Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

Re^3: Hiding your Script

by zentara (Archbishop)
on May 30, 2005 at 21:36 UTC ( [id://461870]=note: print w/replies, xml ) Need Help??


in reply to Re^2: Hiding your Script
in thread Hiding your Script

Well that is why I said.."coming from a big company or organization". We are all taking chances when we run a complex operating system, which we don't fully comprehend line by line. But that is the benefit of "Open Source Software". I am fairly confident, that some geek somewhere, will discover abnormalities if they can be discovered. If they can't be discovered, then we at risk. There is no gaurantee of computer security.

We are all at the mercy of the c libs. How do we know that the NSA isn't "grooming and promoting college professors" who are willing to hide a few special complex backdoors, who will have expalnations to cover up the secrets. Maybe there are a few geeks out there, who have discovered them, and all their posts are reflected back to them, (so they think they are getting out), but in actuality are deleted and never seen by the world?

All you can do is be "diligent". I don't use KDE. Before I compiled and installed Xorg's X Server, I googled for comments about it, and I watch my system for suspicious files and sockets opening. So far, it seems clean.

When I was starting out, I trusted the big companies like SuSE to do the checking and compiling for me. But as you know, all the big distros are now being bought out by big corporations. Since I know that the big corporations are the "hand-maidens" of the military industrial complex, I have become more suspicious about the "complexities" which they introduce to linux. Now I pretty much run a "linux from scratch" installation.

The nice thing about linux, is you don't have to run as root, so you can run things as a "low-priviledged user" and see what they do, without impacting your system. Of course, there are always the secretive things the network engineers may be doing, so it pays to do a tcpdump of your network connections every now and then. That is what bothers me the most. When I log onto my ISP, I am in a Peer-2-Peer level connection, and they may have a way to connect, bypassing the firewalls.

BUT ALL THAT SAID......I probably would run a precompiled package from a reputable website, like SuSE, or Redhat, etc. Otherwise, ( and almost always) I compile everything myself. Even though I don't understand all the c code, at least I HAVE THE EVIDENCE IN HAND, in case the code is malicious.

Now I would NOT even bother to run any encrypted perl script, unless I personally knew the author, or the author has also provided the source code.

P.S. It goes for the hardware too. How do we know that each motherboard (or cpu) dosn't emit a signal, which can be received by "government equipment". Dosn't it make you wonder why it's illegal to put your computer into a "Faraday cage", which defeats "tempest". Or why it's so hard to get promoted in the "engineering ranks" of computer designers? We are at the mercy of the designers, who all must pass the "MI-complex security investigations". And it's not so much that they are worried about your background, they want to make sure you can be forced to "keep the secrets".

I'm not really a human, but I play one on earth. flash japh

Replies are listed 'Best First'.
Re^4: Hiding your Script
by chanio (Priest) on May 31, 2005 at 01:01 UTC
    I think that like in security matters, in life, we have to start believing in something before working in that direction. If you succeed in securing your system, it might be worth for others to break into it to know what are your concealing.

    I personally, don't have anything to conceal. Like the biggest part of the people in this world. So, let the important people, care about those things. They are never going to impose such a way of living as they are promoting.

    That is not progress. It is a way of wasting everybody's time in nonsense.

    Remember that the successful Micro$oft started speaking about security when their creativity started their actual decay. It is like those governments that start seeing everybody as a potencial enemy, to justify wasting the peoples taxes in something invisible and with an increasing greediness.

    But some time in the future, we are all going to need to return to what matters. And that is my only target. I only care of trying to waste less time in rebuilding my system when it breaks. And to be really usefull at work. 

    .{\('v')/}   C H E E R   U P !
 _`(___)' ___a_l_b_e_r_t_o_________
    Wherever I lay my KNOPPIX disk, a new FREE LINUX nation could be established.
[reply]
      If you succeed in securing your system, it might be worth for others to break into it to know what are your concealing. I personally, don't have anything to conceal. Like the biggest part of the people in this world. So, let the important people, care about those things. They are never going to impose such a way of living as they are promoting.

      I really don't have anything to conceal either....BUT.....

      Do you leave your house or apartment doors unlocked? Should the undercover police have the right just to walk into your house and look around?....after all....you have nothing to conceal.

      The above comment ASSUMES an "honorable and honest undercover police force". But as we all know, the police and security forces are riddled with corruption. So you say it's okay for some network engineers to "get into your system" because "you have nothing to conceal"? Well what happens if they use that power to plant evidence in your computer, OR steal your credit card info, OR just crash your system because you said something "politically incorrect"? What if the "undercover police" who secretly enter your premises to "look around", are being paid to put a few drops of poison into your food, because you "bad-mouth" the local political boss?

      You can't let them in, once you do, they WILL control you.

      I'm not really a human, but I play one on earth. flash japh
[reply]
        Yes, my friend. When I have been mind bended, I start transforming everything into political speeches. Even the senseless things!

        But that is a sign of emptiness. We can't oposse to a bigger force than ours.

        The alternative is to take precautions before it is too late. A lot of people is joining forces to stop this insanity. If security becomes a profitable commercial issue. Then, only the powerful companies are going to be able to save us. Why do you think that Symantec sees profitable to buy Thaute?

        In a possible future, it might be safer to put a special chip inside our brand new CPU that would decide what software is 'approved' and what is not going to work by any means. And guess what. Our most powerful company's president is going to decide when enough is enough. And we would rather forget trying to work as independent programers.

        Then, the intruders might have won the final war.

        You are right, I won't go to extremes! But I try to do my best without getting obsessed with security or any other actual insanity. I want to enjoy reading interesting emails and not seeking for viruses or spams. I am just trying to pretend to be normal!

        .{\('v')/}   C H E E R   U P !
 _`(___)' ___a_l_b_e_r_t_o_________
        Wherever I lay my KNOPPIX disk, a new FREE LINUX nation could be established.
[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://461870]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (6)
As of 2024-04-19 23:02 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found