1 |
On 161216-08:35-0500, Rich Freeman wrote: |
2 |
> On Fri, Dec 16, 2016 at 8:13 AM, Miroslav Rovis |
3 |
> <miro.rovis@××××××××××××××.hr> wrote: |
4 |
> > On 161216-07:16-0500, Rich Freeman wrote: |
5 |
> >> On Fri, Dec 16, 2016 at 5:19 AM, Miroslav Rovis |
6 |
> >> <miro.rovis@××××××××××××××.hr> wrote: |
7 |
> >> > |
8 |
> >> > In my stron opinion, and opinions are allowed in Gentoo, just not |
9 |
> >> > imposing your opinion onto others (and that I am not doing, feel free |
10 |
> >> > to disagree!), pulseadio is spyware, read more here: |
11 |
> >> > |
12 |
> >> > Re: [Alsa-user] sans-pulseaudio Firefox? was: a strange thing |
13 |
> >> > https://www.mail-archive.com/alsa-user@×××××××××××××××××.net/msg31928.html |
14 |
> >> > |
15 |
> >> |
16 |
> >> What exactly about Pulseaudio do you think makes it "spyware?" The |
17 |
> > You're right actually. Or might be. It is likely not spyware in itself, |
18 |
> > but it surely is spyware enabler. Like dbus and all of poetterware. |
19 |
> > |
20 |
> > And about xorg. Everybody uses it, I do too. Minimalistically. Just |
21 |
> > enough to have, say Firefox and Wireshark, and a good *nix programs that |
22 |
> > need gui. But I'd think the possibilities for spying-required remote |
23 |
> > connections with xorg are nowhere near to what poetterware and |
24 |
> > associates offer. |
25 |
> > |
26 |
> |
27 |
> I'm not sure I understand what distinction you're making. I can't say |
28 |
> I'm intimately familiar with the security model around Pulseaudio (at |
29 |
> a glance it seems similar to X11 with its use of cookies, though |
30 |
> obviously if you tell it to broadcast unencrypted multicast RTP on |
31 |
> your LAN you'll get the obvious effects) but X11 has a couple of |
32 |
> glaring security weaknesses. The most obvious is the fact that any |
33 |
> random X11 client can read the keyboard input of any other client on |
34 |
> the same server unless you jump through a bunch of hoops that I don't |
35 |
> think anybody actually jumps through (though I do believe some of the |
36 |
> X11 PIN entry programs may use them at least). Anything you type into |
37 |
> an xterm could be read by your browser, and in turn by any code able |
38 |
> to execute outside any sandbox that browser might have (root privs not |
39 |
> needed for this). |
40 |
|
41 |
I don't claim it can not, but I doubt anyone can do it in my |
42 |
grsecurity-hardened based Gentoo machine. |
43 |
|
44 |
[ but first (I just now looked it up), I'm not match for you, you are a |
45 |
Gentoo developer: |
46 |
https://www.gentoo.org/inside-gentoo/developers/ |
47 |
where the link under "Rich0" opens: |
48 |
https://wiki.gentoo.org/wiki/User:Rich0 |
49 |
and you would get a better reply from someone of your statue, which I'm |
50 |
not ; and since we're at conditionalities, I'm sorry if I reply slowly, |
51 |
I'm unable to work faster. ] |
52 |
|
53 |
> And I wouldn't be surprised if a lot of X servers still run as root |
54 |
> for modesetting/etc. |
55 |
|
56 |
What user is that? It you want, tell me how to check it, and let's see |
57 |
how spyware-prone my system is. |
58 |
|
59 |
> > That's why they came into existance, after all. |
60 |
> |
61 |
> Uh, somehow I doubt that Lennart wrote Pulseaudio just to simplify the |
62 |
> task of getting audio off of a local host so that somebody can spy on |
63 |
> you. Maybe it had something to do with the fact that before it came |
64 |
> along just doing something like plugging a USB headset into a Linux |
65 |
> desktop was a bit of a chore? |
66 |
|
67 |
It's been discussed over and over again. Lots of people are firm in |
68 |
their understanding that Lennart is an actor by and for the big |
69 |
business. Me too. |
70 |
|
71 |
And, it's not about singular trees but the big picture, and I dare reply |
72 |
even to you with the following argument. |
73 |
|
74 |
Because this argument is understood even without being a programmer, |
75 |
being this argument the sign of the time, so it's in the very big |
76 |
picture. |
77 |
|
78 |
And it's, to some extent, just repeating what I already wrote, |
79 |
regardless of the singular trees looking deliciously innocent (running |
80 |
your multiple desktop sessions looks so innocent and un-evil, almost like |
81 |
Schmoog the Schmoogle!)... |
82 |
|
83 |
The argument: |
84 |
|
85 |
In this day and age, when the state- and other big actors virtually know |
86 |
ever-nearer to virtually everything about everybody, there is not deaf |
87 |
spot anywhere in public, and not even in your own home you are not |
88 |
audio-alone, but rather you are automatically recorded anywhere you go, |
89 |
and that wholesale spying is undeniable, thanks to Edward Snowden... |
90 |
|
91 |
In that big picture, whatever would anybody say that this complex new |
92 |
Pulseaudio code, that communicates to anywhere, local or remote, |
93 |
whatever would anybody try to claim that that perfect --but also the |
94 |
spying firm the Schmoog is perfect as well, and really really not "not |
95 |
evil", they sold so many people!-- whatever would anybody try to claim |
96 |
that that perfect code is for... |
97 |
|
98 |
Whatever would anybody try to claim |
99 |
that that perfect code is for, but, let alone the nice trees like the |
100 |
ones you mention, let them alone... Because it's like saying: oh how |
101 |
good my dear Schmoog the Schmoogle is, look, I can post any video I |
102 |
want, and I don't pay for it!... And that's like saying: how good my new |
103 |
Galaxy Android is... mobile phones, the eavesdropper devices good?! (Oh, |
104 |
for the feeble of mind, not for you, the user, no! But for the state- |
105 |
and other big actors eavesdropper device that you paid for so that they |
106 |
can record you...) |
107 |
|
108 |
Whatever would anybody try to claim Pulseaudio code is, but to make up |
109 |
for what was missing in some FOSS GNU Linux boxen for the missing |
110 |
functionality that the big players couldn't otherwise get for their |
111 |
Total Surveillance... |
112 |
|
113 |
And they couldn't get it because there are some, developers/users alike, |
114 |
and... |
115 |
|
116 |
===================================================================== |
117 |
I thank here all the developers thanks to whom I don't have to use |
118 |
neither Systemd nor Pulseaudio, nor Dbus, nor Policykit nor any |
119 |
poetterware... |
120 |
===================================================================== |
121 |
|
122 |
I thank them most sincerely! |
123 |
|
124 |
[And they couldn't get it because there are some, developers/users alike], |
125 |
who stubbornly do not want to live with massive intrusion into their |
126 |
boxen, which their, the big players' one-ring-to-rule-them all agenda, |
127 |
comprising total surveillance, is... |
128 |
|
129 |
But maybe I wrote in more to the point in the other link further about, |
130 |
which you left standing... Don't know. |
131 |
|
132 |
|
133 |
> Well, if you prefer not to use Pulse, that's of course up to you. I |
134 |
> wasn't running it for ages, and I probably still wouldn't be running |
135 |
> it if I didn't have issues with running multiple desktop sessions as |
136 |
> separate users (one of those things that stuff like pulse+policykit |
137 |
> and so on was designed to help fix). |
138 |
> |
139 |
> -- |
140 |
> Rich |
141 |
> |
142 |
|
143 |
Respectfully! |
144 |
|
145 |
-- |
146 |
Miroslav Rovis |
147 |
Zagreb, Croatia |
148 |
http://www.CroatiaFidelis.hr |