9:59:59.000,9:59:59.000 ... wanted to be able to use 9:59:59.000,9:59:59.000 Thunderbird and GnuPG together with Tor, 9:59:59.000,9:59:59.000 and so we thought: 9:59:59.000,9:59:59.000 oh, it would be really easy, I bet, 9:59:59.000,9:59:59.000 to configure Thunderbird to work with Tor 9:59:59.000,9:59:59.000 - hah - so a new Free software project[br]was born. 9:59:59.000,9:59:59.000 It's a really simple thing, but basically 9:59:59.000,9:59:59.000 it's just a package[br]that hooks it all together. 9:59:59.000,9:59:59.000 So a lot of people were using Thunderbird 9:59:59.000,9:59:59.000 and TorBirdy, and GnuPG, and Tor, 9:59:59.000,9:59:59.000 and Debian, together for email, 9:59:59.000,9:59:59.000 combined with Riseup as an email service. 9:59:59.000,9:59:59.000 So it's a literally a real peer to peer,[br]Free software driven set of things, 9:59:59.000,9:59:59.000 actually, that made it possible. 9:59:59.000,9:59:59.000 [question]:[br]So one thing I never understood about this 9:59:59.000,9:59:59.000 process was exactly how the documents were[br]handled, and maybe that's because nobody 9:59:59.000,9:59:59.000 wants to say, but, you know, did you leave[br]them on a server somewhere and download 9:59:59.000,9:59:59.000 them, hand them over to people, and who[br]took what where, and how do you... 9:59:59.000,9:59:59.000 in case I need to do something really[br]dangerous with a load of documents, 9:59:59.000,9:59:59.000 what's the best way of doing it? 9:59:59.000,9:59:59.000 [laughter] 9:59:59.000,9:59:59.000 [Jacob]: Hmm! 9:59:59.000,9:59:59.000 [audience member]: It's a good thing[br]this isn't being streamed. 9:59:59.000,9:59:59.000 I'm sorry, what? 9:59:59.000,9:59:59.000 There was a voice from god,[br]what did she say? 9:59:59.000,9:59:59.000 [audience]:[br]I said good we aren't streaming tonight. 9:59:59.000,9:59:59.000 Oh yeah, so hello to all of our friends[br] 9:59:59.000,9:59:59.000 in domestic and international[br]surveillance services. 9:59:59.000,9:59:59.000 Well, so I won't answer your question, 9:59:59.000,9:59:59.000 but since you asked the question,[br]it's my turn to talk. 9:59:59.000,9:59:59.000 So what I would say is that... 9:59:59.000,9:59:59.000 if you want to do clandestine activities 9:59:59.000,9:59:59.000 that you fear for your life for, 9:59:59.000,9:59:59.000 you need to really think about[br]the situation that you're in 9:59:59.000,9:59:59.000 very carefully. 9:59:59.000,9:59:59.000 And so a big part of this is[br]operational security 9:59:59.000,9:59:59.000 and a big part of that is[br]compartmentalization. 9:59:59.000,9:59:59.000 So certain people had access[br]to certain things, 9:59:59.000,9:59:59.000 but maybe they couldn't decrypt them, 9:59:59.000,9:59:59.000 and certain things were moved around, 9:59:59.000,9:59:59.000 and that's on a need to know basis, 9:59:59.000,9:59:59.000 and those people who knew, 9:59:59.000,9:59:59.000 which is not me - I don't know anything,[br]I don't know what you're talking about. 9:59:59.000,9:59:59.000 Those people knew, and then you know, 9:59:59.000,9:59:59.000 it'll go with them to their grave. 9:59:59.000,9:59:59.000 So if you're interested in being the next[br]Edward Snowden, 9:59:59.000,9:59:59.000 you need to do your homework 9:59:59.000,9:59:59.000 in finding people that will be able to do[br]the other part of it, let's say. 9:59:59.000,9:59:59.000 But just in general, I mean 9:59:59.000,9:59:59.000 compartmentalization is key, right. 9:59:59.000,9:59:59.000 So it's not just for AppArmor profiles. 9:59:59.000,9:59:59.000 So you need to think about[br]what you want to do. 9:59:59.000,9:59:59.000 And I mean a big part of this[br]is to consider that the network itself 9:59:59.000,9:59:59.000 is the enemy, even though it is useful[br]for communicating. 9:59:59.000,9:59:59.000 So all the metadata that exists[br]on the network 9:59:59.000,9:59:59.000 could have tipped people off,[br]could have caused 9:59:59.000,9:59:59.000 this whole thing to fall apart. 9:59:59.000,9:59:59.000 It really is amazing, I feel like you know 9:59:59.000,9:59:59.000 two and half, three years ago, 9:59:59.000,9:59:59.000 when you talk about Free software, 9:59:59.000,9:59:59.000 and you talk about the idea of[br]Free software, 9:59:59.000,9:59:59.000 and you talk about issues relating to[br]autonomy and privacy, and security 9:59:59.000,9:59:59.000 you have a really different reception now[br]than you did then, 9:59:59.000,9:59:59.000 and that's really what it took 9:59:59.000,9:59:59.000 to turn the world half a degree,[br]or something, 9:59:59.000,9:59:59.000 or a quarter of a degree or something. 9:59:59.000,9:59:59.000 So I'm not going to tell you about[br]detailed plans for conspiracy, 9:59:59.000,9:59:59.000 but I highly encourage you to read about[br]South African history, 9:59:59.000,9:59:59.000 in particular the history of[br]Umkhonto we Sizwe. 9:59:59.000,9:59:59.000 They are the clandestine communications[br]group for MK, 9:59:59.000,9:59:59.000 or rather the operation who lay inside of MK, 9:59:59.000,9:59:59.000 which is Umkhonto we Sizwe, 9:59:59.000,9:59:59.000 and they are sort of with[br]the African National Congress, 9:59:59.000,9:59:59.000 and those people have published so many[br]books about the revolutionary activities 9:59:59.000,9:59:59.000 to overthrow the apartheid state. 9:59:59.000,9:59:59.000 If you read these books, especially[br]the book "Operation Vula" 9:59:59.000,9:59:59.000 and "Armed and Dangerous"[br]by Ronnie Kasrils 9:59:59.000,9:59:59.000 they give you some idea about[br]what you need to do 9:59:59.000,9:59:59.000 which is to compartmentalize, 9:59:59.000,9:59:59.000 how to find people to do various tasks,[br]specific tasks, 9:59:59.000,9:59:59.000 how to work on building trust[br]with each other, what that looks like, 9:59:59.000,9:59:59.000 how to identify political targets, 9:59:59.000,9:59:59.000 how you might use things[br]like communications technology 9:59:59.000,9:59:59.000 to change the political topic on, 9:59:59.000,9:59:59.000 and the discussion in general. 9:59:59.000,9:59:59.000 And I think the best way to learn about[br]these things is to study previous people 9:59:59.000,9:59:59.000 who have tried to do that kind of stuff. 9:59:59.000,9:59:59.000 And the NSA is not the apartheid regime of[br]South Africa, 9:59:59.000,9:59:59.000 but there are still lessons[br]to be learned there, 9:59:59.000,9:59:59.000 so if you really want to know the answer[br]to that, also Che Guevara's manual 9:59:59.000,9:59:59.000 on guerilla warfare is very interesting, 9:59:59.000,9:59:59.000 and there's a lot of other books like that. 9:59:59.000,9:59:59.000 I'd be happy to talk about it[br]with you later. 9:59:59.000,9:59:59.000 And I have nothing to do with anything[br]that we may or may not have done. 9:59:59.000,9:59:59.000 [laughter] 9:59:59.000,9:59:59.000 [question]: Do you think there is a chance[br]that things may get better 9:59:59.000,9:59:59.000 for example I know that publicly,[br]some programs were not extended 9:59:59.000,9:59:59.000 but I don't know what is happening[br]in the background 9:59:59.000,9:59:59.000 so maybe it's the same thing[br]but they are pretending that it's not 9:59:59.000,9:59:59.000 How do you see this? 9:59:59.000,9:59:59.000 [Jacob]: Well I think a couple of things. 9:59:59.000,9:59:59.000 In general I think what happened, not just[br]with this movie but with all of these things 9:59:59.000,9:59:59.000 is that in inspired hope, 9:59:59.000,9:59:59.000 and the hope is very important, 9:59:59.000,9:59:59.000 but hope is not a strategy for survival,[br]or for building alternatives, 9:59:59.000,9:59:59.000 so what it has also done, is that it has[br]allowed us to raise the profile 9:59:59.000,9:59:59.000 of the things which actually do[br]make it better. 9:59:59.000,9:59:59.000 For example ridding ourselves of the[br]chains of proprietary software 9:59:59.000,9:59:59.000 is something that's a serious discussion[br]with people that wouldn't have previously 9:59:59.000,9:59:59.000 talked about Free software[br]because they don't care about liberty, 9:59:59.000,9:59:59.000 they care about security. 9:59:59.000,9:59:59.000 And even though I think those are[br]really simliar things, 9:59:59.000,9:59:59.000 previously they just thought we were just[br]Free software hippies, 9:59:59.000,9:59:59.000 in tie-dye shirts 9:59:59.000,9:59:59.000 and while that may be true on the weekends[br]and evenings 9:59:59.000,9:59:59.000 or with Bdale every day[br][laughter] 9:59:59.000,9:59:59.000 I think that actually does make it better 9:59:59.000,9:59:59.000 And it also changes the dialogue, in[br]the sense that it's no longer reasonable 9:59:59.000,9:59:59.000 to pretend that mass surveillance and[br]surveillance issues don't matter, 9:59:59.000,9:59:59.000 because if you really go down the[br]rabbit-hole 9:59:59.000,9:59:59.000 of thinking about what the security[br]services are trying to do 9:59:59.000,9:59:59.000 it becomes obvious that we want to encrypt[br]everything all the time 9:59:59.000,9:59:59.000 to beat selector-based surveillance[br]and dragnet-based surveillance. 9:59:59.000,9:59:59.000 It doesn't matter if something is authenticated 9:59:59.000,9:59:59.000 You could still trigger some action[br]to take place 9:59:59.000,9:59:59.000 with these kinds of surveillance machines 9:59:59.000,9:59:59.000 that could for example drone[br]strike someone, 9:59:59.000,9:59:59.000 and so it raises that. 9:59:59.000,9:59:59.000 And that gives me a lot of hope too, 9:59:59.000,9:59:59.000 because people understand the root[br]of the problem, 9:59:59.000,9:59:59.000 or the root of many problems 9:59:59.000,9:59:59.000 and the root of some violence[br]in the world, actually. 9:59:59.000,9:59:59.000 And so it helps us to reduce that[br]violence 9:59:59.000,9:59:59.000 by getting people to acknowledge[br]that it's real 9:59:59.000,9:59:59.000 and also that they care about it 9:59:59.000,9:59:59.000 and that we care about each other. 9:59:59.000,9:59:59.000 So that really gives me a lot of hope,[br]and part of that is Snowden 9:59:59.000,9:59:59.000 and part of that is the documents 9:59:59.000,9:59:59.000 but the other part of it is that.. 9:59:59.000,9:59:59.000 I don't want to blow it up and make it[br]sound like we did something 9:59:59.000,9:59:59.000 like a big deal, 9:59:59.000,9:59:59.000 but in a sense, Laura, Glen, myself[br]and a number of other people 9:59:59.000,9:59:59.000 were really not sure we would ever be able[br]to travel home to our country 9:59:59.000,9:59:59.000 that we wouldn't be arrested. 9:59:59.000,9:59:59.000 I actually haven't been home[br]in over two and half years, 9:59:59.000,9:59:59.000 well, two years and three months[br]or something 9:59:59.000,9:59:59.000 I went out on a small business trip[br]that was supposed to last two weeks 9:59:59.000,9:59:59.000 and then this happened 9:59:59.000,9:59:59.000 and I've been hear ever since. 9:59:59.000,9:59:59.000 It's a really long, crazy trip. 9:59:59.000,9:59:59.000 But the point is that that's what was[br]necessary to make some of these changes 9:59:59.000,9:59:59.000 and eventually it will turn around 9:59:59.000,9:59:59.000 and I will be able to go home, 9:59:59.000,9:59:59.000 and Laura and Glen will be able to travel[br]to the US again. 9:59:59.000,9:59:59.000 Obviously, Julian is still stuck in the[br]Ecuadorian embassy 9:59:59.000,9:59:59.000 Sarah lives in exile in Berlin, 9:59:59.000,9:59:59.000 I live in exile in Berlin, 9:59:59.000,9:59:59.000 And Ed is in Moscow 9:59:59.000,9:59:59.000 So we're not finished with some of[br]these things 9:59:59.000,9:59:59.000 and it's also possible that we are,[br]the set of people I mentioned, 9:59:59.000,9:59:59.000 the state we're in, will stay that way[br]forever. 9:59:59.000,9:59:59.000 But what matters is that the rest[br]of the world 9:59:59.000,9:59:59.000 can actually move on and fix some of[br]these problems, 9:59:59.000,9:59:59.000 and I have a lot of hope about that. 9:59:59.000,9:59:59.000 And I see a lot of change, that's the[br]really big part. 9:59:59.000,9:59:59.000 Like I see the reproducible build stuff[br]that Holger and Lunar are working on. 9:59:59.000,9:59:59.000 People really understand the root reason[br]for needing to do that 9:59:59.000,9:59:59.000 and actually seems quite reasonable[br]to people 9:59:59.000,9:59:59.000 who would previously have expended energy[br]against it, 9:59:59.000,9:59:59.000 in support of it, so I think that's[br]really good. 9:59:59.000,9:59:59.000 And there's a lot of other hopeful things. 9:59:59.000,9:59:59.000 So I would try and be as uplifting[br]as possible. 9:59:59.000,9:59:59.000 It's not just the rum! 9:59:59.000,9:59:59.000 [question]: Near the end of the film[br]we saw something about another source. 9:59:59.000,9:59:59.000 I may have been missing some news[br]or something 9:59:59.000,9:59:59.000 but I don't remember anything about that[br]being public. 9:59:59.000,9:59:59.000 Do you know what happened to them? 9:59:59.000,9:59:59.000 [Jacob]: As far as I know any other[br]source that was mentioned in the film 9:59:59.000,9:59:59.000 is still anonymous, and they're still free. 9:59:59.000,9:59:59.000 I'm not exactly sure because I was not[br]involved in that part 9:59:59.000,9:59:59.000 but I also saw the end of the film 9:59:59.000,9:59:59.000 and I've seen a bunch of other reporting[br]which wasn't attributed to anyone in particular 9:59:59.000,9:59:59.000 So the good news... there's an old slogan[br]from the Dutch hacker community, right? 9:59:59.000,9:59:59.000 "Someone you trust is one of us, 9:59:59.000,9:59:59.000 and the leak is higher up in the chain of[br]command than you" 9:59:59.000,9:59:59.000 And I feel like that might be true again,[br]hopefully. 9:59:59.000,9:59:59.000 I think that guy has a question as well. 9:59:59.000,9:59:59.000 [question]: Part of the problem initially[br]was that encryption software 9:59:59.000,9:59:59.000 was not so easy to use, right? 9:59:59.000,9:59:59.000 And I think part of the challenge[br]for everyone 9:59:59.000,9:59:59.000 was to improve on that situation[br]to make it better 9:59:59.000,9:59:59.000 so I'm asking you if you've observed[br]any change and to the rest of the room 9:59:59.000,9:59:59.000 have we done anything to improve on that? 9:59:59.000,9:59:59.000 [Jacob]: I definitely think that there is[br]a lot of free software 9:59:59.000,9:59:59.000 that makes encryption easier to use, 9:59:59.000,9:59:59.000 though not always on free platforms,[br]which really is heart-breaking. 9:59:59.000,9:59:59.000 For example Moxie Marlinspike has done[br]a really good job 9:59:59.000,9:59:59.000 with Signal, Textsecure and Redphone 9:59:59.000,9:59:59.000 and making end-to-end, encrypted[br]calling, texting, sexting, 9:59:59.000,9:59:59.000 and whatever apps, 9:59:59.000,9:59:59.000 sext-secure is what I think it's nicknamed 9:59:59.000,9:59:59.000 and I'm very impressed by that,[br]and it works really well 9:59:59.000,9:59:59.000 and it's something which in the[br]last two years 9:59:59.000,9:59:59.000 if you have a cell-phone,[br]which I don't recommend 9:59:59.000,9:59:59.000 but if you have a cell-phone,[br]and you put in everyone's phone number, 9:59:59.000,9:59:59.000 a lot of people that I would classify as[br]non-technical people, 9:59:59.000,9:59:59.000 that don't care about Free software[br]as a hobby or as a passion 9:59:59.000,9:59:59.000 or as a profession. 9:59:59.000,9:59:59.000 You see their names in those systems 9:59:59.000,9:59:59.000 often more than some of the[br]Free software people, 9:59:59.000,9:59:59.000 and that's really impressive to me, 9:59:59.000,9:59:59.000 and I think there's been a huge shift[br]just generally about those sorts of things 9:59:59.000,9:59:59.000 also about social responsibility, 9:59:59.000,9:59:59.000 or people understand they have a[br]responsibility to other people 9:59:59.000,9:59:59.000 to encrypt communications,[br]and not to put people in harm's way 9:59:59.000,9:59:59.000 by sending unsafe stuff over[br]unsafe communication lines. 9:59:59.000,9:59:59.000 So I think in my personal view it's better. 9:59:59.000,9:59:59.000 But the original problem wasn't actually[br]that the encryption was hard to use. 9:59:59.000,9:59:59.000 I think the main problem is people didn't[br]understand the reason 9:59:59.000,9:59:59.000 that it needed to be done 9:59:59.000,9:59:59.000 and they believed the lie that is[br]targetted versus mass surveillance. 9:59:59.000,9:59:59.000 And there's a big lie, and the lie is[br]that there is such a thing 9:59:59.000,9:59:59.000 as targeted surveillance. 9:59:59.000,9:59:59.000 In the modern era, most so-called[br]targetted surveillance actually happens 9:59:59.000,9:59:59.000 through mass surveillance. 9:59:59.000,9:59:59.000 They gather everything up, and then they[br]look through the thing 9:59:59.000,9:59:59.000 they've already seized. 9:59:59.000,9:59:59.000 And of course there are targetted,[br]focussed attacks. 9:59:59.000,9:59:59.000 But the main thing is that the abuse of[br]surveillance often happens 9:59:59.000,9:59:59.000 on an individual basis. 9:59:59.000,9:59:59.000 It also has a societal cost. 9:59:59.000,9:59:59.000 I think a lot of people really[br]understand that. 9:59:59.000,9:59:59.000 It's probably because I also live in[br]Germany now for the last two years 9:59:59.000,9:59:59.000 but I feel that German society in[br]particular is extremely aware 9:59:59.000,9:59:59.000 of these abuses in the modern world 9:59:59.000,9:59:59.000 and they have a historical context[br]that allows them to talk about it 9:59:59.000,9:59:59.000 with the rest of the world, where the[br]world doesn't downplay it. 9:59:59.000,9:59:59.000 So this is how other people relate to[br]Germany 9:59:59.000,9:59:59.000 not just about Germans relate to[br]each other. 9:59:59.000,9:59:59.000 And that has also been really good[br]for just meeting regular people 9:59:59.000,9:59:59.000 who really care about it, 9:59:59.000,9:59:59.000 and who really want to do things. 9:59:59.000,9:59:59.000 So people's parents email me,[br]and are like 9:59:59.000,9:59:59.000 "I want to protect my children, 9:59:59.000,9:59:59.000 what's the best way to use crypto[br]with them?" 9:59:59.000,9:59:59.000 You know, things like that. 9:59:59.000,9:59:59.000 And I didn't every receive emails like[br]that in the past 9:59:59.000,9:59:59.000 and that's to me is uplifting[br]and very positive. 9:59:59.000,9:59:59.000 [question]: A quick organisational question. 9:59:59.000,9:59:59.000 Right now we're live-streaming the Q&A.[br]Are you comfortable with that? 9:59:59.000,9:59:59.000 [Jacob]: I don't think in the last three[br]years I've ever had a moment 9:59:59.000,9:59:59.000 that wasn't being recorded. 9:59:59.000,9:59:59.000 [laughter, applause] 9:59:59.000,9:59:59.000 [question]: If you're fine with it, moving on... 9:59:59.000,9:59:59.000 [Jacob]: That's fine, just don't do it[br]when I'm trying to sleep. 9:59:59.000,9:59:59.000 [question]: I was wondering why Laura[br]and you ended up in Germany 9:59:59.000,9:59:59.000 because what you said about people in[br]Germany might be true 9:59:59.000,9:59:59.000 but I'm really ashamed about my Government[br]and how they dealt with ???? 9:59:59.000,9:59:59.000 and they are doing nothing for this. 9:59:59.000,9:59:59.000 [Jacob]: The reason that we ended up in[br]Germany 9:59:59.000,9:59:59.000 is that I'd been attending[br]Chaos Computer Club events 9:59:59.000,9:59:59.000 for many years 9:59:59.000,9:59:59.000 and there are bunch of people that are[br]part of the Chaos Computer Club 9:59:59.000,9:59:59.000 who are really supportive,[br]and good people, 9:59:59.000,9:59:59.000 who have a stable base,[br]and an infrastructure. 9:59:59.000,9:59:59.000 The German hacker scene has this[br]phenomenon which is that 9:59:59.000,9:59:59.000 it's a part of society. 9:59:59.000,9:59:59.000 So there are people in the CCC who will[br]talk with the constitutional court 9:59:59.000,9:59:59.000 for example, 9:59:59.000,9:59:59.000 and that creates a much more stable[br]society 9:59:59.000,9:59:59.000 and those people were willing to help us. 9:59:59.000,9:59:59.000 They were willing to hold footage,[br]to hold encrypted data. 9:59:59.000,9:59:59.000 They were willing to help modify hardware. 9:59:59.000,9:59:59.000 There was a huge base of support where[br]people, even if they had fear, 9:59:59.000,9:59:59.000 they did stuff anyway. 9:59:59.000,9:59:59.000 And that support went back a long time. 9:59:59.000,9:59:59.000 And so we knew that it would be safe[br]to store footage for the film here. 9:59:59.000,9:59:59.000 In Berlin, not in Heidelberg, but here[br]in Germany. 9:59:59.000,9:59:59.000 And we knew that, of course,[br]there were people that would be helpful. 9:59:59.000,9:59:59.000 In the US there's a much bigger culture[br]of fear. 9:59:59.000,9:59:59.000 People are afraid of having their houses[br]raided by the police, 9:59:59.000,9:59:59.000 where there's lots of detainments at the[br]borders, 9:59:59.000,9:59:59.000 where there's lots of speculative arrests, 9:59:59.000,9:59:59.000 journalists that are jailed, 9:59:59.000,9:59:59.000 so the situation was not to say that[br]Germany was perfect. 9:59:59.000,9:59:59.000 I revealed in Der Speigel with three other[br]journalists that Merkel was spied on 9:59:59.000,9:59:59.000 by the NSA. 9:59:59.000,9:59:59.000 And it's clear that the Germany government[br]was complicit 9:59:59.000,9:59:59.000 with some of this surveillance. 9:59:59.000,9:59:59.000 But in a sort of pyramid of surveillance[br]there's a sort of colonialism 9:59:59.000,9:59:59.000 that takes place. 9:59:59.000,9:59:59.000 And that the NSA and GCHQ are at the top. 9:59:59.000,9:59:59.000 And the Germans are little bit below that. 9:59:59.000,9:59:59.000 The thing is that there's not a lot you[br]do about that. 9:59:59.000,9:59:59.000 And so even though we revealed this[br]about Merkel, 9:59:59.000,9:59:59.000 it's not clear what she should do. 9:59:59.000,9:59:59.000 It's not clear what anyone should do. 9:59:59.000,9:59:59.000 But one thing that was clear was that[br]if they wanted to break into our houses 9:59:59.000,9:59:59.000 they would do it in a way that would[br]cost them a lot politically. 9:59:59.000,9:59:59.000 It would be very public. 9:59:59.000,9:59:59.000 The last time someone raided someone[br]working with Der Speigel 9:59:59.000,9:59:59.000 was in 1962 during the Speigel affair, 9:59:59.000,9:59:59.000 and some ministers were kicked out. 9:59:59.000,9:59:59.000 You may have seen recently the[br]Landersverrat thing 9:59:59.000,9:59:59.000 with Netzpolitik. 9:59:59.000,9:59:59.000 The charges against them now[br]have been dropped. 9:59:59.000,9:59:59.000 That would never happen in the[br]United States. 9:59:59.000,9:59:59.000 We would not be safe. 9:59:59.000,9:59:59.000 And I still, for my investigative[br]journalism, 9:59:59.000,9:59:59.000 and my work with Wikileaks, 9:59:59.000,9:59:59.000 and my work with the Tor project, 9:59:59.000,9:59:59.000 I wouldn't even go back to the US, 9:59:59.000,9:59:59.000 because there's no chance that if they[br]wanted to do something to me 9:59:59.000,9:59:59.000 that I would have any constitutional[br]liberties, I think, 9:59:59.000,9:59:59.000 and the same is true of Snowden. 9:59:59.000,9:59:59.000 You just won't get that fair trial. 9:59:59.000,9:59:59.000 And we thought at least here we would[br]have ground to stand and fight on. 9:59:59.000,9:59:59.000 And it's exactly what happened,[br]and we won. 9:59:59.000,9:59:59.000 [question]: This is also about the fear[br]stuff that you talk about 9:59:59.000,9:59:59.000 which is in the very old days we used to[br]put red words in the end of every message 9:59:59.000,9:59:59.000 to make sure that it would be hard to find[br]the actual subversive message 9:59:59.000,9:59:59.000 among all the noise. 9:59:59.000,9:59:59.000 And you can think about the same thing[br]here. 9:59:59.000,9:59:59.000 Should we build our systems so that[br]everything gets encrypted all the time? 9:59:59.000,9:59:59.000 [Jacob]: So I have a lot of radical[br]suggestions for what to do, 9:59:59.000,9:59:59.000 but I'm going to talk about them tomorrow[br]in the keynote mostly. 9:59:59.000,9:59:59.000 But to give you an example,[br]if you install Debian, 9:59:59.000,9:59:59.000 you can give someone the ability to log[br]into the machine 9:59:59.000,9:59:59.000 over a Tor hidden service for free. 9:59:59.000,9:59:59.000 You get a free .onion when you add two[br]lines to a Tor configuration file. 9:59:59.000,9:59:59.000 We should make encryption not only easy[br]to use but out of the box 9:59:59.000,9:59:59.000 we should have it possible to have[br]end-to-end reachability and connectivity, 9:59:59.000,9:59:59.000 and we should reduce the total amount[br]of metadata, to make it harder for people 9:59:59.000,9:59:59.000 who want to break the law, that want to[br]break into computers. 9:59:59.000,9:59:59.000 We should solve the problem of adversarial[br]versus non-adversarial forensics 9:59:59.000,9:59:59.000 so we can verify our systems with open[br]hardware and Free software together. 9:59:59.000,9:59:59.000 And there's a lot to be done,[br]but the main thing to do is to recognise 9:59:59.000,9:59:59.000 that if you have the ability to upload[br]to Debian, 9:59:59.000,9:59:59.000 there are literally intelligence agencies[br]that would like those keys. 9:59:59.000,9:59:59.000 And we have a great responsiblity to[br]humanity as Debian developers 9:59:59.000,9:59:59.000 to do the right thing: to build open[br]systems, 9:59:59.000,9:59:59.000 to build them in a way where users don't[br]need to understand this stuff. 9:59:59.000,9:59:59.000 There are a lot of people in the world[br]that will never see this film. 9:59:59.000,9:59:59.000 And we can solve the problems that this[br]film describes largely with Free software. 9:59:59.000,9:59:59.000 And we can do that without them knowing, 9:59:59.000,9:59:59.000 and they will be safe for us having[br]done that. 9:59:59.000,9:59:59.000 And if we can do that, the world will be[br]a better place, I think. 9:59:59.000,9:59:59.000 And I think the world is a better place[br]because of the efforts that were 9:59:59.000,9:59:59.000 already done in that area, that made this[br]possible. 9:59:59.000,9:59:59.000 The Tails project made it so that a bunch[br]of people 9:59:59.000,9:59:59.000 who were good at investigative journalism, 9:59:59.000,9:59:59.000 but absolutely terrible with computers,[br]were able to pull this off. 9:59:59.000,9:59:59.000 And that is entirely the product, in my[br]opinion, of Free software. 9:59:59.000,9:59:59.000 And a little bit of Laura and Glen, but[br]I'd say a lot of Free software. 9:59:59.000,9:59:59.000 [question]: How many people do you think[br]NSA has 9:59:59.000,9:59:59.000 working within the Debian community? 9:59:59.000,9:59:59.000 [laughter, applause] 9:59:59.000,9:59:59.000 [Jacob]: Well, I looked in the Snowden[br]archive about that actually. 9:59:59.000,9:59:59.000 [laughter, applause] 9:59:59.000,9:59:59.000 Yeah. And as far as I can Debian is not a[br]high priority target for them. 9:59:59.000,9:59:59.000 I mean they write exploits for all sort[br]of stuff 9:59:59.000,9:59:59.000 but I never found any systematic attempt[br]to compromise or harm the Debian project. 9:59:59.000,9:59:59.000 But obviously there are people who are[br]paid by the NSA to infiltrate communities, 9:59:59.000,9:59:59.000 and that's why we have to open transparent[br]processes 9:59:59.000,9:59:59.000 so that if those people behave badly,[br]we have an audit trail. 9:59:59.000,9:59:59.000 We won't ever stop that kind of stuff, 9:59:59.000,9:59:59.000 but what matters[br]is that people do good things. 9:59:59.000,9:59:59.000 It doesn't matter who they do bad things[br]for as long as we can correct those things 9:59:59.000,9:59:59.000 and/or catch them and stop them before[br]it happens. 9:59:59.000,9:59:59.000 But as far as I know there are only a[br]couple of people that have ever 9:59:59.000,9:59:59.000 been associated with the NSA in the[br]Debian community. 9:59:59.000,9:59:59.000 But I think we shouldn't get paranoid[br]about it, 9:59:59.000,9:59:59.000 but we should just be prudent about our[br]processes, 9:59:59.000,9:59:59.000 because there are lots of intelligence[br]services around the world 9:59:59.000,9:59:59.000 that do not like the values of a[br]universal operating system, 9:59:59.000,9:59:59.000 so I don't think it's super-important to[br]look, but I did actually look, 9:59:59.000,9:59:59.000 very specifically for a whole bunch of[br]people in the Debian community 9:59:59.000,9:59:59.000 to see if any of them also were being[br]paid by the NSA 9:59:59.000,9:59:59.000 and I didn't find any serious thing that[br]raised concern, 9:59:59.000,9:59:59.000 and if I did, I would have... 9:59:59.000,9:59:59.000 I mean, there were lots of things I found[br]in the archive that I immediately 9:59:59.000,9:59:59.000 notified security teams about. 9:59:59.000,9:59:59.000 Where I worked along with many other[br]people to actually fix those things. 9:59:59.000,9:59:59.000 And one of those things, if we had found[br]them, like infiltrators in Debian, 9:59:59.000,9:59:59.000 I absolutely would have just told people[br]about. 9:59:59.000,9:59:59.000 The problem is that a lot of the[br]journalists don't want to do that 9:59:59.000,9:59:59.000 because there's a ten year felony[br]where you go to prison - 9:59:59.000,9:59:59.000 a federal American prison - 9:59:59.000,9:59:59.000 if you reveal the name of an agent. 9:59:59.000,9:59:59.000 So there's a tension there, 9:59:59.000,9:59:59.000 but I think that there's something[br]to be said, 9:59:59.000,9:59:59.000 if they're actually actively harming the[br]community 9:59:59.000,9:59:59.000 and they're committing a crime, 9:59:59.000,9:59:59.000 I think there's something to be said[br]about that. 9:59:59.000,9:59:59.000 So if I found that I think it would be[br]worthwhile, 9:59:59.000,9:59:59.000 but just so you know, there's this[br]high cost. 9:59:59.000,9:59:59.000 So if there were people in the agency[br]now, 9:59:59.000,9:59:59.000 because they say that we used Tails, and[br]Debian, and they wanted to subvert it, 9:59:59.000,9:59:59.000 there's a really really high bar for[br]punishment. 9:59:59.000,9:59:59.000 Which suggests that maybe people[br]won't tell you. 9:59:59.000,9:59:59.000 So we need to sort of bank on the fact[br]that we'll never know, 9:59:59.000,9:59:59.000 but we don't need to know, as long as we[br]have good processes 9:59:59.000,9:59:59.000 that would catch bad behaviour. 9:59:59.000,9:59:59.000 And that's one of the strengths of Debian. 9:59:59.000,9:59:59.000 There are very few operating systems,[br]I think, 9:59:59.000,9:59:59.000 and just in general Free software[br]communities, 9:59:59.000,9:59:59.000 that are as diverse, and committed to the[br]openness and the Free software nature 9:59:59.000,9:59:59.000 of this kind of a project, 9:59:59.000,9:59:59.000 and so it's very important to state that. 9:59:59.000,9:59:59.000 But I do think one of the things that will[br]happen in the future at some point 9:59:59.000,9:59:59.000 is that you'll start to find people in the[br]Debian community that are pressured 9:59:59.000,9:59:59.000 by other people to do bad things 9:59:59.000,9:59:59.000 so we need to set up processes that will[br]stop that, 9:59:59.000,9:59:59.000 to create an incentive for that[br]not happening. 9:59:59.000,9:59:59.000 But it's really tough, 9:59:59.000,9:59:59.000 so I think that openness, transparency[br]and accountability are the ways that 9:59:59.000,9:59:59.000 we can combat that, because otherwise[br]we won't really be able to solve it. 9:59:59.000,9:59:59.000 But don't be paranoid, is the other thing. 9:59:59.000,9:59:59.000 They really are out to get you,[br]so be prepared. 9:59:59.000,9:59:59.000 [laughter, applause] 9:59:59.000,9:59:59.000 [question]: I'm just wondering how trust[br]was established 9:59:59.000,9:59:59.000 because I'm just realizing that[br]this community, 9:59:59.000,9:59:59.000 for you to verify your public key and even[br]fingerprint is like, 9:59:59.000,9:59:59.000 you have you produce your passport, 9:59:59.000,9:59:59.000 so I'm wondering how Laura managed to[br]exchange her keys with Snowden 9:59:59.000,9:59:59.000 and make sure that they were really[br]talking to the right person. 9:59:59.000,9:59:59.000 [Julian]: Well, they had a whole sort of[br]dance for doing key exchange. 9:59:59.000,9:59:59.000 I think it was a little bit luck, and a[br]little bit transitive trust, 9:59:59.000,9:59:59.000 there's a little bit of the web of trust, 9:59:59.000,9:59:59.000 and it worked pretty well. 9:59:59.000,9:59:59.000 I mean, I don't think that the key-signing[br]stuff that Debian does is anything close 9:59:59.000,9:59:59.000 to what they were doing. 9:59:59.000,9:59:59.000 They just wanted to make sure that the[br]keys they had were the right keys, 9:59:59.000,9:59:59.000 and that they weren't compromised, 9:59:59.000,9:59:59.000 and that then they would change things. 9:59:59.000,9:59:59.000 There was a point in the movie where they[br]said: 9:59:59.000,9:59:59.000 "let's disassociate our meta-data[br]one more time" 9:59:59.000,9:59:59.000 And what that means is they changed all[br]of the identifiers that are visible 9:59:59.000,9:59:59.000 to the network, new keys, new email[br]addresses, new Tor circuit, etc 9:59:59.000,9:59:59.000 and this is like a key consistency thing, 9:59:59.000,9:59:59.000 where they had the right key to begin with[br]and the continued to rotate over new keys. 9:59:59.000,9:59:59.000 This is also sometimes called TOFU. 9:59:59.000,9:59:59.000 This is, I think, weaker than the[br]web of trust, 9:59:59.000,9:59:59.000 but a lot easier for people to do, and[br]very easy to explain, 9:59:59.000,9:59:59.000 and it worked out pretty well. 9:59:59.000,9:59:59.000 It doesn't scale really well, but it has a[br]separate good side 9:59:59.000,9:59:59.000 which is the web of trust explicitly names[br]a web of co-conspirators. 9:59:59.000,9:59:59.000 And so you don't want that feature. 9:59:59.000,9:59:59.000 It's useful for something like Debian; 9:59:59.000,9:59:59.000 it's not useful for clandestine[br]conspiracies to commit 9:59:59.000,9:59:59.000 investigative journalism. 9:59:59.000,9:59:59.000 [laughter] 9:59:59.000,9:59:59.000 Lots of questions, this is great. 9:59:59.000,9:59:59.000 [question]: Somebody working on Tail told[br]me that the NSA has a file on every DD. 9:59:59.000,9:59:59.000 Is that true, do you know? 9:59:59.000,9:59:59.000 [Julian]: Okay, so when you balance your[br]check-book, 9:59:59.000,9:59:59.000 just to answer your question in a really[br]strange way, 9:59:59.000,9:59:59.000 when you balance your check-book,[br]or you balance your bank account, 9:59:59.000,9:59:59.000 and you think this is how much my rent is,[br]this is how much food is, 9:59:59.000,9:59:59.000 this is how much I have to spend on some[br]new hardware, 9:59:59.000,9:59:59.000 you think about money in an[br]individual way. 9:59:59.000,9:59:59.000 But if you think about is as a state, the[br]way a state thinks about money. 9:59:59.000,9:59:59.000 They don't balance budgets the same[br]way that you do. 9:59:59.000,9:59:59.000 They think about long-term investments[br]very differently. 9:59:59.000,9:59:59.000 They have other people's money. 9:59:59.000,9:59:59.000 It's a whole different way of managing it. 9:59:59.000,9:59:59.000 And the NSA is not the Stasi. So it's not[br]that you have to worry about whether 9:59:59.000,9:59:59.000 they have a file on you, or every Debian[br]developer, 9:59:59.000,9:59:59.000 but rather there exist some laws in the[br]United States that say 9:59:59.000,9:59:59.000 for cyber-security purposes, you don't[br]have constitutional rights 9:59:59.000,9:59:59.000 and based on your accent, you weren't[br]an American anyway, 9:59:59.000,9:59:59.000 and you aren't in America, 9:59:59.000,9:59:59.000 so you don't have any rights at all,[br]anyway, according to them. 9:59:59.000,9:59:59.000 They're just allowed to do whatever they[br]want to you, 9:59:59.000,9:59:59.000 up to and including murdering you, with[br]the CIA. 9:59:59.000,9:59:59.000 That's what they do with drones; that was[br]at the very end of the movie. 9:59:59.000,9:59:59.000 So it's not that they have a file on you. 9:59:59.000,9:59:59.000 It's that they have giant databases full[br]of information on all of us, 9:59:59.000,9:59:59.000 and then when they're interested in you,[br]pull up all your data, 9:59:59.000,9:59:59.000 and associative data, 9:59:59.000,9:59:59.000 and then they use that, and sometimes[br]they use it to target you, 9:59:59.000,9:59:59.000 to break into your machines,[br]or to find people to exert pressure on, 9:59:59.000,9:59:59.000 or to do psychological manipulation on. 9:59:59.000,9:59:59.000 All that stuff, they do all of those[br]things. 9:59:59.000,9:59:59.000 And so it's not that they have one file[br]on you. 9:59:59.000,9:59:59.000 Though maybe, it depends, if you work on[br]a critical package like the Linux kernel[br] 9:59:59.000,9:59:59.000 they might be more interested in you[br]than if you work on something else. 9:59:59.000,9:59:59.000 I don't want to denigrate anyone's work,[br]but they have very specific focuses, 9:59:59.000,9:59:59.000 and so they definitely are interested in[br]being able to compromise systems, right? 9:59:59.000,9:59:59.000 And so you may also have file, but it's[br]really the meta list that's the new way 9:59:59.000,9:59:59.000 of thinking about it. 9:59:59.000,9:59:59.000 And in some senses I think that's actually[br]scarier, because they just hoover up 9:59:59.000,9:59:59.000 everything, all across the whole Internet, 9:59:59.000,9:59:59.000 and things that are interesting, then[br]they have them. 9:59:59.000,9:59:59.000 And depending on what interesting[br]things are there, they maybe 9:59:59.000,9:59:59.000 put those in a database that lasts[br]for ever, 9:59:59.000,9:59:59.000 or maybe it's just around for 30 days, 9:59:59.000,9:59:59.000 or maybe its full content for 9 days,[br]or something like that. 9:59:59.000,9:59:59.000 And then of course if you are a person of[br]interest 9:59:59.000,9:59:59.000 they do do the same stuff that the Stasi[br]does, 9:59:59.000,9:59:59.000 they do that Zersetzung stuff, if you're[br]familiar with this German term, 9:59:59.000,9:59:59.000 disintegration, they do that kind of[br]stuff, along with JTRIG, from GHCQ, 9:59:59.000,9:59:59.000 so they harass people, blackmail them,[br]do all sorts of really nasty stuff. 9:59:59.000,9:59:59.000 And they do that also, so both of those[br]things. 9:59:59.000,9:59:59.000 So again, I don't think you should be[br]paranoid, you should encrypt your stuff, 9:59:59.000,9:59:59.000 and help people do the same, 9:59:59.000,9:59:59.000 and know that in a democratic society with[br]a secret political police, 9:59:59.000,9:59:59.000 the right place to be is in their[br]database, right? 9:59:59.000,9:59:59.000 You should be proud of being surveilled[br]by them, 9:59:59.000,9:59:59.000 it means you're doing the right thing. 9:59:59.000,9:59:59.000 [laughter, applause] 9:59:59.000,9:59:59.000 Nonetheless, we should stop them. 9:59:59.000,9:59:59.000 [question]: I'm curious about your views[br]about Snowden actually coming out 9:59:59.000,9:59:59.000 and saying he was the whistleblower, 9:59:59.000,9:59:59.000 because I know, when he came out,[br]I had some fierce discussion 9:59:59.000,9:59:59.000 with friends about it, so I wanted to know[br]what you thought about it. 9:59:59.000,9:59:59.000 [Jacob]: What do you mean came out? 9:59:59.000,9:59:59.000 [question]: He said I'm Edward Snowden,[br]I'm the whistle-blower, here I am, 9:59:59.000,9:59:59.000 instead of just being anonymous the[br]whole way, just sending files to people. 9:59:59.000,9:59:59.000 [Jacob]: Well, I think the main thing is[br]that it's about control of 9:59:59.000,9:59:59.000 your own narrative, right? 9:59:59.000,9:59:59.000 I mean if we could have done everything[br]here anonymous, and gotten away with it, 9:59:59.000,9:59:59.000 would that have made the same impact 9:59:59.000,9:59:59.000 in getting other people to come forward[br]even if they maintain their anonymity? 9:59:59.000,9:59:59.000 So I think that what Snowden did, what'[br]beautiful about it, 9:59:59.000,9:59:59.000 is that he basically did enough, 9:59:59.000,9:59:59.000 where he could then survive. 9:59:59.000,9:59:59.000 Our job now for the most part, a very[br]good friend told me, 9:59:59.000,9:59:59.000 he's a little bit of a fatalist, he said: 9:59:59.000,9:59:59.000 your job, Laura's job, Glen's job,[br]Snowden's job, your job now is 9:59:59.000,9:59:59.000 just to survive. 9:59:59.000,9:59:59.000 That's all that you need to do now.[br]You don't need to do anything else. 9:59:59.000,9:59:59.000 You should go do other things, like[br]drink a glass of wine, relax, be happy, 9:59:59.000,9:59:59.000 have a nice life, but just survive, 9:59:59.000,9:59:59.000 so other people can see that you do the[br]right thing, you couldn't have done more, 9:59:59.000,9:59:59.000 you did enough, and you lived through it. 9:59:59.000,9:59:59.000 And so Snowden coming out and telling us[br]all of these things, I mean, 9:59:59.000,9:59:59.000 there are really powerful people saying[br]he should be assassinated, right, 9:59:59.000,9:59:59.000 hung by the neck until dead, was what one[br]of the CIA people said. 9:59:59.000,9:59:59.000 So he probably could have continued to be[br]anonymous for a while, 9:59:59.000,9:59:59.000 but imagine if the NSA had got to reveal[br]his identity. 9:59:59.000,9:59:59.000 How would that have been framed, what[br]would the first impression have been? 9:59:59.000,9:59:59.000 I think they called him a narcissist, and[br]they called him all these terrible names. 9:59:59.000,9:59:59.000 And it didn't really stick, because he[br]basically said "come at me bro', 9:59:59.000,9:59:59.000 I'm ready, and you can do your worst,[br]but you can't get rid of the facts, 9:59:59.000,9:59:59.000 so let's talk about the facts." 9:59:59.000,9:59:59.000 And I think the timing of how he did that[br]is good, because he really cared 9:59:59.000,9:59:59.000 about the issues, but he also recognized[br]that it was a matter of time, 9:59:59.000,9:59:59.000 the NSA police went to his house, they[br]really bothered his family, 9:59:59.000,9:59:59.000 they've done that with my family as well,[br]other people's families have had trouble. 9:59:59.000,9:59:59.000 So I think think it's tough, because I[br]think he probably would have liked to have 9:59:59.000,9:59:59.000 been able to not have that happen, but [br]there comes a point at which 9:59:59.000,9:59:59.000 you're the person who has access to all [br]that information 9:59:59.000,9:59:59.000 and they're going to figure it out. 9:59:59.000,9:59:59.000 No amount of anonymity, I think, will[br]last forever, but it can buy you time. 9:59:59.000,9:59:59.000 He got exactly the amount of time[br]he needed. 9:59:59.000,9:59:59.000 The really sad part about him coming out[br]in public when he did, though, was that 9:59:59.000,9:59:59.000 he got stuck in Russia, because my[br]government cancelled his passport. 9:59:59.000,9:59:59.000 I think mostly for propaganda reasons. 9:59:59.000,9:59:59.000 Because in the United States, we denigrate[br]all things relating to Russia. 9:59:59.000,9:59:59.000 And there are lots of problems with[br]Russia, 9:59:59.000,9:59:59.000 and especially with Vladimir Putin, 9:59:59.000,9:59:59.000 but at the same time that seems to be the[br]only country that was willing to uphold 9:59:59.000,9:59:59.000 his fundamental liberties. 9:59:59.000,9:59:59.000 I went to the Council of Europe, and to[br]the European Parliament, 9:59:59.000,9:59:59.000 to the German Parliament, to the French,[br]sort of to the French Parliament, 9:59:59.000,9:59:59.000 they didn't really want to meet with me,[br]but also to the Austrian Parliament, 9:59:59.000,9:59:59.000 and to a number of other places, 9:59:59.000,9:59:59.000 and everyone said, oh, we would really[br]live to help anybody who needs help, 9:59:59.000,9:59:59.000 oh it's Edward Snowden, never mind. 9:59:59.000,9:59:59.000 [laughter] 9:59:59.000,9:59:59.000 And so though I have a lot of critiques[br]on Russia, the propaganda aspect of it 9:59:59.000,9:59:59.000 was very damaging for him to be stuck[br]in Russia, 9:59:59.000,9:59:59.000 but on the other hand, he's still alive,[br]and he's still mostly free. 9:59:59.000,9:59:59.000 And they recognized his right to[br]receive asylum. 9:59:59.000,9:59:59.000 So there's a lot of trade-offs to think[br]identifying one's self, 9:59:59.000,9:59:59.000 and if you were thinking about being[br]the next Snowden, 9:59:59.000,9:59:59.000 or helping the next Snowden, or helping[br]Snowden, or something like that, 9:59:59.000,9:59:59.000 you really have to think that, you really[br]have to think this out many steps ahead, 9:59:59.000,9:59:59.000 and it's easy to stay, oh he should have[br]just stayed anonymous and 9:59:59.000,9:59:59.000 nobody would have figured it out, 9:59:59.000,9:59:59.000 but that's very clearly not planning the[br]case that they do figure it out, 9:59:59.000,9:59:59.000 and then they're going to be in control[br]of the narrative, 9:59:59.000,9:59:59.000 and in that case, I think you are better[br]off to do what he did, 9:59:59.000,9:59:59.000 and he did so quite reluctantly. 9:59:59.000,9:59:59.000 He's not an egoist, or an narcissist,[br]he's actually a really shy guy 9:59:59.000,9:59:59.000 from what I can tell. 9:59:59.000,9:59:59.000 I don't know exactly what conversation[br]you and your friend had, 9:59:59.000,9:59:59.000 but I would suspect that the notion is[br]that people are more powerful 9:59:59.000,9:59:59.000 when anonymous. 9:59:59.000,9:59:59.000 And that is true sometimes,[br]but not always, 9:59:59.000,9:59:59.000 and it's important to remember that[br]the anonymity technology is there 9:59:59.000,9:59:59.000 so you have a choice, not a requirement. 9:59:59.000,9:59:59.000 And that choice is sometimes[br]counter-intuitive, 9:59:59.000,9:59:59.000 but I think he did the right thing in[br]this way, and I wish that my government 9:59:59.000,9:59:59.000 had done the right thing by him as well,[br]but they did not. 9:59:59.000,9:59:59.000 [question]: So there are lot of questions,[br]do you want to keep going on, 9:59:59.000,9:59:59.000 shall we get in a little Mate? 9:59:59.000,9:59:59.000 [Jacob]: I would love some of that rum. 9:59:59.000,9:59:59.000 I think I have to GRsec, right?[br]GRsec kernel. 9:59:59.000,9:59:59.000 And then rum appears. Rum as a service. 9:59:59.000,9:59:59.000 [applause] 9:59:59.000,9:59:59.000 I'm really happy to keep taking questions,[br]because to me, what I want is 9:59:59.000,9:59:59.000 for every person in this room to feel[br]a part of this, because you really are. 9:59:59.000,9:59:59.000 A lot of the people I've met in this[br]community really inspire me to action, 9:59:59.000,9:59:59.000 and it's important to understand that[br]really, it would not have been possible 9:59:59.000,9:59:59.000 without Debian. 9:59:59.000,9:59:59.000 For example debootstrap - really important[br]tool, right? 9:59:59.000,9:59:59.000 With weasel's packaging of Tor, it allowed[br]us to have bootstraps of things, 9:59:59.000,9:59:59.000 it allowed us to build things, 9:59:59.000,9:59:59.000 and using Free software really was[br]helpful, 9:59:59.000,9:59:59.000 so if you guys have any questions at all, 9:59:59.000,9:59:59.000 really each and every person that helps[br]with Debian should just know 9:59:59.000,9:59:59.000 that you are a part of that, 9:59:59.000,9:59:59.000 and I'm just happy to talk for as long as[br]you want, basically, 9:59:59.000,9:59:59.000 to answer all of your questions,[br] 9:59:59.000,9:59:59.000 except the ones that put me in prison.[br]Thanks. 9:59:59.000,9:59:59.000 [laughter] 9:59:59.000,9:59:59.000 [question]: I just wanted to make a quick[br]note about the question 9:59:59.000,9:59:59.000 "do they have a file on me?" 9:59:59.000,9:59:59.000 From all I've read so far, it's just that[br]they're doing the thing 9:59:59.000,9:59:59.000 that is in the commercial world called[br]"big data". 9:59:59.000,9:59:59.000 [Jacob]: Yep. Absolutely. 9:59:59.000,9:59:59.000 Oh boy. GRsec again? 9:59:59.000,9:59:59.000 [orga]: it's not rum, but it's Bavarian[br]whisky. 9:59:59.000,9:59:59.000 [Jacob]: Oh boy. It's going to be a[br]heavy morning tomorrow. 9:59:59.000,9:59:59.000 I saw another couple of hands. 9:59:59.000,9:59:59.000 [question]: I was just wondering if[br]that you noticed throughout this 9:59:59.000,9:59:59.000 that you think we could improve in Debian[br]to make the next people's lives easier. 9:59:59.000,9:59:59.000 [Jacob]: Oh my god, I'm so glad you asked[br]that question, that's so fantastic. 9:59:59.000,9:59:59.000 I'm going to talk about that tomorrow[br]in my keynote, 9:59:59.000,9:59:59.000 but let me tell you about one that I have. 9:59:59.000,9:59:59.000 I revealed a specific document about a[br]wifi injection attack system. 9:59:59.000,9:59:59.000 It's a classified document, it's a[br]top secret document, 9:59:59.000,9:59:59.000 for a thing called nightstand, and what[br]nightstand is, 9:59:59.000,9:59:59.000 it's basically like car metasploit,[br]it's a wifi injector... 9:59:59.000,9:59:59.000 cheers! 9:59:59.000,9:59:59.000 Danke schön. 9:59:59.000,9:59:59.000 It's a wifi injector device... 9:59:59.000,9:59:59.000 Whew, jesus! 9:59:59.000,9:59:59.000 [laughter, applause] 9:59:59.000,9:59:59.000 [orga]: Tonight's whisky sponsored by[br]drunc-tank dot org. 9:59:59.000,9:59:59.000 [Jacob]: So this wifi injector device,[br]what it does is it basically is able to 9:59:59.000,9:59:59.000 exploit the kernel of a device by sending[br]malformed data over wifi. 9:59:59.000,9:59:59.000 Now I have a series of photographs, so[br]all of us.. not all of us, but most of us 9:59:59.000,9:59:59.000 used these speciallly modified X60s where[br]we removed the microphones, soldered?? 9:59:59.000,9:59:59.000 down things on the PCI bus, 9:59:59.000,9:59:59.000 we removed, like, firewire, really[br]modified it, flashed coreboot onto it, 9:59:59.000,9:59:59.000 flipped the read pin so it was only[br]read-only, 9:59:59.000,9:59:59.000 so you couldn't easily make a BIOS[br]root kit and make it persistent, 9:59:59.000,9:59:59.000 we booted TAILS, did all this stuff, 9:59:59.000,9:59:59.000 often we could boot to RAM so that[br]once the machine was powered off 9:59:59.000,9:59:59.000 basically it would be done, so if someone[br]kicks down your door, 9:59:59.000,9:59:59.000 you just pull the power out, 9:59:59.000,9:59:59.000 and you don't have a battery, and[br]when the power fails you have an 9:59:59.000,9:59:59.000 instant kill switch. 9:59:59.000,9:59:59.000 So things that are in TAILS that are [br]really useful include this 9:59:59.000,9:59:59.000 wiping the kernel memory package[br]which I hear is being packaged for Debian 9:59:59.000,9:59:59.000 soon, which is very exciting. 9:59:59.000,9:59:59.000 Because everyone should have access[br]to that so we can tie it into something 9:59:59.000,9:59:59.000 like GNU panicd or these other things. 9:59:59.000,9:59:59.000 But one thing I kept having problems with[br]is this wifi injection device, 9:59:59.000,9:59:59.000 I'm pretty sure, was very close to my[br]house. 9:59:59.000,9:59:59.000 There was a white van outside, it was[br]vibrating a bit like there was a guy 9:59:59.000,9:59:59.000 walking around in it, 9:59:59.000,9:59:59.000 and then all of sudden, an X60 here,[br]an X60 here, and an X60 here, 9:59:59.000,9:59:59.000 just booted into TAILS, not doing[br]anything at all, but on the wifi network, 9:59:59.000,9:59:59.000 kernel panic, kernel panic, kernel panic. 9:59:59.000,9:59:59.000 All the same kernel panic, all the[br]same memory offsets, 9:59:59.000,9:59:59.000 in the Appletalk driver of the stock[br]kernel for TAILS. 9:59:59.000,9:59:59.000 I think I filed a bug upstream with TAILS[br]at the time, 9:59:59.000,9:59:59.000 but this is just incredible because[br]it's clear that all the crap 9:59:59.000,9:59:59.000 in the default Debian kernel that you[br]really want for your 1992 Apple network 9:59:59.000,9:59:59.000 makes operational security really hard, 9:59:59.000,9:59:59.000 and one thing that would be really great[br]would be a GRsec enabled kernel... 9:59:59.000,9:59:59.000 [applause] 9:59:59.000,9:59:59.000 Yes, have to drink. 9:59:59.000,9:59:59.000 But as an example, we built different[br]custom machines, and one of the things 9:59:59.000,9:59:59.000 that we did for some people and in some[br]circumstances was 9:59:59.000,9:59:59.000 to build GRsec enabled kernels. 9:59:59.000,9:59:59.000 And I'm not going to drink again. 9:59:59.000,9:59:59.000 So we built those kernels 9:59:59.000,9:59:59.000 [audience]: Which ones? 9:59:59.000,9:59:59.000 [Jacbob]: Yes, exactly, those ones. 9:59:59.000,9:59:59.000 And that was work which creates a problem[br]for a bunch of reasons. 9:59:59.000,9:59:59.000 When you build custom kernels, and[br]you only have a few people 9:59:59.000,9:59:59.000 that can build those kernels, 9:59:59.000,9:59:59.000 you actually build a chain of evidence of[br]who helped who. 9:59:59.000,9:59:59.000 And if that was stable, normal package, 9:59:59.000,9:59:59.000 that people could install in a Debian[br]pure blend, 9:59:59.000,9:59:59.000 then it would have been easier to do that. 9:59:59.000,9:59:59.000 We built a lot more sandbox profiles for[br]various different things, 9:59:59.000,9:59:59.000 we built some transparent TOR-ification[br]stuff, 9:59:59.000,9:59:59.000 and that required a lot of bespoke[br]knowledge, 9:59:59.000,9:59:59.000 and it required a lot of effort that a lot[br]of people did not have, 9:59:59.000,9:59:59.000 because they had a different set of[br]skills, 9:59:59.000,9:59:59.000 and it's good to have a division of[br]labour, 9:59:59.000,9:59:59.000 but having that kind of stuff built into[br]Debian by default, making a 9:59:59.000,9:59:59.000 Debian installer that could do that, 9:59:59.000,9:59:59.000 and also verification, would be great,[br]right? 9:59:59.000,9:59:59.000 So I wrote some custom scripts [br]where I could look at a TAILS disk, 9:59:59.000,9:59:59.000 or a Debian install, 9:59:59.000,9:59:59.000 and know if it had been tampered with. 9:59:59.000,9:59:59.000 And it would be nice if there was just[br]a disk you could boot that did 9:59:59.000,9:59:59.000 verification of an installed system 9:59:59.000,9:59:59.000 very very easily, so easily that[br]Glen Greenwald could use it. 9:59:59.000,9:59:59.000 I love Glen, I saw that very politely, 9:59:59.000,9:59:59.000 but what I means is it needs to be[br]easier than that, 9:59:59.000,9:59:59.000 because Glen at least knows that he[br]he a reason to need it. 9:59:59.000,9:59:59.000 And so that was something that we really[br]needed help with. 9:59:59.000,9:59:59.000 And we spent a lot of time on that. 9:59:59.000,9:59:59.000 And there are lots of other little things[br]like that, 9:59:59.000,9:59:59.000 and I'll talk about some of those things[br]tomorrow, 9:59:59.000,9:59:59.000 but one of the really big problems is[br]hardware, 9:59:59.000,9:59:59.000 which is that you cannot buy a modern[br]Intel CPU which doesn't come 9:59:59.000,9:59:59.000 with a backdoor any more. 9:59:59.000,9:59:59.000 And that is a huge problem, and I'm not[br]sure that the answer is to use ARM. 9:59:59.000,9:59:59.000 It seems like the answer is to use ARM. 9:59:59.000,9:59:59.000 But that's only if assume that ARM didn't[br]just add a backdoor that's obvious. 9:59:59.000,9:59:59.000 So we really need to think about how to,[br]in moving forward, 9:59:59.000,9:59:59.000 how to have easy to use, easy to buy[br]on the shelf, Debian hardware, 9:59:59.000,9:59:59.000 available everywhere, all the time, 9:59:59.000,9:59:59.000 so you can just go and buy this thing and[br]verify it in some way 9:59:59.000,9:59:59.000 with some other machine, 9:59:59.000,9:59:59.000 to know that you would have the right[br]thing. 9:59:59.000,9:59:59.000 And to that extent we didn't have X-rays[br]for a lot of the circuit boards, 9:59:59.000,9:59:59.000 so that made it very difficult to know[br]if when you buy something, 9:59:59.000,9:59:59.000 it's been tampered with. 9:59:59.000,9:59:59.000 I'll talk about some of that stuff[br]tomorrow, 9:59:59.000,9:59:59.000 but basically, Debian does a lot of stuff[br]right, 9:59:59.000,9:59:59.000 and that is also worth mentioning. 9:59:59.000,9:59:59.000 There's so many things that just work[br]out of the box, that just work perfectly. 9:59:59.000,9:59:59.000 So the main thing is to keep the[br]quality assurance at the level, 9:59:59.000,9:59:59.000 or to exceed where it is right now. 9:59:59.000,9:59:59.000 Because it actually works super super[br]well. 9:59:59.000,9:59:59.000 The exception being for very specific[br]targetted attacks, 9:59:59.000,9:59:59.000 the kernel attack surface is pretty big,[br]and pretty bad, I think. 9:59:59.000,9:59:59.000 And also, we rebuilt some binaries in[br]order to.. 9:59:59.000,9:59:59.000 sorry, I'll get to you in a second. 9:59:59.000,9:59:59.000 We rebuilt some binaries to make sure[br]that we had address space randomisation 9:59:59.000,9:59:59.000 and linker hardening, and stack[br]canary stuff, 9:59:59.000,9:59:59.000 and for some stuff lately we've been using[br]address space sanitizer, 9:59:59.000,9:59:59.000 so it would be really great if all the[br]hardening stuff was turned in, 9:59:59.000,9:59:59.000 if there was PAX plus GRsec as a kernel. 9:59:59.000,9:59:59.000 [audience]: so the specific problem with[br]GR security is that they don't really 9:59:59.000,9:59:59.000 want to work with distros. 9:59:59.000,9:59:59.000 So we could have a Linux kernel package[br]with GR security applied, 9:59:59.000,9:59:59.000 but it wouldn't have any of the other[br]Debian patches. 9:59:59.000,9:59:59.000 [Jacob]: So I talked with Brad Spender[br]about this, 9:59:59.000,9:59:59.000 and I'm so glad that you said that, 9:59:59.000,9:59:59.000 because what he said was that, as far[br]as I can tell, he's totally interested in 9:59:59.000,9:59:59.000 helping Debian with this but thinks that[br]Debian is not interested. 9:59:59.000,9:59:59.000 He actually runs a kernel building[br]service where they actually do 9:59:59.000,9:59:59.000 individual kernel builds, and I think[br]you'd be interested, 9:59:59.000,9:59:59.000 and when I told him we'd love to have[br]this in TAILS, he said 9:59:59.000,9:59:59.000 what patches do I need to include in GRsec[br]to make sure that it'll work? 9:59:59.000,9:59:59.000 And he offered to do the integration[br]into the GRsec patch if there are not 9:59:59.000,9:59:59.000 too many things. 9:59:59.000,9:59:59.000 So I think what we should try and do[br]is build a line of communication, 9:59:59.000,9:59:59.000 and if it costs money we should find a way[br]to raise that money, 9:59:59.000,9:59:59.000 I'll put in some of my own personal money[br]for this, 9:59:59.000,9:59:59.000 and I know other people would too. 9:59:59.000,9:59:59.000 [distant audience]: I will. 9:59:59.000,9:59:59.000 [Jacob]: Great. 9:59:59.000,9:59:59.000 So securedrop, for example, part of what[br]they do for their leaking platform, 9:59:59.000,9:59:59.000 if you go to the intercepts website,[br]you wan to leak them a document, 9:59:59.000,9:59:59.000 they actually use free software[br]everywhere, but there are a few things[br] 9:59:59.000,9:59:59.000 they build specially, and one of those[br]things is a GRsec kernel. 9:59:59.000,9:59:59.000 So the people at first look, that helped[br]make this movie, 9:59:59.000,9:59:59.000 and that work on securedrop, 9:59:59.000,9:59:59.000 they would probably also, 9:59:59.000,9:59:59.000 I'm not committing them, I don't[br]know that they would actually do this, 9:59:59.000,9:59:59.000 but I think they would really like it if[br]that was in there, 9:59:59.000,9:59:59.000 and I think it we could find the community[br]will to do that, 9:59:59.000,9:59:59.000 I know I would volunteer and other people[br]would, 9:59:59.000,9:59:59.000 I know that dkg in the back would love to[br]help with this, I would that ??? 9:59:59.000,9:59:59.000 who is just totally behind funding this[br]work, right? 9:59:59.000,9:59:59.000 I thought that you were there to protect[br]my civil liberties, buddy. 9:59:59.000,9:59:59.000 But I really think that it's possible[br]that we could do this, 9:59:59.000,9:59:59.000 and I definitely think Brad, the author of[br]GRsec, 9:59:59.000,9:59:59.000 I think he would really love it if Debian[br]shipped GRsec. 9:59:59.000,9:59:59.000 And it doesn't need to come by default, 9:59:59.000,9:59:59.000 but if it was possible to just have[br]it all, that would be great. 9:59:59.000,9:59:59.000 Maybe we could have an affinity group[br]where everyone who is interested can 9:59:59.000,9:59:59.000 meet sometime tomorrow and we could[br]talk about doing this. 9:59:59.000,9:59:59.000 I would love to have that conversation. 9:59:59.000,9:59:59.000 Who are you? 9:59:59.000,9:59:59.000 [audience]: Ben Hutchings. 9:59:59.000,9:59:59.000 [Jacob]: Oh, nice to meet you! 9:59:59.000,9:59:59.000 [laughter, applause] 9:59:59.000,9:59:59.000 That's awkward. 9:59:59.000,9:59:59.000 [question]: Hi. Sorry to interrupt the[br]awkwardness, 9:59:59.000,9:59:59.000 and replace it with more awkwardness. 9:59:59.000,9:59:59.000 Nice to see you, Jake. 9:59:59.000,9:59:59.000 So, I remember reading the documents[br]in 2013 9:59:59.000,9:59:59.000 and seeing the NSA's internal training[br]guide for how to query their 9:59:59.000,9:59:59.000 Hadoop data store, aka xkeyscore, 9:59:59.000,9:59:59.000 and so I thought I would just ask you[br]if you think Free software net helps us 9:59:59.000,9:59:59.000 or helps them. 9:59:59.000,9:59:59.000 [Jacob]: I'm really glad you asked that[br]question. 9:59:59.000,9:59:59.000 I think that Free software helps everyone[br]on the planet, and I think that 9:59:59.000,9:59:59.000 purpose-based limitations.. I understand[br]why people want them. 9:59:59.000,9:59:59.000 I think we should try to build a world[br]where we are free, 9:59:59.000,9:59:59.000 and so putting in purpose-based[br]limitations is really problematic, 9:59:59.000,9:59:59.000 and I think what we should do is try to[br]mitigate the harm that they can do 9:59:59.000,9:59:59.000 with those systems, 9:59:59.000,9:59:59.000 as opposed to pretending that they care[br]about Free software licensing. 9:59:59.000,9:59:59.000 These guys kill people with flying robots, 9:59:59.000,9:59:59.000 it's illegal to murder people, and they[br]do it. 9:59:59.000,9:59:59.000 Limiting their use with licenses, first[br]of all, that just means they'll spend 9:59:59.000,9:59:59.000 your tax money to rewrite it if they care[br]about the license, 9:59:59.000,9:59:59.000 and you won't get their bug-fixes or their[br]improvements, 9:59:59.000,9:59:59.000 and then additionally they're still not[br]going to obey your license anyway, 9:59:59.000,9:59:59.000 because literally some of these people[br]work on assassinating people. 9:59:59.000,9:59:59.000 So it is better that we keep our integrity[br]and take the high road, 9:59:59.000,9:59:59.000 and write Free software, and we give it to[br]every single person on the planet 9:59:59.000,9:59:59.000 without exception, 9:59:59.000,9:59:59.000 It's just better. It's better for all of[br]us, right? 9:59:59.000,9:59:59.000 So the fact that they have Hadoop, the[br]fact that they, for example, use OpenSSL, 9:59:59.000,9:59:59.000 or maybe they use Tor, or whatever, right? 9:59:59.000,9:59:59.000 Or they use gdb to debug their exploits. 9:59:59.000,9:59:59.000 I kind of wish that on them. 9:59:59.000,9:59:59.000 [laughter, applause] 9:59:59.000,9:59:59.000 I think it's great, right? 9:59:59.000,9:59:59.000 So one of the things Che Guevara said[br]in his manual about guerilla warfare, 9:59:59.000,9:59:59.000 in chapter two, is that (oh, it was[br]chapter three) 9:59:59.000,9:59:59.000 He talks about when you have to arm[br]a guerrilla army, 9:59:59.000,9:59:59.000 this is not exactly related, but it's an[br]analog. 9:59:59.000,9:59:59.000 He says that the most important thing[br]is for the guerrilla army to 9:59:59.000,9:59:59.000 use the weapons of the people that[br]they're fighting - the oppressor. 9:59:59.000,9:59:59.000 And the reason is that it allows you to[br]resupply, essentially. 9:59:59.000,9:59:59.000 When you win a battle, you resupply. 9:59:59.000,9:59:59.000 When we all use the same Free software,[br]and we're working on these things, 9:59:59.000,9:59:59.000 the fact that they have to contribute[br]to the same projects and they often do 9:59:59.000,9:59:59.000 means there's a net win for us. 9:59:59.000,9:59:59.000 They do have some private things that they[br]don't share, obviously, 9:59:59.000,9:59:59.000 with the exception of nice people like[br]Edward Snowden, 9:59:59.000,9:59:59.000 and I think that it is a net positive[br]thing, 9:59:59.000,9:59:59.000 and if we think of it as a struggle, 9:59:59.000,9:59:59.000 we are better off to take the high road, 9:59:59.000,9:59:59.000 and so I really think we should not[br]pretend that we can stop them, 9:59:59.000,9:59:59.000 and instead we should work together[br]to build solutions. 9:59:59.000,9:59:59.000 And I think that Debian is doing that,[br]right? 9:59:59.000,9:59:59.000 I think Debian is much harder to[br]compromise than 9:59:59.000,9:59:59.000 a lot of other operating systems, 9:59:59.000,9:59:59.000 and it's much much harder to coerce[br]people, 9:59:59.000,9:59:59.000 and there's a strong ethos that comes[br]with it that it's not just the technical 9:59:59.000,9:59:59.000 project, there's a social aspect to it. 9:59:59.000,9:59:59.000 I think I was in the New Maintainer[br]queue for 11 years, 9:59:59.000,9:59:59.000 maybe that's a little too long, 9:59:59.000,9:59:59.000 but there's a huge hazing process, 9:59:59.000,9:59:59.000 so anyone who wants to help, really really[br]wants to help, 9:59:59.000,9:59:59.000 and if they want to do something wrong[br]there are processes to catch 9:59:59.000,9:59:59.000 people doing things wrong. 9:59:59.000,9:59:59.000 So we should really stay true to the[br]Free software ethos, 9:59:59.000,9:59:59.000 and it really is a net benefit. 9:59:59.000,9:59:59.000 [question]: Hi Jake. Thanks a lot for[br]saying so much "GRsec". 9:59:59.000,9:59:59.000 Just wanted to give a shout out. 9:59:59.000,9:59:59.000 You mentioned possible backdoors in[br]CPUs and so on, 9:59:59.000,9:59:59.000 that ARM might not be the next best thing[br]because it's not so open either. 9:59:59.000,9:59:59.000 You might want to have a look at Power 8. 9:59:59.000,9:59:59.000 It's basically PowerPC 64, so Debian has[br]support for it as far as I know, 9:59:59.000,9:59:59.000 and most of the stuff is actually open. 9:59:59.000,9:59:59.000 Not that actually designs that IBM is[br]using, 9:59:59.000,9:59:59.000 but you can have, actually, an FPGA[br]implementation of it, 9:59:59.000,9:59:59.000 and if you have the money make your own[br]ASICs for it, without even knowing 9:59:59.000,9:59:59.000 how to do it, which is pretty good,[br]I think. 9:59:59.000,9:59:59.000 [Jacob]: I think there are lots of things[br]we can hack right? 9:59:59.000,9:59:59.000 I mean I had one of those weird RMS[br]laptops, the Limote, 9:59:59.000,9:59:59.000 or whatever it's called, for a while. 9:59:59.000,9:59:59.000 And I was definitely able to get some[br]Free software running on it, 9:59:59.000,9:59:59.000 in theory it was a Free software laptop. 9:59:59.000,9:59:59.000 But getting other people to use this is[br]the problem, 9:59:59.000,9:59:59.000 you need to get everybody to use it,[br]right? 9:59:59.000,9:59:59.000 There's a sort of old anarchist cliché, 9:59:59.000,9:59:59.000 "None of us are free until all of us are[br]free" 9:59:59.000,9:59:59.000 And that really applies here. 9:59:59.000,9:59:59.000 We really need to have Free software[br]that's usable by everyone, 9:59:59.000,9:59:59.000 otherwise we're sort of bound by the[br]lowest common denominator 9:59:59.000,9:59:59.000 of Free, or proprietary tools, depending[br]on what people have to use. 9:59:59.000,9:59:59.000 So it'll be great when we have that, 9:59:59.000,9:59:59.000 and there's a thing called the Nokimist??? 9:59:59.000,9:59:59.000 which is a video mixing board that has an[br]FPGA implementing a Free software CPU 9:59:59.000,9:59:59.000 that you can boot Debian on, or OpenWRT, 9:59:59.000,9:59:59.000 and it does work, and I have used it, 9:59:59.000,9:59:59.000 and in fact I used to use it as a shell, 9:59:59.000,9:59:59.000 and for a long time I used a Debian[br]trick, 9:59:59.000,9:59:59.000 actually I've never talked about that in[br]public, 9:59:59.000,9:59:59.000 let me think about that for a second. 9:59:59.000,9:59:59.000 So I used to use an IRC client that was[br]really buggy, 9:59:59.000,9:59:59.000 and I couldn't figure out where all the[br]bugs were, 9:59:59.000,9:59:59.000 but I knew that if I hung out in certain[br]networks that someone else 9:59:59.000,9:59:59.000 would help me find those bugs by trying[br]to exploit my client. 9:59:59.000,9:59:59.000 And I wanted to make it as hard as[br]possible. 9:59:59.000,9:59:59.000 So I ran my IRC client inside of a Debian[br]machine that was running an S390 emulator. 9:59:59.000,9:59:59.000 Who here uses Hercules? Thank you to[br]whoever packaged it. 9:59:59.000,9:59:59.000 And so I would use Hercules, it was a[br]very long install process. 9:59:59.000,9:59:59.000 Very slow. 9:59:59.000,9:59:59.000 And I would do this, and what I'd always[br]dreamed of doing at some point 9:59:59.000,9:59:59.000 was using the Nokimist??? and the[br]Hercules together 9:59:59.000,9:59:59.000 for maximum ridiculously difficult[br]to exploit, 9:59:59.000,9:59:59.000 plus GRsec kernel. 9:59:59.000,9:59:59.000 But that's not a usable thing. 9:59:59.000,9:59:59.000 So what we need to do is take these kinds[br]of prototypes 9:59:59.000,9:59:59.000 which actually do represent many steps[br]forward, 9:59:59.000,9:59:59.000 and we need to make sure that they're[br]produced on a scale where 9:59:59.000,9:59:59.000 you can go into a store and puchase them[br]anonymously, with cash, 9:59:59.000,9:59:59.000 in a way that you can then verify. 9:59:59.000,9:59:59.000 And we're actually really close to that[br]with software defined radios 9:59:59.000,9:59:59.000 and open hardware, 9:59:59.000,9:59:59.000 but we're not quite there yet. 9:59:59.000,9:59:59.000 [question]: What I meant is that Power 8[br]is basically getting big, currently, 9:59:59.000,9:59:59.000 on the server market, 9:59:59.000,9:59:59.000 and it might get big for other stuff also. 9:59:59.000,9:59:59.000 [Jacob]: Hopefully. 9:59:59.000,9:59:59.000 [question]: I want to come back to the[br]story about the panic 9:59:59.000,9:59:59.000 in the Appletalk driver. 9:59:59.000,9:59:59.000 The common approach against this is[br]to compile your own kernel with 9:59:59.000,9:59:59.000 all this stuff not compiled in, 9:59:59.000,9:59:59.000 but on two of my systems I have a[br]modprobe wrapper which has 9:59:59.000,9:59:59.000 a whitelist of module which may be[br]loaded, 9:59:59.000,9:59:59.000 and I install that wrapper as the thing[br]that the kernel uses for loading modules. 9:59:59.000,9:59:59.000 Do you know if such a thing exists[br]elsewhere, or if not, 9:59:59.000,9:59:59.000 I would be interested in developing it[br]into something which is actually useable 9:59:59.000,9:59:59.000 for people. 9:59:59.000,9:59:59.000 [Jacob]: That would be great. 9:59:59.000,9:59:59.000 In this case we were using Tails. 9:59:59.000,9:59:59.000 And so, Tails is very finicky about what[br]it will accept, 9:59:59.000,9:59:59.000 and so having that in Debian will make it[br]a lot easier to get it into something 9:59:59.000,9:59:59.000 like Tails, I think. 9:59:59.000,9:59:59.000 But the main thing is really that we have[br]to think about the attack surface 9:59:59.000,9:59:59.000 of the kernel very differently. 9:59:59.000,9:59:59.000 The problem is not Appletalk; the problem[br]is the Linux kernel is filled with 9:59:59.000,9:59:59.000 a lot of code, 9:59:59.000,9:59:59.000 and you can autoload, in certain cases,[br]certain things come in, 9:59:59.000,9:59:59.000 and certain things get autoloaded, 9:59:59.000,9:59:59.000 and I know Bdale loves his[br]ham radio stuff, 9:59:59.000,9:59:59.000 but I never use ham radio on my machine 9:59:59.000,9:59:59.000 I used for clandestine conspiracies,[br]you know? 9:59:59.000,9:59:59.000 That's a separate machine. 9:59:59.000,9:59:59.000 It's over here. 9:59:59.000,9:59:59.000 So we just need to find a way to think[br]about that. 9:59:59.000,9:59:59.000 And part of that could be kernel stuff,[br]but also part of it could be thinking 9:59:59.000,9:59:59.000 about solutions like that, where we[br]don't need to change the kernel. 9:59:59.000,9:59:59.000 So if you could package that and develop[br]that, it would be really fantastic. 9:59:59.000,9:59:59.000 [Ben]: Actually, some time ago, after[br]I think it was the econet exploits, 9:59:59.000,9:59:59.000 no-one uses econet, it was broken anyway,[br]but you could exploit it, 9:59:59.000,9:59:59.000 because it was autoloaded. 9:59:59.000,9:59:59.000 So I actually went through and turned off[br]autoloading on a few of the more obscure 9:59:59.000,9:59:59.000 network protocols. 9:59:59.000,9:59:59.000 We could probably go further with that,[br]even in the defaults. 9:59:59.000,9:59:59.000 [Jacob]: I think it would be great to[br]change some of the kernel stuff so that 9:59:59.000,9:59:59.000 at least, I mean, Tails is a special use[br]case, where, I think, it's very important, 9:59:59.000,9:59:59.000 and it doesn't work for everyone, 9:59:59.000,9:59:59.000 but we should just consider that there are[br]certainly things which are really great, 9:59:59.000,9:59:59.000 and I want to use Debian for it, because[br]Debian is a universal operating system. 9:59:59.000,9:59:59.000 But for a modern desktop system where[br]you're using GNOME, 9:59:59.000,9:59:59.000 and you haven't set anything up,[br]Appletalk for example, 9:59:59.000,9:59:59.000 maybe we would ask those people[br]to load that module themselves. 9:59:59.000,9:59:59.000 [Ben]: Yeah, for example you could[br]have, a lot of those things are going to 9:59:59.000,9:59:59.000 have supporting utilities, 9:59:59.000,9:59:59.000 so you could put something in the[br]supporting utilities that loads it 9:59:59.000,9:59:59.000 at boot time. 9:59:59.000,9:59:59.000 And if you don't have those installed,[br]you don't need it. 9:59:59.000,9:59:59.000 [Jacob]: Yep, totally. And I think there's[br]lots of ways to do it where 9:59:59.000,9:59:59.000 the network can't trigger it,[br]and that's important. 9:59:59.000,9:59:59.000 [Ben]: Yeah, that puzzled me,[br]I can't understand, 9:59:59.000,9:59:59.000 the protocol module when[br]userland tries to open a socket 9:59:59.000,9:59:59.000 of that type, 9:59:59.000,9:59:59.000 it shouldn't happen in response to[br]network traffic. 9:59:59.000,9:59:59.000 There are things like, I think if you[br]run ifconfig that can autoload 9:59:59.000,9:59:59.000 a bunch of things, for example. 9:59:59.000,9:59:59.000 [Jacob]: Yeah, I think on either side[br]it should be more explicit, 9:59:59.000,9:59:59.000 and in this case with Tails, 9:59:59.000,9:59:59.000 there was a time when you looked at[br]the kernel module list 9:59:59.000,9:59:59.000 and it was pretty amazing, 9:59:59.000,9:59:59.000 like I think there was an X25 thing,[br]an Appletalk, thing, 9:59:59.000,9:59:59.000 wait, this is all about going over Tor,[br]we don't support any of these 9:59:59.000,9:59:59.000 things at all. 9:59:59.000,9:59:59.000 So it's just the way that things are [br]interdependent, right? 9:59:59.000,9:59:59.000 It's not a dig at the kernel itself. 9:59:59.000,9:59:59.000 I think the Linux kernel as it works[br]in Debian today works really well 9:59:59.000,9:59:59.000 for a lot of people, 9:59:59.000,9:59:59.000 but there is definitely a high security[br]use case, 9:59:59.000,9:59:59.000 and I, for example, if I were a Debian[br]developer, and I had a development 9:59:59.000,9:59:59.000 machine where I didn't run a web[br]browser, 9:59:59.000,9:59:59.000 and I took a lot of effort. 9:59:59.000,9:59:59.000 It would be really nice if there were[br]a kernel that put in the same 9:59:59.000,9:59:59.000 threshold of security. 9:59:59.000,9:59:59.000 And I think that the GRsec kernel with[br]some stuff changed about it, 9:59:59.000,9:59:59.000 like getting rid of Appletalk and a few[br]other things, 9:59:59.000,9:59:59.000 would be closer to that, 9:59:59.000,9:59:59.000 and combined with that guy's tool that[br]he's talking about, 9:59:59.000,9:59:59.000 you could make autoloadable module,[br]that at least even if the system was 9:59:59.000,9:59:59.000 going to autoload it, you could stop it,[br]in a failing closed sort of way. 9:59:59.000,9:59:59.000 And I think there's a lot of stuff,[br]practically, to do on that front, 9:59:59.000,9:59:59.000 and there's another project called[br]Subgraph OS, 9:59:59.000,9:59:59.000 which is basically working on becoming[br]in some ways a Debian derivative, 9:59:59.000,9:59:59.000 and they're going to do stuff like GRsec[br]kernel, 9:59:59.000,9:59:59.000 and they have a whole sandboxing framework[br]which uses apparmor, seccomp 9:59:59.000,9:59:59.000 and xpra, and a few other things, 9:59:59.000,9:59:59.000 and I think that they'll make a lot of[br]interesting security decisions, 9:59:59.000,9:59:59.000 which might make sense to adopt in [br]Debian later. 9:59:59.000,9:59:59.000 [Ben]: I think Matthew Garrett has an[br]interesting criticism about that and 9:59:59.000,9:59:59.000 how it wouldn't really work, and Wayland[br]was a better way to go than xpra. 9:59:59.000,9:59:59.000 [Jacob]: Yeah, I've heard those[br]criticisms, 9:59:59.000,9:59:59.000 but Matthew Garrett is wrong. 9:59:59.000,9:59:59.000 Not usually, but in this particular case. 9:59:59.000,9:59:59.000 For example, the sandboxing stuff,[br]if you have a GNOME appstore, 9:59:59.000,9:59:59.000 essentially, that's for one set of users,[br]but for a Debian developer 9:59:59.000,9:59:59.000 writing your own policies,[br]it might be useful, 9:59:59.000,9:59:59.000 and if you need Wayland, you might[br]not have a full solution, 9:59:59.000,9:59:59.000 we might want to have both for a while. 9:59:59.000,9:59:59.000 And think it'd be great. 9:59:59.000,9:59:59.000 And the main thing is we just need to[br]find people who will think about those 9:59:59.000,9:59:59.000 issues and try to integrate them, 9:59:59.000,9:59:59.000 because most people who write exploits,[br]or who understand how to do offensive 9:59:59.000,9:59:59.000 security stuff, they don't want to help[br]Free software projects, 9:59:59.000,9:59:59.000 they just want to exploit them. 9:59:59.000,9:59:59.000 And so some of the Subgraph guys,[br]what I really like about them 9:59:59.000,9:59:59.000 is that they're trying to improve the[br]Free software products we all use. 9:59:59.000,9:59:59.000 Even though they may make different[br]design decisions, 9:59:59.000,9:59:59.000 they're making Free software all the same. 9:59:59.000,9:59:59.000 52:17