Well that is why I said.."coming from a big company or organization". We are all taking chances when we run a complex operating system, which we don't fully comprehend line by line. But that is the benefit of "Open Source Software". I am fairly confident, that some geek somewhere, will discover abnormalities if they can be discovered. If they can't be discovered, then we at risk. There is no gaurantee of computer security.

We are all at the mercy of the c libs. How do we know that the NSA isn't "grooming and promoting college professors" who are willing to hide a few special complex backdoors, who will have expalnations to cover up the secrets. Maybe there are a few geeks out there, who have discovered them, and all their posts are reflected back to them, (so they think they are getting out), but in actuality are deleted and never seen by the world?

All you can do is be "diligent". I don't use KDE. Before I compiled and installed Xorg's X Server, I googled for comments about it, and I watch my system for suspicious files and sockets opening. So far, it seems clean.

When I was starting out, I trusted the big companies like SuSE to do the checking and compiling for me. But as you know, all the big distros are now being bought out by big corporations. Since I know that the big corporations are the "hand-maidens" of the military industrial complex, I have become more suspicious about the "complexities" which they introduce to linux. Now I pretty much run a "linux from scratch" installation.

The nice thing about linux, is you don't have to run as root, so you can run things as a "low-priviledged user" and see what they do, without impacting your system. Of course, there are always the secretive things the network engineers may be doing, so it pays to do a tcpdump of your network connections every now and then. That is what bothers me the most. When I log onto my ISP, I am in a Peer-2-Peer level connection, and they may have a way to connect, bypassing the firewalls.

BUT ALL THAT SAID......I probably would run a precompiled package from a reputable website, like SuSE, or Redhat, etc. Otherwise, ( and almost always) I compile everything myself. Even though I don't understand all the c code, at least I HAVE THE EVIDENCE IN HAND, in case the code is malicious.

Now I would NOT even bother to run any encrypted perl script, unless I personally knew the author, or the author has also provided the source code.

P.S. It goes for the hardware too. How do we know that each motherboard (or cpu) dosn't emit a signal, which can be received by "government equipment". Dosn't it make you wonder why it's illegal to put your computer into a "Faraday cage", which defeats "tempest". Or why it's so hard to get promoted in the "engineering ranks" of computer designers? We are at the mercy of the designers, who all must pass the "MI-complex security investigations". And it's not so much that they are worried about your background, they want to make sure you can be forced to "keep the secrets".

---

---

• Are you posting in the right place? Check out Where do I post X? to know for sure.
• Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:

  <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>

• Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
• Want more info? How to link or How to display code and escape characters are good places to start.