Our interview this week is for another big one, in this case Chema Alonso has been the victim of our questions. You have kindly wanted to take the time to answer us exclusively, something that we appreciate knowing your schedule.
I think Chema Alonso, one of our most popular national hackersIt needs no introduction and understand by "hacker" the true meaning of the word. For those who do not know him, you can find out more about him by googling and I encourage you to access his blog, where you will find interesting posts about security. You know Evil-side awaits you. In the meantime, you can read what he has answered us.
Linux Addicts: 1- The first question is obligatory… Pablo Motos, Jordi Évole, Mamen Mendizábal and now me. What happened to you, Chema?
Chema Alonso: I try to serve everyone. Reply to everyone's emails and messages. It is true that I do not give enough. They put me messages on Twitter, Facebook, Google+, Youtube, Instragram, the blog, email, etc., and it is totally impossible for me to find time to answer all of them, but I swear I try. As for journalists, the truth is that I have had to be with some very good in television, but others also very good in the press and in the Internet world. If I make time, I answer the interviews.
LxW: 2-I understand that you have been a Linux teacher and during your career you have worked with Linux distributions. What do you like and what would you like to change about it?
IT: Yes it's correct. I have been a GNU / Linux teacher for many years and have given many RedHat courses - which was the most advanced in the late 90s -. About GNU / Linux I like that you can build many things with these systems, the modularity that exists to do it to your liking, and the amount of tools there are. Distributions with Kali Linux, CentOS, Ubuntu or Debian are examples of how the same core can be adapted to many different environments. I do not like the religion that some profess with free software and the lack of some business management tools and user environments. There I still prefer Microsoft Windows systems or OS X systems.
LxW: 3-As is common, open source arouses sympathy and hatred. Some think that it is of poor quality or that it is more unsafe than the closed one. What would you say to those who think that?
IT: Any of these statements, by itself, is wrong. The important thing is not whether the code is open or closed, but what is done with it. There are very elaborate and worked free software projects, and others that are not. Thinking that a project because it is OpenSource is going to be audited by everyone is not true. You have to do much more than that. Also, no matter how much you have the source code, discovering security bugs is something that may only appear when the code is compiled for a certain architecture and run in a certain environment. That is why Fuzzing techniques are used.
On the other hand, publishing the source code and security updates in Open Source projects, opens a window of opportunity for 0days search engines when it comes to generating exploits before there is a patch that solves it in the distributable binary. We have seen it in many cases. My opinion is that, whether OpenSource or not, what matters is the quality of the software and if we have made the software in our companies for our security, in addition to auditing it well, I prefer that the source code stays at home} :).
LxW: 4-You own 0xWord. I have several titles on your security and I recommend everyone to take a walk around the web. It is a somewhat atypical bookstore, because you give opportunities to new writers who want to publish their book on security or other topics. Free software also offers many opportunities and I think it is vital for education. Don't you think that companies that develop proprietary software should rethink opening their code?
IT: Many already do, but I don't think it should be a majority. Huge amounts of published source code are available today, which is a great learning aid. I believe that a company should open its code in certain circumstances, but I don't think it should be the only way. It may be that a small company opens its free code and then a large company takes advantage of it by improving and exploiting it without the small company being able to compete for it. I think that for a student or a professional making open source programs is a great cover letter, and for companies it can be a way of creating a community and better positioning the product, but it is not the only way.
LxW: 5-And in addition to the previous question. Our blog is geared toward free software and Linux, but we've been writing a lot about Microsoft lately. He has opened some of his projects, some statements have appeared that have surprised us, they launch .NET Core and Visual Studio Code for Linux and it is rumored that open-source Windows is being discussed internally. Would you like to see an open source Windows?
IT: Microsoft already has much of its source open, and is likely to open more in the future. Maybe they will release it open source in the future, but I don't think they will do it shortly - maybe I'm wrong -. To this day, the Windows operating system continues to have a lot of sales compared to its competitors, and in large part it is because of how they do things in the kernel and at the operating system layer. It is a competitive advantage that they want to position to fight against other systems such as Android, iOS or OS X that have other competitive advantages.
LxW: 6-It is behind Eleven Paths, a company on digital security that arises from Informática 64 and Telefónica. This last company, with which you have a relationship, opted for the Firefox OS operating system for mobile devices. What do you think of Firefox OS and what advantages do you see over iOS, Android, Tizen, ...?
IT: Not only do I have a relationship with Telefónica, I also work at Telefónica. The company has long been committed to user freedom of choice and net neutrality. And while some companies talk about net neutrality to create services with equal possibilities, they make their systems less interoperable day by day. Moving your digital life from iOS to Android or from Android to Windows Phone is a pain. They are not interoperable at all. Telefónica's commitment is to support a broader and less closed ecosystem, which is why it opted for Firefox OS and continues to support it. The advantage is that behind it is the Mozilla Foundation creating an ecosystem of Webapps that can run on any system. That is the advantage that the "crazy" Mozilla want to enhance.
LxW: 7-Let's talk now about FOCA. It is wonderful software, but from our point of view it has a bug that has not been corrected. Not available for Linux! We can run it from Wine, have other tools or with MetaShield Analyzer, but we still miss it. There are many tools for pentesting, forensic analysis, etc., for Linux. There are also many distros like Kali, Parrot OS, Santoku, DEFT, and a Largo, etc. Linux is undoubtedly very important in this section. Why have you decided not to carry FOCA?
IT: We never ported FOCA due to lack of resources, now we are thinking of releasing the code in .NET and that people decide if they want to compile it for Linux with the new Microsoft announcement or improve it day by day. You will have to wait a bit.
LxW: 8-NeXT decided to create a Unix operating system, which would later become the germ of Mac OS X when Apple acquired the company. Unix is certainly a great system and Microsoft flirted with it with Xenix. But finally Windows NT (OS / 2) appeared. Do you think that if Windows were a * nix today it would be better?
IT: No, far from it. Microsoft did not "flirt" with UNIX, Microsoft built XENIX that was sold to Santa Cruz Operations, and SCO UNIX became the most widely deployed UNIX in the world. The Windows kernel is a marvel and this is demonstrated by the performance and user experience of the 6.x kernels.
Anyway, to think that the Windows kernel and the UNIX kernel differ greatly ... is a mistake. There's a great lecture by Mark Russinovich called "A Tale of Two Kernels" where he looks at what Windows NT kernels and Linux kernels have, and it's surprising how nearly accurate they are.
In fact, I love a phrase Linux Torvalds said years ago at a conference where he was asked why kernel developers were a community that changed faces so little and incorporated few new people. He said that, in addition to not being the friendliest community, the time for simple solutions to simple problems in creating monolithic kernels is years past.
LxW: 9-I always hear you say that you should use an antivirus. Not only in Windows, but also in other platforms such as Mac OS X. Many say that an antivirus in Linux only serves to slow down the computer. What advice do you give linuxers about this and what antivirus do you recommend?
IT: If the issue is to slow down the system, remove the firewall, the protections of the entire operating system ... and run! } :)
LxW: 10 - And the last one the most difficult of all. Was this the worst interview of your life? ; p
IT: Nooo, far from it. They have come to ask me so much nonsense ... I once told a radio journalist: "Please don't ask me that which is bullshit." There are times that I write them the questions they have to ask me so that I can explain current things correctly. If I counted….
It is a pleasure to have people like Chema Alonso for our series of interviews and that, in addition, in this case brings us good news for the future and that is maybe we have FOCA for GNU / Linux ...