Any chance the GCHQ people will do time in Belgian jails?
Any chance the U.K. will get an astronomical fine?
Thwarted Linux backdoor hints at smarter hacks (2003)
http://www.securityfocus.com/news/7388
Apparently it exploited the = vs == distinction in C. Just imagine how easily you could hide a backdoor in C++ or Java though with all the overloading!
Recent post-Snowden discussion : https://news.ycombinator.com/item?id=6410779
There is more risk of being caught implanting a bug in Linux :
Imagine you send Linus, Alan Cox, etc. an NSL telling him to implant some bug himself. What could go wrong?
First, Linus is famous. Are you going to lock him up for violating the NSL and telling everyone about it? Even if he doesn't violate it, he could obtain the resources for a court fight by merely hinting. NSLs aren't usually challenged, but several lost in court.
Second, Linus could quietly tell another kernel developer or security researcher who then "discovers" the bug. Again, you cannot prosecute Linus himself so easily because he's famous. In fact, any court case eventually exposes that you're inserting backdoors, which makes a mess.
You might attempt this through another less famous kernel developer, but his patches likely receive more review, and he could still quietly leak the bug.
So what do you do? Just make the patch as useful as possible, make the insecurity created a subtle and plausibly deniable as possible, and submit the patch through extremely public channels. Don't involve crazy unpredictable developer types if at all possible. That's how you minimize your chances of exposing your backdoor program.
There will obviously be way more cyanogenmod now, but the question is :
Can we trust them now that they're a corporation?
How many developers are Americans subject to National Security Letters?
Real question : Is the tool that crates these diffs open source?
It'd be pretty lame to want to diff a couple revisions but need to push the changes to the public to see the diff.
Google is against anything that makes people not trust Google, including the NSA. Google would happily keep all your data secret, except from their own advertising algorithms. but Google would also sell your data to the NSA for what they consider "fair market value", which given the preceeding is a lot higher than the NSA wants to pay for it.
Google pays a computational price for encrypting your data, but it's worth it if either
(a) the NSA is now forced to buy your data from Google, instead of stealing it like they currently do, or
(b) people trust Google more as a result.
Google wants to publish the number of NSLs it receives to (a) make people feel more confident and (b) make the NSA, DEA, FBI, etc. evaluate more carefully the data they request. Why is (b) good for Google's bottom line? I think, if the agencies are spending more personnel time on the data they request, that data appears even more important, so Google can charge more for the data the agencies really want, while incurring less risk.
Google is still a company, but it's a company run by a founder. Founders almost always make them behave much less like psycopaths than Wall St CEOs.
In the interview I linked in the other comment, Gleen Greenwald points out that, actually Saxby Chambliss made these claims, not afaik the NSA.
Representatives and Senators have outright lied to the press about intelligence matters frequently, both before and during the Snowden scandal, especially the warmonger ones like Chambliss.
It this story an ought right lie? Yes, I believe so. Why?
Why are we learning about this? Well, obviously the NSA is simply trying to justify itself against the backdrop of everything Snowden exposed.
Imagine the NSA, etc. actually intercepted this order. What does that mean? If it's real intel, then they burned both that intel, and their ability to decode future communications form Iran. Alright, maybe Iran sends blustering bullshit messages to Iraqi Shiites all the time, but even if so the NSA should want to ability to gain some sense and intel from that bluster.
We therefore conclude that, if they are not lying here, then they're directly placing our Iraqi allies in harms way, as well as American security contractors, merely to earn themselves political points. I'd consider that treason if they were endangering American solders. It's not treason endangering allies, but it's still extremely despicable behavior and very short sighted. I therefore choose to believe this story is an ought right lie because the alternative paints the administration and NSA as far worse.
Now why fabricate or tell this story now? In fact, the Department of Defense claims the NSA "does ***not*** engage in economic espionage in any domain, including cyber" (asterisks in original quote), but Greenwald says :
"One big problem the NSA and US government generally have had since our reporting began is that their defenses offered in response to each individual story are quickly proven to be false by the next story, which just further undermines their credibility around the world. That NSA denial I just excerpted above has already been disproven by several reports (see, for instance, the letter published in this article, or the last document published here), but after Sunday, I think it will prove to be perhaps the NSA's most misleading statement yet.
So tonight or tomorrow we likely learn that the NSA conducts economic espionage against friendly nations.
Could we please get a reputable source to respond to this conviction by creating a free* online course on beating a polygraph?
* Yes, you must buy or make your own polygraph machine to take the otherwise "free" course.
I soo need to switch to CyanogenMod for exactly this reason. Avoid closed source apps!
Agreed. I think people know that Prosecutors Stephen Heymann and Carmen Ortiz are the ones who need to pay for Aaron Swartz death by losing their jobs. Any MIT and JSTOR employees involved should be penalized by people remembering them and obstructing their promotion within those organizations, but tempers have cooled enough that they shouldn't be getting death threats now.
In any case, these documents will help focus anger back on Heymann and Ortiz. Example :
Aliexpress and Ebay are always cheaper than say Amazon, assuming you're fine waiting one month. 3D printers get you the part now though.
Also, these house hold items could usually be improvised for free, like using a coat hanger for a shower ring or super gluing the old ring back together.
I missread the title as Anus CEO
I'm glad a company of Asus' stature is abandoning Windows RT.
I saddened there is no knock off brand called Anus.
"If I do not want others to quote me, I do not speak." -- Phil Wayne
