Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Security in 2022

Off-Topic discussions about science, technology, and non Debian specific topics.
Post Reply
Message
Author
Ed.forum
Posts: 1
Joined: 2022-06-27 00:15

Security in 2022

#1 Post by Ed.forum »


What are the biggest obstacles to securing our technological lives in 2022?



It seems strange to me, in hindsight, looking back on the evolution of technology how-open source-is
mysteriously immune to the endless stream of viruses, malware, and spyware that has been an integral
part of technological development. People generally, now-cynically, understand how business' have
the implicit interest of making money, and routinely exploit people, even to the point of their products
being best described in the technological world, as malware or spyware themselves.

In a world where "economics" or social power, determine the ebb and flow of development, it's bizarre
that somehow, seemingly magically, Linux, has been immune to the phenomena of people working
relentlessly, to exploit other people. One of the tenants of "security," as an ideology which has developed
in this atmosphere of relentless exploitation of both technology, and people, is distrust-and of everything
by default that we interact with.

Technologically, socially, we are vulnerable, and while it may appear at some point in our lives
that clearly we have mutual goals, of things like communication, sharing, development, growth,
it quickly becomes naive in the real world experiencing repeatedly, how other people
don't share that sentiment. In fact, they completely ignore it in order to capitalize economically,
and socially, and to serve their purpose which-pays the bills, keeps their job,
or even merely satisfies their instinct.

We, are vulnerable, and that fact is the basis of our technological lives today, and specifically
it's development--and it's not because that is the most important thing to know about people
and technology, but it is because that is the dominant theme of the modern world: because
people and technology are vulnerable, and that can be capitalized on, organizations exist
with the sole purpose of taking advantage of others, and don't care about the bigger picture.
They don't care about legitimacy, they don't care about your feelings or needs, they have the
goal to exploit people, to exploit technology--and do so with the backing of societies broad structure.

It's as if there are criminal organizations in our "community," and their basis is to take advantage of the world
irrespective of the law, and our lives, and while they exist, they will continue to relentlessly exploit people and technology.
No matter how many times we encrypt our hard drives, no matter how many passwords we use to secure our accounts,
no matter how many precautions we take to protect ourselves, because these people exist-that do not care about
rules, or a benign social contract claiming freedom, we will always be insecure, since it's just a matter of fact,
that the potential exists-and they are going to abuse it.

I see the entire technological spectrum as a damning reflection of this reality. People have been caused
to relinquish their senses, their security, for the remote impulse that compels them-to sign up, to trust, to believe,
to repeat the words, of total strangers, to blindly agree to a contract, and in so many ways, that is inherently fraudulent
while they had nothing to do with it's formation. Windows, Mac, Linux, Gnu, AMD, Intel, this product, or that product,
none of it matters while our technological lives are far removed from our personal computers, and are scattered about in totally
unknowable domains, with totally unknowable objectives, all of which exist in a world based-on our lack of security entirely.

Huge multi-billion dollar conglomerate enterprises which supersede the Government, the law, our interests, somehow
forgot to exploit Linux reading the "internet" composed of "free-speech," and we are all perfectly safe in a world, where
all the good development projects mysteriously stop functioning, lose all support, and unless they inherently possess
the basis which enables the broader system to exploit it towards it's own circumspective ends.

In reality, we have effectively, as a society-relinquished our security completely, and not because we didn't choose
a strong enough "password," or trust the right people or organizations--but because we have failed to be honest,
in the face of absolute oppression, now reflected in technology, and the organizations that build it. Being, honest,
we can clearly understand-the problem isn't encrypted tunneling, or obfuscation, or "privacy," it's the criminal behavior
itself, and the organizations behind it, that will relentlessly exploit our lives until we actually confront them, and cause
them to be stopped in their effort at undermining our security, our technology, digitizing and virtualizing our assets
into their own hands, all while constantly pressuring people systematically, to trust, to believe, and in an entire system
of complete and total fiction.

User avatar
sunrat
Administrator
Administrator
Posts: 6412
Joined: 2006-08-29 09:12
Location: Melbourne, Australia
Has thanked: 116 times
Been thanked: 462 times

Re: Security in 2022

#2 Post by sunrat »

Moved to Offtopic as it's a discussion, not a support question.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!

user6c57b8
Posts: 19
Joined: 2022-05-31 16:19
Has thanked: 5 times

Re: Security in 2022

#3 Post by user6c57b8 »

What's the TL;DR version of this forum topic post?

User avatar
NFT5
df -h | grep > 20TiB
df -h | grep > 20TiB
Posts: 597
Joined: 2014-10-10 11:38
Location: Canberra, Australia
Has thanked: 10 times
Been thanked: 43 times

Re: Security in 2022

#4 Post by NFT5 »

"We're rekt" should cover it.

Maybe OP's going to post again with some solutions?

User avatar
Onsemeliot
Posts: 333
Joined: 2010-12-15 14:43
Has thanked: 20 times
Been thanked: 5 times

Re: Security in 2022

#5 Post by Onsemeliot »

I wouldn't say free software is immune to general security flaws. Most derive from mindless online activities anyway. And there the used operating system is hardly relevant. The main advantage is that only very few people use free software systems as their daily drivers. Therefore, most of the time it isn't worth considering this demographic as a target to exploit. And it is also a bit trickier to exploit as a platform because of the better permission management. But mainly it comes down to being a small niche of users. So at least it has something good as well to not have gained more traction yet.

And concerning the bad morale of the corporations exploiting users: What do we expect to happen if we build our economic system with rules that don't even have a factor as usefulness or our own good to be relevant for success? Our only driving force in economy is profit. We shouldn't be surprised that nothing else matters in this system. If we want to get an other outcome we need to change the rules of the game. If we want for example to keep social justice and protect the environment we can't allow it to be fully irrelevant in the ways we act economically. The way it is right now you can't actually compete with institutions that exploit as much as they can. They will always be better off than you if you also consider other factors than pure profit maximisation. I know this won't go down well with people who still believe in the free market but without additional general boundaries that ensure no business can operate while being harmful to its environment, I see no way how we should actually get there. And it isn't the case anyway that we are not already limiting what companies are allowed to do. There are many rules for example for safety. Why not add those we know are missing?

User avatar
canci
Global Moderator
Global Moderator
Posts: 2502
Joined: 2006-09-24 11:28
Has thanked: 136 times
Been thanked: 136 times

Re: Security in 2022

#6 Post by canci »

First, please learn to shorten your posts. You seem to love redundant phrasing and that's wasting everyone's time.
Ed.forum wrote: 2022-06-27 01:37 strange to me, how-open source-is
mysteriously immune to the endless stream of malware,
This is demonstrably false in 2 ways.
When it comes to the superiority of certain open source projects, their security standards stem from the wise decisions made within the Unix ecosystems. Microsoft and some other popular IT giants decided to have a lax security system, which is why the better track record of less popular options seem so magical.
Secondly, if you look at projects like npm or Python, you'll see that even some open source projects fall victim to very careless security practices. Plus, it's a myth that, just because software is open source, many eyes are meticulously scanning the code all the time.
Image Stable / Asus VivoBook X421DA / AMD Ryzen 7 3700U / Radeon Vega Mobile Gfx (Picasso) / 8 GB RAM / 512GB NVMe

READ THIS:

* How to Post a Thread Here
* Other Tips and Great Resources

User avatar
Northpoint
Posts: 88
Joined: 2020-12-19 10:51
Location: USA
Has thanked: 48 times
Been thanked: 13 times

Re: Security in 2022

#7 Post by Northpoint »

Onsemeliot wrote: 2022-06-27 06:20 I know this won't go down well with people who still believe in the free market but without additional general boundaries that ensure no business can operate while being harmful to its environment, I see no way how we should actually get there. And it isn't the case anyway that we are not already limiting what companies are allowed to do. There are many rules for example for safety. Why not add those we know are missing?
I do think linux is more secure because it was built that way from the beginning. However, Companies like M$ have been dumbing down their operating system and people in general have become dumber over the years. People when working on computers do the strangest things and inevitably cause a lot of their own issues. I think if your running linux as a daily driver then you are not as apt to make stupid mistakes. This in itself is somewhat a security feature I guess.

As for the free market, The free market works and works very well. The real problem is that when a company steps over the line no one is calling them out on it. When the government is in the pocket of these companies things get a lot worse. We also have plenty of laws governing this behavior but they are just not enforced (ah hum, Hillary and her email server). So, These companies are ripe for doing whatever they wish in the name of profit because no one is enforcing the current laws. When the laws are applied its because you are for some reason in the sites of these governments or companies.

If people voted with their money this would keep a lot of the companies in line. However, Its hard to boycott a company when the government(s) let the market consolidate into just a few with too much power. Also, Most people just do not care. They do not use the power of their wallet. This is not the fault of the market. Its the fault of those participating in this market we call Capitalism.
Get your linux on.

LE_746F6D617A7A69
Posts: 932
Joined: 2020-05-03 14:16
Has thanked: 7 times
Been thanked: 65 times

Re: Security in 2022

#8 Post by LE_746F6D617A7A69 »

canci wrote: 2022-06-27 06:36 Plus, it's a myth that, just because software is open source, many eyes are meticulously scanning the code all the time.
No, it's not a myth - please read the details of f.e. "Dirty Pipe" vulnerability - it has been discovered exactly because someone have analysed the Linux kernel code.

The same applies to all other vulnerabilities in open source projects - they are discovered and reported by independent developers who are using the code and who sometimes are discovering "unexpected behaviour" of the kernel/library/application - and they are reporting such discoveries.
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed

User avatar
canci
Global Moderator
Global Moderator
Posts: 2502
Joined: 2006-09-24 11:28
Has thanked: 136 times
Been thanked: 136 times

Re: Security in 2022

#9 Post by canci »

You misunderstood me, so I implore you to read my statement again:

Just because software is open source, it won't be automatically more secure and people won't automatically audit it for security. In your example, the kernel, there is massive corporate backing with top tier engineers both being paid and doing voluntary work to audit the kernel code. This is not true for a lot of open source projects. And if you want, you can just search for security blunders concerning e.g. npm or rust.
Therefore, blindly believing that open source will just be audited due to its open nature is naive.

Here is a great example from npm. Something like this would never happen on Linux, but it happens regularly on a lot of open source projects:
https://mastodon.social/@lrvick/108274265429826806
Image Stable / Asus VivoBook X421DA / AMD Ryzen 7 3700U / Radeon Vega Mobile Gfx (Picasso) / 8 GB RAM / 512GB NVMe

READ THIS:

* How to Post a Thread Here
* Other Tips and Great Resources

CwF
Global Moderator
Global Moderator
Posts: 2638
Joined: 2018-06-20 15:16
Location: Colorado
Has thanked: 41 times
Been thanked: 192 times

Re: Security in 2022

#10 Post by CwF »

canci wrote: 2022-06-28 05:34 it won't be automatically more secure and people won't automatically audit it
in addition, when some vulnerabilties are found, and not reported...

User avatar
canci
Global Moderator
Global Moderator
Posts: 2502
Joined: 2006-09-24 11:28
Has thanked: 136 times
Been thanked: 136 times

Re: Security in 2022

#11 Post by canci »

CwF wrote: 2022-06-28 06:13 in addition, when some vulnerabilties are found, and not reported...
Exactly. Open source software is of course much more democratic than closed source one, but we always forget that auditing software security requires excellent engineers, most of which will only be able to do this if they're paid for it. It's a painstaking job, not a hobby that you do in your spare time. And this again makes us free software users dependent on those people who know how -- and that their heart is in the right place.
Image Stable / Asus VivoBook X421DA / AMD Ryzen 7 3700U / Radeon Vega Mobile Gfx (Picasso) / 8 GB RAM / 512GB NVMe

READ THIS:

* How to Post a Thread Here
* Other Tips and Great Resources

LE_746F6D617A7A69
Posts: 932
Joined: 2020-05-03 14:16
Has thanked: 7 times
Been thanked: 65 times

Re: Security in 2022

#12 Post by LE_746F6D617A7A69 »

canci wrote: 2022-06-28 06:43 Open source software is of course much more democratic than closed source one, but we always forget that auditing software security requires excellent engineers, most of which will only be able to do this if they're paid for it. It's a painstaking job, not a hobby that you do in your spare time.
US Army, NSA, NASA, Google, Facepalm (aka META), Microshit(*), ... , and almost all servers in the Internet are using Linux at the core of their systems - in other words, best in class software engineers in the world(**) agree that Linux-based systems are the most stable and secure option.

(*) Yes - AzureCloud is build on Linux (and on many other open source technologies "borrowed" from GitHub - what only proves that M$ is not able to invent anything useful on its own, Edge is yet another example). But, this also means that Microshit is not really convinced that WindowsServer is secure :lol: :lol:

(**) Except Microshit: they have only Code Monkeys hired to copy source code from GitHub :lol:
Bill Gates: "(...) In my case, I went to the garbage cans at the Computer Science Center and I fished out listings of their operating system."
The_full_story and Nothing_have_changed

User avatar
Onsemeliot
Posts: 333
Joined: 2010-12-15 14:43
Has thanked: 20 times
Been thanked: 5 times

Re: Security in 2022

#13 Post by Onsemeliot »

Northpoint wrote: 2022-06-27 19:30 This is not the fault of the market. Its the fault of those participating in this market we call Capitalism.
I agree with most of what you write but if we in general get a bad outcome we can't blame individuals for it. There is obviously something wrong about how we have set-up our processes. And if it only is the wrong assumption about our own default behaviour. For example: We shouldn't expect that people in general will act responsibly and reasonable. This is just not the default. It can happen but most of the time we don't consider the relevant factors for the issue at hand because we most of the time are distracted by other things we do care about. Even if those other things aren't relevant in the great picture at all.

User avatar
Northpoint
Posts: 88
Joined: 2020-12-19 10:51
Location: USA
Has thanked: 48 times
Been thanked: 13 times

Re: Security in 2022

#14 Post by Northpoint »

Onsemeliot wrote: 2022-06-29 07:12
Northpoint wrote: 2022-06-27 19:30 This is not the fault of the market. Its the fault of those participating in this market we call Capitalism.
I agree with most of what you write but if we in general get a bad outcome we can't blame individuals for it. There is obviously something wrong about how we have set-up our processes. And if it only is the wrong assumption about our own default behaviour. For example: We shouldn't expect that people in general will act responsibly and reasonable. This is just not the default. It can happen but most of the time we don't consider the relevant factors for the issue at hand because we most of the time are distracted by other things we do care about. Even if those other things aren't relevant in the great picture at all.
I agree in general. I have to say that I have met many people with rather lacking default behaviour. On the flip side, I am grateful to have met a lot of good people too. The bad outcomes could have been good outcomes if not for those involved at the time.

thank you.
Get your linux on.

Post Reply