CIA has compromised Linux

Considering OS X is based on the BSD kernel I doubt they would have much difficulty breaking into BSD itself.

You know what needs to be done. We need to gather at the templeOS and pray for help. Maybe based terry will hear our prayers

Maybe it's time to give it another shot.

Install a distro without binary blobs the attacks are always focused on non-free binaries and hardware backdoors.

How about we focus on the areas of this leak that are actually something new like the CIA experimenting with hacking vehicles, potentially as a method of covertly assassinating people.

We can't eternally keep playing this cat and mouse game of patching bugs that get found. We need to change the game somehow, to break out of this cycle that puts attackers at an advantage.

seL4 was mentioned, I think that might be a smart idea. More for the extreme minimality of the code than the proofs themselves. Imagine an OS that could be audited. Small enough source code that you can actually look through it all by yourself.

What is there to even know? They have compromised proprietary hardware, firmware and software in modern vehicles to the point where they can remotely access your car and kill you.

All that's left is who have they done this to

The people that think this is "new" are the same retards that make fun of alex jones infowars

You mean Alex "Cia nigger" jones. Yeah he's a credible (((source))) I'm sure.

sheer stupidity. he disseminated cia car hacked years ago.

While it has been demonstrated to be possible, government agencies actually doing it is new.

You have to say that he his pretty fun and that he would be more credible if he wasn't going full retard all the time.

Spoken like a true cuck

/this
Security thru obscurity

Hear hear, this user is correct

DELETE THIS IF YOU DO THAT YOUR COMPUTER GETS A VIRUS AND YOUR DOG WILL DIE ON CHRISTMAS AAAAAAAAAA

This is the ultimate pill against sabotage by "accidental" bugs, but unfortunately, you'd have to nuke a massive minority of current programmers and maybe even users to make it work. Just look at where Linux is going with its happy band of retards applauding bloated turdware in the name of Linux Desktop 2013 2014 2015 2016 2017.

Massive MAJORITY, obviously.

Correct me if I'm wrong but wasn't the creator of ubuntu a CIAnigger ?

Yes

Also, that image is degenerate.

No the answer is obvious. We need an OS built on a high level language. More can be done with less code. LispOS is the future. The code base should be small enough to audit by a couple of people or less.

yeah until they know everybody worth tracking moved to BSD.

THIS

These are the words of a coward

why not RustOS? Rust is the safest language and would make the safest os. it would be immune to cia niggers.

Don't blame the messenger. If you want to fight a political battle, do it with the truth. Don't do it with half truths and memespeak.

The future can't possibly be this comfy!!~

Running GNU/Linux on a SBC is extremely comfy.

Rust kernel and Scheme/Lisp userland. Boom.

What the fuck are you even doing on Holla Forums. That is some of the most retarded shit I have heard, generally spun by either intelligence shills or incompetents.

They're trying to penetrate all the major unix variants. If you really need to move to an obscure unix-like OS, go try minix3, but generally you need to try to make your shit as secure as possible by reducing exploit vector surface area.

lol no

I'd just like to interject for a moment. What you're referring to as Linux, is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.

Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called "Linux", and many of its users are not aware that it is basically the GNU system, developed by the GNU Project.

There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called "Linux" distributions are really distributions of GNU/Linux.

I have debian and just removed the non-free lines in my sources.list. did apt-get update but it isn't asking for anything to be removed. I am certain I have some non-free blobs, such as nvidia proprietary though. I don't know what to do.

At any rate, maybe I should go back to nouveau

You just told your system to stop looking in the non-free repo for updates and new packages. You still need to remove non-free packages you have left. vrms gives you a list.

I'm more worried about an illegal Putin-backed leak of American government secrets to be honest...

Thanks. I'll have a look at vrms

There war-ngs about systemd but did u leastned , no!
fuk u

The kernel of debian is a bit of a conflict there.
You see even if you can use nouveau witch is free-software all the long.
It might let some binary blob be installed because some GPUs nowadays requires other small bit to have some specific functionalities like decoding mp4 and other patented shit.
So you best choice is to go with the linux libre kernel.
The best solution is to reinstall everything imo.
Besides devuan is going to be 100% free like Trisquel.
It would be a blast tho.
Every sysadmin must be shiting their pants because of one blobs they had to use for X raid pci card.
I am being smug has fuck for those who didn't listened and thought "you're too paranoid"

Shit typo
Besides debian there's devuan but I don't know if it's going to be 100% free like Trisquel.

When TempleOS is ported, and a proper network stack is bolted on.

OpenBSD is the most secure operating system in existence.
It is the only contemporary operating system for desktops and servers that is not listed in the lists of compromised OSes by the alphabet soup agencies.

Only when self-programming AI become advanced enough, not enough developer manpower right now.

Oh shut up.

Just hide in plain sight. Playing like your some special agent: encrypting files, VPNs, TOR, cryptocurrency, just get you red-flagged. Oh and stop doing illegal shit like stealing software, music, talking to terrorists, etc.

You will never escape us

Since FreeBSD is the most used I would avoid using it it sucks anyway and it's derivatives can't say anything about the others but TrueOS is just the shittieness of FreeBSD with it's own shitty DE and assorted bloat bolted on, since that's what the alphabets are trying to crack. I know for a fact that both Open and Net BSD support truly full disk encryption, instead of leaving a boot partition unencrypted like Linux. I haven't used NetBSD so I can't attest to it's quality, but OpenBSD is a solid comfy/10 however it's package management is aneurysm-inducing.

The only thing that's fully operation now that's somewhat like that is Minix3, which is compatible with NetBSD software, but I heard from people on the board that, if we discount networking, even Temple-OS has more features

...

How secure is gentoo?

You should be okay if your kernel is 100% proprietary software free

ALL THIS MEANS IS THAT LINUX HAS UNPATCHED EXPLOITS.
Everyone knew this. Literally everything has unpatched exploits. That's still a far-cry from Windows, which is reporting everything you do automatically to the CIA. And it's still a problem for whatever snowflake OS you choose, like BSD.

you do realize the mainline linux kernel ships with non-free blobs with deliberate backdoors right? they're never going to get 'patched'.

Use linux-libre in that case.
Or the hurd
It works now.

If you want to run an openbsd workstation, here's a script to automate some useful tasks.

It sets your pkg.conf file, sets up encrypted dns, adds some useful packages, optionally does some other stuff. Very easy to modify to your own use, also gives a good overview of how some basic openbsd config works, if you are new to it.

Don't run this on a pre-existing system as it will just overwrite various things.

walkran.com/wugs.txt

You don't get to bring freedoms.

They're not my freedoms.

qubes-os.org/
qubes?

They still can use the hardware backdoor if you use a intel chip

...

I don't think you really understand how security works. Even OpenBSD has had security exploits.

They still can use the hardware backdoor if you use x86* PC

...

Why would I want them?

there is already a pretty good forthos out there

this is the way to go

forthos.org

Fewer than 10000 people visit this site. I'm sure every IP that touches this place is on some list. Information suggests that TPTB can decrypt/intercept VPN and Tor traffic like you can unzip a file, so those are no protection either.

If it's not even an issue why shill against it?
Rhetorical question, no need to answer just chew shit and kill yourself.

OS X is based on the Mach kernel. Userland stuff however is largely BSD. It however still has targets for Solaris which is BSD.

It's considerably more complicated than that.

I am trying to discover how to determine if a system has been compromised by Hive.
If you are running a Linux system, please run the following command and report suspicious results:
If you have multiple Linux systems, please run this test on all of them. A file named hived would be extremely suspicious. Other places to look include /etc/rc*.d
Acquaint yourself with the guides for Hive:
wikileaks.org/ciav7p1/cms/files/UsersGuide.pdf
wikileaks.org/ciav7p1/cms/files/DevelopersGuide.pdf

they kind of have to know where to look though

I just had a genius idea for uncircumventable security:
In this configuration, the outer firewall can be breached by the Chinese using their backdoors, but they wont be able to penetrate the U.S.-made router. The U.S., would be able to penetrate the U.S. router, but because it is behind the Chinese router, they cannot access it.
Thoughts?

For a third layer of security, include a Russian-made router:
theregister.co.uk/2016/08/23/kasperskyos/

made me raff 7/10

Cisco are still made locally, aren't they?

sorry I'm just cynical, would be neat if true though.

Even if they are, they get intercepted during shipment and bugged.

SUSE Enterprise Linux 4?

But it's not. You didn't even read the file.

No, whats odder still i've seen US made Nexus 3064 switches with labels with Chinese product labels on them, and Chinese made Nexus 3064s.

I mean to include the Chinese ones did not contain the same labels product labels in Chinese. That blue one in the upper right

The vault 7 shit said hald was an attack vector.

OpenBSD certainly uses the HAL daemon.

I'm not saying that the version of hald in the latest OpenBSD is vulnerable, but it's possible.

>theregister.co.uk/2016/08/23/kasperskyos/
They're not real routers but rather layer 3 switches which generally have far simpler feature sets

eugene.kaspersky.com/2016/11/15/finally-our-own-os-oh-yes/

And even then the product is so laughably immature they cant even provide any specifications.

Too bad there's not a shred of evidence for that.

Why all this hate on FreeBSD. Iirc they work together with OpenBSD on lots of things.
The focus of FreeBSD looks more general purpose and more feature rich, while OpenBSD is security focus, but might have less features?
Going from linux to freebsd would still be a major upgrade right?

i don't think openbsd lacks any feature for desktop use and it has god-tier documentation, but it's really slow. especially firefox.
tedunangst.com/flak/post/firefox-vs-rthreads

Nice meme.

aboutthebsds.wordpress.com/2013/01/25/20/

why?

use iridium/chromium

don't use youtube-dl from the repo
doas pip install --upgrade youtube-dl

btw
#!/bin/ksh# $HOME/bin/ksh/vol# usage: vol nummixerctl outputs.master=$1,$1
doesn't need root

/usr/share/terminfo/b/beehive
/usr/share/terminfo/b/beehive3
/usr/share/terminfo/b/beehiveIIIm
/usr/share/terminfo/b/beehive4
but these are only files of ncurses

doesn't this get expanded by the shell?
i don't think it's necessary

Well.

https:// arstechnica.com/information-technology/2010/12/fbi-accused-of-planting-backdoor-in-openbsd-ipsec-stack/

thx for clearing up on this one. im searching for a reliable distro now that we know we need to harden up. what do you think of the qubes os concept? any other suggestions for a productive & secure OS?

qubes-os.org/intro/
for anyone wondering

from Jason Wright (the one accused of putting the backdoor):
I will point out that Greg did not even work at NETSEC while the Subject: Allegations regarding OpenBSD IPSECEvery urban lengend is made more real by the inclusion of real names,dates, and times. Gregory Perry's email falls into this category. Icannot fathom his motivation for writing such falsehood (delusionsof grandeur or a self-promotion attempt perhaps?)I will state clearly that I did not add backdoors to the OpenBSDoperating system or the OpenBSD crypto framework (OCF). The code Itouched during that work relates mostly to device drivers to supportthe framework. I don't believe I ever touched isakmpd or photurisd(userland key management programs), and I rarely touched the ipsecinternals (cryptodev and cryptosoft, yes). However, I welcome anaudit of everything I committed to OpenBSD's tree.I demand an apology from Greg Perry (cc'd) for this accusation. Donot use my name to add credibility to your cloak and dagger fairytales.I will point out that Greg did not even work at NETSEC while the OCFdevelopment was going on. Before January of 2000 Greg had left NETSEC.The timeline for my involvement with IPSec can be clearly demonstratedby looking at the revision history of: src/sys/dev/pci/hifn7751.c (Dec 15, 1999) src/sys/crypto/cryptosoft.c (March 2000)The real work on OCF did not begin in earnest until February 2000.Theo, a bit of warning would have been nice (an hour even... especiallysince you had the allegations on Dec 11, 2010 and did not post themuntil Dec 14, 2010). The first notice I got was an email from afriend at 6pm (MST) on Dec 14, 2010 with a link to the already postedmessage.So, keep my name out of the rumor mill. It is a baseless accusationthe reason for which I cannot understand.--Jason L. Wright

Thread: marc.info/?t=129236639300001&r=5&w=2
After the audit: marc.info/?l=openbsd-tech&m=129296046123471&w=2

schneier.com/blog/archives/2010/12/did_the_fbi_pla.html

Only if there's something matching *hive* in the current directory
Don't the files have *.so extension or something? -name hive will only find "hive". Though I haven't read the hive manual... do they really just put their files on the disk like that? I'd assume they'd want to disguise it somehow.

Is that supposed to be a parody?

doesn't 'find -name' search for patterns? like grep?

no

not sure if pic it is related but it probably
is interesting OC for you

thx

It's mentioned multiple times in vault 7.

There's no "BSD".
FreeBSD != OpenBSD != NetBSD

wikileaks.org/ciav7p1/cms/page_17072429.html

reddit thread:
reddit.com/r/openbsd/comments/5y3td8/only_result_of_searching_for_openbsd_in_the_vault/

who wants to guess where the tools are?

what about no? pic related

story on pic?

that's why i posted a link to that thread

YEAR OF DESKTOP BSD

wrong image, here

isnt puffy connected to qubes os i just read about? also this mentions openbsd as well.

"You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes."
--theo

my bad, puffy was openbsd of course

one day two fags went inna woods. then a fucking bear appears. fag A puts on his running shoes.

B: u wont be faster than the bear.
A: but i might be faster than you.

:^)

Who are you quoting?

u

Thank you for all the insight.

My sound output is low on a particular machine, so I find it handy to have in there. I took it out though, it's not really appropriate for a general use script.

Agreed.

I pulled gnome and vlc right out of it entirely. People can choose this bit on their own.

That's a good suggestion. My next cut will do that.

Everything else is in though, or out, as the case may be.

other suggestions:
gnash
sxiv instead of feh (supports animated gifs)
mupdf/zathura
mplayer/mpv
pcmanfm

Why are all openbsd packages outdated?

Because you are using -stable, updated every six months or so.

s/stable/release/g
openbsd.org/faq/faq5.html#Flavors

Agree. I don't know how I missed pcmanfm and a pdf reader. Updated version available at same spot:

walkran.com/wugs.txt

github.com/nylira/prism-break/issues/169

CIA WIKILEAKS VAULT 7 IMAGE FILES.pdf
CIA WIKILEAKS VAULT 7 IMAGE FILES.docx

archive.org/details/CIAWIKILEAKSVAULT7IMAGEFILES

Because there seems to be some question here, in the thread, and in my own "all browsers suck" experience, the WUGS script will not install a browser by default, but will contain commented options for ff-esr and chromium. Pick your own poison.

Or, let's restore gopher to its former glory.

Jesus fuck. you go through all that effort to install a debotnetted system and then install chromium. that's like buying a car solely for its saftey features and then never putting on your seatbelt and always texting while driving.
abandonware, doesn't even play anything relatively modern. Better to just not include it

I also think it would be better to set the dnscrypt to a openNIC server and auto configure unbound too

but firefox(and -esr) are too slow on openbsd.
just tried to load the 4ch/g/ catalog on openbsd 6.0+firefox-esr: took exactly 2 minutes to load and the browser was in an unusable state while loading.
works just fine on iridium.

zathura won't load pdfs by default
pkg_add -I zathura zathura-pdf-mupdf zathura-cb zathura-djvu zathura-ps

it plays most files on /f/ and swfchan without problem

What is that image supposed to prove?

im not arguing that Firefox isn't a massive piece of shit, but chrome is infinitely worse. if you really have a problem with FF I suggest using one of the lightweight browsers. also an obligatory

Browsers are out. Gnash is out.

Updated.

I forgot to mention that you should change the PKG install path to an https link

Thank you, this is done.

For the time being, what opennic server would you suggest is appropriate for mass general use? What should replace dnscrypt.eu-nl? Also, elaborating on your reasoning might be useful (to me at least.)

I get that the CIA has a shitload of money, but where do they find all these people capable of doing these hacks? And why isn't the industry hiring them to make better software?

like i said iridium loads just fine.
firefox is unusable
there's no alternatives if you want a modern web browser (maybe some old opera version?)
like dillo? can you even browse 8ch with it?

I'm not all that familiar with the DNS-crypt servers themselves , but the openNIC servers are some of the fastest I've ever used. OpenNIC also has a couple of exclusive TLDs. I don't remember the exact name of the openNIC servers compatible with DNS crypt but I know there's a list of them on the DNS crypt website

Firefox works absolutely fine on my thinkpad especially using uMatrix to turn off JS by default. as for lightweight browsers im pretty sure qupzilla has an openBSD port

Because those people are probably weird nerds and the industry is more interested in diversity and good looking people that can pass "good vibes".

yeah looking through some of the wikileaks stuff I would not let these CIA guys around small children or animals

✕ echo "installpath=ftp.openbsd.org/pub/OpenBSD/6.0/packages/amd64" > /etc/pkg.conf
◯ echo "installpath=ftp.openbsd.org/pub/OpenBSD/%c/packages/%a/" > /etc/pkg.conf

also, why are you using the canadian server by default?

do "# cp /etc/examples/pkg.conf /etc/pkg.conf" and tell the user to uncomment the one he wants to use. and if you want uncomment the cdn one by default

Yeah FreeBSD has more cool shit like bhyve

I remember a while back I read a post on Holla Forums that joked something to the effect of "the only way to be secure in this day and age is buy a shit ton of old commodore 64s and create a network off of that".

Doesn't seem so farfetched now. Everything is fucked.

i'm using umatrix, ublock, and noscript and i'm on a desktop machine.
the page loads fine only if i disable images on umatrix.
by the way the 8ch/tech catalog take 2 minutes and a half

Don't tease me.

OK, it's here:

dnscrypt.org/dnscrypt-resolvers.html

I have added reference to this in the script, so users can modify it to whatever they want.

I've changed the pkg.conf entry, thanks for that. The Canada server.. I needed to pick one as a default, and Canada is where it all started. I should prepend the example file, that's a gentlemanly thing to do.

GNU/Hurd seems to be the only safe OS in the future

The Hurd's been working for a long time. You can download it right now and boot it from your hard drive.

You have a shit laptop CIA user

Also please don't make people got trough more cloudflare.
If you want to use archive use archive.org
then make a copy of it
github.com/hartator/wayback-machine-downloader

also

Yeah, 'working.' I thought hardware compatibility was still shit?

If Gnu/Hurd gets adopted, SE linux becomes irrelevant and part of the systemd project is useless.

THE CIA FEARS THE HURD

Also docker (and other container software) becomes also irrelevant thanks to it's design.

I don't understand why people never wanted such elegant design for a kernel.

It's much easier to debug and you have great flexibility.

It's still shit if you are looking for userspace drivers.
Otherwise look here:
gnu.org/software/hurd/dde.html

GNU PLUS HURD is a meme. After decades of development it still lacks support for pretty much everything.

gnu.org/software/hurd/faq/drivers.html
gnu.org/software/hurd/microkernel/mach/gnumach/hardware_compatibility_list.html
nongnu.org/thug/gnumach_hardware.html

The solution if you are really worried about security is to use something like MenuetOS.

menuetos.net/

Holla Forums kernel when? I'll get started on the logo.

Hello CIA how have you been today.
Have a good day
gnu.org/software/hurd/faq/how_many_developers.html

The hurd is participating to GSoC and already has some students
lists.gnu.org/archive/html/bug-hurd/2017-02/msg00004.html

Don't listen to them OP, install 9front.

this implie that people have actually been trying. the FSF explicitly recognizes that there is zero actual fucking effort to make hurd a real OS.

Ahahahahahahahahahahahahahahah! !

Linuxfags BTFO

GNU Mach.

>gnu.org/software/hurd/faq/drivers.html
Last edited 2015-03-06 00:13:20 UTC
>gnu.org/software/hurd/microkernel/mach/gnumach/hardware_compatibility_list.html
Last edited 2014-05-12 02:02:13 UTC
>nongnu.org/thug/gnumach_hardware.html
Copyright (C) 1999 Aaron M. Renn ([email protected]/* */)
Copyright (C) 2001 James A. Morrison ([email protected]/* */)

These pages are old has bollocks user
In middle 2016 the advancements of the hurd where much more significant than these pages tend to say.
Nowadays it's even more relevant
draketo.de/english/free-software/howto-hurd-140-chars

You didn't read the thread.

The Holla Forums kernel logo,

It took me way too long to make this crap

Is that a dog penis?

Its a popcorn kernel with an 8 on it.
I know my art is crap but damn dude, that hurts.

It's a candle

sorry but drawing is not you forte

Updated logo.

fuck that this is the worst idea

google uses plan 9 or some faggot variant internally to run skynet

why do you think they hired pike to write go?

go has the lineage of language from plan 9 and everything is a fucking file bullshit

you can trust any of that shite

install gentoo

Install Plan 9 for Gentoo

Come on guys its not that bad.

It's pretty bad, user.

bottle of mustard?

GNU software dependencies needs to die, when will linus take the cock out of his mouth and let the kernel be compiled without GCC?

are there any alternatives to GNU software that arent under cuck liscences?

Why does it matter?

It's obvious why. Anyway, why would you take the time to support both gcc and llvm when llvm doesn't support all of your project 's µarchs?

Why the fuck does it look like a bag full of piss?

check em

checked

CIA isn't happy because they can't fork and close the source.

Because he doesn't know shit about licenses or because he knows that the GPLv3 can't let anyone distribute to the public any compiled source code under GPLv3 without releasing source.
That's the strength of free software you can't HIDE easily.
AKA he's a CIA or BSD shill

"cuck lisence" means non-copyleft faggot. it seems like most gnu alternatives are lisenced to let corporations cuckold them.
though thats not relevant to the CIA. The cia wouldnt have to tell anyone or face the law if they closed GPL software, thatd be the least of their violations of the law.
Though im sure theyd be happy if corporations closed forks of currently free software took over, much easier to backdoor.

Palemoon seems like the best bet of not being pozzed.

The best bet though would be (e)links, lynx, or w3m.

What HAL daemon?
Is this something one of those bloated desktop environments depends on?
And how do they hack into it, shouldn't it be running only on localhost?

good job reading the thread

It loads fast, with Links. One page at a time though (no JS).

I had some problem with Dillo (didn't load the captcha or something). Links works, and maybe w3m. Maybe even Lynx if you load the captcha into an external image viewer. I haven't tried that, but I often browse random sites with Lynx and spawn viewer via the ~/.mailcap settings:
image/png; feh -FZ %s
image/gif; feh -FZ %s
image/jpeg; feh -FZ %s

trying posting with netsurf

Just create a script to email the contents of a given site to you then view the contents in lynx or konqueror if you absolutely need a graphical environment. It's not fucking hard.

>menuetos.net/

Pretty cool. I can't make the browser work, nor ip, but, I like it.

In addition to , have you been living under a rock for the last half a year or so? Ryzen is confirmed to a ARM based Platform "security" Processor which is at a core level equivalent to Intel`s remote "management" system. Doubble quotes because one person`s security/management is anothers insecurity/lose of control.

Them make better sentences.
What you have posted can be understood in many ways.
Or it's just me and I can't read.
I agree.
Unfortunately besides GPLv3 their isn't any real good license.
well I think it is.
Since most hardware firmware (or drivers) are under a permissive license like MIT or BSD they can push any manufacturers to have bad functionality (or silently replace the binary if the manufacturer has spooks or an internet connection).
What I meant with my autism is that if these permissive licensed software where under GPLv3 anyone could have the source code and they could flash it since GPLv3 prevents tivoization.
Well of course I an mostly talking about hardware.
AMD opensorce drivers are a good example of that.

Besides in vault 7 most of what is targeted in ""linux"" are blobbed distributions like openWRT, or unix like system like solaris.

I won't say there isn't any vulnerability in gnu/linux cought systemd cought in any distribution but it seems that you are guarantied to have one if you use a distro that lets blobs in it guarantied to have CIA/NSA/insert_spy_agency shit.

The project is indeed a good achievement.
But it has even less probability to happen than hurd, there is just a handful of people who can code in assembly in these kind of enormous projects.

Exactly how fucked is FreeBSD? I know it's not GNU+Linux but I'm not sure which distribution or OS I should switch too. The only real way to be secure is to airgap computers and never connect to the internet but it would be nice to put the least pozzed OS on my systems that aren't.

Gentoo or maybe arch.

Definitely not Arch

...

Such generalisation is a bit misleading. The base system is extremely solid, but most people's idea of an OS includes tens of millions of lines of code worth of additional attack surface. Shitty software does not become any less shit when running on OpenBSD.

How is GPL going to make any difference, when a company like Broadcom releases driver "source code" that's effectively megabytes of C code where most lines consist of magic numbers being toggled into hardware registers?
Yeah, you can try to force them, but they'll still fuck you over in the end. Just don't buy from them.

It kind of does... sorta.

OpenBSD is built around the idea that misbehaving programs should crash at first moments notice.

Their malloc has saved them a few times by simply killing processes that would otherwise be security flaws.

kek

That doesn't sound like the "preferred form of the work for making modifications to it", which is how the GPL words it. Just being able to be run through a compiler is not enough.

OpenBSD has a habit of crashing shitty software, especially if you go for the 'S' option in malloc.conf. This is not the default yet, because it's so aggressive that many ports will crash. But it's what I use all the time, and helps me to weed out some bad software.
I still wouldn't call it the most secure OS ever. I heard VMS was pretty kickass in its time. And nothing beats an old 8 or 16-bit computer with just floppy drive and serial modem. Plus the aesthetics of both the hardware and software were a lot nicer, and you could fully master the system, unlike today where tons of stuff is hidden and obfuscated (besides being overcomplicated).

So far nobody has tried to argue this with their lawyers. And after all, how you prove it wasn't programmed that way in-house to begin with? If they're devious enough, they can mock it up. There's nothing that says anywhere in GPL that software has to abide by some specific code standards. You'll have to revise it and spell that it if it's what you want. But probably those companies will find another loophole.
It's easier to just no buy from them.

It is not the default for performance reasons, not because of crashing ports.
marc.info/?l=openbsd-misc&m=147984166121617

Hmm, I watched a video by flak-man where he said it crashes too much shoddy software. But maybe that was old video.

Devuan is 100% free in the same sense that Debian is 100% free. The base system that you install is completely, 100% free; all of the software in the default repos is also 100%; if you leave it in its default state you will never install any proprietary software excluding some "free" software that pulls in some binary blobs sneaking in to the repos unnoticed (like what happened with Chromium) or other such human error. However, if you choose to, you can manually enable repos containing proprietary software, and then download and install this proprietary software onto a previously free system.

You're not making a convincing argument in its favor.

It is not the default for performance reasons, not because of crashing ports.
marc.info/?l=openbsd-misc&m=147984166121617

Might be both. From latter in that thread:
marc.info/?l=openbsd-misc&m=147990460905097

holy shit, I run linux! Am I safe??

Most of the linux vulnerabilities came from binary blobs and most of the rest came from the huge attack surface that is lennartware

also seems to focus more on cloudshit

also the hardware was industrial grade, that shit was meant to be repaired and maintained like the proud machines they were.

depends what you want to do. for hard-meming there's qubes.

I wish it was somehow systemd's fault.

Can someone sum this up to me like I'm retarded?

But really, how do they exploit and how do I clean my system and avoid?

don't use systemd
don't use pulseaudio... alsa when properly configured can do everything pulse can these days, and better
don't use binary blob drivers
don't use redhat or debian derivatives
don't use steam unless you're doing it inside of a VM sandbox... KVM/Qemu to the rescue
don't use common desktop environments with tons of features like Gnome or KDE, use a minimalist tiling WM and prefer console based applications as they have a smaller attack surface so long as you configure everything properly
make sure you have kernel module loading disabled or are using signed modules
use a signed kernel
disable sshd completely
reproducible builds are actually a security problem because it makes every binary distribution the same, making it easier for would be attackers.... that's why SJWs always push for reproducible builds
always build from source

is connecting to interweb via tor still safe?

and if the internet is unsafe, how do you update your software, receive mail, etc..?

ALSA doesn't automagically reroute audio streams like Pulseaudio. Pulseaudio exists because ALSA isn't flexible as it should be.

Use two computers:
1) an air gapped machine that doesn't have a network connection. Use this machine to maintain your personal data.
2) a network connected machine that doesn't maintain your personal data. Do not store your data on this machine

You're not protected under privacy laws when using the internet because you have no "Expectation of Privacy" as the lawyers would say

So no, you're really not safe. You can keep yourself private from your ISP or local police, or other greedy corporations. But nothing you can do will make you safe from the Federal Government

Putin's favorite driver

nypost.com/2016/09/07/vladimir-putins-favorite-driver-killed-in-car-crash/

They dont need to hire the people directly, they just need to bankroll companies which offer bug bounties.

The GPL was made so that anyone can do whatever he wants with X software.
It doesn't stop people from not making manuals or being dicks.
But it indirectly limits the nefarious effects of these people.
I can't be hardware locked so that's a good start.
Even if they do shit, with work, it can be reversed legally.

Also you got a link about that ? it's sound like you had an encounter with shit like that.
Broadcom where always the biggest dikes since the beginning.
Anyway you can't stop someone from working in a certain way.
The Gpl can't enforce that and that's normal imo.
Only projects like the linux kernel has enough resource to say
lists.freedesktop.org/archives/dri-devel/2016-December/126516.html

In some way if these people shit things up makes everything so godly unreadable because they weren't cooperative, at some point they'll see that they were wrong.
Theo de Raadt explained it quite nicely
openbsd.org/papers/opencon06-docs/index.html
That's the only thing that I like about the BSD community the seem to want to do good work.

Reproducible build ?

Agreed

So it isn't free then.
Shit I had better hopes, but at least someone will remove the shit in and make a small fork.

nigger are you serious ?
After all the shit that has bean leaked ?

Wut ?!
Do you have any paper about that ?

How can I watch them back?

...

What is this? dmesg coming out?

vez.mrsk.me/freebsd-defaults.txt

there is also the intel chip firmware, that allows an TCP/IP server to be set up for "system admins". completely closed source firmware, which almost definitely has a goverment backdoor.
youtube.com/watch?v=wnt7OK8OPYU

the problems go a lot deeper than software.

Firmware is still software.
Hardware can't exist without software and reversal, that's why hardware needs to be free too.

no tor browser bundle for FreeBSD or OpenBSD? WTF?!?!?

torproject.org/projects/torbrowser.html.en

Check the ports section

It's called Intel Management Engine (ME) and every CPU from 2008 onward(I think) has this microcontroller. There are only a few laptop processors that have it and can be removed. Otherwise if you kill it your system will turn off after 30min. AMD has it too.

What's the problem with Steam, user?

where are u retards getting it that its the (((blobs))) ?

Because blobs are universal and local compiles aren't? Because they can't be patched as seen fit by 3rd party people? Gee wiz...

Searched for "openwrt vault7" on the Internet, no results. Do you have any links to this?

Can you name one?

After I switched malloc.conf to 'S', I had to change some of my software. So it's doing something, at least.
The only replacement that was tough for me was the old vifm-0.4 (I tried the new, bloated one but didn't like it). The author was doing some weird stuff in there, and I had already patched some things, like calling rename(2) instead of the weird thing he had going. But after going to 'S' it just crashed a lot. So I had to find replacement. Well it turns out you can customize midnight commander to use vi bindings (or anything else you want), so everything's cool again.

wikileaks.org/ciav7p1/
archive.is/p6l9e

Sorry, user, but in this instance, that claim would be moot because he didn't really give you any disinfo. The fact of the matter is, you can only mitigate your risk. As long as you access the internet, at some level you are exposing yourself to a two-way street of communication. If you have anything you consider to be of paramount sensitivity, a full air-gap solution is your best bet.