Richard Stallman Speaks About Back Doors After NSA Documents Leak 332
An anonymous reader writes "Companies such as Microsoft, Facebook, Apple, and Google are scrambling to restore trust amid fresh litigation over the PRISM surveillance program. Richard Stallman, the founder of the Free Software Foundation and a newly-inducted member of the 2013 Internet Hall of Fame, speaks about not only abandoning the cloud, which he warned about 5 years ago, but also escaping software with back doors. 'I don't think the US government should use operating systems made in China,' he says in this new interview, 'for the same reason that most governments shouldn't use operating systems made in the US and in fact we just got proof since Microsoft is now known to be telling the NSA about bugs in Windows before it fixes them.'"
Re:GNU/Linux is made in the USA (Score:3, Informative)
No its not. There are distros based in all parts of the world. Also the difference here is that the source code is freely available for all to see.
Re:GNU/Linux is made in the USA (Score:3, Informative)
Linux was made in Finland.
Yet another Yank taking claim for other's achievements.
Yes, but (Score:5, Informative)
While it is true that Microsoft is agreeing in certain cases to give access to the source code to Windows, it appears actually getting your hands on the code is sometimes harder than expected.
Point in case, Éric Filiol, an ex French intelligence officer from DGSE (the Directorate-General for External Security) recently explained that
“The French State can't obtain certain pieces of technical information on the WIndows kernel. A country that has nuclear fire and is a member of the UN's Security Council can't make Microsoft reveal necessary informations on a système that is absolutely everywhere.”
("L’État français n’arrive pas à obtenir certaines informations techniques précises sur le noyau Windows. Un pays doté de l’arme nucléaire et membre du conseil de sécurité des Nations-Unies ne peut pas contraindre Microsoft de lui donner des informations nécessaire sur un système qui est absolument partout".)
Source:
http://www.numerama.com/magazine/26360-la-france-n-arrive-pas-a-avoir-des-informations-sur-le-noyau-windows.html
So there seems to be a difference between what is announced and what happens.
Re: GNU/Linux is made in the USA (Score:5, Informative)
The kernel work started in Finland, but most of the work and most of the GNU system originated in other countries and most prominently the USA.
Re: GNU/Linux is made in the USA (Score:4, Informative)
Re: GNU/Linux is made in the USA (Score:5, Informative)
But who compiled the compiler?
http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf
Re:No surprises (Score:4, Informative)
So what? Those governments don't have the right to compile the code.
However, government users will not be allowed to make modifications to the code or compile the source code into Windows programs themselves, Simon Conant, a Microsoft security specialist based in Munich, said.
"Governments under the GSP are allowed to view the code in a debugger, but not compile, redistribute, or actually modify the code," Conant, said. A debugger is a tool used to evaluate software code.
If you can't compile the code, there is no guarantee that you'll be auditing the right code base. If you dig down deep enough, the debugger will start taking you to the wrong lines (as it happens with most software projects, even open source ones), but Microsoft will just explain away those discrepancies by saying that they had to remove some of their testing code and some of their logging statements (an explanation which is sensible enough, but that you can't workaround, because you're not allowed to compile the code yourself, nor have you been provided the exact compiling recipe/code snapshot they've used for their official release).
So whatever you do audit of the code base, Microsoft or the NSA can then modify before it gets compiled for your own citizens, and the chain of custody will have been broken thereby completely circumventing your audit in the first place.
His backdoor remark is VERY CURRENT (Score:3, Informative)
This wasn't about the win2k NSA key, it is about Microsoft passing info about zero day exploits to the NSA instead of fixing them, so the NSA can use them to break into people's computers and spy on them. This came out in the news in just the past few days (not sure if revealed by Snowden or someone else). It would seem to explain why Microsoft is so damn slow about fixing bugs.
Re:So how do you know the binary matches the sourc (Score:4, Informative)
I'm afraid you've got it wrong. At least Australia can build from source. I doubt they got a special deal.
Australia to see Windows source code [cnet.com]
The ability to build from source would seem to be a key aspect of verifying the code. I'm not sure why you think they wouldn't be able to do it. What they probably can't do is distribute the binaries for free - they still have to pay Microsoft for the distribution of software.
Also, it seems likely that by providing their code to foreign governments, Microsoft is picking up what to them is free services of what are no doubt some of the best software engineers in government looking over their code, and probably sending in the occasional bug report. What's that saying? Many eyes makes for shallow bugs? Or maybe not.
Skype Link Spying Germany (Score:3, Informative)
Remember this?
http://yro.slashdot.org/story/13/05/14/1516247/microsoft-reads-your-skype-chat-messages?utm_source=commentcnt&utm_medium=feed#comments
A german user noticed that if he passed a link in a skype message, the link was accessed by Skype servers?
Microsoft claimed it was to protect from malware. But now we know they're in the NSA's pocket, and the NSA is data mining all communications and storing them in the big database, the obvious conclusion to come to, is that this is part of NSA's data mining effort.
If you look at 'Boundless Informant' leak, Germany is very heavily spied on by the NSA, and so German Skype chatter is likely a major target for interception. Germany is a big commercial competitors to the USA.
Also notice the fake 'RC Plane bomb plot in Germany' from yesterday... part of the marketing to try to quieten down German anger.
Re:Abandoning the cloud ? (Score:5, Informative)
dudes, don't you know about.. the NSAKey? (Score:3, Informative)
Microsoft has been installing the NSAKey in Windows since Windows 98; a special root key that grants them access to Windows cryptography services, ability to generate their own keys, decrypt things, and maybe install rootkits, bypassing the user. Some people think it's Trojan that even gives them stealth remote control capabilities. Microsoft has always been working with the NSA, and in turn, the NSA has always been getting into whatever they could possibly get their hands into. Welcome to the ultimate rootkit in society, next to Remote Neural Monitoring and Electronic Brain Link.
http://www.washingtonsblog.com/2013/06/microsoft-programmed-in-nsa-backdoor-in-windows-by-1999.html [washingtonsblog.com]
and nsa.pdf @ http://www.oregonstatehospital.net/ [oregonstatehospital.net]
Re:Abandoning the cloud ? (Score:4, Informative)
there is absolutely no way to process it in the cloud properly
Sure there is. It's called homomorphic encryption.
Re:Abandoning the cloud ? (Score:4, Informative)
If you include embedded devices, quite a lot of it uses OS from China. Anything from Huawei for a start - that alone has some people in Congress and the military concerned.
Re:As usual. Stallman was right all along. (Score:5, Informative)
> Multi-national companies don't have the power to imprison me, make things I'm doing illegal in order to harass me or silence my speech by unequal protection of the law as in the IRS abuses scandal.
Sure they do. They can use their vast resources to influence national governments, distort laws, and influence local prosecutors.
Some companies are larger than some nations and have the resources and influence to match.
This is not unprecedented. One of the things that the US was rebelling against was one such company.