Linked by Thom Holwerda on Tue 14th Dec 2010 23:55 UTC, submitted by Oliver
OpenBSD Okay, this is potentially very big news that really needs all the exposure it can get. OpenBSD's Theo de Raadt has received an email in which it was revealed to him that ten years ago, the FBI paid several open source developers to implement hidden backdoors in OpenBSD's IPSEC stack. De Raadt decided to publish the email for all to see, so that the code in question can be reviewed. Insane stuff.
Thread beginning with comment 453633
To view parent comment, click here.
To read all comments associated with this story, please click here.
UltraZelda64
Member since:
2006-12-05

And whose to say there aren't any backdoors in that?

Exactly... if this turns out to be true, then SELinux will become just as questionable. I don't give a shit which "branch" or "agency" of the US government it is: FBI, FDA, DEA, NSA, blah blah blah... whatever it is, it just destroyed the credibility of the ENTIRE United States government in my view. Not a good thing (and certainly not the first time: why the f*** is Stevia, the sweet-leaved and as far as we know quite harmless plant, only allowed to be sold as a "dietary supplement" unless one of its relatively untested extracts are used? You know, that one stevioside that Coke and those other companies are betting behind and making trademarks for, and forgetting about the rest of the plant...

And to be fair, not a hard thing to do, considering I've always questioned the government to begin with. I mean, seriously, what the f*** is up with these drug laws?

Yet tobacco--a prime killer in the US--is 100% legal as soon as you're 18 (most people I know started far sooner), alcohol is legal when you're 21 (yet another dangerous one and most people I know--including myself--have started at a younger age), yet marijuana is one of the safer ones illegal for decades for no good reason, and Salvia divinorum is becoming illegal in many of the states without proper scientific testing (including already my own). Meanwhile, I can get a nice opioid high from the endorphins by simply running a mile or two or eating hot peppers, and my cats are allowed to get stoned off their ass on catnip. Seriously, what the f***? Good thing the government can't prevent my brain from producing opioids when my body is under stress!

I hope this does turn out to be false, but if not, I at least hope for the most minimal affect possible (ie., the least systems possible affected). The thought of this, as a Linux user and not an OpenBSD user, is still disturbing. If true... what else could they have done? I think I can get rid of all backdoors by the US government by not running a closed monopolistic OS (AKA Windows), and yet, it turns out that they may have snuck some backdoors in open source software as well, making anything connected to the Internet vulnerable to the US government.

Edited 2010-12-15 06:29 UTC

Reply Parent Score: 4

UltraZelda64 Member since:
2006-12-05

I wanted to add this link about high-fructose corn syrup to my last post, but the time has expired:

http://www.youtube.com/watch?v=dBnniua6-oM

Alcohol without the buzz... every bit as physically dangerous, but 100% legal... even for kids. [Pepsi... Coke... Mountain Dew... RC... virtually every pop/soda out there as long as it contains High Fructose Corn Syrup (and usually as the second ingredient on the list, beside carbonated water.)] The "made with natural sugar" types are relatively rare, and while still bad, their main side-effect is rotting teeth (bactera love sugar).

And about the natural high from hot peppers (and running, and other physical stress):

http://en.wikipedia.org/wiki/Endorphins

Really, test these damn drugs before immediately making them illegal because OMG! THEY GET YOU HIGH! I got a nice buzz after eating tacos with 6 habanero-type peppers earlier, it made me feel good, it didn't kill me. I also felt really damn good after running the mile years ago in school for the EXACT SAME REASON. And I wouldn't naturally have opioid (opiate) and THC (cannabis) receptors in my brain if nature forbid me from doing drugs.

Edited 2010-12-15 06:47 UTC

Reply Parent Score: 2

Bill Shooter of Bul Member since:
2006-07-14

You're just lucky I wasn't elected president of Trilaterial commission. I was going to start adding Corn syrup aerosols on top of wind turbines, and in the exhaust of cars to ensure a more even distribution amongst the populace. Oh well, there's always next year. Until then, enjoy the kinect radiation and the broadband radon gas delivery system.

Reply Parent Score: 2

Drumhellar Member since:
2005-07-12

Alcohol without the buzz... every bit as physically dangerous, but 100% legal... even for kids.


In all fairness, HFCS hasn't had even a tenuous link to liver damage, while the negative effects of alcohol on the liver are well understood.

While there is some evidence that rat metabolisms may respond to high fructose corn syrup differently than regular, ordinary sucrose, a causal relationship between HFCS and obesity and other forms of poor health has yet to be demonstrated.

Reply Parent Score: 2

MamiyaOtaru Member since:
2005-11-11

oh no not the HFCS! That fructose/glucose mixture is so totally different from and worse than regular sugar (sucrose, which is broken down during digestion to, wait for it, fructose and glucose)

Reply Parent Score: 2

WereCatf Member since:
2006-02-15

I hope this does turn out to be false, but if not, I at least hope for the most minimal affect possible (ie., the least systems possible affected). The thought of this, as a Linux user and not an OpenBSD user, is still disturbing. If true... what else could they have done? I think I can get rid of all backdoors by the US government by not running a closed monopolistic OS (AKA Windows), and yet, it turns out that they may have snuck some backdoors in open source software as well, making anything connected to the Internet vulnerable to the US government.

This could very well be true, but remember that it was 10 years ago? After that most projects have undergone humongous amounts of iterations and the project management systems have advanced a lot compared to have they were back then. For any serious security-oriented application you nowadays need to either hack your way through the source-code management system or bribe the one or few people who have write access to the code in the first place.

Basically, if there was something there before it most likely doesn't function anymore or has been stripped out during these years of advancement, and nowadays injecting something to source-code repositories of any decently popular F/OSS software is nigh impossible without it being noticed.

Reply Parent Score: 3

dsmogor Member since:
2005-09-01

Not all parts of the code are undergoing equally active development trough the years, esp. if they implement some complex specification that few people have a grasp of. If something works, don't fix it.

Reply Parent Score: 2