When Microsoft introduces its long-awaited Windows Vista operating system this month, it will have an unlikely partner to thank for making its flagship product safe and secure for millions of computer users across the world: the National Security Agency. For the first time, the giant software maker is acknowledging the help of the secretive agency, better known for eavesdropping on foreign officials and, more recently, U.S. citizens as part of the Bush administration’s effort to combat terrorism. The agency said it has helped in the development of the security of Microsoft’s new operating system to protect it from worms, Trojan horses and other insidious computer attackers.
If only they could find a way to prevent users from doing stupid things, say… disabling half the new security measures because they find them annoying.
How the f–k is this a good thing?
Windows XP = WinXP
Windows 2000 = Win2k
Windows Vista = Backdoor Betty
What I take from that is backdoor access to Windows Vista computers by the NSA, “better known for eavesdropping on foreign officials and, more recently, U.S. citizens as part of the Bush administration’s effort to combat terrorism.” Enjoy!
So that must mean that there are also backdoors in every Linux distro that uses the SELinux enhancements, right? Or MacOS X and Suse since both Apple and Novell were also mentioned in the article.
for selinux: it’s open source, so you can check out yourself.
apparmor — not clear to me if it’s open source.
there are at least a few src rpm’s available.
Edited 2007-01-09 21:38
for selinux: it’s open source, so you can check out yourself.
apparmor — not clear to me if it’s open source.
there are at least a few src rpm’s available.
And for Vista (and other versions of Windows), there are large numbers of outside parties with access to its source.
There’s still the issue of whether anyone checks the source closely enough and/or with the mindset to find a beckdoor, and it still leaves MacOS and and mixed-source Linux or other OSes in question.
And for Vista (and other versions of Windows), there are large numbers of outside parties with access to its source.
Doesn’t mean a thing. They can’t do anything with that source, can’t work out exactly what it does and certainly can’t compile, or recompile, it into anything useful to confirm any suspicions, theories or fixes.
There’s still the issue of whether anyone checks the source closely enough and/or with the mindset to find a beckdoor
It happens every single day in the open source world, and they can do it not just because they have the source, but that they can do things with it.
and it still leaves MacOS and and mixed-source Linux or other OSes in question.
You missed one out there. Windows.
Doesn’t mean a thing. They can’t do anything with that source, can’t work out exactly what it does and certainly can’t compile, or recompile, it into anything useful to confirm any suspicions, theories or fixes.
It depends on their license. Some organizations have this right. They just can’t distribute it.
It happens every single day in the open source world, and they can do it not just because they have the source, but that they can do things with it.
There’s a difference between using code to develop new solutions with it and actually reviewing the code for malicious intent.
You missed one out there. Windows.
I didn’t miss it. As I said, plenty of outsiders have source access. You think China and the UK haven’t looked at the code for US backdoors? The chatter around the WMF exploit and BitLocker were proof of people just itching to claim they’ve found a backdoor in Windows.
So that must mean that there are also backdoors in every Linux distro that uses the SELinux enhancements, right?
You simply cannot understand, can you?
A Linux distribution, and SELinux, is open sourced with its code on the table. There can’t be backdoors. In proprietary software, who knows?
You simply cannot understand, can you?
A Linux distribution, and SELinux, is open sourced with its code on the table. There can’t be backdoors. In proprietary software, who knows?
Never heard of hiding in plain view?
If no one actually checks for backdoors in the code, the availability of the source means nothing.
Like this:
http://www.brainhz.com/underhanded/
//Never heard of hiding in plain view? //
There actually was one attempt made to put a backdoor in open source code. It was in the C compiler, I believe. It never got past review.
//If no one actually checks for backdoors in the code, the availability of the source means nothing.//
Not quite true. If the code is open source, people (other than the author) are able to include it, or not, at their whim. For closed-source Vista, you have no choice, you have to have whatever the vendor of the software puts in it, even if significant parts of the code’s functionality are likely to be not in your best interest *cough* DRM *cough* WGA *cough* NSA backdoors.
Now relate all this to the specific case of Linux. Thousands of people every day do indeed check for backdoors and other code not in the best interests of the end user. It is called a meritocracy. So your comment does not apply to Linux at all, as there are people who actively audit it, check it and test it.
Windows fans just don’t seem to get these open-source concepts such as: freedom, meritocracy, co-operative, collaboration and openness. They just don’t seem to grok them at all.
Hey, n4cer, perhaps if you tried to put an “end user” hat on, and looked at things from an end-users viewpoint (ie, the owner of the machine on which the software is to run), and then read and thought about something like this:
http://fsfeurope.org/documents/rms-fs-2006-03-09.en.html
… then the sense of those words might actually begin to filter through to you.
I can but live in hope.
Edited 2007-01-10 01:42
{{ //Never heard of hiding in plain view? //
There actually was one attempt made to put a backdoor in open source code. It was in the C compiler, I believe. It never got past review. }}
Actually, this appears to have happened more times than I thought.
http://www.securityfocus.com/news/7388
A story about a discussion of “ease of hiding backdoors” in open source, and its implications in respect of security applications of open source code, can be found here:
http://blogs.windriver.com/parkinson/open_source/index.html
Not quite true. If the code is open source, people (other than the author) are able to include it, or not, at their whim.
I was talking specifically about its worth in the context of security, i.e., if you don’t check it for backdoors, the mere fact that it’s open is not an assurance that the code is clean.
Windows fans just don’t seem to get these open-source concepts such as: freedom, meritocracy, co-operative, collaboration and openness. They just don’t seem to grok them at all.
I get it just fine. Open source software doesn’t begin and end with Linux. There’s plenty available in the Windows world as well, some of it available on both platforms. Windows is not the only OS I’ve used. It is the one I prefer to use.
Hey, n4cer, perhaps if you tried to put an “end user” hat on, and looked at things from an end-users viewpoint (ie, the owner of the machine on which the software is to run), and then read and thought about something like this:
Thanks, but I’d prefer to skip the RMS/FSF skreed. It’s repeated here daily. If I want freedom, I’ll use BSD (the license — I’ll try any OS). As a dev and a user, I currently have more freedom using Windows than what I’d have if the FSF had their way.
Edited 2007-01-10 02:55
//I was talking specifically about its worth in the context of security, i.e., if you don’t check it for backdoors, the mere fact that it’s open is not an assurance that the code is clean.//
True enough, but my point was that this comment doesn’t apply to Linux, because Linux is checked for backdoors.
//I get it just fine. … Windows is not the only OS I’ve used. It is the one I prefer to use.//
You prefer to use the unsecure, known malware vulnerable, known spyware, know rights-removing, closed_so_it_cannot_be_audited, known attempts to lock you in and expensive OS? The one with known timebombs in it, that could trigger and make it stop working for you? The one where you could get audited for using? WTF?
//Thanks, but I’d prefer to skip the RMS/FSF skreed. It’s repeated here daily. If I want freedom, I’ll use BSD (the license — I’ll try any OS). //
There isn’t anything wrong with BSD, but it doesn’t have the momentum behind it that Linux does. Linux works on far more hardware than BSD does, Linux has far more drivers, and there is far more help available online for Linux.
//As a dev and a user, I currently have more freedom using Windows than what I’d have if the FSF had their way.//
That is pure crazy talk. You think you are more free using the very one that removes your rights and does everything it can to lock you in? Are you sure that you know what is best for you when looking at this as an end user?
Sheesh! I did say that Windows fans just don’t understand freedom, meritocracy, co-operative, collaboration and openness … I just never expected to be proven correct on that so quickly and so conclusively.
Edited 2007-01-10 03:26
You prefer to use the unsecure, known malware vulnerable, known spyware, know rights-removing, closed_so_it_cannot_be_audited, known attempts to lock you in and expensive OS? The one with known timebombs in it, that could trigger and make it stop working for you? The one where you could get audited for using? WTF?
You know as well as I do that that’s overblown, all OSes have security issues, and, if you use common sense, you can avoid those issues. I’ve never had any of my systems compromised. I’ve never been locked out of my OS, and you’re only subject to audits if you’re a volume customer.
There isn’t anything wrong with BSD, but it doesn’t have the momentum behind it that Linux does. Linux works on far more hardware than BSD does, Linux has far more drivers, and there is far more help available online for Linux.
Yeah, help usually amounting to RTFM ;-).
Seriously though, you have your preference I have mine. Please just be satisfied that, yes, people actually choose Windows or (insert your proprietary or non-GPL OS here).
That is pure crazy talk. You think you are more free using the very one that removes your rights and does everything it can to lock you in? Are you sure that you know what is best for you when looking at this as an end user?
I don’t see Microsoft telling me what software I can and can’t use on Windows, but there are fights about this WRT Linux frequently. I’m not locked in. I have more rights in many cases. If I feel like moving, I can freely do so. I choose not to, and I choose to take advantage of the services Windows provides. It’s crazy talk to not simply respect my decision to use a particular platform whether or not it fits your preference.
Sheesh! I did say that Windows fans just don’t understand freedom, meritocracy, co-operative, collaboration and openness … I just never expected to be proven correct on that so quickly and so conclusively.
As I said before, I understand it well. I just don’t confuse it with religion.
I don’t see Microsoft telling me what software I can and can’t use on Windows, but there are fights about this WRT Linux frequently.
No, there isn’t. Stop spreading FUD.
No, there isn’t. Stop spreading FUD.
So there are no arguments about mixing closed source and open source components on Linux? I think you need to read this site more often.
So there are no arguments about mixing closed source and open source components on Linux? I think you need to read this site more often.
And you need to learn not to confuse the issues. You claimed that there were arguments about what software can or cannot be used on Linux, but *using* and *combining* software are two entirely different things.
The point is moot, anyway, because no one can tell you what software you can or can’t use on your Linux system. However, it seems that MS doesn’t have a problem telling you what you can or can’t use on your Windows PC (unsigned drivers, anyone?)
Funny how every piece of FUD you try to throw at Linux/FOSS seems to better apply to MS…that’s a typical disinformation tactic: attribute your own failings to your opponent. Are you sure you’re not a Republican?
“I don’t see Microsoft telling me what software I can and can’t use on Windows, but there are fights about this WRT Linux frequently.
No, there isn’t. Stop spreading FUD.”
Actually there has been. The Nvidia drivers and the like being the target of it. So it truly is not FUD. There was even the kernel developer writing code, that did get dropped, to stop proprietary modules from getting loaded into the kernel. I am too lazy to look up the references right now, but they were OSNews stories as well.
As I have said in many posts I will use the right tool for the job. This being posted from my main box which is OpenSuse 10.2. That should get flames since they are in league with the devil themselves *laughs*
//The Nvidia drivers and the like being the target of it.//
Please try to keep it factual.
There is no restriction on end users installing and running Nvidia drivers. Such a restriction is a violation of freedom zero, and as such that restriction is not permitted under the GPL.
http://www.gnu.org/copyleft/gpl.html
It says explicitly: “Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted”
There is of course a bit of a squabble going on about ***DISTRIBUTING*** Nvidia drivers along with Linux distributions. That is a different matter entirely.
//There was even the kernel developer writing code, that did get dropped, to stop proprietary modules from getting loaded into the kernel. I am too lazy to look up the references right now, but they were OSNews stories as well.//
Yes. It was dropped as an idea within a single day of it being pubically discussed, and it was dropped exactly because the license under which their Linux kernel was distributed explicitly stated that there are no restrictions on running the program. So the kernel devs, under their own chosen license, realised that they could not do what they proposed.
At no time has such a restriction ever been coded into the kernel.
Edited 2007-01-10 08:36
“Please try to keep it factual.
There is no restriction on end users installing and running Nvidia drivers. Such a restriction is a violation of freedom zero, and as such that restriction is not permitted under the GPL. “
That in itself is true. However there are those that are against it. Drivers are software.
“Yes. It was dropped as an idea within a single day of it being pubically discussed, and it was dropped exactly because the license under which their Linux kernel was distributed explicitly stated that there are no restrictions on running the program. So the kernel devs, under their own chosen license, realised that they could not do what they proposed.
At no time has such a restriction ever been coded into the kernel.”
Actually check again. The developer in question had committed the code, then they pulled it out. So technically that means it was coded into the kernel, albeit for only a few hours.
That in itself is true. However there are those that are against it. Drivers are software.
So then would you argue that MS dictates what you can or can’t use on a Windows system? After all, unsigned drivers won’t be allowed in Vista…
//So then would you argue that MS dictates what you can or can’t use on a Windows system?//
I would say that is more or less undeniable, actually.
Here is just one tale of someone trying to run software of his choice on a Windows system, but the system trying to force that user to run unremoveable and known-to-be-vulnerable MS software instead:
http://www.groklaw.net/article.php?story=20070109211416629
Testimony in court, no less.
Edited 2007-01-10 23:13
//So then would you argue that MS dictates what you can or can’t use on a Windows system?//
Another case of end users being forced to run more expensive, less secure and more vulnerable Microsoft software against their wishes:
http://weblog.infoworld.com/gripeline/archives/2007/01/accounting_v…
Actually there has been. The Nvidia drivers and the like being the target of it. So it truly is not FUD. There was even the kernel developer writing code, that did get dropped, to stop proprietary modules from getting loaded into the kernel.
I’m sorry, but that discussion was never about what software you can or can’t use with Linux, but rather about what can or can’t be loaded into the Linux kernel. While it may sound similar, it is in reality quite different – and, as you noted, the devs quickly realized that they can’t legally prevent someone from loading anything into the kernel (copyright law, and the GPL, is only concerned with redistribution).
“I’m sorry, but that discussion was never about what software you can or can’t use with Linux, but rather about what can or can’t be loaded into the Linux kernel. While it may sound similar, it is in reality quite different – and, as you noted, the devs quickly realized that they can’t legally prevent someone from loading anything into the kernel (copyright law, and the GPL, is only concerned with redistribution).”
Well, since Linux is the kernel, and drivers are software, yes, it was about that the way I see it. From the discussion the devs figured it was not moral to do it and stopped it, however it was not the GPL that stopped them from doing it. The GPL actually stops no such thing, since as you say, is only about copyright.
Well, since Linux is the kernel, and drivers are software, yes, it was about that the way I see it.
Combining modules with the kernel is not the same as running user space applications. It is considered “linking”, as opposed to “running”. The distinction is very important, and ignoring it means that the argument is fundametally incorrect. If you go back and re-read n4cer’s post, it was clear he was trying to insinuate that the FSF (or some other FOSS bogeyman) was trying to dictate what you can or can’t run on a Linux system, which is totally ridiculous.
The GPL states that the software can be used for any purposes, though in reality it doesn’t need to state this, as legally it can’t prevent people for using the software as they see fit.
It doesn’t matter if the devs decided not to do it because it was not “moral”. They could not have legally enforced it. The GPL allows modification of the software as long as it is not redistributed, and that includes loading proprietary modules into the kernel.
“It doesn’t matter if the devs decided not to do it because it was not “moral”. They could not have legally enforced it. The GPL allows modification of the software as long as it is not redistributed, and that includes loading proprietary modules into the kernel.”
I did confuse the running of software and linking. Thanks for clearing that part of it up. As for the enforceability, there is a point that anyone can modify GPL code, then use it internally or for their own use and not redistribute it.
I don’t mind being corrected, and most of the time I learn a thing or 2.
I did confuse the running of software and linking. Thanks for clearing that part of it up.
No problem. 🙂
As for the enforceability, there is a point that anyone can modify GPL code, then use it internally or for their own use and not redistribute it.
Yes, you’re 100% correct. I respect the fact that some Linux devs don’t like proprietary modules being linked, and I do agree that open-source drivers are better than proprietary ones – but until I get full 3D accel from an open-source driver (which I hope will happen), I’m not going to switch away from the closed-source NVIDA/ATI drivers.
//I don’t see Microsoft telling me what software I can and can’t use on Windows, but there are fights about this WRT Linux frequently. //
Where did you get this mistaken notion from?
There are some discussions about what may and may not be distributed as “free software”.
There are no fights about what an end user may or may not install and run. Freedom zero of the GPL license explicitly guarantees that end users may run whatever they want.
You seem to be very confused about that.
I was talking specifically about its worth in the context of security, i.e., if you don’t check it for backdoors, the mere fact that it’s open is not an assurance that the code is clean.
However, the risk of getting caught (and therefore losing all credibility as a programmer for open-source projects) will discourage most from trying.
You can bet there are enough paranoid hackers out there that have checked and double-checked all of the SELinux code to make sure there’s no backdoor…
Thanks, but I’d prefer to skip the RMS/FSF skreed.
So if you’re pro-end user, you subscribe to the RMS/FSF creed? (“Skreed” is not a real word, btw.) Or do you think that it is impossible for RMS to make a good point?
As a dev and a user, I currently have more freedom using Windows than what I’d have if the FSF had their way.
No, you don’t. The FSF has never advocated outlawing closed-source software, so even they “had their way” you could still use whatever you wanted. Using strawmen arguments such as these completely ruins your credibility.
They already have their way, which is to try to convince people to use FOSS for its merits, both technical and philosophical.
Now, if MS and Hollywood had *their* way, however, FOSS would be illegal. Yup, n4cer, in case you hadn’t noticed, you’re cheerleading for those who seek to prevent what people can do with the equipment that is theirs, and who wish to curtail their Fair Use rights.
However, the risk of getting caught (and therefore losing all credibility as a programmer for open-source projects) will discourage most from trying.
Do you really think someone with such malicious intent is really concerned with their rep with the people they intend to attack?
So if you’re pro-end user, you subscribe to the RMS/FSF creed? (“Skreed” is not a real word, btw.) Or do you think that it is impossible for RMS to make a good point?
I don’t think he’s incapable of making a good point. I just disagree with a lot of his rhetoric. The GPL is controlled freedom, i.e., you’re free to pick among the choices they provide you but never step outside of the box. Do you believe it’s impossible to disagree with him?
No, you don’t. The FSF has never advocated outlawing closed-source software, so even they “had their way” you could still use whatever you wanted. Using strawmen arguments such as these completely ruins your credibility.
You could use what you want in the way they want you to use it. That’s not true freedom as they proclaim it to be. BTW, you must’ve missed their anti-Vista campaign. If they really had no problem w/ proprietary software, they’d be content to just promote their wares.
They already have their way, which is to try to convince people to use FOSS for its merits, both technical and philosophical.
And FUD-filled. I guess that falls under philosophical. 😉
Now, if MS and Hollywood had *their* way, however, FOSS would be illegal. Yup, n4cer, in case you hadn’t noticed, you’re cheerleading for those who seek to prevent what people can do with the equipment that is theirs, and who wish to curtail their Fair Use rights.
And you’re cheerleading for those who would seek to bring all software development under their control whether or not users and developers actually want to be. Under your definition of Fair Use, I’d be able to take some GPL code and proprietarize it just because I felt like it.
Do you really think someone with such malicious intent is really concerned with their rep with the people they intend to attack?
I don’t think you understand how open source works. Contributions are not unanimous. The backdoor could make the programmer the target of legal action. In the case of the NSA (which is what we’re talking about here), imagine the PR disaster this would create.
The GPL is controlled freedom, i.e., you’re free to pick among the choices they provide you but never step outside of the box.
Not at all. The GPL is an extension of copyright. If you don’t like the GPL, then you must hate proprietary software, because it gives you *less* rights than the GPL.
Do you believe it’s impossible to disagree with him?
Of course not. I don’t agree with him on all points. I actually produce proprietary software for a living. That doesn’t mean I can’t agree with some of what he says, or that I should just dismiss everything he writes, like you do.
That’s not true freedom as they proclaim it to be. BTW, you must’ve missed their anti-Vista campaign.
Again, you’re being disingenuous. It’s perfectly fine to advocate *against* a particular software. There’s no coercion involved. You’re free to use it – they just want to tell you why they think you shouldn’t. Are you against freedom of expression when it goes against your beloved Microsoft?
And you’re cheerleading for those who would seek to bring all software development under their control whether or not users and developers actually want to be.
Again with the strawman arguments, n4cer? They do not “seek to bring all software development under their control”. That’s ridiculous. They have never claimed that. Stop spreading FUD, you’re *really* starting to sound like a MS shill.
Under your definition of Fair Use, I’d be able to take some GPL code and proprietarize it just because I felt like it.
Do you even have an idea of what Fair Use means? Hint: it doesn’t allow redistribution.
You’re free to use GPL software, modify it and not release the changes – as long as you don’t redistribute it. This is no different.
Learn a thing or two about copyright law without even trying to criticize the GPL, because all you’re doing right now is revealing your ignorance.
I don’t think you understand how open source works. Contributions are not unanimous. The backdoor could make the programmer the target of legal action. In the case of the NSA (which is what we’re talking about here), imagine the PR disaster this would create.
Sorry, but I think that PR disaster pales in comparison to, “hey we’re spying on our own citizens without warrants and were about 1 phone network away from total penetration (dang that Qwest)”.
Not at all. The GPL is an extension of copyright. If you don’t like the GPL, then you must hate proprietary software, because it gives you *less* rights than the GPL.
Proprietary software doesn’t whine about me having open and proprietary software on the same system, or dictate that I can’t use content protections w/o handing everyone my keys.
Again, you’re being disingenuous. It’s perfectly fine to advocate *against* a particular software. There’s no coercion involved. You’re free to use it – they just want to tell you why they think you shouldn’t. Are you against freedom of expression when it goes against your beloved Microsoft?
Sure, no coercion, except coercing governments into mandating technologies whether or not they are sufficient replacements for the technologies currently in use. Or spreading lies about MS products and silencing those who call them on it. If they really have no problem with freedom, why are they afraid to let valid, critical comments stand on their site without scrubbing them? Are you against freedom of expression when it goes against your beloved FSF?
Again with the strawman arguments, n4cer? They do not “seek to bring all software development under their control”. That’s ridiculous. They have never claimed that. Stop spreading FUD, you’re *really* starting to sound like a MS shill.
And you’re sounding like an FSF shill. If they really had no problem with proprietary software, they wouldn’t be trying to push proprietary developers away from Linux. They aren’t accepting different business models. They’re trying to force their own.
You’re free to use GPL software, modify it and not release the changes – as long as you don’t redistribute it. This is no different.
And that’s a limit on and a redefinition of freedom.
Learn a thing or two about copyright law without even trying to criticize the GPL, because all you’re doing right now is revealing your ignorance.
Yes. All hail mighty GPL, spreading “freedom” like GWB. I choose not to be controlled by your notion of “freedom”. It’s as simple as that. I use what I want and don’t let religion determine my choices.
//Proprietary software doesn’t whine about me having open and proprietary software on the same system, or dictate that I can’t use content protections w/o handing everyone my keys. //
Neither does open source software.
Please stick with the facts.
//If they really had no problem with proprietary software, they wouldn’t be trying to push proprietary developers away from Linux. They aren’t accepting different business models. They’re trying to force their own.//
They cannot help it if you misunderstand their license, and continue to refuse to understand it. Of course, in reality, they do absolutely no such a thing as you claim here. The GPL license is all about only what you may do, and not do, with software that is released to you under the GPL. It has nothing at all to do with other proprietary software.
// {{You’re free to use GPL software, modify it and not release the changes – as long as you don’t redistribute it. This is no different. }}
And that’s a limit on and a redefinition of freedom.//
No, it is not. The law says that you may not do this. It is called copyright law. Copyright law gives the rights to control how a work is copied to the authors of that work. It does not give **YOU** the right to copy … it gives the right to the authors of the software.
It is not the GPL that restricts your freedom to do this act, rather, it is the law of the land.
//I choose not to be controlled by your notion of “freedom”. It’s as simple as that.//
It is not. If you take someone else’s software and copy it against their wishes without permission, you are breaking the law. You do not get to choose to do this, it just doesn’t come into the picture.
Sorry, but I think that PR disaster pales in comparison to, “hey we’re spying on our own citizens without warrants and were about 1 phone network away from total penetration (dang that Qwest)”.
It seems you understand politics even less than you do copyright law. In case you forgot, we live in a democracy. A PR disaster means that head rolls. Remember that the NSA is led by bureaucrats and politicians…
Proprietary software doesn’t whine about me having open and proprietary software on the same system,
Neither does free software. Stop spreading FUD and stick to the facts.
or dictate that I can’t use content protections w/o handing everyone my keys.
Sorry, but you’re confusing GPL (and extension of copyrights) with Fair Use (guaranteed in the constitution of the United States).
Sure, no coercion, except coercing governments into mandating technologies whether or not they are sufficient replacements for the technologies currently in use.
Coercing governments? You have to be kidding! Convincing governments that they are better served by open standards and FOSS is *not* coercion. Do you even know what coercion means? Stop spreading FUD.
Or spreading lies about MS products and silencing those who call them on it.
Who gets silenced? You are free to say what you want, and you say it quite often here, even when it’s as dishonest as your current anti-Linux, anti-GPL disinformation.
And you’re sounding like an FSF shill.
Yeah, which is why I say I make money producing proprietary software…sheesh!
BTW, I don’t think the FSF has enough financial resources to hire shills. MS, on the other hand…
Seems like I unmasked you, and you’re desperately lashing out at me in a very mature “I’m rubber, you’re glue” fashion…
They aren’t accepting different business models. They’re trying to force their own.
More lies. They haven’t forced anyone, nor do they want to. They are for freedom.
And that’s a limit on and a redefinition of freedom.
No, it’s not. It’s an extent of copyright law. It gives you more freedom than normal copyright law allows for.
Again, if you dislike the GPL so much, then you must *hate* proprietary software, since it gives you much less freedom, right? Funny that you did not even try to refute this argument. That speaks volume about the shaky logical foundation you base your disinformation on.
Yes. All hail mighty GPL, spreading “freedom” like GWB. I choose not to be controlled by your notion of “freedom”. It’s as simple as that. I use what I want and don’t let religion determine my choices.
Ah, I see. You don’t have arguments, so you resort to strawmen arguments and ad hominem attacks.
The GPL gives you *more* freedom than proprietary software. That’s a fact that all your ridiculous posturing cannot hide.
Oh, and comparisons with Bush? Puh-leeeze! Without GWB, MS would probably have been split into two companies by now. So you, as a MS shill, should be grateful to him.
//The GPL is controlled freedom, i.e., you’re free to pick among the choices they provide you but never step outside of the box.//
No. As an end user you can use free software distributed under the GPL in any way that you want, including mixing it with software that is not distributed under the GPL.
You are dead wrong on this point.
//You could use what you want in the way they want you to use it. That’s not true freedom as they proclaim it to be.//
No, you are wrong about that. Dead wrong. Under the GPL, as an end user you are given explicit permission to use the software in any way that you want to.
//BTW, you must’ve missed their anti-Vista campaign. If they really had no problem w/ proprietary software, they’d be content to just promote their wares. //
The anti-Vista campaign is advocacy. They are advocating that you don’t use Vista, and they give reasons why they advocate that.
This has absolutely nothing to do with telling you what you may or may not use.
//And you’re cheerleading for those who would seek to bring all software development under their control whether or not users and developers actually want to be. //
WTF? How do you figure? You really have got the wrong end of the stick there.
//Under your definition of Fair Use, I’d be able to take some GPL code and proprietarize it just because I felt like it.//
That is not “use”. “Using” the software is running it. The activity you describe is redistribution for profit. You are given permission to use their software as provided, to study it, and even to modify it for your own use in any way that you please.
The one and only thing they do not give you permission to do under the GPL with their software is to modify it and sell it to someone else … that is, you do not have permission to redistribute their software for your profit. If you want to do that, you may … but you must first negotiate with the owners of the software (the authors and copyright holders) to release it to you under a different license (other than the GPL). That will cost you some money.
Some owners and authors may not agree to do this type of re-licensing deal with you, as is their right.
Edited 2007-01-10 08:28
Given the open source model, someone was/is in charge of every little piece of the system. Each piece is usually designed with a particular purpose.
In addition, those projects are often scrutinized or rewritten even, by other developers seeking to find their contribution to the movement.
In this manner, given all openly developed software on a system, the potential for the operating system itself to have a back-hole is nearly completely diminished.
This is not to say that there may not be one or two intentional exploits that may provide some access, but eventually someone will point out the ‘security flaw’ and it will have to be fixed to keep appearances, if nothing else.
I must agree though, that given a non-living source set, open-source itself would not provide the same confidence of safety.
That is, if Windows were open-sourced today, and contained hundreds or maybe even just a few back doors, it wouldn’t matter unless they were searched for, found, and removed. Because, after all, without removal, it is, naturally, still there.
–The loon
So that must mean that there are also backdoors in every Linux distro that uses the SELinux enhancements, right? Or MacOS X and Suse since both Apple and Novell were also mentioned in the article.
If there are any backdoors in SELinux, they would be a lot harder to hide, as SELinux is open source, and much development is going on outside of NSA and also outside the US.
In reality the problem is not about who developed the security system, but if it is open for all to see.
NSA or perhaps similar agencies from other countries can easily pay and/or coerce somebody at a closed source, company such as Microsoft, to enter whatever backdoors they want. In an open source product it will be a lot harder to isolate the people who is going to discover it.
Sure, many governments will have access to the source code, but that really doesn’t make them much safer. How many of them will actually distribute windows from sources they have compiled themselves. If they don’t how will they know that the DVD they insall from actually is the result of a compile from the source they have reviewed.
Even if they did, that wouldn’t necessarily be enough as Microsoft DRM technology also depend on hardware. If you have the budget of NSA or their likes in many other countries, there is nothing that prevents you from setting up a factory that creates and distributes DRM chips, that together with some minor hard to catch flaw in the software opens the backdoor.
With Linux/SELinux a government or somebody else who values security could create their own secure distro based on whats available as open source.
>>So that must mean that there are also backdoors in every Linux distro that uses the SELinux enhancements, right? Or MacOS X and Suse since both Apple and Novell were also mentioned in the article.
>If there are any backdoors in SELinux, they would be a lot harder to hide, as SELinux is open source, and much development is going on outside of NSA and also outside the US.
+1.
However, this still means FLOSS people have to inspect every line of code carefully. I do have some confidence when even Debian is adding SELinux to its distribution, but since 9/11 and all the red flags, the patsies, the war games, the coverup and the brainwashing that’s been going on, it is actually very hard* to trust anything that comes out of US intelligence.
I will now actively try to (mildly, of course) advise people against using Microsoft Windows Vista.
It is very telling that US intelligence and military themselves do not use Microsoft Windows for their own (critical) computers, but Unices, among which, open source Unices. (!)
*read: stupid
Are you absolutely sure about the US military not using Windows for critical computers? As a Government Contractor that works for a large Joint Command, and a retired Navy man (15 years of working for Naval Intelligence) I can tell you that the military uses Windows in all environments, including Top Secret. Yes, UNIX and Linux are used, but not to the degree a lot of people think they are. The prime contractor for the command I work for is a one-trick pony, they only know Microsoft products.
There are a lot of Windows fans in Government (not limited to the military)and this is despite the security history of Microsoft products.
The government had little choice. It was believed they needed to run the software the people did because, well, many reasons that are all mostly valid, but on bad premises ( one company, one product, rather than many company, many products, few standard sets ).
Microsoft controls the government now, on the user-interaction side of things, and likely on much of the more critical items simply because the workers ONLY know Microsoft products. Since that is what was always taught to them, of course.
However, in a Smart Computing magazine from a while back was described ( and pictured ) a basic security model implementation for secure crisis centers using a Linux-powered server to provide security and NAT translation for a large number of Windows-powered Laptops which would be brought out of a secured location in time of need and connected to the Linux box, which could remain at the location because of its low value, and universal software.
I would imagine the government uses a large variety of OSes, most likely most completely built from the ground-up. The computers that run those, rather specialized. However, most generic computing tasks would likely be performed ( at the user-interaction level only ) on Windows PCs for familiarity purposes.
Bit of a mess, really.
–The loon
Actually, they had a number of choices available to them. In the mid-1990’s I started to see the transition to Microsoft products, it was first the word processor. The standard within the US Navy was WordPerfect, then around 1993 it was ordered that Word would be the standard, I remember having a fit once I heard that because Word at time sucked (it still does).
Then came the transition to Windows NT as a server OS, replacing SunOS, Solaris, DEC Unix, SCO Unix, Novell NetWare and in one case OS/390. It was not for technical merit (unless you consider the “security features” that were taken almost word for word from the defunct TCSEC), it was primarily driven by cost. It was cheaper to deploy a PC using Windows than it was to deploy a SPARC running Solaris and WABI so that the Solaris user could use Office on the SPARC.
I could go on and on but the point is the US Government bought what Microsoft was selling hook, line and sinker. And we have been dealing with the fallout of that decision ever since.
“So that must mean that there are also backdoors in every Linux distro that uses the SELinux enhancements, right? Or MacOS X and Suse since both Apple and Novell were also mentioned in the article.”
Come on, you really think the terrorist’s budget is large enough to afford Apple hardware? $400 Dell w/ Windows is more likely. Besides, the marketshare numbers you guys are always pushing on us would suggest that if you have access to Windows, you can spy on like 90+% of the computers out there.
I’m sure that there have been backdoors in Windows for years, for use by US agencies. This is hardly a surprise, why do you think MS was never made to reveal the source for windows?
wouldnt this mean that if Vista gets hacked or gets trojans and spyware that MS + NSA have a lot of bad programmers on their staff?
I remember her…she was…uh never mind.
Anyway, for all their consulting…we will se if it pays off or not.
is tighter control of user actions. forget privacy from now on…
dont count me in, im not going there…
How much experience does the NSA have in operating systems design?
Most of the OSes I’ve seen certified for use with secure government systems were actually developed by independent corporations, not by the government.
The NSA does have experience in operating systems design.
http://www.nsa.gov/selinux/
Having the NSA involved screams “backdoor” to me. With all the (illegal) spying they’ve been doing lately, most recently wanting to be able to read our (snail) mail without a warrant…what are the chances they consulted with MS without wanting a way to access people’s computers (again, without a warrant)?
Edited 2007-01-09 22:49
Even if a backdoor exists, it will be discovered. People watch the traffic that flows across their networks. Eventually, just as security through obscurity doesn’t work, so too will any backdoors be found.
And they want all their hats back.
Seriously people, calm down.
That being said, seeing as the branch of the gov’t that deals with computer related crimes is the FBI, wouldn’t it have made more sense to bring them in instead of the NSA?
That being said, seeing as the branch of the gov’t that deals with computer related crimes is the FBI, wouldn’t it have made more sense to bring them in instead of the NSA?
NSA does crypto and security research, and also handles Common Criteria evaluations (among other things). I think they’re qualified.
It’s every citizen’s patriotic duty to distrust the government. Privacy is an important right. No tin foil hats required.
I know this clinches it for me. I’m sticking with Ubuntu Linux, at least the code is there so people can try to uncover any back doors.
“That being said, seeing as the branch of the gov’t that deals with computer related crimes is the FBI, wouldn’t it have made more sense to bring them in instead of the NSA?”
Actually, last I heard it’s the secret service.
There’s a whole online book about it. It’s called “The Hacker Crackdown : Law and Disorder on the Electronic Frontier.” By Bruce Sterling.
Dude, next tine you shout your mouth off, try reading up on what your shouting first.
“seeing as the branch of the gov’t that deals with computer related crimes is the FBI, wouldn’t it have made more sense to bring them in instead of the NSA?”
That rather depends on what it is you are trying to achieve.
The FBI is too busy drinking coffee and collecting money from south american drug-lords to so any actual investigative work. They were more worried about where the next shipment of pot was coming from than to actually do any follow-ups on all their leads leading up to 9-11.
If Vista had been named Windows-420, the FBI would have been all over it. That’s the only thing they’re good for.
Advanced Information Filtering. They must be working on a very good one if they expect all information they can gather, once Vista gets used abroad, to be useful (just think about the amount of the information!). “Finding a needle in a haystack” will pale and loose its meaning on face of it.
I highly doubt the NSA came to help them with secureing there OS.It’s more like they allowed the NSA to add there own code to be able to gain access to any pc anytime.
The NSA has been monitoring copper phone lines since the 50s I believe,from what I read elsewhere,they will do the same with the internet…or,us boxen attached to the net.Who knows.
there is a picture of bill gates using hp’s new all in one in the article. that thing looks so ugly.
“there is a picture of bill gates using hp’s new all in one in the article. that thing looks so ugly.”-broken_symlink
bill or the hp?
Edited 2007-01-10 23:10
Wasn’t it MS who threw a fit when the NSA released SELinux but now they turn around and ask for help.
Also, like lots of other people here have already said: NSA + closed source + known illegal spying = alarm bells.
Microsoft introduces its long-awaited Windows Vista operating system this month, it will have an unlikely partner to thank for making its flagship product safe and secure for millions of computer users across the world: the National Security Agency
Sleep tight America.
And they want all their hats back.
1) wire taps without warrants
2) tracking phone call patterns
3) trying to get the power to read (snail) mail
4) FBI viewing library checkout records of suspected terrorists
it’s been all over the news….this administration has no respect for people’s privacy. if it’s paranoia, most of the country seems to be suffering from it..
Installing a lock on a paper mache door that even a safe cracker would have trouble with won’t make an OS secure, especially if most criminals find that the user has left the door open or can be tricked into opening it.
Once you’ve earned a reputation for producing crappy code, it’s a looonnngg uphill struggle to get people to believe that you’ve seen the error of your ways.
Skreed is not a word btw. Curiously, screed is and it describes the action taken to level out concrete using a straightedge, like a 2″X4″ piece of lumber.
So now Vista is part of homeland security?
Well, yeah! Homeland Security has been publishing “Cyber Security Alerts” for quite a while now. And it seems they promote all the Microsoft Updates. To be fair, they cover Apple, Mozilla, and Oracle as well.
http://www.us-cert.gov/cas/techalerts/
But the French seem to have better coverage, including Linux:
http://www.frsirt.com/english/security-advisories/
LMAO:
Microsoft Office Grammar Checker Client-Side Code Execution Vulnerability (MS07-001)
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-01-09
To those suggesting a spyware backdoor due to NSA consultation and involvement in Vista:
1) Microsoft have licensed out its code regularly to universities and certain foreign governments, as well as other organizations, under a shared-source license. If there is a backdoor, we would hear of it soon.
2) You don’t need the source code to find backdoors – an application or a library communication over the network, for example, can be isolated and monitored (though, there is a possibility NSA have affixed specialized hardware unto PCs that communicate through some NSA-specific wireless network whose spectrum is undetectable and, more than that, causes brain tumours to those not wearing tinfoil hats…)
3) And if spying is NSA’s goal, perhaps they would focus on network hubs rather than individual computers – spying on ISP records, for one, has a whole lot more efficacy than spying on millions of individual computers.
4) And if spying is their goal in this case, wouldn’t they try to keep their relationship with Microsoft secret? Foreign terrorists, governments and paranoid geeks would after all ditch Windows in suspicion. Hell, why not just avoid the relationship – is it beyond the NSA to hire spy-programmers and placing them in Microsoft?
5) It is not as if NSA have other goals in mind here – the amount of threats to the Windows platform hurt national security too. While they can do all they can to secure government networks, just some idiot general can plug in their infected Windows laptop into, say, the Pentagon network and spread a slew of viruses within. In other words, NSA has a vested interest in seeing Windows secure by virtue of the fact Windows is the most widely used operating system in the government sector. It, after all, takes one idiot and one new, undetectable, virus to infect a whole network.
This thread reminds me of the Southpark episode about the Truth behing 9/11…
“George W. Bush: Quite simple to pull off really, all I had to do was have explosives planted in the base of the towers, then on 9/11 we pretended like 4 planes were being hijacked when really we just rerouted them to Pennsylvania then flew 2 military jets into the World Trade Centers filled with more explosives then shot all the witnesses of flight 93 with an F15 after blowing up the Pentagon with a cruise missle. It was only the world’s most intricate and flawlessly executed plan, ever, ever.
Kyle: [ever more incredulous, cocks his head left and lower] …Really??
Stan: Why?!
Bush: [smiling, he begins to pace] Oldest reason in the world. Money. The towers fell and the American sheeple all waved their flags. [walks by Dick Cheney, who’s got a crossbow and is dressed to hunt] Finally we could invade Iraq, [finishes off with sinister glee] and get the oil which made us all richer than before.
Rumsfeld: [rubs his hands together greedily] Beauutiful money, hahahaha!
Kyle: [cocks his head right and even lower. He’s not buying it] …Really??”
….
“Mr. Hardly: That all the 9/11 conspiracy Web sites are run by the government. The 9/11 conspiracy… is a government conspiracy.
Stan: Aw Jesus…
Kyle: Why would the government want people to believe they caused 9/11?
Mr. Hardly: For a government to have power, they must appear to have complete control. What better way to make people fear them than to convince them they are capable of the most elaborate plan on earth?
Bush: [off-screen] That’s quite enough, Hardly! [the camera shows him entering with his staff] Don’t believe what he says, boys; we caused 9/11. [brings forth a manila folder] It’s all right here in these secret documents, [hugs the folder tight] but you’ll never get them. [turns around as he yawns, dropping the folder to the floor behind him. No one picks them up]
Kyle: I knew it! You didn’t plan 9/11 and you really didn’t shoot that guy!
Bush: Boys, you don’t understand. People need to think we are all-powerful. That we control the world. If they know we weren’t in charge of 9/11 then… we appear to control nothing.
Kyle: Well why don’t you just tell people the truth?!
Bush: We do that too. And most people believe the truth. But one fourth of the population is retarded. If they wanna believe we control everything with intricate plans, why not let them?”
I’ve read a lot of talk back comments here suggesting NSA paid Microsoft to put backdoors in Windows Vista.
If linux is so secure and NSA wants backdoors in the OS, then why would the NSA ever use linux? After all it is so secure they could never penatrate it.
Didn’t NSA develop the SELinux specification? Why should we trust it?
Maybe the NSA shouldn’t use linux, after all, they can’t break into it.
Why stop with backdoors. NSA should pay MS to put in rootkits, viruses and other forms of malware. NSA has a large budget, they can afford it.
Heck, MS should create a special NSA edition of Windows specifically designed to be unlocked by and only by the NSA.
Does this sound as ridiculous to you as it does to most sane people? I would think so.
Yeah, and less than 1% of distribution actually have SELinux installed by default.
My distribution has AppArmor and it’s a godsend to use in comparision to headaches you get from SELinux.
Giving the source to security companies isn’t such a great idea. If these companies get desperate, they’ll develop their own backdoor trojains and viruses that only their security products can detect/remove.
Microsoft recieving help from NSA is probably a marketing stunt. I bet the NSA secretly imbedded spyware into one of the Windows subsystems, which gives them the ability to monitor people who watch child pr0n, host illegal warez, support terrorist activity and the global drug trade.
Giving the source to security companies isn’t such a great idea. If these companies get desperate, they’ll develop their own backdoor trojains and viruses that only their security products can detect/remove.
I disagree. Security thru obscurity never works; therefore, it dosn’t matter if the security companies have the source code or not.
Microsoft recieving help from NSA is probably a marketing stunt. I bet the NSA secretly imbedded spyware into one of the Windows subsystems, which gives them the ability to monitor people who watch child pr0n, host illegal warez, support terrorist activity and the global drug trade.
And you think that this kind of spy traffic would go unnoticed on people’s networks? You think that network pros would be duped by this traffic?
At first I thought it would be irrelevant, as the amount of information they could get is really huge but perhaps, coupled with desktop indexing provided by Microsoft, it can be turned on an efficient method to really track and filter information. Maybe, they postponed WinFS to tune a little bit more the entire scheme. If true it gives a whole new meaning for the next Windows code name (Blackcomb).
Humm, nanh, looks too paranoid.
Imagine an actual profession designing security for a microsoft product.
Who designed security for XP and Win2K? Clowns and giant insects?