From owner-freebsd-questions@FreeBSD.ORG Sat Feb 9 14:43:06 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5A8D616A417 for ; Sat, 9 Feb 2008 14:43:06 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: from outbound-mail-106.bluehost.com (outbound-mail-106.bluehost.com [69.89.22.6]) by mx1.freebsd.org (Postfix) with SMTP id 34F7A13C455 for ; Sat, 9 Feb 2008 14:43:05 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: (qmail 20114 invoked by uid 0); 9 Feb 2008 14:43:05 -0000 Received: from unknown (HELO box183.bluehost.com) (69.89.25.183) by xmail.bluehost.com with SMTP; 9 Feb 2008 14:43:05 -0000 Received: from c-24-9-123-251.hsd1.co.comcast.net ([24.9.123.251] helo=demeter.hydra) by box183.bluehost.com with esmtpa (Exim 4.68) (envelope-from ) id 1JNqv3-0007Lb-Dp for freebsd-questions@freebsd.org; Sat, 09 Feb 2008 07:43:05 -0700 Received: by demeter.hydra (sSMTP sendmail emulation); Sat, 9 Feb 2008 07:43:04 -0700 Date: Sat, 9 Feb 2008 07:43:04 -0700 From: Chad Perrin To: freebsd-questions@freebsd.org Message-ID: <20080209144304.GC50808@demeter.hydra> Mail-Followup-To: freebsd-questions@freebsd.org References: <87f7f4170802061326t217ebeaao600f14b9d01412e6@mail.gmail.com> <64c038660802081712i430199f4y5808288bdfd60325@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <64c038660802081712i430199f4y5808288bdfd60325@mail.gmail.com> User-Agent: Mutt/1.4.2.3i X-Identified-User: {737:box183.bluehost.com:apotheon:apotheon.com} {sentby:smtp auth 24.9.123.251 authed with perrin@apotheon.com} Subject: Re: OT: Whats wrong with gmail? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Feb 2008 14:43:06 -0000 On Fri, Feb 08, 2008 at 06:12:09PM -0700, Modulok wrote: > > > I just cannot bring myself to trust anyone else for email. Running your > > own server on BSD or Linux is so bloody easy, if you're paranoid about > > email for archival, privacy, or other reasons, just run your own server. > > You have already instilled trust in countless thousands. Is it a > problem? Maybe. It depends on how important one feels the > confidentiality of the information is. For Top Secret classified > documents, I would not use plain text gmail or any other plain-text > service. For online shopping accounts and participating in mailing > lists, I do. I'm not sure what you mean by "online shopping accounts", but if it involves receiving passwords in email for accounts that can be used to spend your money, it's probably a bad idea to use unencrypted email. > > If one really wants to get paranoid, they had best throw in the towel > and crawl under a rock now. "Do not use commercial operating systems, > they spy on you." Probably. Is open-source software any different? > Maybe, maybe not. There is no reason why it should be trusted any more > than its closed-source counterpart. "We can audit the source code." > Not really. Most people would be incapable of this feat, for even the > simplest of programs. Even for those who possess the technical prowess > to accomplish such a feat, do they really have the funding, manpower > and time to audit every piece of code they come in contact with? > Obviously not, for if they did, programs would not have bugs. Open source software doesn't just benefit from an individual ability to audit source code -- it benefits from a community ability to audit source code. If *anyone who wants to* can audit the source code, the chances that something wrong with it in the sense of intentionally included spyware will go undetected gets vanishingly small. This, in turn, means that the likelihood of people inserting such code into a reasonably popular open source OS is also vanishingly small. Meanwhile, with a closed source OS, quite the opposite is the case. There's no way for customers to really be entirely sure what's in the source code, generally speaking. This means not only that the kind of spyware-like code we're discussing might not be discovered -- it also means that the vendor can insert such code pretty much with impunity, and all developers may be subject to nondisclosure agreements with regard to such code. > > Even if one could audit every program they use, what about the > libraries on which those programs depend? How about the system calls? > What about the compiler? If it has been tainted it would be quite > difficult to detect. What about the assemblers? How about the > low-level firmware? Once you get all of those bits audited, over the > course of the remainder of your natural born lifespan, you'll be faced > with the feat of trying to examining the hardware on which the code > runs. After all, if the hardware cannot be trusted, all the rest is > moot. You seem to be saying "Since some aspects of security are difficult, we should never worry about any aspects of security at all." > > Security is a very serious business that should not be ignored, but > too many people get too concerned over all the wrong aspects and miss > the big picture. Trust is relative and required, despite your tools of > choice. Even using Linux or BSD, you instill significant trust in a > great many people, most of whom you do not even know. > > What's wrong with gmail? It depends on who you ask. I can agree with that. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] Kent Beck: "I always knew that one day Smalltalk would replace Java. I just didn't know it would be called Ruby."