Linked by runjorel on Thu 13th Jan 2011 19:35 UTC
Linux "At the end of 2010, the 'open-source' software movement, whose activists tend to be fringe academics and ponytailed computer geeks, found an unusual ally: the Russian government. Vladimir Putin signed a 20-page executive order requiring all public institutions in Russia to replace proprietary software, developed by companies like Microsoft and Adobe, with free open-source alternatives by 2015."
Order by: Score:
Old news to keep the "axis of evil" up-to-date
by usr0 on Thu 13th Jan 2011 19:56 UTC
usr0
Member since:
2006-10-27

Although I like* WSJ myself, everybody should know that WSJ belongs to the neocon mogul Rupert Murdoch's media empire which also includes FOX News. You know this "fair and balanced" channel with Beck and O'Reilly.

*because I know which way the wind is blowing there

Reply Score: 1

jimmy1971 Member since:
2009-08-27

According to www.netcraft.com, The Wall Street Journal (www.wsj.com) uses Linux and Apache. As for FOX News (www.foxnews.com), their website also runs on Linux and Apache. Same for www.glennbeck.com, www.frontpagemag.com (which is owned by neo-con David Horowitz), and www.anncoulter.com.

As it turns out, Russia, China and Iran aren't the only ones who love Linux and Open Source. I can assume that because they all use Linux and Open Source, that the above-mentioned right wing blowhards also endorse it.

I'm just sayin'.

Reply Score: 2

Phloptical Member since:
2006-10-10

It wouldn't be blowing to the Right, would it? Actually, it just Blows!

Reply Score: 2

ober
Member since:
2009-10-19
Distrust
by Delgarde on Thu 13th Jan 2011 20:55 UTC
Delgarde
Member since:
2008-08-19

So, what you're really saying is "why countries with an uneasy relationship with the US distrust operating systems made by US companies"?

Reply Score: 9

RE: Distrust
by ngnr on Fri 14th Jan 2011 00:31 UTC in reply to "Distrust"
ngnr Member since:
2008-01-16

Totally true.

In South America, Venezuela made the same move a couple of years ago.

It wasn't because of the benefits of open source, it was mostly because they wanted to avoid a OS made by the "Empire" and because it was "free($)".

Reply Score: 2

stuxnet
by fran on Thu 13th Jan 2011 20:56 UTC
fran
Member since:
2010-08-06

I think stuxnet has a lot to do with this.

Edited 2011-01-13 21:15 UTC

Reply Score: 3

Comment by robojerk
by robojerk on Thu 13th Jan 2011 21:34 UTC
robojerk
Member since:
2006-01-10

It all comes down to money.

Spending who knows how many of dollars on licenses for Windows, Office, Photoshop, <<Insert proprietary product here>>, means money leaving your country's economy and into the the U.S. economy.

Using open source, these governments get free source code they can build on and hire local programmers to customize their code. This keeps money in their own economy, and creates some jobs for locals.

I really doubt these countries are worried about the US spying on them through Windows or something. Don't they (the governments) already have access to Microsoft's source code. Also any network engineer worth their salt would be monitoring traffic from any sensitive areas.

Edited 2011-01-13 21:35 UTC

Reply Score: 3

RE: Comment by robojerk
by static666 on Fri 14th Jan 2011 06:59 UTC in reply to "Comment by robojerk"
static666 Member since:
2006-06-09

Please enlighten me how that "salty" network engineer would monitor even Skype traffic, for example? Of course, Skype might have nothing to do with "sensitive areas", but how is it different from any other closed source application leaking encrypted traffic into your network?

Edited 2011-01-14 07:02 UTC

Reply Score: 2

RE[2]: Comment by robojerk
by Laurence on Fri 14th Jan 2011 09:39 UTC in reply to "RE: Comment by robojerk"
Laurence Member since:
2007-03-26

Please enlighten me how that "salty" network engineer would monitor even Skype traffic, for example? Of course, Skype might have nothing to do with "sensitive areas", but how is it different from any other closed source application leaking encrypted traffic into your network?


Because anything on a non-standard port or even (and depending on the port) using a non-standard protocol on a standardised port would be firewalled.

You can even go further and blacklist outgoing IPs or even whitelist "safe" IPs for outgoing connections.

.....and these are just using basic network firewall tools.

Reply Score: 3

RE[3]: Comment by robojerk
by Nth_Man on Fri 14th Jan 2011 10:14 UTC in reply to "RE[2]: Comment by robojerk"
Nth_Man Member since:
2010-05-16

"Please enlighten me how that "salty" network engineer would monitor even Skype traffic, for example? Of course, Skype might have nothing to do with "sensitive areas", but how is it different from any other closed source application leaking encrypted traffic into your network?


Because anything on a non-standard port or even (and depending on the port) using a non-standard protocol on a standardised port would be firewalled.
"
It's clear that you cand send encrypted data through standard ports, through standard protocols.

"Steganography" is such a clear example that anyone can understand it, for example a program can embed secrets in a simple email! Inside typical images!

Reply Score: 1

RE[4]: Comment by robojerk
by Laurence on Fri 14th Jan 2011 13:58 UTC in reply to "RE[3]: Comment by robojerk"
Laurence Member since:
2007-03-26

"Steganography" is such a clear example that anyone can understand it, for example a program can embed secrets in a simple email! Inside typical images!


But then how are you going to e-mail that without building a micro-mail server? You can't guarantee that Outlook is going to be installed on those systems and nor would you want those e-mails logged on Exchange or any 3rd party SMTP / IMAP servers.

So you're now having to hope that network admins don't detect e-mail traffic from unauthorised mail servers.


I wouldn't expect every network admin to spot such traffic, but you can't argue that no administrators world-wide could have spotted it.

Reply Score: 2

RE[5]: Comment by robojerk
by Nth_Man on Sat 15th Jan 2011 11:35 UTC in reply to "RE[4]: Comment by robojerk"
Nth_Man Member since:
2010-05-16

You said

But then how are you going to e-mail that without building a micro-mail server?

like if we were talking only about "steganography in emails done by machines automatically".

Let's see if it's understood again: you said
Because anything on a non-standard port or even (and depending on the port) using a non-standard protocol on a standardised port would be firewalled. "

and I said that
it's clear that you cand send encrypted data through standard ports, through standard protocols.

And put "Steganography" as an example of sending encrypted data through standard ports, through standard protocols, going not firewalled. Of course there are more ways.

The key in the discussion is that you can send hidden data, even through firewalls.

Reply Score: 1

RE[6]: Comment by robojerk
by Laurence on Sat 15th Jan 2011 13:47 UTC in reply to "RE[5]: Comment by robojerk"
Laurence Member since:
2007-03-26

You miss my point.

What I'm saying is businesses and governments wouldn't have e-mail traffic going from workstations to the internet. They'd have that traffic going to and from the exchange server.

So the firewall would still block your example as only the exchange server would be whitelisted for sending e-mails.


Now I'm not saying that it's impossible to hide data, just that it's unlikely to be happening because of the difficulty in doing so successfully and the backlash when it inevitably gets found out.

Edited 2011-01-15 13:50 UTC

Reply Score: 2

RE[7]: Comment by robojerk
by Nth_Man on Sat 15th Jan 2011 17:44 UTC in reply to "RE[6]: Comment by robojerk"
Nth_Man Member since:
2010-05-16

What I'm saying is businesses and governments wouldn't have e-mail traffic going from workstations to the internet. They'd have that traffic going to and from the exchange server.

I repeat again, the example of "steganography" in emails was to show that you can send encrypted data through standard ports, through standard protocols. So that quote in the prior discussion
Because anything on a non-standard port or even (and depending on the port) using a non-standard protocol on a standardised port would be firewalled. "

does not apply.

Reply Score: 1

RE: Comment by robojerk
by Nth_Man on Fri 14th Jan 2011 10:28 UTC in reply to "Comment by robojerk"
Nth_Man Member since:
2010-05-16

Don't they (the governments) already have access to Microsoft's source code.

Those governments don't know. This has been discussed previously, http://www.osnews.com/thread?454923

Reply Score: 1

RE: Comment by robojerk
by vodoomoth on Fri 14th Jan 2011 13:54 UTC in reply to "Comment by robojerk"
vodoomoth Member since:
2010-03-30

I really doubt these countries are worried about the US spying on them through Windows or something. Don't they (the governments) already have access to Microsoft's source code.

Is it known whether the governments that have access to the source code are using a version built from that source code or a stock version? I mean, it doesn't sound that complicated to me to show a backdoors-free version and sell a version that contains them.

Reply Score: 2

Security is a big concern
by drcoldfoot on Thu 13th Jan 2011 22:10 UTC
drcoldfoot
Member since:
2006-08-25

One thing proprietary software such as Microsoft's offerings add, is the ability to introduce code that could create backdoors, or even send data back to the source or government w/o the end user's consent or knowledge... all done vis the OS's kernel or via a driver of the Proprietary OS's signing. And since the OS is proprietary, it's extremely easy to introduce, either by the behest of a foreign government, or by the behest of the home government. At least with Opensource OSs I believe it is much more costly, resource intensive, and difficult to do or even keep in the wild without someone recognizing a "security flaw".

Reply Score: 1

RE: Security is a big concern
by Laurence on Fri 14th Jan 2011 09:46 UTC in reply to "Security is a big concern"
Laurence Member since:
2007-03-26

One thing proprietary software such as Microsoft's offerings add, is the ability to introduce code that could create backdoors, or even send data back to the source or government w/o the end user's consent or knowledge... all done vis the OS's kernel or via a driver of the Proprietary OS's signing. And since the OS is proprietary, it's extremely easy to introduce, either by the behest of a foreign government, or by the behest of the home government. At least with Opensource OSs I believe it is much more costly, resource intensive, and difficult to do or even keep in the wild without someone recognizing a "security flaw".


As I said before, it would be quite easy to track outgoing connections (even if you can't establish the content of the traffic).

The Russian Government wouldn't be using a special build of Windows, thus if there's backdoors in the Russian builds then there's going to be backdoors in everyones build.

So what you're essentially suggesting is that globally there isn't a single network administrator with Windows clients or servers in their infrastructure that is competent enough to notice unauthorised outgoing network connections.

Personally I think the more likely answer is that the whole "MS build backdoors to monitor governments" is just scaremongering from the kind of tin-hat wearing conspiracy theorists that think the moon landings were faked.

Furthermore, you wouldn't write such a backdoor into the kernel itself. It would be completely useless there. You'd want it in userspace albeit still built into the OS framework.

Edited 2011-01-14 09:49 UTC

Reply Score: 3

RE[2]: Security is a big concern
by Veran on Fri 14th Jan 2011 13:02 UTC in reply to "RE: Security is a big concern"
Veran Member since:
2011-01-14

I know, that one is old: but Microsoft would never do something like implementing backdoors to their software... http://www.heise.de/tp/r4/artikel/5/5263/1.html

We can't know, if there are backdoors within windows Vista / Windows 7.
One thing is for sure if they would like to implement any backdoors into Windows they could.

Reply Score: 1

RE[2]: Security is a big concern
by fisherman2 on Fri 14th Jan 2011 16:57 UTC in reply to "RE: Security is a big concern"
fisherman2 Member since:
2011-01-14

You are definitely underestimating the cleverness of a resourceful opponent.

"As I said before, it would be quite easy to track outgoing connections (even if you can't establish the content of the traffic)."

At some point these machines will connect back to MS or google or some other website under US jurisdiction through it's normal course of use.

It would not be impossible to hide information in the tcp stack such that neither the sender nor receiver knows about a hidden channel, all that would be necessary would be for the government to wire tap the traffic. Slight variations in ACK/PSH behavior or window boundaries could in fact contain hidden information at the IP level. The tcp timestamp field could easily leak a few bits of information per packet.

Numerous tricks could happen at the HTTP level. The information could be hidden in a combination of layers.

Information could be leaked across multiple connections. For instance, the simple choices of pseudo random port numbers and sequence numbers can leak information.

Short of reverse engineering the windows kernel, no one can prove the absence of a leak from traffic alone. It may be there, it may not, we'll never know.

Any network admin who claims otherwise is misinformed. The best we can do to put a ceiling on the amount of traffic leaked if it is indeed there.


Of course, if I were a government interested in back doors, I'd simply utilize the existing vulnerabilities and blame everything on "hackers" since the public is always willing to accept that as an excuse. The likelihood of being discovered this way is very slim.



"The Russian Government wouldn't be using a special build of Windows, thus if there's backdoors in the Russian builds then there's going to be backdoors in everyones build."

At the very least, the language/locale/timezones change, that could potentially change the behavior.


"So what you're essentially suggesting is that globally there isn't a single network administrator with Windows clients or servers in their infrastructure that is competent enough to notice unauthorised outgoing network connections."

As another poster already said, you've completely ignored stenography within perfectly legal connections.

"Personally I think the more likely answer is that the whole 'MS build backdoors to monitor governments' is just scaremongering from the kind of tin-hat wearing conspiracy theorists that think the moon landings were faked."

It's certainly paranoia, but there is little doubt that the government/ms have the technical ability to pull it off if they wanted to. Open source is clearly superior in this regards.


"Furthermore, you wouldn't write such a backdoor into the kernel itself. It would be completely useless there. You'd want it in userspace albeit still built into the OS framework."

This one is laughable. Do you really expect attackers to follow your rules about where to put backdoors? They'll put it where they please, thank you very much.

Reply Score: 1

RE[3]: Security is a big concern
by Laurence on Sat 15th Jan 2011 01:58 UTC in reply to "RE[2]: Security is a big concern"
Laurence Member since:
2007-03-26

You are definitely underestimating the cleverness of a resourceful opponent.

I'm not. I think you're underestimating the cleverness of every other person in IT who has administrated a Windows platform.

At some point these machines will connect back to MS or google or some other website under US jurisdiction through it's normal course of use.

I'm still yet to hear a convincing way how they could without being noticed

It would not be impossible to hide information in the tcp stack such that neither the sender nor receiver knows about a hidden channel, all that would be necessary would be for the government to wire tap the traffic. Slight variations in ACK/PSH behavior or window boundaries could in fact contain hidden information at the IP level.

But so little information that such hack would be pointless

Numerous tricks could happen at the HTTP level. The information could be hidden in a combination of layers.

HTTP isn't encrypted so no it couldn't.
HTTPS perhaps, but again a network admin somewhere in the world would notice updates to a network location where they've not requested it.

Information could be leaked across multiple connections. For instance, the simple choices of pseudo random port numbers and sequence numbers can leak information.

Not if you're sat behind a firewall with restrictive port access - as most businesses and governments would be.

Short of reverse engineering the windows kernel, no one can prove the absence of a leak from traffic alone. It may be there, it may not, we'll never know.

You can't prove something that isn't there.

Any network admin who claims otherwise is misinformed. The best we can do to put a ceiling on the amount of traffic leaked if it is indeed there.

True. But the laws of probabilities are that if MS were leaking data, someone in the world would have noticed before now.


"The Russian Government wouldn't be using a special build of Windows, thus if there's backdoors in the Russian builds then there's going to be backdoors in everyones build."

At the very least, the language/locale/timezones change, that could potentially change the behavior.

Fair point but that sounds awfully like clutching at straws.

It's also just as likely that changing the timezones doesn't change the behaviour.

As another poster already said, you've completely ignored stenography within perfectly legal connections.

I've already discounted that possibility. Read my reply to the guy who suggested that.


It's certainly paranoia, but there is little doubt that the government/ms have the technical ability to pull it off if they wanted to. Open source is clearly superior in this regards.

It's 100% just paranoia. Sure MS have the technical ability, but then so does open source.
When was the last time you compiled your own binaries rather than pulling binaries from US repositories?
Sure, you can download the source too, but like Windows' source code, who's to say that backdoors weren't added after the source was published?

You see, we could all make worthless speculation about backdoors in any OS that we haven't programmed personally.


"Furthermore, you wouldn't write such a backdoor into the kernel itself. It would be completely useless there. You'd want it in userspace albeit still built into the OS framework."

This one is laughable. Do you really expect attackers to follow your rules about where to put backdoors? They'll put it where they please, thank you very much.

erm ok. Clearly you haven't the slightest clue what you're talking about.

Putting such a backdoor in the kernel itself would be too low level. The minimum you need is keylogger and access to a TCP/IP stack - thus you need the backdoor in user space.

It's not "rules", it's pretty much the unbreakable laws of computer physics.

However lets not let actual computer science get in the way of hysteria. *rollseyes*

Edited 2011-01-15 02:01 UTC

Reply Score: 2

fisherman2 Member since:
2011-01-14

"I'm still yet to hear a convincing way how they could without being noticed"

It may be unlikely, but only an idiot would claim it couldn't be done.

"But so little information that such hack would be pointless"

I certainly hope your not suggesting that because the pipe is small that it's of no danger! Maybe all they need is password/credentials/keys. Such could easily compromise VPN encryption or admin account.

"HTTP isn't encrypted so no it couldn't"

Use your head!! Just because the HTTP protocol isn't encrypted doesn't mean someone couldn't hide a covert message within perfectly normal IIS/HTTP variables.

"...a network admin somewhere in the world would notice updates to a network location where they've not requested it."

You either didn't read or didn't comprehend my previous message. An entity with the ability to wiretap doesn't strictly need to direct packets to a tracable IP.

Furthermore, if a backdoor leaked the information through normal connections over the course of several days using stenography, then even the most determined sysadmin would fail to detect a leak since every single packet would appear to be normal traffic.


"Not if you're sat behind a firewall with restrictive port access - as most businesses and governments would be."

This makes you sound like a novice. Even with a firewall, connections must get through. These open up attack vectors. Firewalls do not protect normal connections from being exploited.

"So You can't prove something that isn't there."

I've never claimed that there was a backdoor, only that there is the possibility for one which you cannot disprove by looking at traffic alone. That is after all what we're talking about.

"I've already discounted that possibility. Read my reply to the guy who suggested that."

You're reply was mistaken, stenography can apply to much more than just embedded images within emails.
Examples: session id, timestamps, tcp windows, source port numbers, dns transaction id, maybe even bits in a word document...it only needs to be one bit here and there to achieve a leak.

A sysadmin looking at a network trace is helpless; the data appears normal to him.

"It's 100% just paranoia. Sure MS have the technical ability, but then so does open source."

Well, if they (ms/gov) posses the technical ability, then the only thing stopping them from doing it is ethics. Just because you believe them doesn't mean other people do.

It could happen to open source too, but then it would be much more difficult to hide successfully for a prolonged period.

"When was the last time you compiled your own binaries rather than pulling binaries from US repositories?"

For what it's worth, I have my own distribution.

"Sure, you can download the source too, but like Windows' source code, who's to say that backdoors weren't added after the source was published?"

md5/sha1

"You see, we could all make worthless speculation about backdoors in any OS that we haven't programmed personally."

I'm not asserting there is a back door, only that your reasoning for claiming there are none is faulty.


"Putting such a backdoor in the kernel itself would be too low level. The minimum you need is keylogger and access to a TCP/IP stack - thus you need the backdoor in user space. It's not 'rules', it's pretty much the unbreakable laws of computer physics."

You're unbelievable! Are you for real? Of course the kernel can do keylogging and access the tcp stack. How could you possibly think otherwise?? What do you think a kernel does??

Forget it, based on the lack of intelligence in your responses, I'm not interested in continuing this dialog.

Reply Score: 1

RE[5]: Security is a big concern
by Laurence on Sat 15th Jan 2011 14:40 UTC in reply to "RE[4]: Security is a big concern"
Laurence Member since:
2007-03-26


It may be unlikely, but only an idiot would claim it couldn't be done.

I didn't say it couldn't. I just said it's unlikely.


I certainly hope your not suggesting that because the pipe is small that it's of no danger! Maybe all they need is password/credentials/keys. Such could easily compromise VPN encryption or admin account.

Fair point.


Use your head!! Just because the HTTP protocol isn't encrypted doesn't mean someone couldn't hide a covert message within perfectly normal IIS/HTTP variables.

No need to get offensive. Particularly when you're point is still invalid:
IIS has nothing to do with it as workstations shouldn't have a webserver installed (if they do, then that's a larger security risk anyway).

So it's just HTTP headers being sent by IE - which is plain text and well documented. Thus someone would have noticed before now if there was anything unusual in plain text HTTP headers. (in fact, this point is just as valid for IIS as well).

You either didn't read or didn't comprehend my previous message. An entity with the ability to wiretap doesn't strictly need to direct packets to a tracable IP.

No, but they still need to send packets and packets can still be analysed. Thus my point stands.


Furthermore, if a backdoor leaked the information through normal connections over the course of several days using stenography, then even the most determined sysadmin would fail to detect a leak since every single packet would appear to be normal traffic.

That's a cyclic argument.
You're arguing that stenography would be impossible to trace because it's using stenography. However you've not given an example that I haven't been able to find a method of detection.



"Not if you're sat behind a firewall with restrictive port access - as most businesses and governments would be."

This makes you sound like a novice. Even with a firewall, connections must get through. These open up attack vectors. Firewalls do not protect normal connections from being exploited.

You call me a novice yet you seem to be in the dark about how to lock down a network.

if you block outgoing connections on all but a small subset of ports, then you significantly reduce the attack vector already.
The port 80 and 443 would only be open via a HTTP/S proxy. So you couldn't get non-HTTP traffic over those ports.

Generally speaking, a business / government IT infrastructure would use Exchange to manage e-mail. Thus ports typical to e-mail would be blocked on all IPs bar the Exchange server.

The only obvious work around that now springs to mind is a HTTP tunnel. But to do so, you're creating a clear outgoing link that will be logged by the proxy. So if MS were sending out bucket loads of HTTP tunnels then someone somewhere would have noticed by now.


I've never claimed that there was a backdoor, only that there is the possibility for one which you cannot disprove by looking at traffic alone. That is after all what we're talking about.

I'm sure there is a way - albeit nobody has even come close to describing it on here.
I just think it's unlikely that MS are using it.

You're reply was mistaken, stenography can apply to much more than just embedded images within emails.

Yeah, sorry. I was responding to the e-mail example directly and missed the larger point.

"It's 100% just paranoia. Sure MS have the technical ability, but then so does open source."

Well, if they (ms/gov) posses the technical ability, then the only thing stopping them from doing it is ethics. Just because you believe them doesn't mean other people do.

Again, that could apply for any piece of software so you could argue that every single application and OS you've used was potentially spyware.


It could happen to open source too, but then it would be much more difficult to hide successfully for a prolonged period.

No it wouldn't. You just ship binaries with the backdoor and source without it.
Basically exactly the same as what MS would have to do with the organisations that have licences to Redmond's source.

For what it's worth, I have my own distribution.

Excellent. What is it?


"Sure, you can download the source too, but like Windows' source code, who's to say that backdoors weren't added after the source was published?"

md5/sha1

Which depends on you compiling clean source manually to create a trustworthy base reference. You certainly couldn't trust an md5 from the distributors if they were one ones compiling the repositories.

"You see, we could all make worthless speculation about backdoors in any OS that we haven't programmed personally."

I'm not asserting there is a back door, only that your reasoning for claiming there are none is faulty.

Well clearly it's not faulty if you then admit yourself that there might not be a backdoor.

I'm not definitely saying there isn't one. Just that it's highly improbable because of the difficulty to keep hidden and the backlash when they get found out.

These days it's much easier to get information legitimately - from social networks and hotmail to Bing. MS could even buy up a number of pipes and listen in on them if they really cared.
It's so easy to get "private" data in the information age as so much stuff is transmitted publicly. So there's no point in having backdoors leaking information.

"Putting such a backdoor in the kernel itself would be too low level. The minimum you need is keylogger and access to a TCP/IP stack - thus you need the backdoor in user space. It's not 'rules', it's pretty much the unbreakable laws of computer physics."

You're unbelievable! Are you for real? Of course the kernel can do keylogging and access the tcp stack. How could you possibly think otherwise?? What do you think a kernel does??

You do realise that NT's TCP/IP stack runs in user space.

I guess you could argue that backdoors could be built in kernel space. But realistically it would make much more sense building it in user space - it's just easier to implement as you wouldn't have to write kernel code for every case scenario (proxy servers et al) where as the framework is already there in userspace. Plus doing steganography in the kernel would be a bloody nightmare! The kernel wouldn't know the difference between HTTP from POP3 from telnet. It just see's a series of data packets to send to a NIC.
Thus building backdoors in user space would give you access to the framework already in place to reliably implement steganographical (is that a word?) techniques.

However, you clearly already knew all this....

Forget it, based on the lack of intelligence in your responses, I'm not interested in continuing this dialog.

Put the claws away and grow up.
My rebuttals have made perfect sense but you're too blinded by your own arrogance to acknowledge that anyone could counter your "expert" opinion.

The fact is, the examples you have given have been flawed. Now I'm not saying it's impossible. Just impractical and thus it's improbable that MS have implemented one.

If you want to continue discussing this, then please do so maturely. Else leave gracefully please because flouncing isn't helping your arguments.

Reply Score: 2

RE[2]: Security is a big concern
by Phloptical on Sat 15th Jan 2011 18:15 UTC in reply to "RE: Security is a big concern"
Phloptical Member since:
2006-10-10

tin-hat wearing conspiracy theorists that think the moon landings were faked.


....weren't they?

Reply Score: 2

Thomas2005
Member since:
2005-11-07

I doubt spying even makes it on the list of reasons why governments are moving away from proprietary software. It costs governments money to license the software, which could be better spent on themselves. The government, US in this case, could create laws, impose sanctions/embargoes , raise tariffs, etc., which would prevent another government from updating their systems, or use them to strong-arm another government into doing what it wants them to do.

I am sure open-source has been capable for years, but it is probably the culmination of events in recent years that has governments making an active push to use open-source. Since it will take year to complete it makes sense to start now, especially when there is no real urgency to be using open-source (i.e. get their ducks in a row before s*** happens).

Reply Score: 1

Mistake
by jyoungxxxx on Sat 15th Jan 2011 02:56 UTC
jyoungxxxx
Member since:
2007-01-11

Vladimir Putin is going to be hated by his people! HAHA That has to be the dumbest move he could ever make, because people are not going to be happy with it.

Reply Score: 0

What I hope for...
by dsmogor on Sat 15th Jan 2011 19:37 UTC
dsmogor
Member since:
2005-09-01

is that Russian and Chineese special services will put now some serious effort into security screening of the cruicial OSS components.
Hacking is something their IT staff is quite competitive worldwide.
On the other hand there may be quite competition on finding (and not disclosing) holes between R and C, their foreign relations are not exactly friendly.

Reply Score: 2