Security and Privacy Forum

Write suggestions and new ideas in here
More ideas here http://community.linuxmint.com/idea/welcome
Forum rules
No support questions here please.
Do not post ideas for application developers. Please use GitHub for Cinnamon and Nemo ideas.

Does Mint Need a "Security and Privacy" forum?

Yes
46
48%
No
2
2%
Probably Yes
8
8%
Probably Not
2
2%
This would be very useful!
19
20%
Recent News says that we really need this
17
18%
Dumb Idea
2
2%
 
Total votes : 96

Re: Security and Privacy Forum

Postby clfarron4 on Wed Nov 13, 2013 11:10 am

clfarron4 wrote:The reason I made my point about tin-foil hat people was from a discussion I was having on a Google+ community for Linux Mint users. I'll link the post tonight.


Ok, so the post seems to have been deleted, but the long and short of it is that some-one want to develop a duress passphrase system that would nuke the users home directory into oblivion, and seemed to want to do it with new rules for PAM and modifications to the way Linux stores passphrases.

monkeyboy wrote:Can someone please tell me a form of communication that governments haven't mined for information? Bottom line I never expect privacy on a public channel.


There isn't one. The post system is one way to lessen it slightly, but it is much slower. Otherwise, you're best encrypting your way to glory.
Problems? Tell us EXACTLY what you've done and what you expected to happen, IN DETAIL. That will save us questions, and we should get along better,

I have dysgraphia. This means I might have understood you incorrectly through no fault of my own.
User avatar
clfarron4
Level 5
Level 5
 
Posts: 510
Joined: Thu Sep 19, 2013 6:20 pm

Linux Mint is funded by ads and donations.
 

Re: Security and Privacy Forum

Postby deminted on Sat Jan 11, 2014 10:19 am

Months ago (Wed Nov 13, 2013 3:45) monkeyboy asked
Post by monkeyboy on Wed Nov 13, 2013 3:45 pm
Can someone please tell me a form of communication that governments haven't mined for information? Bottom line I never expect privacy on a public channel.


A direct answer might be contemplative prayer, perhaps. (But they are working on it.)

Ahem..
Do we mean to say we always expect to get run over when we cross a busy road, so it isn't worth taking any precaution?
Or we always expect burglars, so we leave our doors open because they'd get in anyway?


Explicitly - if I catch your drift correctly - I don't think that's good reasoning of yours, monkeyboy, and I don't believe that even you should make it easy for governments or other thieving crooks to get into your computer system, just because it's inevitable they can.
But you are correct when you imply that not even Linux is secure from exploits or subverted code (or subverted coding base).


To further expose the insanity of current trends in Mint (sorry, CLeF) - I've just installed Mint 16, and I find no default firewall (not that inbound-only ufw is up to much anyway - locking stable doors after horses have bolted), and I have to expose the system & go online without a firewall in order to fetch a firewall. :roll: Security consciousness would preclude this irrational behaviour.

And that root by default has no password protection at all (is that really best practice?), and Mint has no prompt to set one, or to warn any trusting soul that installs it.

From personal experience, I was seeing from sysmon that a lot of data (10% to 30% of fetched data when browsing) was disappearing upline for no apparent cause, plus my browser was regularly filling up my 8Gb core memory until it slowed the system to a crawl. I do not like this.
The after quite a few hours(+) of delving I discovered 'apparmor' and it's default profiles. I installed it, and both these problems went away (mostly!), so my current 'data sent' is less than 5% of data fetched (still too much IMO), and I rarely get to over 4Gb memory used..

But with recent changes, I find it's now impossible - in live system - to disable smbd shares (when I have no use for them), and I have an ssh-agent running which I can't get rid of ( try a w³ebsearch for ssh-agent security vulnerabilities).

So what the ... is going on here? Is Mint put together by that well-trusted protective element the NSA, or is it infiltrated by mafia? Is the excision of Unity a red herring to lull us into a false sense?

I see it's become something of a hot potato because Mint was accused in a blog elsewhere of being insecure (and unsuitable for say, banking) - for slightly wrong reasons - but I see that as no reason at all to sideline discussion of security/privacy considerations and provision of tutorials & individual help where needed (even if that amounts to merely referencing more security-oriented sites).

Whatever, (IMNSHO) Mint forum, and very likely Mint development effort itself, needs it's act assembled wrt the security/privacy topic.
(Even that thing about ostriches burying their heads in the sand is a myth, I'm told.)



Bump
deminted
Level 1
Level 1
 
Posts: 21
Joined: Thu Jan 12, 2012 4:34 pm

Re: Security and Privacy Forum

Postby Previous1 on Sun Jan 12, 2014 10:59 am

So what the ... is going on here? Is Mint put together by that well-trusted protective element the NSA, or is it infiltrated by mafia? Is the excision of Unity a red herring to lull us into a false sense?


Mint does prioritize "stability" over "security", even more so than Ubuntu (sometimes for reasons I can't fathom, like disabling AppArmor entirely because "it breaks pdf printing" - fwiw it doesn't), but I wouldn't go as far as calling it malignant.

There's thousands of security topics and projects on and for Linux, but most users and developers have other priorities. Even Linus himself thinks security is boring (feel free to google on that).
Image
Tutorials | cynicaltux
Arch Linux i3wm, 64bit
User avatar
Previous1
Level 4
Level 4
 
Posts: 367
Joined: Sun Dec 01, 2013 11:48 am

Re: Security and Privacy Forum

Postby FreedomOfTheOpenCode on Sun Jan 12, 2014 1:07 pm

There's quite a lot of good advice about security in Linux over on the Trisquel forum at http://trisquel.info/en/forum/firewall-trisquel. It gets interesting about half-way down. There's also some good advice about DNS resolvers elsewhere on the same forum.
FreedomOfTheOpenCode
Level 2
Level 2
 
Posts: 79
Joined: Thu Mar 14, 2013 3:16 pm

Re: Security and Privacy Forum

Postby deminted on Mon Jan 13, 2014 10:41 pm

Thanks, FreedomOfTheOpenCode - useful but I think we need more in depth, more about why the common misconception that Linux is invulnerable is plain wrong, more simple tutorials, and some place for helping people who have a problem. {And maybe even some moral/political philosophy about freedoms & privacy, for those who don't understand! }
Mint users deserve to have direct access to the whys & wherefors, and the howtos, even if it is just pointing people at fuller resources elsewhere.

And also it's just possible that some Mint developers may need to be reminded occasionally of their responsibilities to the community, especially if they just feel that fundamental essentials are boring and 'in the way'.

@ Previous1
when you wrote
Even Linus himself thinks security is boring (feel free to google on that).

You could easily send people away with an incorrect view of the man's thoughts on that!

He's also said:
To me, security is important. But it’s no less important than everything *else* that is also important!


which is to say, boring but entirely necessary...
(that's without even going into the point that ordinary bugs can be massively inconvenient, and also lead to vulnerability.)

Linus Himself has also spoken (and signalled) about the attentions of the NSA, a reference here: http://www.youtube.com/watch?v=wwRYyWn7BEo

Previous1
also noted
... like, for reasons I can't fathom, like disabling AppArmor entirely because "it breaks pdf printing" - (for what it's worth, it doesn't) ...

Now there's a case in point - why is that acceptable if it is without reason, why hasn't the state of affairs been corrected - and who exactly is behind that sort of 'accidental' oversight? And should they be trusted by the rest of us?
I regret having to make that point, but it's a reality.
Perhaps I have a bias from being a former head of technical security. But that was on a different platform, and decades ago; I'm out of my depth in Linux & frankly very concerned by some peoples' lax approach. But then I also have wider experience & I'm pretty well the opposite of the 'black-and-white' bore Linus imagines - I do know the type - http://news.cnet.com/2100-1007-6243900.html

From development management & QA experience I'd agree with what Westerback is quoted as saying in that article, that software produced by people interested in security "probably works better in most cases because a belief in simplicity, clarity, and consistency usually produces better code than other approaches."

I'd like to emphasize again that it isn't just the snooping by over-reaching govermental bodies in foreign nations (potentially passing on financial intelligence to favoured players) that is pertinent, it's that if vulnerabilities - bugs, backdoors - exist for any reason, they become available for baddies to use as much as for anyone else.
That is to say, if anyone thinks that lax or tacked-on security is an acceptible trade-off for some other form of utility, are they happy to have all your data compromised, or erased, or for all your passwords to be used by some third party?

It leaves me unhappy. And verging on TL;DR :mrgreen:

We need a security/privacy forum here.
deminted
Level 1
Level 1
 
Posts: 21
Joined: Thu Jan 12, 2012 4:34 pm

Re: Security and Privacy Forum

Postby Previous1 on Tue Jan 14, 2014 3:15 am

You could easily send people away with an incorrect view of the man's thoughts on that!


I stand corrected.

I've added my vote for a security forum. The poll is positive, and with the reasons explained to have one (besides the small effort), what's the compelling reason not to have one?
Image
Tutorials | cynicaltux
Arch Linux i3wm, 64bit
User avatar
Previous1
Level 4
Level 4
 
Posts: 367
Joined: Sun Dec 01, 2013 11:48 am

Re: Security and Privacy Forum

Postby viking777 on Tue Jan 14, 2014 6:35 am

MishaSherpa, I think this feature is very necessary, so have voted accordingly. I thought I voiced this concern on the forum once, but I can't find the post so maybe I am dreaming.

As devils advocate though I also believe that the forum already has too many categories (the first one I would remove would be 'newbie questions', it is just a repository for the terminally lazy). Although having said that I wouldn't like the job of reallocating all the 'newbie question' posts elsewhere :shock:
Fujitsu Lifebook AH532. Intel i5 processor, 6Gb ram, Intel HD3000 graphics, Intel Audio/wifi. Realtek RTL8111/8168B Ethernet.Lubuntu 13.10,Ubuntu12.10 (Unity), Mint16 (Cinnamon), Manjaro (Xfce).
Image
User avatar
viking777
Level 14
Level 14
 
Posts: 5153
Joined: Mon Dec 01, 2008 11:21 am

Re: Security and Privacy Forum

Postby altair4 on Tue Jan 14, 2014 9:07 am

@viking777

MishaSherpa has either been excommunicated from this forum for overall hooliganism or has decided to retire to the front porch of his home and terrorize the grandkids with stories of the NSA.
Please add a [SOLVED] at the end of your original subject header if your question has been answered and solved.
altair4
Level 16
Level 16
 
Posts: 6123
Joined: Tue Feb 03, 2009 10:27 am

Re: Security and Privacy Forum

Postby viking777 on Tue Jan 14, 2014 1:34 pm

altair4 wrote:@viking777

MishaSherpa has either been excommunicated from this forum for overall hooliganism or has decided to retire to the front porch of his home and terrorize the grandkids with stories of the NSA.


I see you are right, and I seem to be having a 'blonde day' today. Still, never mind I still think we ought to have a security section in the forum
Fujitsu Lifebook AH532. Intel i5 processor, 6Gb ram, Intel HD3000 graphics, Intel Audio/wifi. Realtek RTL8111/8168B Ethernet.Lubuntu 13.10,Ubuntu12.10 (Unity), Mint16 (Cinnamon), Manjaro (Xfce).
Image
User avatar
viking777
Level 14
Level 14
 
Posts: 5153
Joined: Mon Dec 01, 2008 11:21 am

Re: Security and Privacy Forum

Postby Mohr on Sun Jan 19, 2014 4:27 pm

altair4 wrote:@viking777

MishaSherpa has either been excommunicated from this forum for overall hooliganism or has decided to retire to the front porch of his home and terrorize the grandkids with stories of the NSA.


Why are talking like that? Obviously you didn't like him? Or don't you like / understand people that care for privacy?
Mohr
Level 2
Level 2
 
Posts: 56
Joined: Thu Nov 08, 2012 4:49 am

Re: Security and Privacy Forum

Postby zerolimit on Fri Jan 31, 2014 5:47 am

From a different perspective...

Usage of Tor skyrocketed following the NSA leaks and recent anti-piracy laws overseas. People are actively looking for ways to stay secure and anonymous. Non-techies had no idea what Tor was and now big news outlets like Wired and The Guardian are running stories on it all the time.

Would a renewed commitment on security attract new Linux Mint users, and also increase our community support? Just a thought, looking at it from the benefits of a "marketing" standpoint.
User avatar
zerolimit
Level 1
Level 1
 
Posts: 3
Joined: Fri Jan 31, 2014 3:30 am
Location: Pennsylvania, USA

Re: Security and Privacy Forum

Postby clfarron4 on Fri Jan 31, 2014 5:39 pm

zerolimit wrote:Would a renewed commitment on security attract new Linux Mint users, and also increase our community support? Just a thought, looking at it from the benefits of a "marketing" standpoint.


On the bits which are fairly easy to implement and fix when things go wrong, so implementation of TOR, encrypted home directories would be all right. HOWEVER, managing things like the LVM on LUKS/Full Disk Encryption without dumbing it down is walking along a tightrope.
Problems? Tell us EXACTLY what you've done and what you expected to happen, IN DETAIL. That will save us questions, and we should get along better,

I have dysgraphia. This means I might have understood you incorrectly through no fault of my own.
User avatar
clfarron4
Level 5
Level 5
 
Posts: 510
Joined: Thu Sep 19, 2013 6:20 pm

Re: Security and Privacy Forum

Postby Hartford on Mon Feb 03, 2014 4:09 pm

So this is from October and they still won't make a forum? Is the 30 seconds in phpBB control panel (to add a security forum) too much work?
Hartford
Level 1
Level 1
 
Posts: 2
Joined: Wed Jan 29, 2014 6:53 am

Re: Security and Privacy Forum

Postby Previous1 on Tue Feb 04, 2014 5:53 pm

On the bits which are fairly easy to implement and fix when things go wrong, so implementation of TOR, encrypted home directories would be all right. HOWEVER, managing things like the LVM on LUKS/Full Disk Encryption without dumbing it down is walking along a tightrope.

It's easy enough to separate security topics from easy to crazy, eg like (to some extent) the Securing Debian Manual does.

So this is from October and they still won't make a forum? Is the 30 seconds in phpBB control panel (to add a security forum) too much work?

See http://www.linuxmint.com/about.php

Mint wrote:It's safe and reliable. Thanks to a conservative approach to software updates, a unique Update Manager and the robustness of its Linux architecture, Linux Mint requires very little maintenance (no regressions, no antivirus, no anti-spyware...etc).

Perhaps Mint believes it's already safe "enough" and needn't devote a separate topic to security. I don't buy that and it goes against:

Mint wrote:It's community-driven. Users are encouraged to send feedback to the project so that their ideas can be used to improve Linux Mint.

Either way we can post/sticky a Security topic in the Tutorial forum in the mean-time.

edit: viewtopic.php?p=818597#p818597
Image
Tutorials | cynicaltux
Arch Linux i3wm, 64bit
User avatar
Previous1
Level 4
Level 4
 
Posts: 367
Joined: Sun Dec 01, 2013 11:48 am

Re: Security and Privacy Forum

Postby xenopeek on Thu Feb 06, 2014 2:44 pm

For now I've stickied Previous1's Security Tutorials topic. Good initiative! Appreciating your constructive approach. Let's add relevant links there for users that want to improve or audit their system's security on Linux Mint. Or post new tutorials and link them there.

The forum team has several changes planned for the next few months, one being reorganizing the forum structure. The current forum structure has evolved over the years and needs work. Over the past few months a few suggestions/requests for a dedicated subforum have come up, and we want to accommodate those in the reorganization.
User avatar
xenopeek
Level 21
Level 21
 
Posts: 14967
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Security and Privacy Forum

Postby Zorba on Thu Feb 06, 2014 8:45 pm

great idea guys :D
Image
User avatar
Zorba
Level 8
Level 8
 
Posts: 2306
Joined: Tue May 29, 2012 10:12 pm
Location: Tunisia

Linux Mint is funded by ads and donations.
 
Previous

Return to Suggestions & New Ideas

Who is online

Users browsing this forum: No registered users and 2 guests