Re: Flame Linus to a crisp!

Jamie Lokier (jamie@shareable.org)
Fri, 25 Apr 2003 22:50:14 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David Mosberger: "Re: [PATCH] i386 vsyscall DSO implementation"
Previous message: Bill Nottingham: "Re: ia32 kernel on amd64 box?"
In reply to: Andreas Jellinghaus: "Re: Flame Linus to a crisp!"

Andreas Jellinghaus wrote:
> On Fri, 2003-04-25 at 21:12, Jamie Lokier wrote:
> > Because the only kernels that ISPs accept connections from are signed
> > and encrypted by the computer vendor - which means you _cannot_ trust
> > those kernels to not contain back doors.
>
> ah, you want to put apache with mod_ssl into the kernel (now that we
> have CONFIG_CRYPTO), including the code to check for client certificates
> and the CA certificate itself? You are very welcome to do so, the GPL
> allowes this.
>
> Still as you can see, that can also be done in userspace.

Eh? The chain of trust can be extended to userspace too.

> Maybe you forget "and I cannot replace the kernel but I want to"?
> Now this is not very new: I cannot replace my BIOS either.
> Or in fact we could do both, it's merely the same. The hardware
> can make it difficult, but still it is a hardware issue, right?

Indeed, and I enjoy reverse engineering :)

I don't enjoy reverse engineering encryption chips with embedded keys
though. That's out of my economic reach, not to mention that much as
I love the idea of being arse-raped daily (i.e. in prison) I don't
fancy the diseases that come with it, nor the shitty dinner menu.

> Maybe it's not such a bad idea to have two computers. One for
> entertainment, online banking and digital video rental and stuff
> like this where you deal with the paranoid and let them waste their
> money on expensive hardware. And one for real work.

Just like we have to have two computers now - one to exchange
documents with other people (Windows + Office) - another to do real
work?

Sounds great... um.

(Ok, ok, Office isn't such a big deal any more. (Although even now I
have Word docs that don't work in Openoffice, KOffice or Abiword)).

Ok, I relent. I suppose it _is_ reasonable that I have one computer I
can run my choice of programs on and a different one that is capable
of connecting to the 2010 Internet.

> CDBTPA? I read "Argh Anonymous" detailed analysis on cypherpunks,
> and I recommend it to you, too.
>
> www.inet-one.com/cypherpunks/dir.2002.07.15-2002.07.21/msg00225.html

Thanks for the link. Sadly the article seems to have gone missing :)

> If you have other sources that also know facts,
> please let me know. They seem kind of rare these days.

Fair point.

I speak about what this stuff _could_ be used for, as a general
warning to be diligent, rather than what is planned right now.

-- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Mosberger: "Re: [PATCH] i386 vsyscall DSO implementation"
Previous message: Bill Nottingham: "Re: ia32 kernel on amd64 box?"
In reply to: Andreas Jellinghaus: "Re: Flame Linus to a crisp!"