Re: [gentoo-user] Re: Best *SIMPLE* firewall? - gentoo-user

From:	mad.scientist.at.large@××××××××.com
To:	Gentoo User <gentoo-user@l.g.o>
Subject:	*Re: [gentoo-user] Re: Best SIMPLE* firewall?**
Date:	Thu, 01 Mar 2018 03:27:54
Message-Id:	`L6UTtov--3-0@tutanota.com`
In Reply to:	Re: [gentoo-user] Re: Best SIMPLE firewall? by Rich Freeman

1

All microsoft software is inherently less secure.  You see, like many companies based here in amerika microsoft notifies nsa of bugs and does not patch them or notify anyone else until nsa says so, i.e. not unless/until nsa thinks they don't need the indirect back door "accidentally" included back door.  much harder but not impossible with linux and not at all difficult when you infiltrate development, as nsa did with one of the encrypted filesystems.  please see <https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html> for an idea of how it really works here and elsewhere.   And don't think they harass/pressure/or are cooperated with by companies world wide.  The point being that once backdoors are in there is little to do.  Hp and Dell (and doubtless others we still don't know about) put backdoors in their server hardware bios's that they claim to not know the workings of.

2

3

Remember the "Iran hostage 'crisis'", one of the 3 taken hostage, and likely the trigger, was working for a SWISS encryption company that had put nsa backdoors into it's encryption products.  One of their' employees had the misfortune to be servicing the product in Iran when it leaked out.

4

5

the point being that anyone who leaves/creates backdoors is making a way for others to violate the system.  This is seriously damaging the value (in financial terms) as people realize how grossly insecure it is and indeed that some of that is deliberate.  some of it is ignorance, badly implemented security can make things worse and all software adds bugs to a secure system (part of why it's very bad practice to use a whole pc and os as part of a voting machine, simpler is nearly always more secure).  Most security breaches of encrypted and non-encrypted systems is due to a software but, though often partially a lack of good systems administration.   Apparently the math is good, but realize nsa employs more mathematicians than any other agency/company, about 2500+ as i recall, they know things about math that no one else does.  

6

7

p.s., there are good people at nsa, though fewer than there used to be and sadly bad attitudes seem now to be required for administrative jobs.  Many have left do to the most recent "return to the bad old days" as one of them put it (i.e. during the sixties when amongst other things doctor King, and countless others were spied on for political ends, i.e. in one of kings hotel rooms there were over 50 fbi bugs!  that would be a lot of bugs now.

8

9

and 702 is still law here, even though it explicitly allows law enforcement data illegally obtained by "homeland security"( a classic example of new speak) in court and to LIE about where it came from, i.e. it legalizes perjury on the part of the state in many cases, the type of thing that usually causes a mistrial and get's people disbarred and sent to prison, though the defense can still get in trouble, sometimes.  currently the "rule of law" only applies when there is no goverment interest.

10

11

My country is adding back doors to routers and likely other electronics at customs, outbound at least but very likely inbound as well.  Despite public statements many of the tech companies still aid in illegal surveilance, partially because it makes more of their' privacy policies void and allows them to collect, process, and sell your' privacy.

12

13

do you have a samsung voice controlled tv?  samsung has allowed nsa to use these tv sets as bugs, which is likely the case with cell phone makers as well.  Hence the "creepy" notice in the manual that vocal commands are processed off site, i.e. remotely over the net in all cases.

14

15

what happens when a company doesn't comply with illegal orders from nsa?  they get shut down, remember Qwest (the former provider in colorado etc.), out of business and replaced by a very slimy competitor, all because they made a "big deal" over providing nsa with peoples "meta data", often very, very usefull.

16

17

I feel badly that my countrie's abandonment of of basic human liberties and our own constitution/bill of rights, worse about how it is enabling other countries to do the same and worse.  It is severely damaging the value of the internet and will result in financial losses globally. 

18

19

mad.scientist.at.large (a good madscientist)

20

--

21

God bless the rich, the greedy and the corrupt politicians they have put into office.   God bless them for helping me do the right thing by giving the rich my little pile of cash.  After all, the rich know what to do with money.

22

23

24

28. Feb 2018 17:26 by rich0@g.o:

25

26

27

> On Wed, Feb 28, 2018 at 6:22 PM, > Taiidan@×××.com>  <> Taiidan@×××.com> > wrote:

28

>> Is there a windows style application layer firewall?

29

>

30

> Windows doesn't have an "application layer firewall" as far as I know.

31

> I believe that it does the filtering at the OS level, the same as

32

> Linux.

33

>

34

> Now, it is true that the UI for the Windows Firewall is typically used

35

> to set rules on a per-application basis.  However, I'm pretty sure

36

> this can also be done with netfilter.  I'm not sure if any of the more

37

> convenient netfilter front-ends offer this capability.

38

>

39

>> I get that it doesn't

40

>> stop truly malicious programs

41

>

42

> As far as I'm aware there is nothing really wrong with the Windows

43

> Firewall.  I wouldn't expect it to be any less secure than netfilter.

44

> There is something to be said for having layers of defense and running

45

> a firewall that isn't on the server being protected, but that is true

46

> of both Linux and Windows.  Of course the Windows implementation could

47

> contain a bug that the Linux implementation lacks, but the reverse is

48

> also true.  Like everybody around here I prefer a FOSS implementation,

49

> and would trust it more due to the "many eyes" philosophy, but I'd

50

> stop short of saying that the Windows software firewall is

51

> particularly insecure.

52

>

53

> And of course if you want to filter based on process you have no

54

> choice but to implement it on the host running the process.  This

55

> doesn't prevent you from also having a separate firewall at the

56

> network perimeter either.

57

>

58

> --

59

> Rich

1	All microsoft software is inherently less secure. You see, like many companies based here in amerika microsoft notifies nsa of bugs and does not patch them or notify anyone else until nsa says so, i.e. not unless/until nsa thinks they don't need the indirect back door "accidentally" included back door. much harder but not impossible with linux and not at all difficult when you infiltrate development, as nsa did with one of the encrypted filesystems. please see <https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html> for an idea of how it really works here and elsewhere. And don't think they harass/pressure/or are cooperated with by companies world wide. The point being that once backdoors are in there is little to do. Hp and Dell (and doubtless others we still don't know about) put backdoors in their server hardware bios's that they claim to not know the workings of.
2
3	Remember the "Iran hostage 'crisis'", one of the 3 taken hostage, and likely the trigger, was working for a SWISS encryption company that had put nsa backdoors into it's encryption products. One of their' employees had the misfortune to be servicing the product in Iran when it leaked out.
4
5	the point being that anyone who leaves/creates backdoors is making a way for others to violate the system. This is seriously damaging the value (in financial terms) as people realize how grossly insecure it is and indeed that some of that is deliberate. some of it is ignorance, badly implemented security can make things worse and all software adds bugs to a secure system (part of why it's very bad practice to use a whole pc and os as part of a voting machine, simpler is nearly always more secure). Most security breaches of encrypted and non-encrypted systems is due to a software but, though often partially a lack of good systems administration. Apparently the math is good, but realize nsa employs more mathematicians than any other agency/company, about 2500+ as i recall, they know things about math that no one else does.
6
7	p.s., there are good people at nsa, though fewer than there used to be and sadly bad attitudes seem now to be required for administrative jobs. Many have left do to the most recent "return to the bad old days" as one of them put it (i.e. during the sixties when amongst other things doctor King, and countless others were spied on for political ends, i.e. in one of kings hotel rooms there were over 50 fbi bugs! that would be a lot of bugs now.
8
9	and 702 is still law here, even though it explicitly allows law enforcement data illegally obtained by "homeland security"( a classic example of new speak) in court and to LIE about where it came from, i.e. it legalizes perjury on the part of the state in many cases, the type of thing that usually causes a mistrial and get's people disbarred and sent to prison, though the defense can still get in trouble, sometimes. currently the "rule of law" only applies when there is no goverment interest.
10
11	My country is adding back doors to routers and likely other electronics at customs, outbound at least but very likely inbound as well. Despite public statements many of the tech companies still aid in illegal surveilance, partially because it makes more of their' privacy policies void and allows them to collect, process, and sell your' privacy.
12
13	do you have a samsung voice controlled tv? samsung has allowed nsa to use these tv sets as bugs, which is likely the case with cell phone makers as well. Hence the "creepy" notice in the manual that vocal commands are processed off site, i.e. remotely over the net in all cases.
14
15	what happens when a company doesn't comply with illegal orders from nsa? they get shut down, remember Qwest (the former provider in colorado etc.), out of business and replaced by a very slimy competitor, all because they made a "big deal" over providing nsa with peoples "meta data", often very, very usefull.
16
17	I feel badly that my countrie's abandonment of of basic human liberties and our own constitution/bill of rights, worse about how it is enabling other countries to do the same and worse. It is severely damaging the value of the internet and will result in financial losses globally.
18
19	mad.scientist.at.large (a good madscientist)
20	--
21	God bless the rich, the greedy and the corrupt politicians they have put into office. God bless them for helping me do the right thing by giving the rich my little pile of cash. After all, the rich know what to do with money.
22
23
24	28. Feb 2018 17:26 by rich0@g.o:
25
26
27	> On Wed, Feb 28, 2018 at 6:22 PM, > Taiidan@×××.com> <> Taiidan@×××.com> > wrote:
28	>> Is there a windows style application layer firewall?
29	>
30	> Windows doesn't have an "application layer firewall" as far as I know.
31	> I believe that it does the filtering at the OS level, the same as
32	> Linux.
33	>
34	> Now, it is true that the UI for the Windows Firewall is typically used
35	> to set rules on a per-application basis. However, I'm pretty sure
36	> this can also be done with netfilter. I'm not sure if any of the more
37	> convenient netfilter front-ends offer this capability.
38	>
39	>> I get that it doesn't
40	>> stop truly malicious programs
41	>
42	> As far as I'm aware there is nothing really wrong with the Windows
43	> Firewall. I wouldn't expect it to be any less secure than netfilter.
44	> There is something to be said for having layers of defense and running
45	> a firewall that isn't on the server being protected, but that is true
46	> of both Linux and Windows. Of course the Windows implementation could
47	> contain a bug that the Linux implementation lacks, but the reverse is
48	> also true. Like everybody around here I prefer a FOSS implementation,
49	> and would trust it more due to the "many eyes" philosophy, but I'd
50	> stop short of saying that the Windows software firewall is
51	> particularly insecure.
52	>
53	> And of course if you want to filter based on process you have no
54	> choice but to implement it on the host running the process. This
55	> doesn't prevent you from also having a separate firewall at the
56	> network perimeter either.
57	>
58	> --
59	> Rich

Gentoo Archives: gentoo-user