From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-174488-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id CFE95139084
	for <garchives@archives.gentoo.org>; Fri, 16 Dec 2016 13:35:47 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id CB457E0C72;
	Fri, 16 Dec 2016 13:35:38 +0000 (UTC)
Received: from mail-qk0-x244.google.com (mail-qk0-x244.google.com [IPv6:2607:f8b0:400d:c09::244])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 6AC63E0C5C
	for <gentoo-user@lists.gentoo.org>; Fri, 16 Dec 2016 13:35:38 +0000 (UTC)
Received: by mail-qk0-x244.google.com with SMTP id n21so4482747qka.0
        for <gentoo-user@lists.gentoo.org>; Fri, 16 Dec 2016 05:35:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to;
        bh=NMKHpaCVSvzkijJkVihL32lT/SuFJK2D2kDqtq1k/IE=;
        b=t80aJ4gsvw+fpOFT9Lhp/05ollecaMLJ0IzMfQ21mdU8iI7/TfV4AMYKgQY61zp+PK
         3dVw/xTtLA3QTgFkMimgHmc62gj9JBft42OoBDMD3Wj+gZ1v/evHQ9KQVOi4C4lm1CMn
         aI7qCQqFZeHZdrcTjFMfygNs4qzRc7y8a/5z0y+LbUupl7Li4AhtQza809rTnFlEXCQf
         dBpJ2wpM1FgtBe84D0plRNKdZgty7tDZjIFxa8VLy20pn61HFjzQkPBnafWCLuDY3byn
         tBXVQS2IDumIg2R/GT8PEgHBj2FdGvQfNrodDFdV/1S7AbNFvBqqKUusD7giQokR+Se/
         GSng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to;
        bh=NMKHpaCVSvzkijJkVihL32lT/SuFJK2D2kDqtq1k/IE=;
        b=k1LK/36ViF4CiRtvhMrC3kuBQr5VHlxkxQBSL9pxlMEhlDXBsQBBYyno8mdKjF/Ii+
         EXnM1IB5ST2Gtx/mT+R3H50ZRn+y/gS+kLWGd5RvNGtXzanXUlTi/z2KA1BBmYbbNdD0
         TWY1AIIAotxnrJR1ezrAhUer0AgUqSxPnrMUtlNKBBqRyTEoIFX9opBJddFLWPn6Drzp
         z1DvL8jDzbM6JCriLuE+IiBiIGY6WAmFyZyAHnzO2lcwzmo5XGwFL1tQ/0+772z9bwcy
         rF+ibRuZFrCTURR8WuaZxavwUkgP+BNIru0DaP4kY7ef2iGUTovYt9F5SXqbuE5g42UP
         2+EA==
X-Gm-Message-State: AIkVDXKHhpH1QirFg5yHPLJjoMbOM7Aplgm03OUfP8NLAYswLdSdeXS3U11dtAuaDMhb8jr4qQMCcJ4Cz7U2fg==
X-Received: by 10.233.239.194 with SMTP id d185mr2577165qkg.122.1481895337516;
 Fri, 16 Dec 2016 05:35:37 -0800 (PST)
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Sender: freemanrich@gmail.com
Received: by 10.140.34.73 with HTTP; Fri, 16 Dec 2016 05:35:36 -0800 (PST)
In-Reply-To: <20161216131315.GA4052@g0n.xdwgrp>
References: <20161015182743.GB4541@solfire> <20161216101951.GA29887@g0n.xdwgrp>
 <CAGfcS_k+toE5DiWMPZrbnFqnJwVuQQ73B-rAmYeGTeyE-WKzBQ@mail.gmail.com> <20161216131315.GA4052@g0n.xdwgrp>
From: Rich Freeman <rich0@gentoo.org>
Date: Fri, 16 Dec 2016 08:35:36 -0500
X-Google-Sender-Auth: Zc-4b8DlNxqPs3ei6xWj3pCkho8
Message-ID: <CAGfcS_=LvKf+pbq1Pfs_RfNUB76yFHz3Dv-FK0ZdFAMt_mAbYQ@mail.gmail.com>
Subject: Re: [gentoo-user] from Firefox52: NO pure ALSA?, WAS: Firefox 49.0 &
 Youtube... Audio: No
To: gentoo-user@lists.gentoo.org
Content-Type: text/plain; charset=UTF-8
X-Archives-Salt: b960fc24-0aeb-44e7-b116-1fc07ee195f5
X-Archives-Hash: 84adf2a3b76c5ec5ee9408cb72daec61

On Fri, Dec 16, 2016 at 8:13 AM, Miroslav Rovis
<miro.rovis@croatiafidelis.hr> wrote:
> On 161216-07:16-0500, Rich Freeman wrote:
>> On Fri, Dec 16, 2016 at 5:19 AM, Miroslav Rovis
>> <miro.rovis@croatiafidelis.hr> wrote:
>> >
>> > In my stron opinion, and opinions are allowed in Gentoo, just not
>> > imposing your opinion onto others (and that I am not doing, feel free
>> > to disagree!), pulseadio is spyware, read more here:
>> >
>> > Re: [Alsa-user] sans-pulseaudio Firefox? was: a strange thing
>> > https://www.mail-archive.com/alsa-user@lists.sourceforge.net/msg31928.html
>> >
>>
>> What exactly about Pulseaudio do you think makes it "spyware?"  The
> You're right actually. Or might be. It is likely not spyware in itself,
> but it surely is spyware enabler. Like dbus and all of poetterware.
>
> And about xorg. Everybody uses it, I do too. Minimalistically. Just
> enough to have, say Firefox and Wireshark, and a good *nix programs that
> need gui. But I'd think the possibilities for spying-required remote
> connections with xorg are nowhere near to what poetterware and
> associates offer.
>

I'm not sure I understand what distinction you're making.  I can't say
I'm intimately familiar with the security model around Pulseaudio (at
a glance it seems similar to X11 with its use of cookies, though
obviously if you tell it to broadcast unencrypted multicast RTP on
your LAN you'll get the obvious effects) but X11 has a couple of
glaring security weaknesses.  The most obvious is the fact that any
random X11 client can read the keyboard input of any other client on
the same server unless you jump through a bunch of hoops that I don't
think anybody actually jumps through (though I do believe some of the
X11 PIN entry programs may use them at least).  Anything you type into
an xterm could be read by your browser, and in turn by any code able
to execute outside any sandbox that browser might have (root privs not
needed for this).

And I wouldn't be surprised if a lot of X servers still run as root
for modesetting/etc.

> That's why they came into existance, after all.

Uh, somehow I doubt that Lennart wrote Pulseaudio just to simplify the
task of getting audio off of a local host so that somebody can spy on
you.  Maybe it had something to do with the fact that before it came
along just doing something like plugging a USB headset into a Linux
desktop was a bit of a chore?

Well, if you prefer not to use Pulse, that's of course up to you.  I
wasn't running it for ages, and I probably still wouldn't be running
it if I didn't have issues with running multiple desktop sessions as
separate users (one of those things that stuff like pulse+policykit
and so on was designed to help fix).

-- 
Rich