SELinux policies effectively). SELinux
doesn't create complexity, it just reveals it and allows you to control
it. The SELinux mechanism itself isn't very complex; the complexity
comes in trying to specify what you want to allow to happen on your
computing system, because of the highly complex interactions of existing
software on that system (not because of something added by SELinux).
Classic case of blaming the messenger - SELinux tells you about all of
the complex activity on your system and forces you to think about what
you want to allow to happen, so you blame it for creating complexity tht
was already there...
Sorry, it wasn't my intention to blame the messanger. All I wanted to
say (and
as usually badly expressing myself) was that making system secure is a complex
task. Simply having SELinux enabled on the system does not make the system
ultimately secure. Making changes to default policies without fully
understanding what the changes will introduce just makes it even less secure.
Example: On several Linux-end-users type of lists I already saw posters with
good intentions giving advice to include this or that rules into the policy to
solve various problems, just to have other people screeming in replies that
those including such rules into their policy could just as well disable
SELinux
completely with about the same effects.
If somebody Googles around to find solution to the specific problem and finds
advice to do "chmod -R a+rw /", (s)he is not likely to actually do it. On the
other hand, there is many more people that will include some random set of
rules into their SELinux policy, giving application(s) way more access then
they really need. Nothing to do with SELinux as such, and it would be
wrong to
blame it. But rather with human nature (which is the weakest link of any
security system).
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
11:14 a.m.
New subject: NSA motives
On Tue, 2005-07-05 at 10:42 -0500, alex(a)milivojevic.org wrote:
Sorry, it wasn't my intention to blame the messanger. All I
wanted to
say (and
as usually badly expressing myself) was that making system secure is a complex
task. Simply having SELinux enabled on the system does not make the system
ultimately secure. Making changes to default policies without fully
understanding what the changes will introduce just makes it even less secure.
Example: On several Linux-end-users type of lists I already saw posters with
good intentions giving advice to include this or that rules into the policy to
solve various problems, just to have other people screeming in replies that
those including such rules into their policy could just as well disable
SELinux
completely with about the same effects.
If somebody Googles around to find solution to the specific problem and finds
advice to do "chmod -R a+rw /", (s)he is not likely to actually do it. On the
other hand, there is many more people that will include some random set of
rules into their SELinux policy, giving application(s) way more access then
they really need. Nothing to do with SELinux as such, and it would be
wrong to
blame it. But rather with human nature (which is the weakest link of any
security system).
Yes, understood. And as I say, there is ongoing work to make (correct)
policy configuration much more accessible to typical end users.
--
Stephen Smalley
National Security Agency
8:44 a.m.
New subject: NSA motives
On Tue, 5 Jul 2005, alex(a)milivojevic.org wrote:
To summarize, if somebody has false sense of security (he has perfect
tools,
but
used in a wrong way), it will be actually easier for you to spy on him. This
is
especially true with complex subsystems such as SELinux (what do you think,
how
many system administrators out there *really* understand it?). I'm not sure
if
this is the actual (real) backdoor Vladis was refering to in his reply ;-)
Well, thats one way to interpret it :)
9:30 a.m.
New subject: NSA motives
On Tue, 2005-07-05 at 06:07 +0200, Peter Magnusson wrote:
When was SELinux included in the mainline Linux 2.6, what version?
2.6.0-test3. And the LSM framework, which we helped to develop, was
merged during the 2.5 development series, starting with 2.5.27 iirc.
I feel that its interesting that NSA, famous for spying on other
nations,
is helping to make linux more secure. Isnt that counterproductive? :)
See http://www.nsa.gov/selinux/info/faq.cfm#I10
What if some with evil reasons uses SELinux? Or have NSA realized
that the
old tactic doesnt work and its better to secure so many systems as possible
instead. To help millions to have a more secure system is worth more than
to possible prevent a few bad guys to also have secure systems. Probably
leading that it will be more complicated or impossible for NSA to break in?
Improving the security of COTS (commercial off the shelf) systems is
necessary to meet the security needs of our customers. Yes, there is
the potential for abuse, but such tradeoffs are inevitable.
Im sure NSA would love to have backdoor to SELinux if someone with
evil
reasons (what NSA thinks is evil) uses SELinux. Since SELinux is open
source it cant be something obviously because it will be found very
quickly. Must be something that its really, really well hidden.
That would be a rather foolish strategy, given that SELinux is
publically associated with NSA and the code is open.
--
Stephen Smalley
National Security Agency
8:52 a.m.
New subject: NSA motives
On Tue, 5 Jul 2005, Stephen Smalley wrote:
> What if some with evil reasons uses SELinux? Or have NSA realized
that the
> old tactic doesnt work and its better to secure so many systems as possible
> instead. To help millions to have a more secure system is worth more than
> to possible prevent a few bad guys to also have secure systems. Probably
> leading that it will be more complicated or impossible for NSA to break in?
Improving the security of COTS (commercial off the shelf) systems is
necessary to meet the security needs of our customers. Yes, there is
the potential for abuse, but such tradeoffs are inevitable.
Ok, that was the answer I was looking for.
> Im sure NSA would love to have backdoor to SELinux if someone
with evil
> reasons (what NSA thinks is evil) uses SELinux. Since SELinux is open
> source it cant be something obviously because it will be found very
> quickly. Must be something that its really, really well hidden.
That would be a rather foolish strategy, given that SELinux is
publically associated with NSA and the code is open.
Yes it would.
9:40 a.m.
New subject: NSA motives
Quick show of hands, please: how many of you are wearing a tin foil
hat[1], right now, at this moment? How many of you are members of The
Lone Gunmen[2]?
[1] http://en.wikipedia.org/wiki/Tinfoil_hat, http://tinfoilhat.shmoo.com/
[2] Do Frohike, Byers, or Langley read this list?
This talk of nefarious NSA meddling in Linux to further their aims of
keeping tabs on the underworld dealings of the less than scrupulous
has me in stitches! Are you all for real?
--
Chris
"With the way things are starting to go in this country, if forced to
choose between being caught with a van full of pirated DVDs or heroin
you'd actually have to pause and think about it." -- Michael Bell,
drunkenblog.com
11:10 a.m.
New subject: NSA motives
On Tue, 05 Jul 2005 09:40:37 CDT, "Christofer C. Bell" said:
This talk of nefarious NSA meddling in Linux to further their aims
of
keeping tabs on the underworld dealings of the less than scrupulous
has me in stitches! Are you all for real?
As a matter of fact, some of us (myself included) *don't* trust our government
to keep our best interests in mind. On the other hand, I'm not worried about
the NSA sneaking in backdoors when the *real* problem is things like the Patriot
Act and standardized driver's licenses.....
11:36 a.m.
New subject: NSA motives
On 7/5/05, Valdis.Kletnieks(a)vt.edu <Valdis.Kletnieks(a)vt.edu> wrote:
As a matter of fact, some of us (myself included) *don't* trust our government
to keep our best interests in mind. On the other hand, I'm not worried about
the NSA sneaking in backdoors when the *real* problem is things like the Patriot
Act and standardized driver's licenses.....
I don't see the big deal about standardized driver licenses, but as
for the Patriot Act, if you think it's a bad thing, you're in the
minority. 51% of Americans feel it's a good thing. They re-elected
George W. Bush 2004 in a Patriot Act America, and they re-elected
their representives in Congress that passed the legislation in the
first place. We live in a very conservative America now and that
America wants laws like the Patriot Act on the books. It's nothing to
do with some nefarious gov't conspiracy to make your life miserable.
Remember, it's not the government you need to worry about "trusting to
keep your best interests in mind" it's your fellow voter.
Regardless, I think this "tin foil hat" pontificating about the NSA
putting backdoor holes in SELinux hysterical. I have a hard time
believing there are people that suspect this is what's going on. I'm
sure the guys involved in coding that backdoor are the ones that
helped stage the moon landings, also.
Of course, all the NSA guys are laughing at the snow job they've
pulled over on me, as well.
--
Chris
"With the way things are starting to go in this country, if forced to
choose between being caught with a van full of pirated DVDs or heroin
you'd actually have to pause and think about it." -- Michael Bell,
drunkenblog.com
11:54 a.m.
New subject: NSA motives - OT
On Tuesday 05 July 2005 12:36, Christofer C. Bell wrote:
first place. We live in a very conservative America now and that
America wants laws like the Patriot Act on the books. It's nothing to
do with some nefarious gov't conspiracy to make your life miserable.
Remember, it's not the government you need to worry about "trusting to
keep your best interests in mind" it's your fellow voter.
(No, not the fellow voter but the fellow NOT voting. )
Have you ever tried to make a decision about something, for other people,
where you were geographically not in the vicinity of the situation? You're
bound to make some serious mistakes.
The gov is acting nefarious as they often think of themselves above the
people, not working for the people. Conspiracies are aplenty. People are all
the times found guilty of plotting this and that. Many companies have people
plotting to get rid of someone they don't like. Gov people are no different.
Except they are supposed to be in charge and have this idea how things would
be so much easier if they could stop everyone. Which is where the problem
lies.
No doubt if NSA felt they could get away with it they would take their steps
to do what they feel is in national security interest. Hopefully we have
enough educated people looking at code that THAT's one thing we don't have to
worry about.
In no way am I trying to say that's what all gov's do or all their employee's.
But there is a certain amount of people who do. As I said the only difference
is that they are in a position of power, and may not necessarily have the
education to match.
Well, that is very nicely off list topic...
--
Steve Szmidt
"They that would give up essential liberty for temporary safety
deserve neither liberty nor safety."
Benjamin Franklin
12:20 p.m.
New subject: NSA motives
Christofer C. Bell wrote:
On 7/5/05, Valdis.Kletnieks(a)vt.edu <Valdis.Kletnieks(a)vt.edu>
wrote:
>As a matter of fact, some of us (myself included) *don't* trust our government
>to keep our best interests in mind. On the other hand, I'm not worried about
>the NSA sneaking in backdoors when the *real* problem is things like the Patriot
>Act and standardized driver's licenses.....
>
>
<off topic rant>
I don't see the big deal about standardized driver licenses,
Bet you don't know why your Vote is anonymous, either, huh ?
but as
for the Patriot Act, if you think it's a bad thing, you're in the
minority. 51% of Americans feel it's a good thing.
Oh ? I hear approval is -much- lower. And, BTW, realizing that 50% of
the US have an IQ of about 100.... I am not sure this is really a
"mob-rules"
thing.
Most of the same people can't even conceive why the 1st and 5th
amendment
even exist. Really. Thank God for Quorums.
They re-elected
George W. Bush 2004 in a Patriot Act America, and they re-elected
their representives in Congress that passed the legislation in the
first place.
Only because of FUD, GW is now at the 40% approval mark, a new
all time low... and the Congress that rode Diebold in, is down to 28%
approval rating. Something you don't hear much about.
So the delusion that "everyone approves" is mere propaganda.
We live in a very conservative America now and that
America wants laws like the Patriot Act on the books.
So did Nazi Germany, with its new efficient Government, called the
Third Reich. It too couldn't understand the need for Civil Rights.
Matter of fact, it even created a slogan for the Nazi Youth,
"Only Criminals don't want to be monitored"
that, and another one you might have heard,
"If you aren't for us, your against us".
It's nothing to
do with some nefarious gov't conspiracy to make your life miserable.
Remember, it's not the government you need to worry about "trusting to
keep your best interests in mind" it's your fellow voter.
Wrong. Government cannot really be trusted, it is not a human, and
it is not
a person, that it -can- be trusted. It is a bureaucracy, with fiefdoms
all over the
place. Remember Ruby Ridge.
"Government is not reason; it is not eloquence; it is force!
Like fire, it is a dangerous servant and a fearful master." -
George Washington.
Regardless, I think this "tin foil hat" pontificating about
the NSA
putting backdoor holes in SELinux hysterical. I have a hard time
believing there are people that suspect this is what's going on. I'm
sure the guys involved in coding that backdoor are the ones that
helped stage the moon landings, also.
Here, you and I concur.
Of course, all the NSA guys are laughing at the snow job they've
pulled over on me, as well.
I doubt they have even noticed you. Most people assume they count in
the big
picture of things, and they usually don't.
My suggestion is to support the Constitution, and any document that
attempts to
supersede it, without proper acceptance and ratification by 3/4th the
States,
as mere trash. The Constitution is the Rule of Law, in America.
Something several Supreme Court Judges have pointed out, already.
http://www.cnn.com/2004/LAW/01/26/patriot.act.ap/
</rant>
9:41 a.m.
New subject: NSA motives
On 7/5/05, Richard Irving <rirving(a)antient.org> wrote:
So did Nazi Germany, with its new efficient Government, called the
Third Reich. It too couldn't understand the need for Civil Rights.
Goodwin's Law[1] has been reached.
"As an online discussion grows longer, the probability of a comparison
involving Nazis or Hitler approaches 1."
[1] http://en.wikipedia.org/wiki/Godwin's_law
--
Chris
"With the way things are starting to go in this country, if forced to
choose between being caught with a van full of pirated DVDs or heroin
you'd actually have to pause and think about it." -- Michael Bell,
drunkenblog.com
4:02 p.m.
New subject: NSA motives
Christofer C. Bell wrote:
On 7/5/05, Richard Irving <rirving(a)antient.org> wrote:
> So did Nazi Germany, with its new efficient Government, called the
>Third Reich. It too couldn't understand the need for Civil Rights.
>
Goodwin's Law[1] has been reached.
To the literate, that is spelled "Godwin".
* yawn *
The *is* an selinux list, got anything useful, *and* on topic ?
.TIA.
....
...
..
,
"As an online discussion grows longer, the probability of a
comparison
involving Nazis or Hitler approaches 1."
[1] http://en.wikipedia.org/wiki/Godwin's_law
http://www.livejournal.com/users/bellatrys/2004/05/17/
4:36 p.m.
New subject: NSA motives
On 7/6/05, Richard Irving <rirving(a)antient.org> wrote:
Christofer C. Bell wrote:
>On 7/5/05, Richard Irving <rirving(a)antient.org> wrote:
>
>> So did Nazi Germany, with its new efficient Government, called the
>>Third Reich. It too couldn't understand the need for Civil Rights.
>>
>
>Goodwin's Law[1] has been reached.
>
To the literate, that is spelled "Godwin".
* yawn *
The *is* an selinux list, got anything useful, *and* on topic ?
The thread is about the motives of the NSA in providing / assisting
with the development of SELinux so yeah, it's on topic. Your
references comparison of the US gov't to Hitler's Germany really does
show you're not capable of engaging in a meaningful conversation about
it.
.TIA.
You're welcome. Have fun with your shiney tinfoil hat.
--
Chris
"With the way things are starting to go in this country, if forced to
choose between being caught with a van full of pirated DVDs or heroin
you'd actually have to pause and think about it." -- Michael Bell,
drunkenblog.com
6:36 p.m.
New subject: NSA motives
Christofer C. Bell wrote:
On 7/6/05, Richard Irving <rirving(a)antient.org> wrote:
>Christofer C. Bell wrote:
>
>>On 7/5/05, Richard Irving <rirving(a)antient.org> wrote:
>>
>>> So did Nazi Germany, with its new efficient Government, called the
>>>Third Reich. It too couldn't understand the need for Civil Rights.
>>>
>>Goodwin's Law[1] has been reached.
>>
> To the literate, that is spelled "Godwin".
>
> * yawn *
>
> The *is* an selinux list, got anything useful, *and* on topic ?
>
The thread is about the motives of the NSA in providing / assisting
with the development of SELinux so yeah, it's on topic.
A better question perhaps is, "..is this thread *really* on topic" ?
Tinfoil Beanie trolls belong elsewhere, *really*.
Your
references comparison of the US gov't to Hitler's Germany really does
show you're not capable of engaging in a meaningful conversation about
it.
Personally, I consider spelling the citation -correctly-, the first
sign of a
potentially intelligent *meaningful* conversation impending...
* cough *
"neverallow domain domain:goodwin_tinfoil_beanie_class_set ~rw_file_perms;"
>.TIA.
>
You're welcome. Have fun with your shiney tinfoil hat.
Ahhh... Ad Homonym, the sign of the lack of any contrary facts, or
a valid counter-argument. Thanks for conceding.
I take it you are not a professional, but a RR zealot, and like the
rest of your pseudo-cult movement, not very insightful,
-nor- educated on the facts...
... mostly full of propaganda, deflection, distortion, lies, subversion,
ad homonym, and utterly unable to control yourself,
or restrain your context to the appropriate time and place,
such as the recent posts here to a professional list demonstrate.
But, this list does not exist for you to spread your RR propaganda,
nor as a tool to satisfy your now personal vendetta.
It is for discussion of selinux implementation issue's.
Ever heard the expression: "Get a Blog!" ?
It applies.
Now returning you to your regular S/N ratio. (Hopefully)
8-)
.TIA..
....
...
..
,
PPS: 51% approved that the Patriot should be "amended", and _limited_.
That is NOT the same as 51% of the people "approving of the Patriot Act".
(So much so, the limitation bill -passed- the vote in the House.)
http://www.washingtonpost.com/wp-dyn/content/article/2005/06/15/AR2005061...
---- "There are liars, damned liars, and statisticians!"
:-P
11:01 p.m.
New subject: NSA motives
On Wed, 2005-07-06 11:36, Christofer C. Bell wrote:
You're welcome. Have fun with your shiney tinfoil hat.
No, tin foil is dull.
And even on aluminum foil, only one side is shiny.
--
All information and transactions are non negotiable and are private
between the parties. All rights reserved without prejudice, Copyright
2005 Angela Kahealani http://www.kahealani.com/
9:53 a.m.
New subject: NSA motives
On 7/6/05, Angela Kahealani <angela(a)kahealani.com> wrote:
On Wed, 2005-07-06 11:36, Christofer C. Bell wrote:
> You're welcome. Have fun with your shiney tinfoil hat.
No, tin foil is dull.
And even on aluminum foil, only one side is shiny.
Ha! Good one. :-) I'm not sure what tinfoil hat boy's issue is. He
seems to think I'm some sort of right wing extremist for pointing out
that 51% of America voted for George Bush. Truth must be painful when
you're frothing at the mouth.
Unfortunately for me, I'm part of the other 49% :-(
Anyway, he's free to keep looking for conspiracies where none exist.
--
Chris
"With the way things are starting to go in this country, if forced to
choose between being caught with a van full of pirated DVDs or heroin
you'd actually have to pause and think about it." -- Michael Bell,
drunkenblog.com
10:15 a.m.
New subject: NSA motives
Is this the SELinux list?
On Jul 7, 2005, at 10:53 AM, Christofer C. Bell wrote:
On 7/6/05, Angela Kahealani <angela(a)kahealani.com> wrote:
> On Wed, 2005-07-06 11:36, Christofer C. Bell wrote:
>
>> You're welcome. Have fun with your shiney tinfoil hat.
>>
>
> No, tin foil is dull.
> And even on aluminum foil, only one side is shiny.
>
Ha! Good one. :-) I'm not sure what tinfoil hat boy's issue is. He
seems to think I'm some sort of right wing extremist for pointing out
that 51% of America voted for George Bush. Truth must be painful when
you're frothing at the mouth.
Unfortunately for me, I'm part of the other 49% :-(
Anyway, he's free to keep looking for conspiracies where none exist.
--
Chris
"With the way things are starting to go in this country, if forced to
choose between being caught with a van full of pirated DVDs or heroin
you'd actually have to pause and think about it." -- Michael Bell,
drunkenblog.com
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
11:18 a.m.
New subject: NSA motives
Christofer C. Bell wrote:
On 7/6/05, Angela Kahealani <angela(a)kahealani.com> wrote:
> On Wed, 2005-07-06 11:36, Christofer C. Bell wrote:
>
>> You're welcome. Have fun with your shiney tinfoil hat.
>
> No, tin foil is dull.
> And even on aluminum foil, only one side is shiny.
Ha! Good one. :-) I'm not sure what tinfoil hat boy's issue is.
I love the name calling, public and private, helps put you into
perspective...
He
seems to think I'm some sort of right wing extremist for pointing out
that 51% of America voted for George Bush.
Please stick to the truth, You didn't make that statement,
you stated 51% of the United States approved of the Patriot act.
Here are your own words:
"but as for the Patriot Act, if you think it's a bad thing,
you're in the
minority. 51% of Americans feel it's a good thing."
And that statistic is *not* correct. That is what is called a
"distortion",
it is a form of a "lie". I know the difference is hard to comprehend,
but give
it your best, ok ?
Shoot, 51% don't even approve of "W", -or -the congress' actions. 51%
was back during
the height of the "chicken little" effect, *much* water has passed under
the bridge
since then.
For example, it was determined conclusively that there were no WMD's, and
that Iraq had nothing to do with 911.
Truth must be painful when
you're frothing at the mouth.
See above, what does your statement have to do with truth ?
You published bad information, I correct it, and now *I* am "frothing" ?
Anything but accept and acknowledge that you are *wrong*, I guess,
or let this list be used for selinux, instead of a political pulpit.
Don't you have anything better than Ad Homonym ?
Or, are you just a "one trick" pony ?
Unfortunately for me, I'm part of the other 49% :-(
Anyway, he's free to keep looking for conspiracies where none exist.
You mean like the Downing Street Memo ?
:-P
Now, back to "Get a Blog!", this list is about selinux, not the ones fools
nutty fear that someone has put a back door in the core of selinux, or
yours that
the Majority of America approves of the assault on Civil Rights, and the
Constitution,
inherent in the Patriot, and this Administration.
*Neither* are true.
More Signal, Less Noise.
.TIA.
....
...
..
.
11:39 a.m.
New subject: NSA motives - OT
On Tuesday 05 July 2005 12:10, Valdis.Kletnieks(a)vt.edu wrote:
On Tue, 05 Jul 2005 09:40:37 CDT, "Christofer C. Bell"
said:
> This talk of nefarious NSA meddling in Linux to further their aims of
> keeping tabs on the underworld dealings of the less than scrupulous
> has me in stitches! Are you all for real?
As a matter of fact, some of us (myself included) *don't* trust our
government to keep our best interests in mind. On the other hand, I'm not
worried about the NSA sneaking in backdoors when the *real* problem is
things like the Patriot Act and standardized driver's licenses.....
Yes, and the worst part of it is that their idea of security is not in fact
doing anything to make security any better, but actually worse. (Not talking
about SELinux, but laws (like Patriot Act) that supposedly makes the country
safer after 9/11.)
Now if we could just get these guys to apply some common sense a'la Bruce
Schneier, Founder of Counterpane Internet Security, Inc . there would be some
hope for improvements... (Somebody wake me up I'm dreaming!)
--
Steve Szmidt
"They that would give up essential liberty for temporary safety
deserve neither liberty nor safety."
Benjamin Franklin
6862
days inactive
6881
days old
selinux@lists.fedoraproject.org
30 comments
12 participants
participants (12)
-
Aleksandar Milivojevic -
Angela Kahealani -
Christofer C. Bell -
Ivan Gyurdiev -
Jon August -
Peter Magnusson -
Richard Hally -
Richard Irving -
Stephen Smalley -
steve szmidt -
stewartetcieï¼ canada.com -
Valdis.Kletnieksï¼ vt.edu