From owner-freebsd-questions@FreeBSD.ORG Sat Feb 9 01:12:11 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BC04416A502 for ; Sat, 9 Feb 2008 01:12:11 +0000 (UTC) (envelope-from modulok@gmail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.228]) by mx1.freebsd.org (Postfix) with ESMTP id 3B38513C457 for ; Sat, 9 Feb 2008 01:12:10 +0000 (UTC) (envelope-from modulok@gmail.com) Received: by wx-out-0506.google.com with SMTP id i29so3452197wxd.7 for ; Fri, 08 Feb 2008 17:12:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=UQpGs0xHM91eFMpIFHBQXKhzFqeeoE2Z526rpDT4fEU=; b=bd+xHxtv4Uv7xJ0/ZCjxvt7s4Y7s4mG2vcfwzaranIBm6/vlQUNfJ9yDYwalu32CqPxTrYHQ9simVH2b+vrYGjV4vYkFziMC5J400JyUsiwBqBycXKm2ndT2tSUgM9/Tx4Z+wZV+dMtHfh+Eco23c5OiH/IP2Jck3BY8AWxUqS8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=AOlbUQZfRtr7KwNOrF1cTxstPbxh1Mx/6CtJsD2zO9tUjFmwJHWF76D16X6F2Rq4egmaeudoA5Qu1h8NLzJaalB8OUxcHNKgty2YtkFaXTVMvMNLQiA8TxNpmSiZUScTqhdOZPlb9j8kTFnPY2zmtnmOibFdpcvCMs+T1mz3D3U= Received: by 10.70.92.5 with SMTP id p5mr8523287wxb.33.1202519530084; Fri, 08 Feb 2008 17:12:10 -0800 (PST) Received: by 10.70.70.2 with HTTP; Fri, 8 Feb 2008 17:12:09 -0800 (PST) Message-ID: <64c038660802081712i430199f4y5808288bdfd60325@mail.gmail.com> Date: Fri, 8 Feb 2008 18:12:09 -0700 From: Modulok To: "Jeremy Gransden" In-Reply-To: <87f7f4170802061326t217ebeaao600f14b9d01412e6@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <87f7f4170802061326t217ebeaao600f14b9d01412e6@mail.gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: OT: Whats wrong with gmail? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Feb 2008 01:12:11 -0000 > what is wrong with gmail? A few interface annoyances, but perhaps nothing. It depends on what you plan on doing with it. For me it's convenient. It's one less thing I have to worry about. > I just cannot bring myself to trust anyone else for email. Running your > own server on BSD or Linux is so bloody easy, if you're paranoid about > email for archival, privacy, or other reasons, just run your own server. You have already instilled trust in countless thousands. Is it a problem? Maybe. It depends on how important one feels the confidentiality of the information is. For Top Secret classified documents, I would not use plain text gmail or any other plain-text service. For online shopping accounts and participating in mailing lists, I do. If one really wants to get paranoid, they had best throw in the towel and crawl under a rock now. "Do not use commercial operating systems, they spy on you." Probably. Is open-source software any different? Maybe, maybe not. There is no reason why it should be trusted any more than its closed-source counterpart. "We can audit the source code." Not really. Most people would be incapable of this feat, for even the simplest of programs. Even for those who possess the technical prowess to accomplish such a feat, do they really have the funding, manpower and time to audit every piece of code they come in contact with? Obviously not, for if they did, programs would not have bugs. Even if one could audit every program they use, what about the libraries on which those programs depend? How about the system calls? What about the compiler? If it has been tainted it would be quite difficult to detect. What about the assemblers? How about the low-level firmware? Once you get all of those bits audited, over the course of the remainder of your natural born lifespan, you'll be faced with the feat of trying to examining the hardware on which the code runs. After all, if the hardware cannot be trusted, all the rest is moot. Security is a very serious business that should not be ignored, but too many people get too concerned over all the wrong aspects and miss the big picture. Trust is relative and required, despite your tools of choice. Even using Linux or BSD, you instill significant trust in a great many people, most of whom you do not even know. What's wrong with gmail? It depends on who you ask. -Modulok-