Jump to content

Ubuntu and China

Mr-Protocol

By Mr-Protocol
in Security

 Share

Recommended Posts

aminter Newbie

aminter

Posted
Posted (edited)

as a linux and a ubuntu user
i don't see why this is not fucking great !

+1 billion at least for linux :D

this is huge

ps: well they can do whatever they want with it since it's not included in the official version / it will be like kubuntu and edubuntu (official spin )

Edited by aminter
Link to comment
Share on other sites
joey-world Newbie

joey-world

Posted
Posted

I keep reading it, and I just can get a hold of myself. All the days that I have invested on mastering Ubuntu thinking that is one of the most relaible open systems, now turns out that indeed it will be "open".

I don't know if chinese hands will be on my system. (no I'm not discriminating, I love chinese people in fact I live with chinese people) but in cybersecurity it's a whole different story.

I guess now we have to start talking about recomendations of different distros we can use, instead of ubuntu.

I would probably recomend Fedora, since it's the distro closest to Red Had Linux, which is used at enterprise level. Since I'm a network system administrator that would actually help me to start getting used to this important system.

Sad, and with no too much to say anymore...

Thank you so much for this information, cause I would have probably continue using ubuntu without relizing that will be managed with chinese IT people.

RIP Ubuntu.

Best Regards

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

I'm sure if the Chinese, or any other well funded group, wanted to get nasty stuff included in any distro they could but this does make it a lot easier for them.

Hopefully it is a downstream standalone product but once a dev is trusted for this it makes them easier to get upstream trust.

Link to comment
Share on other sites
aminter Newbie

aminter

Posted
Posted

I keep reading it, and I just can get a hold of myself. All the days that I have invested on mastering Ubuntu thinking that is one of the most relaible open systems, now turns out that indeed it will be "open".

I don't know if chinese hands will be on my system. (no I'm not discriminating, I love chinese people in fact I live with chinese people) but in cybersecurity it's a whole different story.

I guess now we have to start talking about recomendations of different distros we can use, instead of ubuntu.

I would probably recomend Fedora, since it's the distro closest to Red Had Linux, which is used at enterprise level. Since I'm a network system administrator that would actually help me to start getting used to this important system.

Sad, and with no too much to say anymore...

Thank you so much for this information, cause I would have probably continue using ubuntu without relizing that will be managed with chinese IT people.

RIP Ubuntu.

Best Regards

:blink::blink::blink:

this is a reborn of ubuntu and linux in general

why so sad ?

it's open source anyway , even who downloads the chinese spin can know if there is any extra codes there

GO UBUNTU

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

The problem with it is if nasty things manage to get pushed back upstream. I'm sure Canonical will claim to have processes in place to prevent this but it can be a very hard thing to do as backdoors can be easy to hide if you have the skills.

Link to comment
Share on other sites
aminter Newbie

aminter

Posted
Posted (edited)

The problem with it is if nasty things manage to get pushed back upstream. I'm sure Canonical will claim to have processes in place to prevent this but it can be a very hard thing to do as backdoors can be easy to hide if you have the skills.

oh so you are telling me that you trust a close source blackbox OS but you get paranoid when it comes to an open source free one?

what makes you sure that uncle billy isn't spying on what are you doing , and selling it to the big corporation ? or even worst ?

_______________________________________________________________________

that's a HUGE move for ubuntu and free knowledge .

Edited by aminter
Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

oh so you are telling me that you trust a close source blackbox OS but you get paranoid when it comes to an open source free one?

what makes you sure that uncle billy isn't spying on what are you doing , and selling it to the big corporation ? or even worst ?

_______________________________________________________________________

that's a HUGE move for ubuntu and free knowledge .

To the contrary, he's making just that point. Regardless of open or closed source, its the people involved, and been well known for a long time, China stealing trade secrets, and have even backdoored older versions of Windows. As I recall, a certain helpfile on Windows 98 I think it was, when viewed, called home to China, so wouldn't be inconceivable, regardless of Open or Closed source.

Apache, MySQL, Aircrack, and countless other open source projects too many to name or remember, have all had their fair share of attacked repos that made it into mainstream distribution. Not trying to single out the Chinese as evil "as a people" but as a state sponsored government who works high on the cyber espionage scene, yes, it puts a lot of realistic fears into question as to the future of a trusted distro. Just look at the latest Amazon integrated search put in uBuntu and the backpedaling they did as if it wasn't their intention to share your local searches with 3rd parties.

The more popular something becomes, the more it will be attacked, just like OSX is no longer the "safe" OS people always thought it was, if anything, its got more holes than swiss cheese these days and its just that people haven't taken the time to focus on it as much, but times are changing and so is the focus on who and what gets attacked these days.

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

oh so you are telling me that you trust a close source blackbox OS but you get paranoid when it comes to an open source free one?

what makes you sure that uncle billy isn't spying on what are you doing , and selling it to the big corporation ? or even worst ?

_______________________________________________________________________

that's a HUGE move for ubuntu and free knowledge .

Am I telling you that? I don't see anywhere a comment on my opinions of closed source OSs or applications.

What I'm saying about this story is that it is easier to make change from inside. If someone wants to make a malicious change then it is best to become trusted first, do some good then, once people have their guard down, slip in your change.

Link to comment
Share on other sites
barry99705 Veteran

barry99705

Posted
Posted

I keep reading it, and I just can get a hold of myself. All the days that I have invested on mastering Ubuntu thinking that is one of the most relaible open systems, now turns out that indeed it will be "open".

I don't know if chinese hands will be on my system. (no I'm not discriminating, I love chinese people in fact I live with chinese people) but in cybersecurity it's a whole different story.

I guess now we have to start talking about recomendations of different distros we can use, instead of ubuntu.

I would probably recomend Fedora, since it's the distro closest to Red Had Linux, which is used at enterprise level. Since I'm a network system administrator that would actually help me to start getting used to this important system.

Sad, and with no too much to say anymore...

Thank you so much for this information, cause I would have probably continue using ubuntu without relizing that will be managed with chinese IT people.

RIP Ubuntu.

Best Regards

Switch over to Debian. For the most part it's the same as Ubuntu, but without the state sponsored ass hats ruining the repos.

Link to comment
Share on other sites
aminter Newbie

aminter

Posted
Posted (edited)


The objective of the UbuntuKylin project is to create a variant of
Ubuntu that is more suitable for Chinese users. We are committed to
provide you with a delicate, thoughtful and fully customized Chinese
user experience out-of-the-box. For instance, by providing a desktop
user interface localized in Chinese and installing common software that
Chinese users commonly use by default. UbuntuKylin is a formal member of
the Ubuntu family, commencing with UbuntuKylin 13.04. ( based on the official release Ubuntu 13.04 Raring Ringtail )

-Online Music Search on Dash Simpler and more convenient music search by aggregating data from music websites in China

-Chinese Calendar

-Weather Indicator: The weather forecast information from China meterological administration

-Chinese Input Method

-Cooperation with WPS

-Baidu Map on Dash

-Online Payment Assistant Addin for Chinese Bank

-Realtime Information of Flights and Trains in China

from ubuntu.com

and it clearly said they are going to make a customized version for chinese ubuntu users

like Edubuntu for example to put together a system that contains all the best free
software available in education .

now i'm assuming that users from other place on the galaxy somehow learned chinese and downloaded UbuntuKylin
let's discuss the possibility that their personal data and actions are being observed :

like you all know Open source projects have an international online/offline community
programmers , designers, debuggers

they all contribute in the project and share the source code

now you are discussing the possibility of an obfuscated malicious coding that somehow all the programmers from all the world didn't understand

but at the same time you have total confidence in a balckbox OS (by not mentioning it ) just because you trust the person who sold you its EULA

i'm not discussing persons , i'm talking about ideas .

in ubuntu

apt-get source (package name)

to get the source code of any software

and if there is any suspicious coding , the ubuntu chinese community will know (and i say chinese because the rest of the world won't be using kylin ! )

and they can just apt the source -> edit -> compile / use and share the new version

all of that assuming that their government is full of shit

Edited by Mr-Protocol
Removed large pictures
Link to comment
Share on other sites
Sebkinne Grand Master

Sebkinne

Posted
Posted

Aminter,

The main concern is that once the kylin development are trusted, it is very well possible that they submit things upstream. If that happens, it would be possible for something to slip through.. This has happened in other OS projects - trusted developers aren't checked that closely.

Link to comment
Share on other sites
aminter Newbie

aminter

Posted
Posted (edited)

Aminter,

The main concern is that once the kylin development are trusted, it is very well possible that they submit things upstream. If that happens, it would be possible for something to slip through.. This has happened in other OS projects - trusted developers aren't checked that closely.

same thing can be said about osx and windows , without us having the possibility to follow the source

Edited by aminter
Link to comment
Share on other sites
aminter Newbie

aminter

Posted
Posted

But neither of those companies are Chinese whom have a history of such. And if they did and were found, there would be no company left.

you talk like you live in china ,it's kylin's community probelm not ubuntu's

i was talking IT , but you are just trying to demonstrate who's the bad guys

regardless of your stereotype political decision ,i won't trust a black box (even if it's from Good Guy Greg ) , that shit makes me feel dumb .

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

now you are discussing the possibility of an obfuscated malicious coding that somehow all the programmers from all the world didn't understand

but at the same time you have total confidence in a balckbox OS (by not mentioning it ) just because you trust the person who sold you its EULA

So can I assume that you like pink dresses and ball gags because you didn't mention them? Lack of mentioning something does not in any way imply feelings towards it. If you want my opinion then please ask for it, don't assume it as your assumptions so far have been wrong.

Security vulnerabilities are usually caused by bugs, some very serious vulns are caused by very small changes, check out these two which slipped through the nets for a long time. The second one was a single line which made the app vulnerable. If someone malicious but trusted sneaks something like this in deliberately it could also take a long time to discover and could easily be put down to a mistake. Code submitted by a general member of the public would be highly scrutinised, something by a developer who has been trusted for the last year gets a lot less attention.

http://www.livehacking.com/2012/06/12/mysql-allows-root-access-for-every-1-in-256-login-attempts-without-a-password/

http://nakedsecurity.sophos.com/2012/05/21/anatomy-of-a-security-hole-the-break-that-broke-sudo/

There was another sudo vulnerability which was just as serious but was caused by the difference between = and ==. Just a single character caused a pretty big issue.

Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

you talk like you live in china ,it's kylin's community probelm not ubuntu's

i was talking IT , but you are just trying to demonstrate who's the bad guys

regardless of your stereotype political decision ,i won't trust a black box (even if it's from Good Guy Greg ) , that shit makes me feel dumb .

It isn't just the problem for the Chinese if the devs manage to push something back upstream to Ubuntu itself.

Link to comment
Share on other sites
aminter Newbie

aminter

Posted
Posted
push something back upstream to Ubuntu itself.

now canonical is a maoian secret evil agency trying to fuck shit up in murica yao-ming-meme2_normal.jpg

well i'm done with this topic

i'm discussing personal stereotype accusations .

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted (edited)

Are we talking stereotypes of "Chinese people" in general or state sponsored "Chinese government espionage" which is what I think most of us have a concern over. For me, its not about race, its about the actions of a specific group involved, and that could be any group. The word "Chinese" in this thread may be taken out of context, and for that i think some clarity needs to be put into perspective. I think there a PLENTY of brilliant Chinese coders, most of whom could run circles around the rest of us here on the forums. I think the general consensus on this thread though, is on the "Chinese government" as an entity and world wide player who has a history of not only stealing trade secrets, but intentionally back-dooring hardware, software, and is one of the largest offenders when it comes to state sponsored cyber attacks.

Not saying we, the United States aren't in some manner doing much the same thing in spying on the world, but as far as coding and inserting reliable trusted code into open source repositories, I think all governments should stay out, while its left to the open source community at large, so for me, this is more about true openness and transparency, and less about the stereotype of the word "Chinese". You could substitute it with "insert any other country name here" and I think most would have some of the same fears. Does that make sense?

Edited by digip
Link to comment
Share on other sites
digininja Grand Master

digininja

Posted
Posted

Just spotted this, another great vulnerability created by a single bracket being out of place. So easy to do either by mistake or deliberately.

http://www.theregister.co.uk/2013/03/26/netbsd_crypto_bug/

And I fully agree with digip, anyone who doesn't believe in Chinese state sponsored hacking should read the Mandiant APT1 report. While it has some people who disagree with it and give alternate suggestions for the theories it puts forward the general community agrees that it is mainly correct.

Link to comment
Share on other sites
  • 2 weeks later...
joey-world Newbie

joey-world

Posted
Posted

What it makes me even more sad, is that canonical didn't even tryied to propose this idea to the ubuntu users. In a kinda like "how would you feel about china modifing some code to make the OS better" I'm sure a lot of people would have replied "NEVER"

Anyways...

There's millions of factors to consider, I would love to see a Hack5 episode about ubuntu, canonical and china. Not the f#^*ng hacking cross america thing.
Now that's in my opinion.

Let's hope that this changes to the distrubition don't affect the reputation of Canonical and Ubuntu in the short and long run, but my paranoia for some reason

is ringing with a red light.

We should make a Big topic on this ubuntu thing. Make some surveys and put all the info together, to be pinned to main topics. I think that's another good idea.

Another factor that we should consider is that Canonical and Ubuntu 12.04 LTS will last a couple of years more, meanwhile we can check out how the new spin goes and make a big and well analized desition.

AND.........

I love sandwiches :rolleyes:

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted

Personally I don't like the Ubuntu distro much, I prefer Debian or CentOS.

And since it's a Chinese modified distro, I'd stay away from it.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...