| 1 |
On 161216-08:35-0500, Rich Freeman wrote: |
| 2 |
> On Fri, Dec 16, 2016 at 8:13 AM, Miroslav Rovis |
| 3 |
> <miro.rovis@××××××××××××××.hr> wrote: |
| 4 |
> > On 161216-07:16-0500, Rich Freeman wrote: |
| 5 |
> >> On Fri, Dec 16, 2016 at 5:19 AM, Miroslav Rovis |
| 6 |
> >> <miro.rovis@××××××××××××××.hr> wrote: |
| 7 |
> >> > |
| 8 |
> >> > In my stron opinion, and opinions are allowed in Gentoo, just not |
| 9 |
> >> > imposing your opinion onto others (and that I am not doing, feel free |
| 10 |
> >> > to disagree!), pulseadio is spyware, read more here: |
| 11 |
> >> > |
| 12 |
> >> > Re: [Alsa-user] sans-pulseaudio Firefox? was: a strange thing |
| 13 |
> >> > https://www.mail-archive.com/alsa-user@×××××××××××××××××.net/msg31928.html |
| 14 |
> >> > |
| 15 |
> >> |
| 16 |
> >> What exactly about Pulseaudio do you think makes it "spyware?" The |
| 17 |
> > You're right actually. Or might be. It is likely not spyware in itself, |
| 18 |
> > but it surely is spyware enabler. Like dbus and all of poetterware. |
| 19 |
> > |
| 20 |
> > And about xorg. Everybody uses it, I do too. Minimalistically. Just |
| 21 |
> > enough to have, say Firefox and Wireshark, and a good *nix programs that |
| 22 |
> > need gui. But I'd think the possibilities for spying-required remote |
| 23 |
> > connections with xorg are nowhere near to what poetterware and |
| 24 |
> > associates offer. |
| 25 |
> > |
| 26 |
> |
| 27 |
> I'm not sure I understand what distinction you're making. I can't say |
| 28 |
> I'm intimately familiar with the security model around Pulseaudio (at |
| 29 |
> a glance it seems similar to X11 with its use of cookies, though |
| 30 |
> obviously if you tell it to broadcast unencrypted multicast RTP on |
| 31 |
> your LAN you'll get the obvious effects) but X11 has a couple of |
| 32 |
> glaring security weaknesses. The most obvious is the fact that any |
| 33 |
> random X11 client can read the keyboard input of any other client on |
| 34 |
> the same server unless you jump through a bunch of hoops that I don't |
| 35 |
> think anybody actually jumps through (though I do believe some of the |
| 36 |
> X11 PIN entry programs may use them at least). Anything you type into |
| 37 |
> an xterm could be read by your browser, and in turn by any code able |
| 38 |
> to execute outside any sandbox that browser might have (root privs not |
| 39 |
> needed for this). |
| 40 |
|
| 41 |
I don't claim it can not, but I doubt anyone can do it in my |
| 42 |
grsecurity-hardened based Gentoo machine. |
| 43 |
|
| 44 |
[ but first (I just now looked it up), I'm not match for you, you are a |
| 45 |
Gentoo developer: |
| 46 |
https://www.gentoo.org/inside-gentoo/developers/ |
| 47 |
where the link under "Rich0" opens: |
| 48 |
https://wiki.gentoo.org/wiki/User:Rich0 |
| 49 |
and you would get a better reply from someone of your statue, which I'm |
| 50 |
not ; and since we're at conditionalities, I'm sorry if I reply slowly, |
| 51 |
I'm unable to work faster. ] |
| 52 |
|
| 53 |
> And I wouldn't be surprised if a lot of X servers still run as root |
| 54 |
> for modesetting/etc. |
| 55 |
|
| 56 |
What user is that? It you want, tell me how to check it, and let's see |
| 57 |
how spyware-prone my system is. |
| 58 |
|
| 59 |
> > That's why they came into existance, after all. |
| 60 |
> |
| 61 |
> Uh, somehow I doubt that Lennart wrote Pulseaudio just to simplify the |
| 62 |
> task of getting audio off of a local host so that somebody can spy on |
| 63 |
> you. Maybe it had something to do with the fact that before it came |
| 64 |
> along just doing something like plugging a USB headset into a Linux |
| 65 |
> desktop was a bit of a chore? |
| 66 |
|
| 67 |
It's been discussed over and over again. Lots of people are firm in |
| 68 |
their understanding that Lennart is an actor by and for the big |
| 69 |
business. Me too. |
| 70 |
|
| 71 |
And, it's not about singular trees but the big picture, and I dare reply |
| 72 |
even to you with the following argument. |
| 73 |
|
| 74 |
Because this argument is understood even without being a programmer, |
| 75 |
being this argument the sign of the time, so it's in the very big |
| 76 |
picture. |
| 77 |
|
| 78 |
And it's, to some extent, just repeating what I already wrote, |
| 79 |
regardless of the singular trees looking deliciously innocent (running |
| 80 |
your multiple desktop sessions looks so innocent and un-evil, almost like |
| 81 |
Schmoog the Schmoogle!)... |
| 82 |
|
| 83 |
The argument: |
| 84 |
|
| 85 |
In this day and age, when the state- and other big actors virtually know |
| 86 |
ever-nearer to virtually everything about everybody, there is not deaf |
| 87 |
spot anywhere in public, and not even in your own home you are not |
| 88 |
audio-alone, but rather you are automatically recorded anywhere you go, |
| 89 |
and that wholesale spying is undeniable, thanks to Edward Snowden... |
| 90 |
|
| 91 |
In that big picture, whatever would anybody say that this complex new |
| 92 |
Pulseaudio code, that communicates to anywhere, local or remote, |
| 93 |
whatever would anybody try to claim that that perfect --but also the |
| 94 |
spying firm the Schmoog is perfect as well, and really really not "not |
| 95 |
evil", they sold so many people!-- whatever would anybody try to claim |
| 96 |
that that perfect code is for... |
| 97 |
|
| 98 |
Whatever would anybody try to claim |
| 99 |
that that perfect code is for, but, let alone the nice trees like the |
| 100 |
ones you mention, let them alone... Because it's like saying: oh how |
| 101 |
good my dear Schmoog the Schmoogle is, look, I can post any video I |
| 102 |
want, and I don't pay for it!... And that's like saying: how good my new |
| 103 |
Galaxy Android is... mobile phones, the eavesdropper devices good?! (Oh, |
| 104 |
for the feeble of mind, not for you, the user, no! But for the state- |
| 105 |
and other big actors eavesdropper device that you paid for so that they |
| 106 |
can record you...) |
| 107 |
|
| 108 |
Whatever would anybody try to claim Pulseaudio code is, but to make up |
| 109 |
for what was missing in some FOSS GNU Linux boxen for the missing |
| 110 |
functionality that the big players couldn't otherwise get for their |
| 111 |
Total Surveillance... |
| 112 |
|
| 113 |
And they couldn't get it because there are some, developers/users alike, |
| 114 |
and... |
| 115 |
|
| 116 |
===================================================================== |
| 117 |
I thank here all the developers thanks to whom I don't have to use |
| 118 |
neither Systemd nor Pulseaudio, nor Dbus, nor Policykit nor any |
| 119 |
poetterware... |
| 120 |
===================================================================== |
| 121 |
|
| 122 |
I thank them most sincerely! |
| 123 |
|
| 124 |
[And they couldn't get it because there are some, developers/users alike], |
| 125 |
who stubbornly do not want to live with massive intrusion into their |
| 126 |
boxen, which their, the big players' one-ring-to-rule-them all agenda, |
| 127 |
comprising total surveillance, is... |
| 128 |
|
| 129 |
But maybe I wrote in more to the point in the other link further about, |
| 130 |
which you left standing... Don't know. |
| 131 |
|
| 132 |
|
| 133 |
> Well, if you prefer not to use Pulse, that's of course up to you. I |
| 134 |
> wasn't running it for ages, and I probably still wouldn't be running |
| 135 |
> it if I didn't have issues with running multiple desktop sessions as |
| 136 |
> separate users (one of those things that stuff like pulse+policykit |
| 137 |
> and so on was designed to help fix). |
| 138 |
> |
| 139 |
> -- |
| 140 |
> Rich |
| 141 |
> |
| 142 |
|
| 143 |
Respectfully! |
| 144 |
|
| 145 |
-- |
| 146 |
Miroslav Rovis |
| 147 |
Zagreb, Croatia |
| 148 |
http://www.CroatiaFidelis.hr |
Archives