Citizenfour QA Session

Rollback to version 9

Not Synced

... wanted to be able to use
Not Synced

Thunderbird and GnuPG together with Tor,
Not Synced

and so we thought:
Not Synced

oh, it would be really easy, I bet,
Not Synced

to configure Thunderbird to work with Tor
Not Synced

- hah - so a new Free software project
was born.
Not Synced

It's a really simple thing, but basically
Not Synced

it's just a package
that hooks it all together.
Not Synced

So a lot of people were using Thunderbird
Not Synced

and TorBirdy, and GnuPG, and Tor,
Not Synced

and Debian, together for email,
Not Synced

combined with Riseup as an email service.
Not Synced

So it's a literally a real peer to peer,
Free software driven set of things,
Not Synced

actually, that made it possible.
Not Synced

[question]:
So one thing I never understood about this
Not Synced

process was exactly how the documents were
handled, and maybe that's because nobody
Not Synced

wants to say, but, you know, did you leave
them on a server somewhere and download
Not Synced

them, hand them over to people, and who
took what where, and how do you...
Not Synced

in case I need to do something really
dangerous with a load of documents,
Not Synced

what's the best way of doing it?
Not Synced

[laughter]
Not Synced

[Jacob]: Hmm!
Not Synced

[audience member]: It's a good thing
this isn't being streamed.
Not Synced

I'm sorry, what?
Not Synced

There was a voice from god,
what did she say?
Not Synced

[audience]:
I said good we aren't streaming tonight.
Not Synced

Oh yeah, so hello to all of our friends
Not Synced

in domestic and international
surveillance services.
Not Synced

Well, so I won't answer your question,
Not Synced

but since you asked the question,
it's my turn to talk.
Not Synced

So what I would say is that...
Not Synced

if you want to do clandestine activities
Not Synced

that you fear for your life for,
Not Synced

you need to really think about
the situation that you're in
Not Synced

very carefully.
Not Synced

And so a big part of this is
operational security
Not Synced

and a big part of that is
compartmentalization.
Not Synced

So certain people had access
to certain things,
Not Synced

but maybe they couldn't decrypt them,
Not Synced

and certain things were moved around,
Not Synced

and that's on a need to know basis,
Not Synced

and those people who knew,
Not Synced

which is not me - I don't know anything,
I don't know what you're talking about.
Not Synced

Those people knew, and then you know,
Not Synced

it'll go with them to their grave.
Not Synced

So if you're interested in being the next
Edward Snowden,
Not Synced

you need to do your homework
Not Synced

in finding people that will be able to do
the other part of it, let's say.
Not Synced

But just in general, I mean
Not Synced

compartmentalization is key, right.
Not Synced

So it's not just for AppArmor profiles.
Not Synced

So you need to think about
what you want to do.
Not Synced

And I mean a big part of this
is to consider that the network itself
Not Synced

is the enemy, even though it is useful
for communicating.
Not Synced

So all the metadata that exists
on the network
Not Synced

could have tipped people off,
could have caused
Not Synced

this whole thing to fall apart.
Not Synced

It really is amazing, I feel like you know
Not Synced

two and half, three years ago,
Not Synced

when you talk about Free software,
Not Synced

and you talk about the idea of
Free software,
Not Synced

and you talk about issues relating to
autonomy and privacy, and security
Not Synced

you have a really different reception now
than you did then,
Not Synced

and that's really what it took
Not Synced

to turn the world half a degree,
or something,
Not Synced

or a quarter of a degree or something.
Not Synced

So I'm not going to tell you about
detailed plans for conspiracy,
Not Synced

but I highly encourage you to read about
South African history,
Not Synced

in particular the history of
Umkhonto we Sizwe.
Not Synced

They are the clandestine communications
group for MK,
Not Synced

or rather the operation who lay inside of MK,
Not Synced

which is Umkhonto we Sizwe,
Not Synced

and they are sort of with
the African National Congress,
Not Synced

and those people have published so many
books about the revolutionary activities
Not Synced

to overthrow the apartheid state.
Not Synced

If you read these books, especially
the book "Operation Vula"
Not Synced

and "Armed and Dangerous"
by Ronnie Kasrils
Not Synced

they give you some idea about
what you need to do
Not Synced

which is to compartmentalize,
Not Synced

how to find people to do various tasks,
specific tasks,
Not Synced

how to work on building trust
with each other, what that looks like,
Not Synced

how to identify political targets,
Not Synced

how you might use things
like communications technology
Not Synced

to change the political topic on,
Not Synced

and the discussion in general.
Not Synced

And I think the best way to learn about
these things is to study previous people
Not Synced

who have tried to do that kind of stuff.
Not Synced

And the NSA is not the apartheid regime of
South Africa,
Not Synced

but there are still lessons
to be learned there,
Not Synced

so if you really want to know the answer
to that, also Che Guevara's manual
Not Synced

on guerilla warfare is very interesting,
Not Synced

and there's a lot of other books like that.
Not Synced

I'd be happy to talk about it
with you later.
Not Synced

And I have nothing to do with anything
that we may or may not have done.
Not Synced

[laughter]
Not Synced

[question]: Do you think there is a chance
that things may get better
Not Synced

for example I know that publicly,
some programs were not extended
Not Synced

but I don't know what is happening
in the background
Not Synced

so maybe it's the same thing
but they are pretending that it's not
Not Synced

How do you see this?
Not Synced

[Jacob]: Well I think a couple of things.
Not Synced

In general I think what happened, not just
with this movie but with all of these things
Not Synced

is that in inspired hope,
Not Synced

and the hope is very important,
Not Synced

but hope is not a strategy for survival,
or for building alternatives,
Not Synced

so what it has also done, is that it has
allowed us to raise the profile
Not Synced

of the things which actually do
make it better.
Not Synced

For example ridding ourselves of the
chains of proprietary software
Not Synced

is something that's a serious discussion
with people that wouldn't have previously
Not Synced

talked about Free software
because they don't care about liberty,
Not Synced

they care about security.
Not Synced

And even though I think those are
really simliar things,
Not Synced

previously they just thought we were just
Free software hippies,
Not Synced

in tie-dye shirts
Not Synced

and while that may be true on the weekends
and evenings
Not Synced

or with Bdale every day
[laughter]
Not Synced

I think that actually does make it better
Not Synced

And it also changes the dialogue, in
the sense that it's no longer reasonable
Not Synced

to pretend that mass surveillance and
surveillance issues don't matter,
Not Synced

because if you really go down the
rabbit-hole
Not Synced

of thinking about what the security
services are trying to do
Not Synced

it becomes obvious that we want to encrypt
everything all the time
Not Synced

to beat selector-based surveillance
and dragnet-based surveillance.
Not Synced

It doesn't matter if something is authenticated
Not Synced

You could still trigger some action
to take place
Not Synced

with these kinds of surveillance machines
Not Synced

that could for example drone
strike someone,
Not Synced

and so it raises that.
Not Synced

And that gives me a lot of hope too,
Not Synced

because people understand the root
of the problem,
Not Synced

or the root of many problems
Not Synced

and the root of some violence
in the world, actually.
Not Synced

And so it helps us to reduce that
violence
Not Synced

by getting people to acknowledge
that it's real
Not Synced

and also that they care about it
Not Synced

and that we care about each other.
Not Synced

So that really gives me a lot of hope,
and part of that is Snowden
Not Synced

and part of that is the documents
Not Synced

but the other part of it is that..
Not Synced

I don't want to blow it up and make it
sound like we did something
Not Synced

like a big deal,
Not Synced

but in a sense, Laura, Glen, myself
and a number of other people
Not Synced

were really not sure we would ever be able
to travel home to our country
Not Synced

that we wouldn't be arrested.
Not Synced

I actually haven't been home
in over two and half years,
Not Synced

well, two years and three months
or something
Not Synced

I went out on a small business trip
that was supposed to last two weeks
Not Synced

and then this happened
Not Synced

and I've been hear ever since.
Not Synced

It's a really long, crazy trip.
Not Synced

But the point is that that's what was
necessary to make some of these changes
Not Synced

and eventually it will turn around
Not Synced

and I will be able to go home,
Not Synced

and Laura and Glen will be able to travel
to the US again.
Not Synced

Obviously, Julian is still stuck in the
Ecuadorian embassy
Not Synced

Sarah lives in exile in Berlin,
Not Synced

I live in exile in Berlin,
Not Synced

And Ed is in Moscow
Not Synced

So we're not finished with some of
these things
Not Synced

and it's also possible that we are,
the set of people I mentioned,
Not Synced

the state we're in, will stay that way
forever.
Not Synced

But what matters is that the rest
of the world
Not Synced

can actually move on and fix some of
these problems,
Not Synced

and I have a lot of hope about that.
Not Synced

And I see a lot of change, that's the
really big part.
Not Synced

Like I see the reproducible build stuff
that Holger and Lunar are working on.
Not Synced

People really understand the root reason
for needing to do that
Not Synced

and actually seems quite reasonable
to people
Not Synced

who would previously have expended energy
against it,
Not Synced

in support of it, so I think that's
really good.
Not Synced

And there's a lot of other hopeful things.
Not Synced

So I would try and be as uplifting
as possible.
Not Synced

It's not just the rum!
Not Synced

[question]: Near the end of the film
we saw something about another source.
Not Synced

I may have been missing some news
or something
Not Synced

but I don't remember anything about that
being public.
Not Synced

Do you know what happened to them?
Not Synced

[Jacob]: As far as I know any other
source that was mentioned in the film
Not Synced

is still anonymous, and they're still free.
Not Synced

I'm not exactly sure because I was not
involved in that part
Not Synced

but I also saw the end of the film
Not Synced

and I've seen a bunch of other reporting
which wasn't attributed to anyone in particular
Not Synced

So the good news... there's an old slogan
from the Dutch hacker community, right?
Not Synced

"Someone you trust is one of us,
Not Synced

and the leak is higher up in the chain of
command than you"
Not Synced

And I feel like that might be true again,
hopefully.
Not Synced

I think that guy has a question as well.
Not Synced

[question]: Part of the problem initially
was that encryption software
Not Synced

was not so easy to use, right?
Not Synced

And I think part of the challenge
for everyone
Not Synced

was to improve on that situation
to make it better
Not Synced

so I'm asking you if you've observed
any change and to the rest of the room
Not Synced

have we done anything to improve on that?
Not Synced

[Jacob]: I definitely think that there is
a lot of free software
Not Synced

that makes encryption easier to use,
Not Synced

though not always on free platforms,
which really is heart-breaking.
Not Synced

For example Moxie Marlinspike has done
a really good job
Not Synced

with Signal, Textsecure and Redphone
Not Synced

and making end-to-end, encrypted
calling, texting, sexting,
Not Synced

and whatever apps,
Not Synced

sext-secure is what I think it's nicknamed
Not Synced

and I'm very impressed by that,
and it works really well
Not Synced

and it's something which in the
last two years
Not Synced

if you have a cell-phone,
which I don't recommend
Not Synced

but if you have a cell-phone,
and you put in everyone's phone number,
Not Synced

a lot of people that I would classify as
non-technical people,
Not Synced

that don't care about Free software
as a hobby or as a passion
Not Synced

or as a profession.
Not Synced

You see their names in those systems
Not Synced

often more than some of the
Free software people,
Not Synced

and that's really impressive to me,
Not Synced

and I think there's been a huge shift
just generally about those sorts of things
Not Synced

also about social responsibility,
Not Synced

or people understand they have a
responsibility to other people
Not Synced

to encrypt communications,
and not to put people in harm's way
Not Synced

by sending unsafe stuff over
unsafe communication lines.
Not Synced

So I think in my personal view it's better.
Not Synced

But the original problem wasn't actually
that the encryption was hard to use.
Not Synced

I think the main problem is people didn't
understand the reason
Not Synced

that it needed to be done
Not Synced

and they believed the lie that is
targetted versus mass surveillance.
Not Synced

And there's a big lie, and the lie is
that there is such a thing
Not Synced

as targeted surveillance.
Not Synced

In the modern era, most so-called
targetted surveillance actually happens
Not Synced

through mass surveillance.
Not Synced

They gather everything up, and then they
look through the thing
Not Synced

they've already seized.
Not Synced

And of course there are targetted,
focussed attacks.
Not Synced

But the main thing is that the abuse of
surveillance often happens
Not Synced

on an individual basis.
Not Synced

It also has a societal cost.
Not Synced

I think a lot of people really
understand that.
Not Synced

It's probably because I also live in
Germany now for the last two years
Not Synced

but I feel that German society in
particular is extremely aware
Not Synced

of these abuses in the modern world
Not Synced

and they have a historical context
that allows them to talk about it
Not Synced

with the rest of the world, where the
world doesn't downplay it.
Not Synced

So this is how other people relate to
Germany
Not Synced

not just about Germans relate to
each other.
Not Synced

And that has also been really good
for just meeting regular people
Not Synced

who really care about it,
Not Synced

and who really want to do things.
Not Synced

So people's parents email me,
and are like
Not Synced

"I want to protect my children,
Not Synced

what's the best way to use crypto
with them?"
Not Synced

You know, things like that.
Not Synced

And I didn't every receive emails like
that in the past
Not Synced

and that's to me is uplifting
and very positive.
Not Synced

[question]: A quick organisational question.
Not Synced

Right now we're live-streaming the Q&A.
Are you comfortable with that?
Not Synced

[Jacob]: I don't think in the last three
years I've ever had a moment
Not Synced

that wasn't being recorded.
Not Synced

[laughter, applause]
Not Synced

[question]: If you're fine with it, moving on...
Not Synced

[Jacob]: That's fine, just don't do it
when I'm trying to sleep.
Not Synced

[question]: I was wondering why Laura
and you ended up in Germany
Not Synced

because what you said about people in
Germany might be true
Not Synced

but I'm really ashamed about my Government
and how they dealt with ????
Not Synced

and they are doing nothing for this.
Not Synced

[Jacob]: The reason that we ended up in
Germany
Not Synced

is that I'd been attending
Chaos Computer Club events
Not Synced

for many years
Not Synced

and there are bunch of people that are
part of the Chaos Computer Club
Not Synced

who are really supportive,
and good people,
Not Synced

who have a stable base,
and an infrastructure.
Not Synced

The German hacker scene has this
phenomenon which is that
Not Synced

it's a part of society.
Not Synced

So there are people in the CCC who will
talk with the constitutional court
Not Synced

for example,
Not Synced

and that creates a much more stable
society
Not Synced

and those people were willing to help us.
Not Synced

They were willing to hold footage,
to hold encrypted data.
Not Synced

They were willing to help modify hardware.
Not Synced

There was a huge base of support where
people, even if they had fear,
Not Synced

they did stuff anyway.
Not Synced

And that support went back a long time.
Not Synced

And so we knew that it would be safe
to store footage for the film here.
Not Synced

In Berlin, not in Heidelberg, but here
in Germany.
Not Synced

And we knew that, of course,
there were people that would be helpful.
Not Synced

In the US there's a much bigger culture
of fear.
Not Synced

People are afraid of having their houses
raided by the police,
Not Synced

where there's lots of detainments at the
borders,
Not Synced

where there's lots of speculative arrests,
Not Synced

journalists that are jailed,
Not Synced

so the situation was not to say that
Germany was perfect.
Not Synced

I revealed in Der Speigel with three other
journalists that Merkel was spied on
Not Synced

by the NSA.
Not Synced

And it's clear that the Germany government
was complicit
Not Synced

with some of this surveillance.
Not Synced

But in a sort of pyramid of surveillance
there's a sort of colonialism
Not Synced

that takes place.
Not Synced

And that the NSA and GCHQ are at the top.
Not Synced

And the Germans are little bit below that.
Not Synced

The thing is that there's not a lot you
do about that.
Not Synced

And so even though we revealed this
about Merkel,
Not Synced

it's not clear what she should do.
Not Synced

It's not clear what anyone should do.
Not Synced

But one thing that was clear was that
if they wanted to break into our houses
Not Synced

they would do it in a way that would
cost them a lot politically.
Not Synced

It would be very public.
Not Synced

The last time someone raided someone
working with Der Speigel
Not Synced

was in 1962 during the Speigel affair,
Not Synced

and some ministers were kicked out.
Not Synced

You may have seen recently the
Landersverrat thing
Not Synced

with Netzpolitik.
Not Synced

The charges against them now
have been dropped.
Not Synced

That would never happen in the
United States.
Not Synced

We would not be safe.
Not Synced

And I still, for my investigative
journalism,
Not Synced

and my work with Wikileaks,
Not Synced

and my work with the Tor project,
Not Synced

I wouldn't even go back to the US,
Not Synced

because there's no chance that if they
wanted to do something to me
Not Synced

that I would have any constitutional
liberties, I think,
Not Synced

and the same is true of Snowden.
Not Synced

You just won't get that fair trial.
Not Synced

And we thought at least here we would
have ground to stand and fight on.
Not Synced

And it's exactly what happened,
and we won.
Not Synced

[question]: This is also about the fear
stuff that you talk about
Not Synced

which is in the very old days we used to
put red words in the end of every message
Not Synced

to make sure that it would be hard to find
the actual subversive message
Not Synced

among all the noise.
Not Synced

And you can think about the same thing
here.
Not Synced

Should we build our systems so that
everything gets encrypted all the time?
Not Synced

[Jacob]: So I have a lot of radical
suggestions for what to do,
Not Synced

but I'm going to talk about them tomorrow
in the keynote mostly.
Not Synced

But to give you an example,
if you install Debian,
Not Synced

you can give someone the ability to log
into the machine
Not Synced

over a Tor hidden service for free.
Not Synced

You get a free .onion when you add two
lines to a Tor configuration file.
Not Synced

We should make encryption not only easy
to use but out of the box
Not Synced

we should have it possible to have
end-to-end reachability and connectivity,
Not Synced

and we should reduce the total amount
of metadata, to make it harder for people
Not Synced

who want to break the law, that want to
break into computers.
Not Synced

We should solve the problem of adversarial
versus non-adversarial forensics
Not Synced

so we can verify our systems with open
hardware and Free software together.
Not Synced

And there's a lot to be done,
but the main thing to do is to recognise
Not Synced

that if you have the ability to upload
to Debian,
Not Synced

there are literally intelligence agencies
that would like those keys.
Not Synced

And we have a great responsiblity to
humanity as Debian developers
Not Synced

to do the right thing: to build open
systems,
Not Synced

to build them in a way where users don't
need to understand this stuff.
Not Synced

There are a lot of people in the world
that will never see this film.
Not Synced

And we can solve the problems that this
film describes largely with Free software.
Not Synced

And we can do that without them knowing,
Not Synced

and they will be safe for us having
done that.
Not Synced

And if we can do that, the world will be
a better place, I think.
Not Synced

And I think the world is a better place
because of the efforts that were
Not Synced

already done in that area, that made this
possible.
Not Synced

The Tails project made it so that a bunch
of people
Not Synced

who were good at investigative journalism,
Not Synced

but absolutely terrible with computers,
were able to pull this off.
Not Synced

And that is entirely the product, in my
opinion, of Free software.
Not Synced

And a little bit of Laura and Glen, but
I'd say a lot of Free software.
Not Synced

[question]: How many people do you think
NSA has
Not Synced

working within the Debian community?
Not Synced

[laughter, applause]
Not Synced

[Jacob]: Well, I looked in the Snowden
archive about that actually.
Not Synced

[laughter, applause]
Not Synced

Yeah. And as far as I can Debian is not a
high priority target for them.
Not Synced

I mean they write exploits for all sort
of stuff
Not Synced

but I never found any systematic attempt
to compromise or harm the Debian project.
Not Synced

But obviously there are people who are
paid by the NSA to infiltrate communities,
Not Synced

and that's why we have to open transparent
processes
Not Synced

so that if those people behave badly,
we have an audit trail.
Not Synced

We won't ever stop that kind of stuff,
Not Synced

but what matters
is that people do good things.
Not Synced

It doesn't matter who they do bad things
for as long as we can correct those things
Not Synced

and/or catch them and stop them before
it happens.
Not Synced

But as far as I know there are only a
couple of people that have ever
Not Synced

been associated with the NSA in the
Debian community.
Not Synced

But I think we shouldn't get paranoid
about it,
Not Synced

but we should just be prudent about our
processes,
Not Synced

because there are lots of intelligence
services around the world
Not Synced

that do not like the values of a
universal operating system,
Not Synced

so I don't think it's super-important to
look, but I did actually look,
Not Synced

very specifically for a whole bunch of
people in the Debian community
Not Synced

to see if any of them also were being
paid by the NSA
Not Synced

and I didn't find any serious thing that
raised concern,
Not Synced

and if I did, I would have...
Not Synced

I mean, there were lots of things I found
in the archive that I immediately
Not Synced

notified security teams about.
Not Synced

Where I worked along with many other
people to actually fix those things.
Not Synced

And one of those things, if we had found
them, like infiltrators in Debian,
Not Synced

I absolutely would have just told people
about.
Not Synced

The problem is that a lot of the
journalists don't want to do that
Not Synced

because there's a ten year felony
where you go to prison -
Not Synced

a federal American prison -
Not Synced

if you reveal the name of an agent.
Not Synced

So there's a tension there,
Not Synced

but I think that there's something
to be said,
Not Synced

if they're actually actively harming the
community
Not Synced

and they're committing a crime,
Not Synced

I think there's something to be said
about that.
Not Synced

So if I found that I think it would be
worthwhile,
Not Synced

but just so you know, there's this
high cost.
Not Synced

So if there were people in the agency
now,
Not Synced

because they say that we used Tails, and
Debian, and they wanted to subvert it,
Not Synced

there's a really really high bar for
punishment.
Not Synced

Which suggests that maybe people
won't tell you.
Not Synced

So we need to sort of bank on the fact
that we'll never know,
Not Synced

but we don't need to know, as long as we
have good processes
Not Synced

that would catch bad behaviour.
Not Synced

And that's one of the strengths of Debian.
Not Synced

There are very few operating systems,
I think,
Not Synced

and just in general Free software
communities,
Not Synced

that are as diverse, and committed to the
openness and the Free software nature
Not Synced

of this kind of a project,
Not Synced

and so it's very important to state that.
Not Synced

But I do think one of the things that will
happen in the future at some point
Not Synced

is that you'll start to find people in the
Debian community that are pressured
Not Synced

by other people to do bad things
Not Synced

so we need to set up processes that will
stop that,
Not Synced

to create an incentive for that
not happening.
Not Synced

But it's really tough,
Not Synced

so I think that openness, transparency
and accountability are the ways that
Not Synced

we can combat that, because otherwise
we won't really be able to solve it.
Not Synced

But don't be paranoid, is the other thing.
Not Synced

They really are out to get you,
so be prepared.
Not Synced

[laughter, applause]
Not Synced

[question]: I'm just wondering how trust
was established
Not Synced

because I'm just realizing that
this community,
Not Synced

for you to verify your public key and even
fingerprint is like,
Not Synced

you have you produce your passport,
Not Synced

so I'm wondering how Laura managed to
exchange her keys with Snowden
Not Synced

and make sure that they were really
talking to the right person.
Not Synced

[Julian]: Well, they had a whole sort of
dance for doing key exchange.
Not Synced

I think it was a little bit luck, and a
little bit transitive trust,
Not Synced

there's a little bit of the web of trust,
Not Synced

and it worked pretty well.
Not Synced

I mean, I don't think that the key-signing
stuff that Debian does is anything close
Not Synced

to what they were doing.
Not Synced

They just wanted to make sure that the
keys they had were the right keys,
Not Synced

and that they weren't compromised,
Not Synced

and that then they would change things.
Not Synced

There was a point in the movie where they
said:
Not Synced

"let's disassociate our meta-data
one more time"
Not Synced

And what that means is they changed all
of the identifiers that are visible
Not Synced

to the network, new keys, new email
addresses, new Tor circuit, etc
Not Synced

and this is like a key consistency thing,
Not Synced

where they had the right key to begin with
and the continued to rotate over new keys.
Not Synced

This is also sometimes called TOFU.
Not Synced

This is, I think, weaker than the
web of trust,
Not Synced

but a lot easier for people to do, and
very easy to explain,
Not Synced

and it worked out pretty well.
Not Synced

It doesn't scale really well, but it has a
separate good side
Not Synced

which is the web of trust explicitly names
a web of co-conspirators.
Not Synced

And so you don't want that feature.
Not Synced

It's useful for something like Debian;
Not Synced

it's not useful for clandestine
conspiracies to commit
Not Synced

investigative journalism.
Not Synced

[laughter]
Not Synced

Lots of questions, this is great.
Not Synced

[question]: Somebody working on Tail told
me that the NSA has a file on every DD.
Not Synced

Is that true, do you know?
Not Synced

[Julian]: Okay, so when you balance your
check-book,
Not Synced

just to answer your question in a really
strange way,
Not Synced

when you balance your check-book,
or you balance your bank account,
Not Synced

and you think this is how much my rent is,
this is how much food is,
Not Synced

this is how much I have to spend on some
new hardware,
Not Synced

you think about money in an
individual way.
Not Synced

But if you think about is as a state, the
way a state thinks about money.
Not Synced

They don't balance budgets the same
way that you do.
Not Synced

They think about long-term investments
very differently.
Not Synced

They have other people's money.
Not Synced

It's a whole different way of managing it.
Not Synced

And the NSA is not the Stasi. So it's not
that you have to worry about whether
Not Synced

they have a file on you, or every Debian
developer,
Not Synced

but rather there exist some laws in the
United States that say
Not Synced

for cyber-security purposes, you don't
have constitutional rights
Not Synced

and based on your accent, you weren't
an American anyway,
Not Synced

and you aren't in America,
Not Synced

so you don't have any rights at all,
anyway, according to them.
Not Synced

They're just allowed to do whatever they
want to you,
Not Synced

up to and including murdering you, with
the CIA.
Not Synced

That's what they do with drones; that was
at the very end of the movie.
Not Synced

So it's not that they have a file on you.
Not Synced

It's that they have giant databases full
of information on all of us,
Not Synced

and then when they're interested in you,
pull up all your data,
Not Synced

and associative data,
Not Synced

and then they use that, and sometimes
they use it to target you,
Not Synced

to break into your machines,
or to find people to exert pressure on,
Not Synced

or to do psychological manipulation on.
Not Synced

All that stuff, they do all of those
things.
Not Synced

And so it's not that they have one file
on you.
Not Synced

Though maybe, it depends, if you work on
a critical package like the Linux kernel
Not Synced

they might be more interested in you
than if you work on something else.
Not Synced

I don't want to denigrate anyone's work,
but they have very specific focuses,
Not Synced

and so they definitely are interested in
being able to compromise systems, right?
Not Synced

And so you may also have file, but it's
really the meta list that's the new way
Not Synced

of thinking about it.
Not Synced

And in some senses I think that's actually
scarier, because they just hoover up
Not Synced

everything, all across the whole Internet,
Not Synced

and things that are interesting, then
they have them.
Not Synced

And depending on what interesting
things are there, they maybe
Not Synced

put those in a database that lasts
for ever,
Not Synced

or maybe it's just around for 30 days,
Not Synced

or maybe its full content for 9 days,
or something like that.
Not Synced

And then of course if you are a person of
interest
Not Synced

they do do the same stuff that the Stasi
does,
Not Synced

they do that Zersetzung stuff, if you're
familiar with this German term,
Not Synced

disintegration, they do that kind of
stuff, along with JTRIG, from GHCQ,
Not Synced

so they harass people, blackmail them,
do all sorts of really nasty stuff.
Not Synced

And they do that also, so both of those
things.
Not Synced

So again, I don't think you should be
paranoid, you should encrypt your stuff,
Not Synced

and help people do the same,
Not Synced

and know that in a democratic society with
a secret political police,
Not Synced

the right place to be is in their
database, right?
Not Synced

You should be proud of being surveilled
by them,
Not Synced

it means you're doing the right thing.
Not Synced

[laughter, applause]
Not Synced

Nonetheless, we should stop them.
Not Synced

[question]: I'm curious about your views
about Snowden actually coming out
Not Synced

and saying he was the whistleblower,
Not Synced

because I know, when he came out,
I had some fierce discussion
Not Synced

with friends about it, so I wanted to know
what you thought about it.
Not Synced

[Jacob]: What do you mean came out?
Not Synced

[question]: He said I'm Edward Snowden,
I'm the whistle-blower, here I am,
Not Synced

instead of just being anonymous the
whole way, just sending files to people.
Not Synced

[Jacob]: Well, I think the main thing is
that it's about control of
Not Synced

your own narrative, right?
Not Synced

I mean if we could have done everything
here anonymous, and gotten away with it,
Not Synced

would that have made the same impact
Not Synced

in getting other people to come forward
even if they maintain their anonymity?
Not Synced

So I think that what Snowden did, what'
beautiful about it,
Not Synced

is that he basically did enough,
Not Synced

where he could then survive.
Not Synced

Our job now for the most part, a very
good friend told me,
Not Synced

he's a little bit of a fatalist, he said:
Not Synced

your job, Laura's job, Glen's job,
Snowden's job, your job now is
Not Synced

just to survive.
Not Synced

That's all that you need to do now.
You don't need to do anything else.
Not Synced

You should go do other things, like
drink a glass of wine, relax, be happy,
Not Synced

have a nice life, but just survive,
Not Synced

so other people can see that you do the
right thing, you couldn't have done more,
Not Synced

you did enough, and you lived through it.
Not Synced

And so Snowden coming out and telling us
all of these things, I mean,
Not Synced

there are really powerful people saying
he should be assassinated, right,
Not Synced

hung by the neck until dead, was what one
of the CIA people said.
Not Synced

So he probably could have continued to be
anonymous for a while,
Not Synced

but imagine if the NSA had got to reveal
his identity.
Not Synced

How would that have been framed, what
would the first impression have been?
Not Synced

I think they called him a narcissist, and
they called him all these terrible names.
Not Synced

And it didn't really stick, because he
basically said "come at me bro',
Not Synced

I'm ready, and you can do your worst,
but you can't get rid of the facts,
Not Synced

so let's talk about the facts."
Not Synced

And I think the timing of how he did that
is good, because he really cared
Not Synced

about the issues, but he also recognized
that it was a matter of time,
Not Synced

the NSA police went to his house, they
really bothered his family,
Not Synced

they've done that with my family as well,
other people's families have had trouble.
Not Synced

So I think think it's tough, because I
think he probably would have liked to have
Not Synced

been able to not have that happen, but
there comes a point at which
Not Synced

you're the person who has access to all
that information
Not Synced

and they're going to figure it out.
Not Synced

No amount of anonymity, I think, will
last forever, but it can buy you time.
Not Synced

He got exactly the amount of time
he needed.
Not Synced

The really sad part about him coming out
in public when he did, though, was that
Not Synced

he got stuck in Russia, because my
government cancelled his passport.
Not Synced

I think mostly for propaganda reasons.
Not Synced

Because in the United States, we denigrate
all things relating to Russia.
Not Synced

And there are lots of problems with
Russia,
Not Synced

and especially with Vladimir Putin,
Not Synced

but at the same time that seems to be the
only country that was willing to uphold
Not Synced

his fundamental liberties.
Not Synced

I went to the Council of Europe, and to
the European Parliament,
Not Synced

to the German Parliament, to the French,
sort of to the French Parliament,
Not Synced

they didn't really want to meet with me,
but also to the Austrian Parliament,
Not Synced

and to a number of other places,
Not Synced

and everyone said, oh, we would really
live to help anybody who needs help,
Not Synced

oh it's Edward Snowden, never mind.
Not Synced

[laughter]
Not Synced

And so though I have a lot of critiques
on Russia, the propaganda aspect of it
Not Synced

was very damaging for him to be stuck
in Russia,
Not Synced

but on the other hand, he's still alive,
and he's still mostly free.
Not Synced

And they recognized his right to
receive asylum.
Not Synced

So there's a lot of trade-offs to think
identifying one's self,
Not Synced

and if you were thinking about being
the next Snowden,
Not Synced

or helping the next Snowden, or helping
Snowden, or something like that,
Not Synced

you really have to think that, you really
have to think this out many steps ahead,
Not Synced

and it's easy to stay, oh he should have
just stayed anonymous and
Not Synced

nobody would have figured it out,
Not Synced

but that's very clearly not planning the
case that they do figure it out,
Not Synced

and then they're going to be in control
of the narrative,
Not Synced

and in that case, I think you are better
off to do what he did,
Not Synced

and he did so quite reluctantly.
Not Synced

He's not an egoist, or an narcissist,
he's actually a really shy guy
Not Synced

from what I can tell.
Not Synced

I don't know exactly what conversation
you and your friend had,
Not Synced

but I would suspect that the notion is
that people are more powerful
Not Synced

when anonymous.
Not Synced

And that is true sometimes,
but not always,
Not Synced

and it's important to remember that
the anonymity technology is there
Not Synced

so you have a choice, not a requirement.
Not Synced

And that choice is sometimes
counter-intuitive,
Not Synced

but I think he did the right thing in
this way, and I wish that my government
Not Synced

had done the right thing by him as well,
but they did not.
Not Synced

[question]: So there are lot of questions,
do you want to keep going on,
Not Synced

shall we get in a little Mate?
Not Synced

[Jacob]: I would love some of that rum.
Not Synced

I think I have to GRsec, right?
GRsec kernel.
Not Synced

And then rum appears. Rum as a service.
Not Synced

[applause]
Not Synced

I'm really happy to keep taking questions,
because to me, what I want is
Not Synced

for every person in this room to feel
a part of this, because you really are.
Not Synced

A lot of the people I've met in this
community really inspire me to action,
Not Synced

and it's important to understand that
really, it would not have been possible
Not Synced

without Debian.
Not Synced

For example debootstrap - really important
tool, right?
Not Synced

With weasel's packaging of Tor, it allowed
us to have bootstraps of things,
Not Synced

it allowed us to build things,
Not Synced

and using Free software really was
helpful,
Not Synced

so if you guys have any questions at all,
Not Synced

really each and every person that helps
with Debian should just know
Not Synced

that you are a part of that,
Not Synced

and I'm just happy to talk for as long as
you want, basically,
Not Synced

to answer all of your questions,
Not Synced

except the ones that put me in prison.
Thanks.
Not Synced

[laughter]
Not Synced

[question]: I just wanted to make a quick
note about the question
Not Synced

"do they have a file on me?"
Not Synced

From all I've read so far, it's just that
they're doing the thing
Not Synced

that is in the commercial world called
"big data".
Not Synced

[Jacob]: Yep. Absolutely.
Not Synced

Oh boy. GRsec again?
Not Synced

[orga]: it's not rum, but it's Bavarian
whisky.
Not Synced

[Jacob]: Oh boy. It's going to be a
heavy morning tomorrow.
Not Synced

I saw another couple of hands.
Not Synced

[question]: I was just wondering if
that you noticed throughout this
Not Synced

that you think we could improve in Debian
to make the next people's lives easier.
Not Synced

[Jacob]: Oh my god, I'm so glad you asked
that question, that's so fantastic.
Not Synced

I'm going to talk about that tomorrow
in my keynote,
Not Synced

but let me tell you about one that I have.
Not Synced

I revealed a specific document about a
wifi injection attack system.
Not Synced

It's a classified document, it's a
top secret document,
Not Synced

for a thing called nightstand, and what
nightstand is,
Not Synced

it's basically like car metasploit,
it's a wifi injector...
Not Synced

cheers!
Not Synced

Danke schön.
Not Synced

It's a wifi injector device...
Not Synced

Whew, jesus!
Not Synced

[laughter, applause]
Not Synced

[orga]: Tonight's whisky sponsored by
drunc-tank dot org.
Not Synced

[Jacob]: So this wifi injector device,
what it does is it basically is able to
Not Synced

exploit the kernel of a device by sending
malformed data over wifi.
Not Synced

Now I have a series of photographs, so
all of us.. not all of us, but most of us
Not Synced

used these speciallly modified X60s where
we removed the microphones, soldered??
Not Synced

down things on the PCI bus,
Not Synced

we removed, like, firewire, really
modified it, flashed coreboot onto it,
Not Synced

flipped the read pin so it was only
read-only,
Not Synced

so you couldn't easily make a BIOS
root kit and make it persistent,
Not Synced

we booted TAILS, did all this stuff,
Not Synced

often we could boot to RAM so that
once the machine was powered off
Not Synced

basically it would be done, so if someone
kicks down your door,
Not Synced

you just pull the power out,
Not Synced

and you don't have a battery, and
when the power fails you have an
Not Synced

instant kill switch.
Not Synced

So things that are in TAILS that are
really useful include this
Not Synced

wiping the kernel memory package
which I hear is being packaged for Debian
Not Synced

soon, which is very exciting.
Not Synced

Because everyone should have access
to that so we can tie it into something
Not Synced

like GNU panicd or these other things.
Not Synced

But one thing I kept having problems with
is this wifi injection device,
Not Synced

I'm pretty sure, was very close to my
house.
Not Synced

There was a white van outside, it was
vibrating a bit like there was a guy
Not Synced

walking around in it,
Not Synced

and then all of sudden, an X60 here,
an X60 here, and an X60 here,
Not Synced

just booted into TAILS, not doing
anything at all, but on the wifi network,
Not Synced

kernel panic, kernel panic, kernel panic.
Not Synced

All the same kernel panic, all the
same memory offsets,
Not Synced

in the Appletalk driver of the stock
kernel for TAILS.
Not Synced

I think I filed a bug upstream with TAILS
at the time,
Not Synced

but this is just incredible because
it's clear that all the crap
Not Synced

in the default Debian kernel that you
really want for your 1992 Apple network
Not Synced

makes operational security really hard,
Not Synced

and one thing that would be really great
would be a GRsec enabled kernel...
Not Synced

[applause]
Not Synced

Yes, have to drink.
Not Synced

But as an example, we built different
custom machines, and one of the things
Not Synced

that we did for some people and in some
circumstances was
Not Synced

to build GRsec enabled kernels.
Not Synced

And I'm not going to drink again.
Not Synced

So we built those kernels
Not Synced

[audience]: Which ones?
Not Synced

[Jacbob]: Yes, exactly, those ones.
Not Synced

And that was work which creates a problem
for a bunch of reasons.
Not Synced

When you build custom kernels, and
you only have a few people
Not Synced

that can build those kernels,
Not Synced

you actually build a chain of evidence of
who helped who.
Not Synced

And if that was stable, normal package,
Not Synced

that people could install in a Debian
pure blend,
Not Synced

then it would have been easier to do that.
Not Synced

We built a lot more sandbox profiles for
various different things,
Not Synced

we built some transparent TOR-ification
stuff,
Not Synced

and that required a lot of bespoke
knowledge,
Not Synced

and it required a lot of effort that a lot
of people did not have,
Not Synced

because they had a different set of
skills,
Not Synced

and it's good to have a division of
labour,
Not Synced

but having that kind of stuff built into
Debian by default, making a
Not Synced

Debian installer that could do that,
Not Synced

and also verification, would be great,
right?
Not Synced

So I wrote some custom scripts
where I could look at a TAILS disk,
Not Synced

or a Debian install,
Not Synced

and know if it had been tampered with.
Not Synced

And it would be nice if there was just
a disk you could boot that did
Not Synced

verification of an installed system
Not Synced

very very easily, so easily that
Glen Greenwald could use it.
Not Synced

I love Glen, I saw that very politely,
Not Synced

but what I means is it needs to be
easier than that,
Not Synced

because Glen at least knows that he
he a reason to need it.
Not Synced

And so that was something that we really
needed help with.
Not Synced

And we spent a lot of time on that.
Not Synced

And there are lots of other little things
like that,
Not Synced

and I'll talk about some of those things
tomorrow,
Not Synced

but one of the really big problems is
hardware,
Not Synced

which is that you cannot buy a modern
Intel CPU which doesn't come
Not Synced

with a backdoor any more.
Not Synced

And that is a huge problem, and I'm not
sure that the answer is to use ARM.
Not Synced

It seems like the answer is to use ARM.
Not Synced

But that's only if assume that ARM didn't
just add a backdoor that's obvious.
Not Synced

So we really need to think about how to,
in moving forward,
Not Synced

how to have easy to use, easy to buy
on the shelf, Debian hardware,
Not Synced

available everywhere, all the time,
Not Synced

so you can just go and buy this thing and
verify it in some way
Not Synced

with some other machine,
Not Synced

to know that you would have the right
thing.
Not Synced

And to that extent we didn't have X-rays
for a lot of the circuit boards,
Not Synced

so that made it very difficult to know
if when you buy something,
Not Synced

it's been tampered with.
Not Synced

I'll talk about some of that stuff
tomorrow,
Not Synced

but basically, Debian does a lot of stuff
right,
Not Synced

and that is also worth mentioning.
Not Synced

There's so many things that just work
out of the box, that just work perfectly.
Not Synced

So the main thing is to keep the
quality assurance at the level,
Not Synced

or to exceed where it is right now.
Not Synced

Because it actually works super super
well.
Not Synced

The exception being for very specific
targetted attacks,
Not Synced

the kernel attack surface is pretty big,
and pretty bad, I think.
Not Synced

And also, we rebuilt some binaries in
order to..
Not Synced

sorry, I'll get to you in a second.
Not Synced

We rebuilt some binaries to make sure
that we had address space randomisation
Not Synced

and linker hardening, and stack
canary stuff,
Not Synced

and for some stuff lately we've been using
address space sanitizer,
Not Synced

so it would be really great if all the
hardening stuff was turned in,
Not Synced

if there was PAX plus GRsec as a kernel.
Not Synced

[audience]: so the specific problem with
GR security is that they don't really
Not Synced

want to work with distros.
Not Synced

So we could have a Linux kernel package
with GR security applied,
Not Synced

but it wouldn't have any of the other
Debian patches.
Not Synced

[Jacob]: So I talked with Brad Spender
about this,
Not Synced

and I'm so glad that you said that,
Not Synced

because what he said was that, as far
as I can tell, he's totally interested in
Not Synced

helping Debian with this but thinks that
Debian is not interested.
Not Synced

He actually runs a kernel building
service where they actually do
Not Synced

individual kernel builds, and I think
you'd be interested,
Not Synced

and when I told him we'd love to have
this in TAILS, he said
Not Synced

what patches do I need to include in GRsec
to make sure that it'll work?
Not Synced

And he offered to do the integration
into the GRsec patch if there are not
Not Synced

too many things.
Not Synced

So I think what we should try and do
is build a line of communication,
Not Synced

and if it costs money we should find a way
to raise that money,
Not Synced

I'll put in some of my own personal money
for this,
Not Synced

and I know other people would too.
Not Synced

[distant audience]: I will.
Not Synced

[Jacob]: Great.
Not Synced

So securedrop, for example, part of what
they do for their leaking platform,
Not Synced

if you go to the intercepts website,
you wan to leak them a document,
Not Synced

they actually use free software
everywhere, but there are a few things
Not Synced

they build specially, and one of those
things is a GRsec kernel.
Not Synced

So the people at first look, that helped
make this movie,
Not Synced

and that work on securedrop,
Not Synced

they would probably also,
Not Synced

I'm not committing them, I don't
know that they would actually do this,
Not Synced

but I think they would really like it if
that was in there,
Not Synced

and I think it we could find the community
will to do that,
Not Synced

I know I would volunteer and other people
would,
Not Synced

I know that dkg in the back would love to
help with this, I would that ???
Not Synced

who is just totally behind funding this
work, right?
Not Synced

I thought that you were there to protect
my civil liberties, buddy.
Not Synced

But I really think that it's possible
that we could do this,
Not Synced

and I definitely think Brad, the author of
GRsec,
Not Synced

I think he would really love it if Debian
shipped GRsec.
Not Synced

And it doesn't need to come by default,
Not Synced

but if it was possible to just have
it all, that would be great.
Not Synced

Maybe we could have an affinity group
where everyone who is interested can
Not Synced

meet sometime tomorrow and we could
talk about doing this.
Not Synced

I would love to have that conversation.
Not Synced

Who are you?
Not Synced

[audience]: Ben Hutchings.
Not Synced

[Jacob]: Oh, nice to meet you!
Not Synced

[laughter, applause]
Not Synced

That's awkward.
Not Synced

[question]: Hi. Sorry to interrupt the
awkwardness,
Not Synced

and replace it with more awkwardness.
Not Synced

Nice to see you, Jake.
Not Synced

So, I remember reading the documents
in 2013
Not Synced

and seeing the NSA's internal training
guide for how to query their
Not Synced

Hadoop data store, aka xkeyscore,
Not Synced

and so I thought I would just ask you
if you think Free software net helps us
Not Synced

or helps them.
Not Synced

[Jacob]: I'm really glad you asked that
question.
Not Synced

I think that Free software helps everyone
on the planet, and I think that
Not Synced

purpose-based limitations.. I understand
why people want them.
Not Synced

I think we should try to build a world
where we are free,
Not Synced

and so putting in purpose-based
limitations is really problematic,
Not Synced

and I think what we should do is try to
mitigate the harm that they can do
Not Synced

with those systems,
Not Synced

as opposed to pretending that they care
about Free software licensing.
Not Synced

These guys kill people with flying robots,
Not Synced

it's illegal to murder people, and they
do it.
Not Synced

Limiting their use with licenses, first
of all, that just means they'll spend
Not Synced

your tax money to rewrite it if they care
about the license,
Not Synced

and you won't get their bug-fixes or their
improvements,
Not Synced

and then additionally they're still not
going to obey your license anyway,
Not Synced

because literally some of these people
work on assassinating people.
Not Synced

So it is better that we keep our integrity
and take the high road,
Not Synced

and write Free software, and we give it to
every single person on the planet
Not Synced

without exception,
Not Synced

It's just better. It's better for all of
us, right?
Not Synced

So the fact that they have Hadoop, the
fact that they, for example, use OpenSSL,
Not Synced

or maybe they use Tor, or whatever, right?
Not Synced

Or they use gdb to debug their exploits.
Not Synced

I kind of wish that on them.
Not Synced

[laughter, applause]
Not Synced

I think it's great, right?
Not Synced

So one of the things Che Guevara said
in his manual about guerilla warfare,
Not Synced

in chapter two, is that (oh, it was
chapter three)
Not Synced

He talks about when you have to arm
a guerrilla army,
Not Synced

this is not exactly related, but it's an
analog.
Not Synced

He says that the most important thing
is for the guerrilla army to
Not Synced

use the weapons of the people that
they're fighting - the oppressor.
Not Synced

And the reason is that it allows you to
resupply, essentially.
Not Synced

When you win a battle, you resupply.
Not Synced

When we all use the same Free software,
and we're working on these things,
Not Synced

the fact that they have to contribute
to the same projects and they often do
Not Synced

means there's a net win for us.
Not Synced

They do have some private things that they
don't share, obviously,
Not Synced

with the exception of nice people like
Edward Snowden,
Not Synced

and I think that it is a net positive
thing,
Not Synced

and if we think of it as a struggle,
Not Synced

we are better off to take the high road,
Not Synced

and so I really think we should not
pretend that we can stop them,
Not Synced

and instead we should work together
to build solutions.
Not Synced

And I think that Debian is doing that,
right?
Not Synced

I think Debian is much harder to
compromise than
Not Synced

a lot of other operating systems,
Not Synced

and it's much much harder to coerce
people,
Not Synced

and there's a strong ethos that comes
with it that it's not just the technical
Not Synced

project, there's a social aspect to it.
Not Synced

I think I was in the New Maintainer
queue for 11 years,
Not Synced

maybe that's a little too long,
Not Synced

but there's a huge hazing process,
Not Synced

so anyone who wants to help, really really
wants to help,
Not Synced

and if they want to do something wrong
there are processes to catch
Not Synced

people doing things wrong.
Not Synced

So we should really stay true to the
Free software ethos,
Not Synced

and it really is a net benefit.
Not Synced

[question]: Hi Jake. Thanks a lot for
saying so much "GRsec".
Not Synced

Just wanted to give a shout out.
Not Synced

You mentioned possible backdoors in
CPUs and so on,
Not Synced

that ARM might not be the next best thing
because it's not so open either.
Not Synced

You might want to have a look at Power 8.
Not Synced

It's basically PowerPC 64, so Debian has
support for it as far as I know,
Not Synced

and most of the stuff is actually open.
Not Synced

Not that actually designs that IBM is
using,
Not Synced

but you can have, actually, an FPGA
implementation of it,
Not Synced

and if you have the money make your own
ASICs for it, without even knowing
Not Synced

how to do it, which is pretty good,
I think.
Not Synced

[Jacob]: I think there are lots of things
we can hack right?
Not Synced

I mean I had one of those weird RMS
laptops, the Limote,
Not Synced

or whatever it's called, for a while.
Not Synced

And I was definitely able to get some
Free software running on it,
Not Synced

in theory it was a Free software laptop.
Not Synced

But getting other people to use this is
the problem,
Not Synced

you need to get everybody to use it,
right?
Not Synced

There's a sort of old anarchist cliché,
Not Synced

"None of us are free until all of us are
free"
Not Synced

And that really applies here.
Not Synced

We really need to have Free software
that's usable by everyone,
Not Synced

otherwise we're sort of bound by the
lowest common denominator
Not Synced

of Free, or proprietary tools, depending
on what people have to use.
Not Synced

So it'll be great when we have that,
Not Synced

and there's a thing called the Nokimist???
Not Synced

which is a video mixing board that has an
FPGA implementing a Free software CPU
Not Synced

that you can boot Debian on, or OpenWRT,
Not Synced

and it does work, and I have used it,
Not Synced

and in fact I used to use it as a shell,
Not Synced

and for a long time I used a Debian
trick,
Not Synced

actually I've never talked about that in
public,
Not Synced

let me think about that for a second.
Not Synced

So I used to use an IRC client that was
really buggy,
Not Synced

and I couldn't figure out where all the
bugs were,
Not Synced

but I knew that if I hung out in certain
networks that someone else
Not Synced

would help me find those bugs by trying
to exploit my client.
Not Synced

And I wanted to make it as hard as
possible.
Not Synced

So I ran my IRC client inside of a Debian
machine that was running an S390 emulator.
Not Synced

Who here uses Hercules? Thank you to
whoever packaged it.
Not Synced

And so I would use Hercules, it was a
very long install process.
Not Synced

Very slow.
Not Synced

And I would do this, and what I'd always
dreamed of doing at some point
Not Synced

was using the Nokimist??? and the
Hercules together
Not Synced

for maximum ridiculously difficult
to exploit,
Not Synced

plus GRsec kernel.
Not Synced

But that's not a usable thing.
Not Synced

So what we need to do is take these kinds
of prototypes
Not Synced

which actually do represent many steps
forward,
Not Synced

and we need to make sure that they're
produced on a scale where
Not Synced

you can go into a store and puchase them
anonymously, with cash,
Not Synced

in a way that you can then verify.
Not Synced

And we're actually really close to that
with software defined radios
Not Synced

and open hardware,
Not Synced

but we're not quite there yet.
Not Synced

[question]: What I meant is that Power 8
is basically getting big, currently,
Not Synced

on the server market,
Not Synced

and it might get big for other stuff also.
Not Synced

[Jacob]: Hopefully.
Not Synced

[question]: I want to come back to the
story about the panic
Not Synced

in the Appletalk driver.
Not Synced

The common approach against this is
to compile your own kernel with
Not Synced

all this stuff not compiled in,
Not Synced

but on two of my systems I have a
modprobe wrapper which has
Not Synced

a whitelist of module which may be
loaded,
Not Synced

and I install that wrapper as the thing
that the kernel uses for loading modules.
Not Synced

Do you know if such a thing exists
elsewhere, or if not,
Not Synced

I would be interested in developing it
into something which is actually useable
Not Synced

for people.
Not Synced

[Jacob]: That would be great.
Not Synced

In this case we were using Tails.
Not Synced

And so, Tails is very finicky about what
it will accept,
Not Synced

and so having that in Debian will make it
a lot easier to get it into something
Not Synced

like Tails, I think.
Not Synced

But the main thing is really that we have
to think about the attack surface
Not Synced

of the kernel very differently.
Not Synced

The problem is not Appletalk; the problem
is the Linux kernel is filled with
Not Synced

a lot of code,
Not Synced

and you can autoload, in certain cases,
certain things come in,
Not Synced

and certain things get autoloaded,
Not Synced

and I know Bdale loves his
ham radio stuff,
Not Synced

but I never use ham radio on my machine
Not Synced

I used for clandestine conspiracies,
you know?
Not Synced

That's a separate machine.
Not Synced

It's over here.
Not Synced

So we just need to find a way to think
about that.
Not Synced

And part of that could be kernel stuff,
but also part of it could be thinking
Not Synced

about solutions like that, where we
don't need to change the kernel.
Not Synced

So if you could package that and develop
that, it would be really fantastic.
Not Synced

[Ben]: Actually, some time ago, after
I think it was the econet exploits,
Not Synced

no-one uses econet, it was broken anyway,
but you could exploit it,
Not Synced

because it was autoloaded.
Not Synced

So I actually went through and turned off
autoloading on a few of the more obscure
Not Synced

network protocols.
Not Synced

We could probably go further with that,
even in the defaults.
Not Synced

[Jacob]: I think it would be great to
change some of the kernel stuff so that
Not Synced

at least, I mean, Tails is a special use
case, where, I think, it's very important,
Not Synced

and it doesn't work for everyone,
Not Synced

but we should just consider that there are
certainly things which are really great,
Not Synced

and I want to use Debian for it, because
Debian is a universal operating system.
Not Synced

But for a modern desktop system where
you're using GNOME,
Not Synced

and you haven't set anything up,
Appletalk for example,
Not Synced

maybe we would ask those people
to load that module themselves.
Not Synced

[Ben]: Yeah, for example you could
have, a lot of those things are going to
Not Synced

have supporting utilities,
Not Synced

so you could put something in the
supporting utilities that loads it
Not Synced

at boot time.
Not Synced

And if you don't have those installed,
you don't need it.
Not Synced

[Jacob]: Yep, totally. And I think there's
lots of ways to do it where
Not Synced

the network can't trigger it,
and that's important.
Not Synced

[Ben]: Yeah, that puzzled me,
I can't understand,
Not Synced

the protocol module when
userland tries to open a socket
Not Synced

of that type,
Not Synced

it shouldn't happen in response to
network traffic.
Not Synced

There are things like, I think if you
run ifconfig that can autoload
Not Synced

a bunch of things, for example.
Not Synced

[Jacob]: Yeah, I think on either side
it should be more explicit,
Not Synced

and in this case with Tails,
Not Synced

there was a time when you looked at
the kernel module list
Not Synced

and it was pretty amazing,
Not Synced

like I think there was an X25 thing,
an Appletalk, thing,
Not Synced

wait, this is all about going over Tor,
we don't support any of these
Not Synced

things at all.
Not Synced

So it's just the way that things are
interdependent, right?
Not Synced

It's not a dig at the kernel itself.
Not Synced

I think the Linux kernel as it works
in Debian today works really well
Not Synced

for a lot of people,
Not Synced

but there is definitely a high security
use case,
Not Synced

and I, for example, if I were a Debian
developer, and I had a development
Not Synced

machine where I didn't run a web
browser,
Not Synced

and I took a lot of effort.
Not Synced

It would be really nice if there were
a kernel that put in the same
Not Synced

threshold of security.
Not Synced

And I think that the GRsec kernel with
some stuff changed about it,
Not Synced

like getting rid of Appletalk and a few
other things,
Not Synced

would be closer to that,
Not Synced

and combined with that guy's tool that
he's talking about,
Not Synced

you could make autoloadable module,
that at least even if the system was
Not Synced

going to autoload it, you could stop it,
in a failing closed sort of way.
Not Synced

And I think there's a lot of stuff,
practically, to do on that front,
Not Synced

and there's another project called
Subgraph OS,
Not Synced

which is basically working on becoming
in some ways a Debian derivative,
Not Synced

and they're going to do stuff like GRsec
kernel,
Not Synced

and they have a whole sandboxing framework
which uses apparmor, seccomp
Not Synced

and xpra, and a few other things,
Not Synced

and I think that they'll make a lot of
interesting security decisions,
Not Synced

which might make sense to adopt in
Debian later.
Not Synced

[Ben]: I think Matthew Garrett has an
interesting criticism about that and
Not Synced

how it wouldn't really work, and Wayland
was a better way to go than xpra.
Not Synced

[Jacob]: Yeah, I've heard those
criticisms,
Not Synced

but Matthew Garrett is wrong.
Not Synced

Not usually, but in this particular case.
Not Synced

For example, the sandboxing stuff,
if you have a GNOME appstore,
Not Synced

essentially, that's for one set of users,
but for a Debian developer
Not Synced

writing your own policies,
it might be useful,
Not Synced

and if you need Wayland, you might
not have a full solution,
Not Synced

we might want to have both for a while.
Not Synced

And think it'd be great.
Not Synced

And the main thing is we just need to
find people who will think about those
Not Synced

issues and try to integrate them,
Not Synced

because most people who write exploits,
or who understand how to do offensive
Not Synced

security stuff, they don't want to help
Free software projects,
Not Synced

they just want to exploit them.
Not Synced

And so some of the Subgraph guys,
what I really like about them
Not Synced

is that they're trying to improve the
Free software products we all use.
Not Synced

Even though they may make different
design decisions,
Not Synced

they're making Free software all the same.
Not Synced

52:17

Title:: Citizenfour QA Session
Description:: more » « less
Video Language:: English
Team:: Debconf
Project:: 2015_debconf15

	Jens Reyer edited English subtitles for Citizenfour QA Session
	Jens Reyer edited English subtitles for Citizenfour QA Session
	Jens Reyer edited English subtitles for Citizenfour QA Session
	tvincent edited English subtitles for Citizenfour QA Session
	Dominic Hargreaves edited English subtitles for Citizenfour QA Session
	Dominic Hargreaves edited English subtitles for Citizenfour QA Session
	Dominic Hargreaves edited English subtitles for Citizenfour QA Session
	Dominic Hargreaves edited English subtitles for Citizenfour QA Session

Show all

English subtitles

Revisions Compare revisions

Revision 18 Edited

Jens Reyer
Revision 17 Edited

Jens Reyer
Revision 16 Edited

Jens Reyer
Revision 15 Edited

tvincent
Revision 14 Edited

Dominic Hargreaves
Revision 13 Edited

Dominic Hargreaves
Revision 12 Edited

Dominic Hargreaves
Revision 11 Edited

Dominic Hargreaves
Revision 10 Edited

Dominic Hargreaves
Revision 9 Edited

Dominic Hargreaves
Revision 8 Edited

Dominic Hargreaves
Revision 7 Edited

Dominic Hargreaves
Revision 6 Edited

Dominic Hargreaves
Revision 5 Edited

Dominic Hargreaves
Revision 4 Edited

Dominic Hargreaves
Revision 3 Edited

Dominic Hargreaves
Revision 2 Edited

Dominic Hargreaves
Revision 1 Edited

Dominic Hargreaves

	Revision Number	Author	Created
	18	Jens Reyer
	17	Jens Reyer
	16	Jens Reyer
	15	tvincent
	14	Dominic Hargreaves
	13	Dominic Hargreaves
	12	Dominic Hargreaves
	11	Dominic Hargreaves
	10	Dominic Hargreaves
	9	Dominic Hargreaves
	8	Dominic Hargreaves
	7	Dominic Hargreaves
	6	Dominic Hargreaves
	5	Dominic Hargreaves
	4	Dominic Hargreaves
	3	Dominic Hargreaves
	2	Dominic Hargreaves
	1	Dominic Hargreaves

Citizenfour QA Session

Revisions Compare revisions

Our website uses cookies

Operating cookies (Required)