Hi Kevin

You are right about security. I was an owner of a security business catering to banks.

I am retired for 6 years now. I worked for 55 years in industry as scientist, business analyst,

security analyst and business owner.

Regarding security

===============

KDE is insecure. Any user can change his settings and he can wipe out any way to use his logon.

Why is KDE not root managed for every user and to not allow the user to change anything? Security
begins by protecting the user from damaging his own environment.

At what level is there a security risk? Most of those IOT devices do not need security.

The "System On A Chip" (SOC) is strictly function limited.Its not a re-programmable computer.

That box I discussed has a range for the remote control to 30 feet or about 10 meters.

The IOT devices we are looking at are bluetooth connected. No WWW connection.

With today's technology and future design, I am not and will not be able to manage my neighbours IOTs.

My IOT devices are mac address is hard wired. Same for the other IOT devices. Functionality is limited.

An IOT example is the USB dongle for your keyboard and mouse. The CPUs in these devices are not programmable,

they are controllers.

I have a digital weather station mounted on my wall. It synchronizes to the atomic clock time daily,

and displays local temperature and barometric pressure. I can query it with my cellphone.
Can someone defeat that IOT device? Yes, but for what benefit? My FM radio is digital. Its function is limited.

Most IOT things, by being limited in functionalty are secure.

I would surmise that RedHat sees the disappearance of the menu and the use of icons for top level management.

We do that with KDE, where we move icons to the desktop and to the panels.
KDE will morph into something even better, responding to we users needs. And it will be secure.

Regards

Leslie

Leslie Satenstein

Montréal Québec, Canada

On Saturday, November 3, 2018, 11:40:28 p.m. EDT, Kevin Kofler <kevin.kofler@chello.at> wrote:

You are confirming exactly what I wrote:

Leslie S Satenstein wrote:

> We have a 3 inch by 3 inch android box for our TV. I have 2000

> channels, and many options for email setup, youtube, movies, etc.It can

> accept a keyboard as a remote wireless device. It is an excellent IOT.

> That box has no hard disk, just some ram for cache and buffering and a SOC

> (software on a chip) Cost in Canada --$100.00

When you have a security hole on that device, you have no way to fix it.

> Amazon and Google sell andoid devices that take speech and provide

> results.

All the commands you give to those devices are sent to Amazon's or Google's

servers for processing. They can be given to a human (that happens more

often than you realize, the automatic voice recognition is nowhere near as

good as they claim, so they have many dictation typers), automatically used

to control advertising, etc. And the device can even mishear the trigger

("Alexa" or "Hey Google") when you haven't even said it and then start

recording and sending everything you say to the company. There are

documented cases of that happening.

> With those devices, you can see a whole range of new applications, such as

> refrigerator alarms, etc.

But also a whole range of security holes and privacy invasions.

> There is no worry if the IOT is locked source. The android app is in JS,

> and can be reprogrammed for use under Linux.

Can you even access that JavaScript as a user and is it legal to modify it?

If it were so easy to make it work under GNU/Linux, why do you need Android

at all?

> They also use the cloud for hard disk storage.

That means they are sending all their private data to some external provider

who can read everything! (Even if they claim to encrypt the data, can you

verify that, and also that the encryption is sound and not backdoored, if

the client supposedly doing the encryption is proprietary and obfuscated?

The encryption might even be done on the server side, leaving open an

obvious backdoor to get at the unencrypted data, while still technically

satisfying the claim that your data is encrypted.)

> I am looking forward to live video and video conferencing with KDE, as we

> do on my cellphone with facebook.

There are already Free as in speech video conferencing applications. The

issue is that both sides need to use them and that hardly anybody does. The

Free Software applications are typically interoperable with each other,

using one of a handful open standards to communicate, but that does not help

if everybody is using some proprietary walled garden with vendor lock-in

such as Skype or WhatsApp.

> I expect that many cellphone functions will arrive onto Linux and be

> functioning with KDE or (gasp) Gnome.

It would be nice to have some of that functionality, but only if it is

implemented in a way that does not destroy our freedom, security, and

privacy.

Kevin Kofler

_______________________________________________

kde mailing list -- kde@lists.fedoraproject.org

To unsubscribe send an email to kde-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/kde@lists.fedoraproject.org