By Catalin Cimpanu for Zero Day | July 4, 2020MORE COMMENTS: https://www.zdnet.com/article/infosec-community-disagrees-with-changing-black-hat-term-due-to-racial-stereotyping/
The information security (infosec) community has angrily reacted today to calls to abandon the use of the 'black hat' and 'white hat' terms, citing that the two, and especially 'black hat,' have nothing to do with racial stereotyping.
Discussions about the topic started late last night after David Kleidermacher, VP of Engineering at Google, and in charge of Android Security and the Google Play Store, withdrew from a scheduled talk he was set to give in August at the Black Hat USA 2020 security conference.
In his withdrawal announcement, Kleidermacher asked the infosec industry to consider replacing terms like black hat, white hat, and man-in-the-middle with neutral alternatives.
These changes remove harmful associations, promote inclusion, and help us break down walls of unconscious bias. Not everyone agrees which terms to change, but I feel strongly our language needs to (this one in particular).
— David Kleidermacher (@DaveKSecure) July 3, 2020
While Kleidermacher only asked the industry to consider changing these terms, several members mistook his statement as a direct request to the Black Hat conference to change its name.
With Black Hat being the biggest event in cyber-security, online discussions on the topic quickly became widespread among cyber-security experts, dominating the July 4th weekend.
While a part of the infosec community agreed with Kledermacher, the vast majority did not, and called it virtue signaling taken to the extreme.
Most security researchers pointed to the fact that the terms had nothing to do with racism or skin color, and had their origins in classic western movies, where the villain usually wore a black hat, while the good guy wore a white hat.
Others pointed to the dualism between black and white as representing evil and good, concepts that have been around since the dawn of civilizations, long before racial divides even existed between humans.
Right now, the infosec community doesn't seem to be willing to abandon the two terms, which they don't see as a problem when used in infosec-related writings.
We also heard your queries on the topic of snapd. This is a topic which is important to us and we already explained our position last year:MORE: https://blog.linuxmint.com/?p=3906
[…] as you install APT updates, Snap becomes a requirement for you to continue to use Chromium and installs itself behind your back. This breaks one of the major worries many people had when Snap was announced and a promise from its developers that it would never replace APT.
A self-installing Snap Store which overwrites part of our APT package base is a complete NO NO. It’s something we have to stop and it could mean the end of Chromium updates and access to the snap store in Linux Mint.
A year later, in the Ubuntu 20.04 package base, the Chromium package is indeed empty and acting, without your consent, as a backdoor by connecting your computer to the Ubuntu Store. Applications in this store cannot be patched, or pinned. You can’t audit them, hold them, modify them or even point snap to a different store. You’ve as much empowerment with this as if you were using proprietary software, i.e. none. This is in effect similar to a commercial proprietary solution, but with two major differences: It runs as root, and it installs itself without asking you.
First, I’m happy to confirm that Linux Mint 20, like previous Mint releases will not ship with any snaps or snapd installed. Second, to address this situation we’ll do exactly what we said we would:
- In Linux Mint 20, Chromium won’t be an empty package which installs snapd behind your back. It will be an empty package which tells you why it’s empty and tells you where to look to get Chromium yourself.
- In Linux Mint 20, APT will forbid snapd from getting installed.
You’ll still be able to install it yourself and we’ll document this in the release notes, but by default APT won’t allow repository packages from doing this on your behalf.