Mr-Protocol Posted March 23, 2013 Share Posted March 23, 2013 Can we say, free keyloggers/spyware/botnet? http://linux.slashdot.org/story/13/03/21/2235251/canonical-and-china-announce-ubuntu-collaboration http://www.canonical.com/content/canonical-and-chinese-standards-body-announce-ubuntu-collaboration I won't be using any Ubuntu based distros anymore... Quote Link to comment Share on other sites More sharing options...
barry99705 Posted March 23, 2013 Share Posted March 23, 2013 I'm hoping it's their own fork and not upstreamed into the Ubuntu repos. Quote Link to comment Share on other sites More sharing options...
aminter Posted March 23, 2013 Share Posted March 23, 2013 (edited) as a linux and a ubuntu useri don't see why this is not fucking great ! +1 billion at least for linux :D this is huge ps: well they can do whatever they want with it since it's not included in the official version / it will be like kubuntu and edubuntu (official spin ) Edited March 23, 2013 by aminter Quote Link to comment Share on other sites More sharing options...
joey-world Posted March 25, 2013 Share Posted March 25, 2013 I keep reading it, and I just can get a hold of myself. All the days that I have invested on mastering Ubuntu thinking that is one of the most relaible open systems, now turns out that indeed it will be "open". I don't know if chinese hands will be on my system. (no I'm not discriminating, I love chinese people in fact I live with chinese people) but in cybersecurity it's a whole different story. I guess now we have to start talking about recomendations of different distros we can use, instead of ubuntu. I would probably recomend Fedora, since it's the distro closest to Red Had Linux, which is used at enterprise level. Since I'm a network system administrator that would actually help me to start getting used to this important system. Sad, and with no too much to say anymore... Thank you so much for this information, cause I would have probably continue using ubuntu without relizing that will be managed with chinese IT people. RIP Ubuntu. Best Regards Quote Link to comment Share on other sites More sharing options...
digininja Posted March 25, 2013 Share Posted March 25, 2013 I'm sure if the Chinese, or any other well funded group, wanted to get nasty stuff included in any distro they could but this does make it a lot easier for them. Hopefully it is a downstream standalone product but once a dev is trusted for this it makes them easier to get upstream trust. Quote Link to comment Share on other sites More sharing options...
aminter Posted March 25, 2013 Share Posted March 25, 2013 I keep reading it, and I just can get a hold of myself. All the days that I have invested on mastering Ubuntu thinking that is one of the most relaible open systems, now turns out that indeed it will be "open". I don't know if chinese hands will be on my system. (no I'm not discriminating, I love chinese people in fact I live with chinese people) but in cybersecurity it's a whole different story. I guess now we have to start talking about recomendations of different distros we can use, instead of ubuntu. I would probably recomend Fedora, since it's the distro closest to Red Had Linux, which is used at enterprise level. Since I'm a network system administrator that would actually help me to start getting used to this important system. Sad, and with no too much to say anymore... Thank you so much for this information, cause I would have probably continue using ubuntu without relizing that will be managed with chinese IT people. RIP Ubuntu. Best Regards this is a reborn of ubuntu and linux in general why so sad ? it's open source anyway , even who downloads the chinese spin can know if there is any extra codes there GO UBUNTU Quote Link to comment Share on other sites More sharing options...
digininja Posted March 25, 2013 Share Posted March 25, 2013 The problem with it is if nasty things manage to get pushed back upstream. I'm sure Canonical will claim to have processes in place to prevent this but it can be a very hard thing to do as backdoors can be easy to hide if you have the skills. Quote Link to comment Share on other sites More sharing options...
Pwnd2Pwnr Posted March 25, 2013 Share Posted March 25, 2013 Quote Link to comment Share on other sites More sharing options...
aminter Posted March 25, 2013 Share Posted March 25, 2013 (edited) The problem with it is if nasty things manage to get pushed back upstream. I'm sure Canonical will claim to have processes in place to prevent this but it can be a very hard thing to do as backdoors can be easy to hide if you have the skills. oh so you are telling me that you trust a close source blackbox OS but you get paranoid when it comes to an open source free one? what makes you sure that uncle billy isn't spying on what are you doing , and selling it to the big corporation ? or even worst ? _______________________________________________________________________ that's a HUGE move for ubuntu and free knowledge . Edited March 25, 2013 by aminter Quote Link to comment Share on other sites More sharing options...
digip Posted March 25, 2013 Share Posted March 25, 2013 oh so you are telling me that you trust a close source blackbox OS but you get paranoid when it comes to an open source free one? what makes you sure that uncle billy isn't spying on what are you doing , and selling it to the big corporation ? or even worst ? _______________________________________________________________________ that's a HUGE move for ubuntu and free knowledge . To the contrary, he's making just that point. Regardless of open or closed source, its the people involved, and been well known for a long time, China stealing trade secrets, and have even backdoored older versions of Windows. As I recall, a certain helpfile on Windows 98 I think it was, when viewed, called home to China, so wouldn't be inconceivable, regardless of Open or Closed source. Apache, MySQL, Aircrack, and countless other open source projects too many to name or remember, have all had their fair share of attacked repos that made it into mainstream distribution. Not trying to single out the Chinese as evil "as a people" but as a state sponsored government who works high on the cyber espionage scene, yes, it puts a lot of realistic fears into question as to the future of a trusted distro. Just look at the latest Amazon integrated search put in uBuntu and the backpedaling they did as if it wasn't their intention to share your local searches with 3rd parties. The more popular something becomes, the more it will be attacked, just like OSX is no longer the "safe" OS people always thought it was, if anything, its got more holes than swiss cheese these days and its just that people haven't taken the time to focus on it as much, but times are changing and so is the focus on who and what gets attacked these days. Quote Link to comment Share on other sites More sharing options...
digininja Posted March 25, 2013 Share Posted March 25, 2013 oh so you are telling me that you trust a close source blackbox OS but you get paranoid when it comes to an open source free one? what makes you sure that uncle billy isn't spying on what are you doing , and selling it to the big corporation ? or even worst ? _______________________________________________________________________ that's a HUGE move for ubuntu and free knowledge . Am I telling you that? I don't see anywhere a comment on my opinions of closed source OSs or applications. What I'm saying about this story is that it is easier to make change from inside. If someone wants to make a malicious change then it is best to become trusted first, do some good then, once people have their guard down, slip in your change. Quote Link to comment Share on other sites More sharing options...
barry99705 Posted March 26, 2013 Share Posted March 26, 2013 I keep reading it, and I just can get a hold of myself. All the days that I have invested on mastering Ubuntu thinking that is one of the most relaible open systems, now turns out that indeed it will be "open". I don't know if chinese hands will be on my system. (no I'm not discriminating, I love chinese people in fact I live with chinese people) but in cybersecurity it's a whole different story. I guess now we have to start talking about recomendations of different distros we can use, instead of ubuntu. I would probably recomend Fedora, since it's the distro closest to Red Had Linux, which is used at enterprise level. Since I'm a network system administrator that would actually help me to start getting used to this important system. Sad, and with no too much to say anymore... Thank you so much for this information, cause I would have probably continue using ubuntu without relizing that will be managed with chinese IT people. RIP Ubuntu. Best Regards Switch over to Debian. For the most part it's the same as Ubuntu, but without the state sponsored ass hats ruining the repos. Quote Link to comment Share on other sites More sharing options...
aminter Posted March 26, 2013 Share Posted March 26, 2013 (edited) The objective of the UbuntuKylin project is to create a variant of Ubuntu that is more suitable for Chinese users. We are committed to provide you with a delicate, thoughtful and fully customized Chinese user experience out-of-the-box. For instance, by providing a desktop user interface localized in Chinese and installing common software that Chinese users commonly use by default. UbuntuKylin is a formal member of the Ubuntu family, commencing with UbuntuKylin 13.04. ( based on the official release Ubuntu 13.04 Raring Ringtail ) -Online Music Search on Dash Simpler and more convenient music search by aggregating data from music websites in China -Chinese Calendar -Weather Indicator: The weather forecast information from China meterological administration -Chinese Input Method -Cooperation with WPS -Baidu Map on Dash -Online Payment Assistant Addin for Chinese Bank -Realtime Information of Flights and Trains in China from ubuntu.com and it clearly said they are going to make a customized version for chinese ubuntu userslike Edubuntu for example to put together a system that contains all the best freesoftware available in education . now i'm assuming that users from other place on the galaxy somehow learned chinese and downloaded UbuntuKylinlet's discuss the possibility that their personal data and actions are being observed :like you all know Open source projects have an international online/offline communityprogrammers , designers, debuggers they all contribute in the project and share the source code now you are discussing the possibility of an obfuscated malicious coding that somehow all the programmers from all the world didn't understand but at the same time you have total confidence in a balckbox OS (by not mentioning it ) just because you trust the person who sold you its EULA i'm not discussing persons , i'm talking about ideas . in ubuntu apt-get source (package name) to get the source code of any software and if there is any suspicious coding , the ubuntu chinese community will know (and i say chinese because the rest of the world won't be using kylin ! ) and they can just apt the source -> edit -> compile / use and share the new version all of that assuming that their government is full of shit Edited March 26, 2013 by Mr-Protocol Removed large pictures Quote Link to comment Share on other sites More sharing options...
Sebkinne Posted March 26, 2013 Share Posted March 26, 2013 Aminter, The main concern is that once the kylin development are trusted, it is very well possible that they submit things upstream. If that happens, it would be possible for something to slip through.. This has happened in other OS projects - trusted developers aren't checked that closely. Quote Link to comment Share on other sites More sharing options...
aminter Posted March 26, 2013 Share Posted March 26, 2013 (edited) Aminter, The main concern is that once the kylin development are trusted, it is very well possible that they submit things upstream. If that happens, it would be possible for something to slip through.. This has happened in other OS projects - trusted developers aren't checked that closely. same thing can be said about osx and windows , without us having the possibility to follow the source Edited March 26, 2013 by aminter Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted March 26, 2013 Author Share Posted March 26, 2013 same thing can be said about osx and windows , without us having the possibility to follow the source But neither of those companies are Chinese whom have a history of such. And if they did and were found, there would be no company left. Quote Link to comment Share on other sites More sharing options...
aminter Posted March 26, 2013 Share Posted March 26, 2013 But neither of those companies are Chinese whom have a history of such. And if they did and were found, there would be no company left. you talk like you live in china ,it's kylin's community probelm not ubuntu's i was talking IT , but you are just trying to demonstrate who's the bad guys regardless of your stereotype political decision ,i won't trust a black box (even if it's from Good Guy Greg ) , that shit makes me feel dumb . Quote Link to comment Share on other sites More sharing options...
digininja Posted March 26, 2013 Share Posted March 26, 2013 now you are discussing the possibility of an obfuscated malicious coding that somehow all the programmers from all the world didn't understand but at the same time you have total confidence in a balckbox OS (by not mentioning it ) just because you trust the person who sold you its EULA So can I assume that you like pink dresses and ball gags because you didn't mention them? Lack of mentioning something does not in any way imply feelings towards it. If you want my opinion then please ask for it, don't assume it as your assumptions so far have been wrong. Security vulnerabilities are usually caused by bugs, some very serious vulns are caused by very small changes, check out these two which slipped through the nets for a long time. The second one was a single line which made the app vulnerable. If someone malicious but trusted sneaks something like this in deliberately it could also take a long time to discover and could easily be put down to a mistake. Code submitted by a general member of the public would be highly scrutinised, something by a developer who has been trusted for the last year gets a lot less attention. http://www.livehacking.com/2012/06/12/mysql-allows-root-access-for-every-1-in-256-login-attempts-without-a-password/ http://nakedsecurity.sophos.com/2012/05/21/anatomy-of-a-security-hole-the-break-that-broke-sudo/ There was another sudo vulnerability which was just as serious but was caused by the difference between = and ==. Just a single character caused a pretty big issue. Quote Link to comment Share on other sites More sharing options...
digininja Posted March 26, 2013 Share Posted March 26, 2013 you talk like you live in china ,it's kylin's community probelm not ubuntu's i was talking IT , but you are just trying to demonstrate who's the bad guys regardless of your stereotype political decision ,i won't trust a black box (even if it's from Good Guy Greg ) , that shit makes me feel dumb . It isn't just the problem for the Chinese if the devs manage to push something back upstream to Ubuntu itself. Quote Link to comment Share on other sites More sharing options...
aminter Posted March 26, 2013 Share Posted March 26, 2013 push something back upstream to Ubuntu itself. now canonical is a maoian secret evil agency trying to fuck shit up in murica well i'm done with this topic i'm discussing personal stereotype accusations . Quote Link to comment Share on other sites More sharing options...
digip Posted March 27, 2013 Share Posted March 27, 2013 (edited) Are we talking stereotypes of "Chinese people" in general or state sponsored "Chinese government espionage" which is what I think most of us have a concern over. For me, its not about race, its about the actions of a specific group involved, and that could be any group. The word "Chinese" in this thread may be taken out of context, and for that i think some clarity needs to be put into perspective. I think there a PLENTY of brilliant Chinese coders, most of whom could run circles around the rest of us here on the forums. I think the general consensus on this thread though, is on the "Chinese government" as an entity and world wide player who has a history of not only stealing trade secrets, but intentionally back-dooring hardware, software, and is one of the largest offenders when it comes to state sponsored cyber attacks. Not saying we, the United States aren't in some manner doing much the same thing in spying on the world, but as far as coding and inserting reliable trusted code into open source repositories, I think all governments should stay out, while its left to the open source community at large, so for me, this is more about true openness and transparency, and less about the stereotype of the word "Chinese". You could substitute it with "insert any other country name here" and I think most would have some of the same fears. Does that make sense? Edited March 27, 2013 by digip Quote Link to comment Share on other sites More sharing options...
digininja Posted March 27, 2013 Share Posted March 27, 2013 Just spotted this, another great vulnerability created by a single bracket being out of place. So easy to do either by mistake or deliberately. http://www.theregister.co.uk/2013/03/26/netbsd_crypto_bug/ And I fully agree with digip, anyone who doesn't believe in Chinese state sponsored hacking should read the Mandiant APT1 report. While it has some people who disagree with it and give alternate suggestions for the theories it puts forward the general community agrees that it is mainly correct. Quote Link to comment Share on other sites More sharing options...
joey-world Posted April 7, 2013 Share Posted April 7, 2013 What it makes me even more sad, is that canonical didn't even tryied to propose this idea to the ubuntu users. In a kinda like "how would you feel about china modifing some code to make the OS better" I'm sure a lot of people would have replied "NEVER" Anyways... There's millions of factors to consider, I would love to see a Hack5 episode about ubuntu, canonical and china. Not the f#^*ng hacking cross america thing.Now that's in my opinion. Let's hope that this changes to the distrubition don't affect the reputation of Canonical and Ubuntu in the short and long run, but my paranoia for some reason is ringing with a red light. We should make a Big topic on this ubuntu thing. Make some surveys and put all the info together, to be pinned to main topics. I think that's another good idea. Another factor that we should consider is that Canonical and Ubuntu 12.04 LTS will last a couple of years more, meanwhile we can check out how the new spin goes and make a big and well analized desition. AND......... I love sandwiches Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted April 7, 2013 Share Posted April 7, 2013 Personally I don't like the Ubuntu distro much, I prefer Debian or CentOS. And since it's a Chinese modified distro, I'd stay away from it. Quote Link to comment Share on other sites More sharing options...
Foxtrot Posted April 7, 2013 Share Posted April 7, 2013 I guess nows a great time to setup Arch, with Ubuntu 13.04 coming out... Anyone got any better alternatives other than Mint? :) -Foxtrot Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.