I trust you audited your compiler, assembler (et al) as well then? The C library? All device drivers? Your BIOS? Firmware on everything from your mouse and keyboard to that USB stick you just used?
While free software does make it possible to gain some confidence in running TLA-free code it does not make it a simple job. Just stating that you ' know the code my system was built on now' is like stating you 'know what you eat because you read the label on the can'. There might be more in that can than the label tells you...
> I trust you audited your compiler, assembler (et al) as well then? The C library? All device drivers? Your BIOS? Firmware on everything from your mouse and keyboard to that USB stick you just used?
yes. you can very much trust that. I appreciate that you've never decided to do an audit of GCC's, glibc's, or your kernel's source, but understand that others have. I am one of them.
As for any binary blobs/firmware I can't peek into, that's why I have software [1] running on the gateway to see if anything phones home. So far, nothing has. If it's not communicating with anyone, I can be reasonably sure it isn't compromising my security.
Also, your reply was almost entirely an argument from incredulity [2], a logical fallacy.
OK, not to be the devil's advocate... but why are you so sure that nothing phones home? The mere fact that nothing on your network connects to https://bigbrother.com/snoop.php?suspectname=aclevernickname... is not solid proof of nothing phoning home. There are many ways of communication over a network, are you sure you check all of them?
If your answer is 'yes'... you should check again :-)
As to you having 'audited' all code running on your network, I can flatly state I don't believe it. I don't doubt you'll have looked over the source for a part of it but there is a difference between 'looking over code' and 'auditing code'. Take the Linux kernel for an example: as of 2013, the Linux 3.10 release had 15,803,499 lines of code (source: Wikipedia:Linux_kernel). Linux for Workgroups has even more. Glibc is good for another 1,188,385 lines of code (source: http://www.ohloh.net/p/glibc). The gcc collection spans 6,242,908 lines (source: http://www.ohloh.net/p/gcc). These are only those projects you mentioned (' I appreciate that you've never decided to do an audit of GCC's, glibc's, or your kernel's source, but understand that others have. I am one of them.').
Understand that an individual who claims to have audited all code on his or her network does not come across like someone who grasps the magnitude of the effort s/he claims to have conquered. This individual either has superhuman powers and unlimited time, or the individual overestimates the efficacy of his or her 'auditing' efforts.
While free software does make it possible to gain some confidence in running TLA-free code it does not make it a simple job. Just stating that you ' know the code my system was built on now' is like stating you 'know what you eat because you read the label on the can'. There might be more in that can than the label tells you...