Linked by Thom Holwerda on Thu 11th Jul 2013 21:35 UTC
Microsoft Documents released by Snowden show the extent to which Microsoft helped the NSA and other security agencies in the US. "Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal; The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail; The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide; [...] Skype, which was bought by Microsoft in October 2011, worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio; Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a 'team sport'." Wow. Just wow.
Permalink for comment 567008
To read all comments associated with this story, please click here.
RE[3]: Now we know what happend.
by Kebabbert on Sat 13th Jul 2013 11:47 UTC in reply to "RE[2]: Now we know what happend."
Kebabbert
Member since:
2007-07-27

" There is no way you can keep up and audit all changes
Only code that is actually a candidate to make it into the kernel needs to be audited, are you saying code gets merged into a mainline release without being audited? Show me some proof. "
I am saying that the code audit and review process is crippled because of the high code turn over. No one can keep up with those amounts of new code that gets incorportaed in Linux. I showed you proof in the links. For instance, the last link says "we need to review things more". Read it.




"HP spends millions of USD to keep up with the device drivers, because Linux upgrades frequently breaks the drivers.
Citation needed. "
http://www.osnews.com/permalink?561866
http://www.osnews.com/permalink?561858
But this should not come as a surprise. You know that Linux upgrades breaks software and device drivers. You have experienced it yourself, if you have used Linux for some time.


" OpenBSD seems to be much rigorous with the code review and audit.
No argument here, OpenBSD is the most security oriented operating system I can think of, of course it leads to drawbacks like being very slowly developed. Also OpenBSD's focus on security above (pretty much) all else doesn't mean that Linux has 'bad' security in any way. "
I am not saying that Linux has bad security, I am saying that Linux has some problems in the code review and audit process. Just read my links. Much code gets accepted without anyone knowing what it really does. For instance, the link with "Does this belong here?"



"Linux has a chaotic development process and all code is not reviewed nor understood, which makes Linux a haven for NSA and other malicious users.
Bullshit, how is Linux development chaotic? "
Maybe "chaotic" was not the correct word. But fact is that the code review process is too sloppy, just read the links to Linux devs who complain that they need to review things more. So much Linux code gets accepted from anyone that no one can review all the new code. Just read my links.



" “You know what I found? Right in the kernel, in the heart of the operating system, I found a developer’s comment that said, ‘Does this belong here?’ “Lok says. “What kind of confidence does that inspire? Right then I knew it was time to switch.” This proves that Linux developers does not review all code, nor understand what the code does.
A 2005 quote from some 'Lok' about a comment he found in the Linux source code, without any context whatsoever as to what the comment even related to is something you claim to be proof of Linux developers not reviewing or understanding the code? "
I doubt OpenBSD devs does accept that much code that they dont know what all code does. This link is an example of Linux devs accepting code that they dont know what it does. It does not give confidence to the Linux code review process, does it?


Your trolling seems to know no bounds. Now that you seem to have given up championing Solaris you've instead embarked on a anti-Linux crusade, I guess I shouldn't be surprised.

-I have not given up Solaris. The thing is, when we talk about security then OpenBSD has the best reputation, so I advocate OpenBSD.
-When we talk about innovative Unix, I advocate Solaris because it is best (everybody talks about ZFS (BTRFS), DTrace (Systemtap), SMF (systemd), Crossbow (openVswitch), Containers (Linux has copied this as well), etc. Linux has copied everything that Solaris has.
-And if we talk about stable OSes, then I advocate OpenVMS (OpenVMS clusters are brutal, and best in the world, with uptime surpassing Mainframes, measuring in decades).
-When we talk about innovative OS, I advocate Plan9 (my favourite OS).
-Best realtime Unix, I advocate QNX.
etc

Maybe you missed all my posts where I say that compared to OpenVMS, all Unix are unstable and can not compare? It seems that you believe I claim Solaris is best in every way? Secure, uptime, performance, realtime, etc? Well I dont. Solaris is the most innovative Unix, that is a fact (everybody tries to mimic Solaris - why if Solaris is bad?).

The thing is, Linux supporters believe Linux is best in every way, when in fact, it is terrible. It has bad scalability (show me any 32 cpu Linux servers for sale? There are none for sale, because Linux does not scale to 32 cpus), Linux has bad stability, it has bad security, The code is bad (according to Linux kernel devs, I can show you numerous links on this), etc

I would have no problems with Linux being bad, if Linux did not attack everyone, including OpenBSD (m*sturbating monkeys because they focus on security), Solairs (wished it was dead), etc. So my question is to you: why are you attacking everybody and every OS? Why not leave them be? Then we would not have to defend ourself. It is Linus Torvlads who has attitude problems with his big Ego, and he attacks everyone, including his own developers. Are you surprised other OS supporters gets upset when they are attacked? Why?



How is getting code contributions chaotic? These contributions, if they make it into the kernel mainline release at all, only make it in once they've been audited and tested.

But no one has time to audit everything. Just read my links "we need to review more". It is too much code accepted all the time. Too much is rewritten all the time. I have many links to Linux kernel devs, where they say that the Linux code quality is not good, and bad. You want to read all my links? I can post them for you if you wish.

Sure some links are a few years old, but I doubt the process is better today, because Linux is larger than ever and more bloated and more code than ever gets accepted every day. In the earlier days, less code was accepted. Today too much code is accepted, which no one has time to review thoroughly, so the review process is worse today.

Reply Parent Score: 1