On 161216-08:35-0500, Rich Freeman wrote: > On Fri, Dec 16, 2016 at 8:13 AM, Miroslav Rovis > <miro.ro...@croatiafidelis.hr> wrote: > > On 161216-07:16-0500, Rich Freeman wrote: > >> On Fri, Dec 16, 2016 at 5:19 AM, Miroslav Rovis > >> <miro.ro...@croatiafidelis.hr> wrote: > >> > > >> > In my stron opinion, and opinions are allowed in Gentoo, just not > >> > imposing your opinion onto others (and that I am not doing, feel free > >> > to disagree!), pulseadio is spyware, read more here: > >> > > >> > Re: [Alsa-user] sans-pulseaudio Firefox? was: a strange thing > >> > https://www.mail-archive.com/alsa-user@lists.sourceforge.net/msg31928.html > >> > > >> > >> What exactly about Pulseaudio do you think makes it "spyware?" The > > You're right actually. Or might be. It is likely not spyware in itself, > > but it surely is spyware enabler. Like dbus and all of poetterware. > > > > And about xorg. Everybody uses it, I do too. Minimalistically. Just > > enough to have, say Firefox and Wireshark, and a good *nix programs that > > need gui. But I'd think the possibilities for spying-required remote > > connections with xorg are nowhere near to what poetterware and > > associates offer. > > > > I'm not sure I understand what distinction you're making. I can't say > I'm intimately familiar with the security model around Pulseaudio (at > a glance it seems similar to X11 with its use of cookies, though > obviously if you tell it to broadcast unencrypted multicast RTP on > your LAN you'll get the obvious effects) but X11 has a couple of > glaring security weaknesses. The most obvious is the fact that any > random X11 client can read the keyboard input of any other client on > the same server unless you jump through a bunch of hoops that I don't > think anybody actually jumps through (though I do believe some of the > X11 PIN entry programs may use them at least). Anything you type into > an xterm could be read by your browser, and in turn by any code able > to execute outside any sandbox that browser might have (root privs not > needed for this).
I don't claim it can not, but I doubt anyone can do it in my grsecurity-hardened based Gentoo machine. [ but first (I just now looked it up), I'm not match for you, you are a Gentoo developer: https://www.gentoo.org/inside-gentoo/developers/ where the link under "Rich0" opens: https://wiki.gentoo.org/wiki/User:Rich0 and you would get a better reply from someone of your statue, which I'm not ; and since we're at conditionalities, I'm sorry if I reply slowly, I'm unable to work faster. ] > And I wouldn't be surprised if a lot of X servers still run as root > for modesetting/etc. What user is that? It you want, tell me how to check it, and let's see how spyware-prone my system is. > > That's why they came into existance, after all. > > Uh, somehow I doubt that Lennart wrote Pulseaudio just to simplify the > task of getting audio off of a local host so that somebody can spy on > you. Maybe it had something to do with the fact that before it came > along just doing something like plugging a USB headset into a Linux > desktop was a bit of a chore? It's been discussed over and over again. Lots of people are firm in their understanding that Lennart is an actor by and for the big business. Me too. And, it's not about singular trees but the big picture, and I dare reply even to you with the following argument. Because this argument is understood even without being a programmer, being this argument the sign of the time, so it's in the very big picture. And it's, to some extent, just repeating what I already wrote, regardless of the singular trees looking deliciously innocent (running your multiple desktop sessions looks so innocent and un-evil, almost like Schmoog the Schmoogle!)... The argument: In this day and age, when the state- and other big actors virtually know ever-nearer to virtually everything about everybody, there is not deaf spot anywhere in public, and not even in your own home you are not audio-alone, but rather you are automatically recorded anywhere you go, and that wholesale spying is undeniable, thanks to Edward Snowden... In that big picture, whatever would anybody say that this complex new Pulseaudio code, that communicates to anywhere, local or remote, whatever would anybody try to claim that that perfect --but also the spying firm the Schmoog is perfect as well, and really really not "not evil", they sold so many people!-- whatever would anybody try to claim that that perfect code is for... Whatever would anybody try to claim that that perfect code is for, but, let alone the nice trees like the ones you mention, let them alone... Because it's like saying: oh how good my dear Schmoog the Schmoogle is, look, I can post any video I want, and I don't pay for it!... And that's like saying: how good my new Galaxy Android is... mobile phones, the eavesdropper devices good?! (Oh, for the feeble of mind, not for you, the user, no! But for the state- and other big actors eavesdropper device that you paid for so that they can record you...) Whatever would anybody try to claim Pulseaudio code is, but to make up for what was missing in some FOSS GNU Linux boxen for the missing functionality that the big players couldn't otherwise get for their Total Surveillance... And they couldn't get it because there are some, developers/users alike, and... ===================================================================== I thank here all the developers thanks to whom I don't have to use neither Systemd nor Pulseaudio, nor Dbus, nor Policykit nor any poetterware... ===================================================================== I thank them most sincerely! [And they couldn't get it because there are some, developers/users alike], who stubbornly do not want to live with massive intrusion into their boxen, which their, the big players' one-ring-to-rule-them all agenda, comprising total surveillance, is... But maybe I wrote in more to the point in the other link further about, which you left standing... Don't know. > Well, if you prefer not to use Pulse, that's of course up to you. I > wasn't running it for ages, and I probably still wouldn't be running > it if I didn't have issues with running multiple desktop sessions as > separate users (one of those things that stuff like pulse+policykit > and so on was designed to help fix). > > -- > Rich > Respectfully! -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr
signature.asc
Description: Digital signature
