Bundeswehr Says Microsoft Software Verboten

deran9ed writes: "The German foreign office and Bundeswehr are pulling the plugs on Microsoft software, citing security concerns, according to the German news magazine Der Spiegel. Spiegel claims that German security authorities suspect that the US National Security Agency (NSA) has 'back door' access to Microsoft source code, and can therefore easily read the Federal Republic's deepest secrets. Article in German, English article"

you know what that means

You need another beer; you can still read 4/5 of words.

Re:Give me a break

Bullshit.

Linux has no nationality.

One of the great things about it is its thoroughly international nature.

Re:Wha?

> The NSA has to report to someone right?

Riiight... And of course this fact prevents it from spying on other countries and individuals. (Search this page for "microsoft").

Because... Oh, do we need to explain this? No-o, we have a democracy here, we can't be the "bad guys", like Miloshevic. It's not what we were taught in our wonderful and safe schools!

> I'm of the opinion that there is no NSA backdoor in Windows, because it would have been found and exploited by now.

Duh. You probably think that a "software backdoor" looks somewhat like a real door, no?

What you just said is like saying "there are no bugs in MS Windows, because if there were any they would have been fixed by now"!

> I think it's just some European nationalism blah blah blah

It's German, not European. There is no European nation, and will probably never be, because of the US poking its long nose everywhere in Europe it can.

Re:In other news ...

The terrorists dream...

I_LOVE_YOU_2.TXT.vbs:

IF HOSTNAME="uss.ronald.reagan.mil" THEN

MISSILE1.SET_TARGET("Washington DC")
MISSILE1.LAUNCH
PRINT("WE OWNZ J00")

ELSE

LET A = OUTLOOK.GET_CONTACT_LIST
FOR I = 1 TO A.LENGTH
OUTLOOK.SEND(THIS, A[I])

NEXT I

END IF

Re:Give me a break

[HeUnique]

Have you ever tried the SuSE german version of Linux? even the kernel messages are in german (talking about make menuconfig)...

As for MS or MacOS - you get the OS itself with localized version - and they're applications which Apple or MS written with localized version. If you'll install for example Quicken - you'll get it by default in .. english

Re:Um...

[pb]

Of course the source is buildable; what the hell else do you think the companies that buy it do with it?

That's what IBM does with it, as does MainWin... The only thing I'd worry about is if there *was* a back-door, and those same companies had to sign an NDA. But that would be suspicious, and we'd hear about it eventually.

Which we are...
---
pb Reply or e-mail; don't vaguely moderate.

There's an answer for everything...

[pb]

In this case, you do as follows:

a) examine the relevant source code
b) tell the compiler to compile it into assembler
c) tell the compiler to produce an object file
d) disassemble the object file / assemble the assembler yourself
e) compare the results

Obviously, if you see any extra or changed code, the compiler can't be trusted, as it is rigged to add NSA back doors.

However, if it does this in the assembler, it should be fairly easy to see the discrepancy between that and the original C source code listing.

I would gain a lot of respect for Microsoft, though, if they did anything that clever; I'd definitely suspect the NSA first.

P.S. anyone using a binary distribution of NSA Linux? :)
---
pb Reply or e-mail; don't vaguely moderate.

Um...

[pb]

I remember this from a while back, but it's nice to see other people asking these questions.

My question is, why doesn't someone with a Source License check this out? And if they have, are they allowed to tell us?

Windows source code isn't available to the general public, but a lot of people out there can get their hands on it. Anyone with access to it wanna pipe up and tell us?
---
pb Reply or e-mail; don't vaguely moderate.

Re:Um...

[johnnyb]

Yes, the C compiler is strict ANSI C. They have it building using just about every C compiler known to man. Some of the other languages that come with GCC require GCC to build. So, you have to build the C compiler, and then use that compiler to build the rest. Anyway, they have a "bootstrap" mode that is very, very nice.

Re:Um...

[Admiral+Burrito]

What makes you so sure that they received the complete source? Is the source even buildable? What makes you sure the Windows binaries don't include backdoors in source files Microsoft doesn't distribute?

I would bet that it is buildable. But see Reflections on Trusting Trust.

That paper applies to GCC too, of course.

Re:Um...

[chill]

Very intersting paper. Thanks.

An idea...

This is a very specific type of compromise. Say the binary of GCC is bugged. It would seem to have to be bugged for a specific thing (like recompiling untainted GCC souce with the bug). It would be VERY difficult to bug something other than the target (like, Apache or the kernel). Generic bugging would be a bitch. (Are we going to bug "Hello, world?" It would be pegged the first time some ASM student was trying to debug/analyze the generated machine code.)

So... what are the odds some other C compiler is bugged with a target of GCC? Build GCC with something else (or several somethings and do some comparisons of subsequent GCC output).

Not mathematically provable as secure, but I'll bet a statistician could give a lot of 0s worth of improbable.

Of course you could always code your own C compiler -- by hand from Assembler. :-)

Hmmm...how tough would it be for Intel to embed some microcode in a P-III or P-IV (or better yet, combined with an i810 controller chipset) that monitors for an ethernet/TCP-IP connection and sends a little message...

Re:Um...

[chill]

I dunno. Is it pure ANSI C?

Re:Um...

[QuoteMstr]

What makes you so sure that they received the complete source? Is the source even buildable? What makes you sure the Windows binaries don't include backdoors in source files Microsoft doesn't distribute?

Re:Um...

[THB]

I'm sure the german government could get one, however it is most likely there are some anti-ms people in the german security/computer organizations, and they feel that this is the best way to get around it.

If it is possible to utilize a backdoor, then it is just as possible to use the latest exploit, and they would be better off hiring decent admins.
Hiding hole built into as much software as microsoft has shipped is not trivial.

Its also possible that the german government wants to stimulate its software industry, the US has had policies like this for many years to give american companies advantages.

The first reason could give linux a chance, but the second would most likely be a proprietary solution.

Re:Um...

[Argy]

Burrito wrote: I would bet that it is buildable. But see Reflections on Trusting Trust.

You're making the incorrect assumption that Microsoft has opened up its source code so that people can trust it. This is not correct. As I recall, even the best of customers gets access to only 95% of the source code, which casts further suspicion. Also, they specifically disallow any organization outside the United States from looking at their source code.

If they are harboring secret code for the NSA, but are trying to address growing customer demand for a peek at their source, their current policy is exactly what you'd expect.

From CNet: "Microsoft lists the main benefits of the program to customers as follows: one, augmenting the ability to debug and optimize customers' internal applications; two, improving troubleshooting of deployed Windows environments; and three, increasing understanding of Windows to promote long-term success of the customer's organization."

Re:Um...

[marx]

That would require an already compramised system.

It requires a compromised compiler. Guess who makes the compiler required to compile the Windows source?

Re:Um...

[A.Gideon]

It pays to study the classics. Please see this for an explanation of a back door which remains hidden despite your "check".

Re:Um...

[3247]

"What makes you so sure that they received the complete source? Is the source even buildable?"

If it is not buildable, it isn't source code, but documentation.

Do you really think someone would trust an operating system the code of which is not buildable? This would cause much more suspision than not having the source code at all.

But can you trust your compiler?

Many compilers can only be built with themselves. Who says the _existing_ compiler/linker binaries don't have a backdoor that will put the very same backdoor in every programme you compile?

You do get the source code and all the stuff, but you might have to rely on an initial binary that could already have the backdoor...

Having the source is not enough, you also have to build it using a compiler you've bootstrapped yourself!

Re:Um...

[3247]

Even if building it does work, comparing the binary output will not work: Different compilers will translate the code differently, even if you do not optimize the code.

You can, however, make it produce assembler code, verify that it is identical to the final binary and check that is it a valid translation of the source code (and only that).

Re:Um...

[MSjogren]

The way I recall it, the instructions for compiling gcc on solaris, is to compile a basic gcc with Sun's compiler, and then compile a new gcc with the gcc you just got. Probably compile a new one with that one, just to be on the safe side :-)

I may be wrong of course, I haven't compiled gcc myself for ages.

Re:Um...

[RedWizzard]

So... what are the odds some other C compiler is bugged with a target of GCC? Build GCC with something else (or several somethings and do some comparisons of subsequent GCC output).

Is that possible? Can you build GCC with anything other than GCC?

Re:Um...

[Bungie]

You're making the incorrect assumption that Microsoft has opened up its source code so that people can trust it.

No, the Bell Labs paper which he linked to (Reflections on Trusting Trust) describes how a compiler can be compromised, thus making examination of source code useless. The point is that they can probe the Windows source all they want, but VisualC could insert the backdoor at compile time. Since they do not have the VC source, they would never know otherwise.

Re:Um...

[DickBreath]

I would bet that it is buildable

I wonder.

It seems from all accounts I've read about MS letting others peek at their source, they specifically want it to be only so that you can consult the source. For instance, to make your board able to work with Windows. Or to see how Windows works, to get your enterprise app to work with it. etc.

MS specifically doesn't allow you to modify it. Therefore, it might not be buildable in order to preclude non-authorized binaries from ever comming into existance, and possibly getting passed around, even finding their way outside of the licensed organiation into the wild, etc. Imagine the possibilities.

Of course, the only way that MS could convince me to my satisfaction that there were no backdoors would be: (1) I get to analyze the code, and (2) I get to build the code and compare binaries to those that have been in circulation for years. Part 2 requires that I have access to the original compiler tools, configuration settings, etc. so that I can generate identical binaries. This is a pretty high bar in order to make a convincing argument that there are no backdoors. Of course, item 1 alone is a pretty high bar on my part. I would have to have a darned good reason to expend the effort to audit the (presumably) horrible MS code. Even if MS met item 2, the cost to me of item 1 might make it cheaper to go with open source. Even doing item 1&2 on open source.

Re:Um...

[rseuhs]

Is that possible? Can you build GCC with anything other than GCC?

AFAIK there is a very decent C- interpreter out there. So you could use the interpreter to run GCC to build a 100% clean GCC-binary.

I think you mean...

[mholve]

"Die Bundeswehr sagt das Microsoft Software verboten ist." ;>

Re:I think you mean...

[Hanno]

"Die Bundeswehr sagt, dass Microsoft Software verboten ist."



------------------

Serious Euro-funding for Open Source on the way..

[cthompso]

So, if you're the German government in this case, do you A) re-invent a proprietary wheel, perhaps working with Siemens for many years, or B) inject some rocket fuel (serious cash) into Germany's already-thriving Open Source efforts? I recall a while back someone tallied up the national origin of hardcore contributors to OSS/GPL projects, and the Germans were in first place or very close. I suspect we'll see some very polished stuff as a result of this, for instance, the KDE desktop, already in the passing lane to the left of Windows 2000, will probably accelerate away from Win2K at a pretty fast pace over the next 18-24 months. It will be good for all of us. By the way, I'm an honorably discharged U.S.military veteran (US Army, 1983-1987), and I wish the officers and men of the Bundeswehr every success in this effort!

Re:Like StarOffice?

[sheldon]

Fascinating.

But you clearly missed the point.

Ohwell...

[sheldon]

There may be truth to the rumors. Xerox was reported to have rigged a copy machine in the Russian Embassy to make extra copies on film. The machine would break down periodically, and a Xerox repair guy would go out fix it and put in a new film.

Besides, it's not at all common for countries to throw up barricades to trade in order to boost their own industries.

Good for them, maybe Germany will actually build some software that competes on the market as a result.

Re:Like StarOffice?

[sheldon]

Interesting. I suppose the whole WWII thing causes us to believe we are morally superior. But you're right on one point. The US tries not to use foreign products in our own government.

Re:Like StarOffice?

[sheldon]

Not quite sure how you could justify that comment.

Re:Like StarOffice?

[sheldon]

I wasn't talking who won or lost, but rather how the war was fought.

I thought that was pretty obvious. I guess not.

Re:The rest of the EC will follow.

[tjansen]

I wouldnt call this paranoid, it is a fact that there was a backdoor in Lotus Notes, and Notes was used by german military. So it seems like they have learned from their mistakes...

Like StarOffice?

[Moritz+Moeller+-+Her]

> Good for them, maybe Germany will actually
> build some software that competes on the
> market as a result.

Like Star Office ?

Like GPG, like KDE? Like Lyx?

Like SAP?

Like the software in German cars?

Maybe we are just fed up with the arrogant attitude of (some) Americans.

Who preach water and drink wine. Who sign treaties and don't follow them?
Who think they are so morally superior.
Where do you use foreign products anywhere in your government at all?
Heroes of free markets, my ass.
--

Re:Like StarOffice?

[PhilosopherKing]

I believe that is:

Since USA beats Germany in WWII, USA Better
Since VietKong held its own and then some in Vietnam, They are then better by the same logic.

And then that "master race" bit is a extention of Ubermen meme from WWII.

Re:Like StarOffice?

[James+Lanfear]

Where do you use foreign products anywhere in your government at all?

Well, the Army's new berets are going to be made in China.

Re:Like StarOffice?

[cyber-vandal]

In which case then, the Vietnamese must be the master race.

Re:Like StarOffice?

[cyber-vandal]

What point was that? Don't start dissing the Germans for losing a war 55 years ago if you don't want to be reminded of losing a war 25 years ago, and to an allegedly inferior force of communists no less.

Re:Like StarOffice?

[cyber-vandal]

And how was the Vietnam war fought? With Napalm, Agent Orange and soldiers who didn't care about the difference between a village of rice farmers and a VietCong base. The Nazis were evil scum, but the Yanks didn't exactly act with honour in Vietnam either.

Re:Like StarOffice?

[shippo]

Like the AV-8?

Re:Like StarOffice?

[stew-a-cide]

I read in Popular Mechanics (I think) that the US army's new main tank is from Canada. Their switching from thoes huge ass billion dollar ones to little fast ones with wheels or something.

WW II

[Moritz+Moeller+-+Her]

I guess winning the third world war (including the cold war) in a row and never having to fight on one's own territory has interesting psychological side effects.

One of them could be construed to be the same arrogance you (I assume you are American) show.
I don't know how you justify that arrogance though. Winning wars does not give you a moral high ground.

(even though I am glad the Americans did intervene into WW II after the Japanese attacked them, before that point Americans could not be bothered to let e.g. all Jews who asked immigrate...)
--

Re: icq is echelon encarte

[rve]

Well we at the Communist Jihad never plan our terrorist attacks through ICQ. Although we are foreigners, and therefor a little slow and backward, even we can see that you need more secure methods for this. We encrypt our data with software that we illegally downloaded from a USA based server.

Re:Let them review the code

[RelliK]

You should have read the article about this. Microsoft is not releasing *all* code. A "small portion" of it will still be closed. So I guess you can't just get the source from MS and compile it yourself. You still need to get the binaries from them...
___

Re:Did anyone notice the link on the bottom?

[RelliK]

The Navy just doesn't give up. Just two or three years ago they had a battleship stuck in the water because NT crashed. And now they want NT to run on a carrier?
___

Microsoft's explanation of NSAKEY is reasonable.

[armb]

If MS were prepared to put a second key in for the NSA, why wouldn't they just give the NSA a copy of their signing key?
One possibility is that they couldn't, because the Microsoft signing key was in secure hardware that didn't allow any backup copies - which is exactly what Microsoft claimed. But if Microsoft are telling the truth about that, there's no reason not to accept their whole explanation - since the whole CryptoAPI signing stuff was put in for the US government, it's reasonable that the NSA reviewed it, and that they would point it out if Microsoft had screwed up by forgetting about disaster recovery.

http://europe.cnn.com/TECH/computing/9909/13/bac kd oor.idg/
"Culp noted that export licenses are granted by the U.S. Department of Commerce, but the technical compliance review is conducted by the NSA -- hence the key name."
"Culp says the backup NSAKEY was created to ensure that if the secure facility holding the private key was destroyed by an earthquake or other disaster, the company wouldn't have to replace all the public keys in every Windows system."

--

Love that NSA... :)

[Booker]

The NSA sure stays busy, what with putting backdoors in Windows and securing Linux.

Next thing you know we'll have a Congressional panel on why the NSA is being so... um... un-American. :-)

---

Re:Love that NSA... :)

[Tony-A]

Of course Microsoft would be more likely to deny the existence if there was a backdoor. Proves nothing, but I don't think you will find OpenBSD claiming that they have no backdoors.

Re:Love that NSA... :)

[Tony-A]

For silly, whatever is an almost infinite number?
Since there is a non-null intersection of the aims of NSA and Theo, and Theo does do things, there is a good argument that Theo is an agent (albeit indirect) of the NSA.
No, I cannot prove that elves haven't put backdoors into Windows.
I'm sure that a large number of people at Microsoft have viewed some of the code, but how many have examined all the code, specifically looking for backdoors? If someone found a backdoor, whoud (s)he post the code to /.?
Taking down stale news is strange?
I assume that Microsoft, not NSA, is coding Windows, so NSAKEY is Microsoft's terminology rather than NSA's.
If all the major news services were to run news stories (plural) about OpenBSD having a backdoor, then not only would the OpenBSD developers not deny it, but they would also deny it. ("If FALSE then TRUE" and "IF FALSE then FALSE" are both true ;)

Re:Love that NSA... :)

[hughk]

In openVMNS, there were several data structures asscoiated with security: NSA (Notional Security Access), KGB (Key Grant Block), CIA (Compound Intrusion Analysis).

It was just an in-joke with the developers. Nothing sinister there at all. The current supposition hanhs off something called nsa_key or something as mentiojned in the earlier post.

Re:Love that NSA... :)

[Henry+the+Orange]

The link to original site making this claim (which I got from the Slashdot link you provided) seems to be is invalid. However, there is a Microsoft page which denies the existence of such a thing.

Does anyone know of a current link making this claim of a backdoor?

Re:Love that NSA... :)

[Henry+the+Orange]

Your standard is silly. There is an almost infinite number of things which do not exist, and for which there is insufficient proof to convince some people of this. Can you prove Theo DeRaadt is not actually an NSA agent? Can you prove that elves dont exist?

The Windows code is viewed by very large numbers of people, none of whom have backed up this claim of a `possible backdoor, which was based entirely on the name `NSAKEY (which would be an incredibly stupid name for the NSA to actually use). The most revealing thing is that the the source of this rumour has himself taken down the page discussing it. This would be a very unusual thing for the `Chief Scientist of a security firm to do about an announcement that made him famous, unless he had a very good reason. The Microsoft explanation is far more credible than the original (now deleted) announcement, so I think its obvious which is nearer to the truth.

In response to your last comment, if all the major news services were to run news stories about OpenBSD having a backdoor, do you think the OpenBSD developers would not deny it?

Re:Love that NSA... :)

[Henry+the+Orange]

For silly, whatever is an almost infinite number?

It is a number so high that it is incomprehensible, and yet may not actually represent infinity. Is this an unusual phrase? It looks quite common to me (according to Google).

Since there is a non-null intersection of the aims of NSA and Theo, and Theo does do things, there is a good argument that Theo is an agent (albeit indirect) of the NSA.

Ill put it more directly: can you prove that Theo is not a covert employee of the NSA, who is secretly putting obscure and hidden backdoors into OpenBSD (it is possible with innocent-looking source code)?

No, I cannot prove that elves haven't put backdoors into Windows.

So why the comment about Microsofts denial `proving nothing, if youre unable to prove that elves arent putting backdoors into Windows and OpenBSD? A denial can never prove anything, it can only offer an alternative explanation of something.

I'm sure that a large number of people at Microsoft have viewed some of the code, but how many have examined all the code, specifically looking for backdoors? If someone found a backdoor, whoud (s)he post the code to /.?

I have no idea what would happen if someone found a backdoor in the Windows source code, but my suspicion is that it would be reported to the owner of the code, then removed.

Taking down stale news is strange?

Actually, it is. With the cheapness of storage, most companies leave press releases and documentation up indefinitely. The Microsoft denial remains up, even though it is nearly as old as the initial Cryptonym claim. Also, this claim made Cryptonym briefly famous, and, if it were true, is something the company should be proud to have found. If I had found something as significant as an NSA backdoor in one of the most popular software products in the world, Id proudly display this fact.

If all the major news services were to run news stories (plural) about OpenBSD having a backdoor, then not only would the OpenBSD developers not deny it, but they would also deny it. ("If FALSE then TRUE" and "IF FALSE then FALSE" are both true ;)

Im sorry, I dont understand. You previously said that `Microsoft would be more likely to deny the existence [of a backdoor] if there was a backdoor, yet now you say OpenBSD would also deny the existence of a backdoor in similar circumstances (your sentence is actually self-contradicting, but I think this is what you meant), namely if a baseless allegation of a backdoor were levelled at OpenBSD. By your earlier logic, this action would suggest a greater likelihood of a backdoor in OpenBSD.

I think a denial would be issued regardless of the guilt or innocence of Microsoft (or OpenBSD). The denial does not `prove anything, but the explanation provided in the Microsoft denial is far more reasonable than the original claim by Cryptonym. Moreover, the Microsoft denial/explanation remains available, while the Cryptonym one has been taken down. Surely this says something.

Lastly, to not not do X is to do X; the second `not cancels the first. If you dont believe me, ask your C compiler what !!1 is.

Re:Bugged software

[Clansman]

Not sure about an office in Cologne but they did apparently try out the slogan "Wang Cares".

Urban myth prolly ...

C

Re:It looks to me like...

[jimhill]

Thing is, it is absolutely crazy to let matters of national security rest on imported software. Maybe there are back doors in Windows and maybe there aren't -- but the fact that the government doesn't KNOW means they should have disqualified this software years ago. I hope other governments follow suit, including the US. Some things require the use of in-house products, whether that's more inefficient or not.

Re:Trouble is...

[Goonie]

A former CIA director explained that this is done for moral reasons, but his article sounds awfully bigot to me...

Yep. The US will use just about any tactic they can get away with to get big contracts for US companies overseas. For instance, the US told Australia that it had to buy submarine combat systems from US companies, instead of a competing European bid, because they wouldn't participate in joint exercises with these submarines if the subs used the non-US software. This, despite the fact that they happily conduct these kind of exercises with their NATO allies, who, shock horror, design their own submarines, tanks, helicopters, and planes, all with their own non-US combat systems.

Like most countries, the US believes in free trade when it suits.

International Treaties on backdoors?

[Goonie]

an act which would violate any number of laws within the US and any number of international treaties outside of it )

I wasn't aware of any international treaties that placed limits on espionage activities - the only international treaties I can think of that relates to activities of spies are the Geneva convention (what you can do with spies once you catch them), and the Berne Convention (if they're diplomats, they've got diplomatic immunity). What are you referring to?

Re:International Treaties on backdoors?

[corvi42]

I'm not an expert on this kind of thing, but I would assume that spying on countries that are presumably your allies is at the least not going to win you much good sentiment, even if it doesn't break any treaties.

Re:International Treaties on backdoors?

[corvi42]

there is no evidence of any such backdoor (the site which originally made the NSA claim has been taken down)

Well, there is no evidence that has been made public, yet. I was under the impression that it was the german govt. which made this claim - not some website, and the fact that the article is gone or not has no bearing on this. Assuming that the german govt. really did make this statement and is intending to follow through on it. It seems unlikely that a very influencial world govt. would make such an "outrageous" statement unless they had some good reasons to believe it was true. The fact that they have not specified what those reasons are yet means nothing.

Also given that the NSA released such a large number of microsoft weaknesses recently suggests that even if there were no NSA/CIA designed holes in M$ products, they have obvioulsy spent a good deal of time investigating what was there without their own contributions, and would naturally have been in a marvellous position for years to take advantage of same.

Why should they want to publish these backdoors that they themselves have discovered and (potentially) been using then? Well probably because they figure that these back doors and security weaknesses aren't so well hidden that many people outside the US couldn't find them and exploit them, and they'd rather see the vastly computer-dependant US economy be more secure rather than have easy access to foreign interests. Just a trade-off that makes sense in the long run.

Re:International Treaties on backdoors?

[corvi42]

This is very interesting - I had no idea that they were so lax about allowing foreign spying. Thanks for the heads up - it explains much.

Re:International Treaties on backdoors?

[Lonewolf666]

Being from germany, I can comment on this:
During the era of Chancellor Kohl, the german government showed an almost ridicioulous disinterest in keeping the USA from spying on germany. With the new government under Schröder, Germany shows a little more energy in protecting its interests, but there is still a lot of leniency for US activities.
This may have encouraged the USA to become more bold in spying than one would normally expect from an ally. Add in the US mindset of "we are the good guys and have a right to police the world", and it seems quite credible that the CIA/NSA would try to use a backdoor they know about.

Re:International Treaties on backdoors?

[Henry+the+Orange]

That is certainly reasonable, but there is no evidence of any such backdoor (the site which originally made the NSA claim has been taken down), so the whole thing is really rather ridiculous. Its no more credible than banning Intel CPUs because they may contain secret NSA instructions.

About the spying in general, it seems the Stasi had bugged all of Chancellor Kohls offices/telephones anyway, so I dont think the lazy attitude was limited to American spying. Actually, if a link in the chain is suspected of being weak, its all the more important to keep an eye on it.

Re:Protectionism

[elvum]

One of the reasons the British military is so much more effective than the French and German militaries is that spending is based on what is best for the job, not on politics.

The result: highly publicised layoffs in the defence sector, and an aerospace industry reduced to making the wings for Airbus 'planes! (Well, nearly... :-) )

Denver?

[Saurentine]

Denver is VERY close to Colorodo Springs, which is where NORAD has the underground city and command center.

Denver is no surprise at all to me. Clandestine forwarding from that point to the Colorodo Springs area would be trivial.

Re:Denver?

[Bonker]

Under/Around/Near Denver is also a suspect spot for Area 51's replacement base and development center.

Re:Give me a break

[banky]

There isn't anything *but* Microsoft software, if you think about it; with 95+% of the desktop market, even if it isn't made in Redmond, its written for their products.

Besides, that German company may very well be SuSE...

Re:Trouble is...

[Syberghost]

...the US secret service has a documented history of using its snooping on its allies, mostly for the benefit of US businesses.

Can you name a major country that doesn't? Seriously, the Germans do it, the French have been caught a few times recently, the Japanese have been caught a few times. The list goes on.

-

Re:Trouble is...

[Syberghost]

Canada probably doesn't spy on its allies.

The US passes it's information on to Canada, and the rest of our allies.

So if they aren't guilty by deed, they're certainly guilty by association.

-

Re:Trouble is...

[Syberghost]

Oh, yeah? Read this.

Perhaps you should stop relying on the German news agencies for coverage of German government excesses.

-

UNC'a study shows that linux is German

[pjones]

not entirely but very heavily so. see http://ibiblio.org/osrt/develpro.html aka A Quantitative Profile of a Community of Open Source Linux Developers. European e-mail endings of LSM identified authors account for 37% of the software we counted. German or .de endings identified the largest number other than .com some of which we know are also Germans.

Re:Translation of Spiegel Article plus comments

[Hanno]

There is of course also a (huge) German representation of Microsoft in Munich, one that probably dwarfs the size of Redhat USA HQ...

While it's true that SuSE is huge and popular in Germany, I (a German) never considered it "German" software (which the Spiegel article calls for).

Someone else in this thread pointed out that the whole idea of this maybe to strengthen German software businesses, just as the US requires the use of US software on government computers.

------------------

Re:Give me a break

[Hanno]

Because the original article (not written by timothy) specifically mentions Microsoft products as a security risk. See my translation below.

------------------

Re:Trouble is...

[Hanno]

I am pretty confident that the German secret service does not snoop on Boeing headquarters to make sure that Airbus (a company co-funded by the German and several other European governments) gets hold of the latest deal.

At least, there hasn't been any report about such scandals here or in other country's news media, unlike many reports of such behaviour about the US secret service.

Given the fact that the German secret service is probably (surely) far less competent than their American counterparts and the additional fact that German news media are very critical of our government and love to dig up such stories, it seems that Germany is not among them.

Not yet.

------------------

Re:Trouble is...

[Hanno]

Question is, who made the US the "mother" of Europe, in charge of educating its allies? The US does this because it is the one current superpower and knows it can get away with it.

That still doesn't make it right since the very same things that Woolsley critizies are done by the US as well.

------------------

Re:Trouble is...

[Hanno]

Thanks. I stand corrected.

------------------

Re:Translation of Spiegel Article plus comments

[Hanno]

Maybe "shoot" was the wrong choice. While that word was used, it wasn't used in its literal meaning. More like "German army targets Microsoft" or "pinpoints Microsoft".

Even "farts in the general direction of Microsoft" would have been appropriate. :-)

------------------

Trouble is...

[Hanno]

...the US secret service has a documented history of using its snooping on its allies, mostly for the benefit of US businesses.

A former CIA director explained that this is done for moral reasons, but his article sounds awfully bigot to me...

It should be expected that Echelon and similar technology that the NSA has access to will be used in a similar manner.

------------------

Re:Trouble is...

[Betcour]

There's no such thing as "free trade". It is mostly an agreement saying "I'll screw you, but you are allowed to screw me... if you can". Of course it is no surprise the biggest proponents of free trade are the most powerfull economies, as they need free-trade to take over foreign market and slowly change the world to a huge corporation (AOL-Time-Warner-Vivendi-Universal-AT&T-Proter&Gam ble-Sony).

Re:Trouble is...

[_xen]

I am pretty confident that the German secret service does not snoop on Boeing headquarters to make sure that Airbus (a company co-funded by the German and several other European governments) gets hold of the latest deal.

If you base your confidence on the lack of media stories about this, then you can be just as confident that the NSA does not actually exploit the backdoors it has in M$ software to spy on German military operations, can't you?

Re:Trouble is...

[Dr.+Merkw�rdigliebe]

Question is, who made the US the "mother" of Europe,

Europe itself is the one to blame the most. Ever heard of the two World Wars? Militarily, Europe still hasn't recovered from its self-annihilation. Ever since it has been far more practical and cost-effective to hide under Uncle Sam's umbrella. Europe could be a major power if it wanted and I think it will be, but we need further union (on foreign policy and such) before that can happen, and we all know how difficult that will be ;-)

In a way Europe is the true sleeping giant, but it will take quite some time before it will arise once more.

Re:Trouble is...

[Dr.+Merkw�rdigliebe]

The notion of a European Super State is very widespread amongst anti-European groups, but I think it is a matter of mis-interpretation. Further union doesn't mean a superstate. Like I said, Europe needs to speak with one voice when it comes to foreign policy if it wants an effective policy and the military to back it up. This doesn't say anything about how this will be implemented, the anti-euros simply, in their limited imagination, assume it will function like the US. However, I don't think the EU will ever resemble anything close to the USA. Unlike the US, the European Nations truely are seperate Nations, whereas the US is only one Nation. Why people think the EU is going to be like the US politically is beyond me.

Re:Trouble is...

[Talla]

The article would be quite funny to read if it wasn't so new. It gave me the same sensation as watching those old atom age propaganda movies, which told us we'd be safe from the Bomb as long as we just hide under the kitchen table.

Re:Trouble is...

[bartok]

The point is that since the US has a track record in using industrial spying, it makes the M$ backdoor much more likely.

Re:Trouble is...

[crashnbur]

From the article that you linked to:

Get serious, Europeans. Stop blaming us and reform your own statist economic policies. Then your companies can become more efficient and innovative, and they won't need to resort to bribery to compete.

And then we won't need to spy on you.

That may be true, but we'll still spy on them. That's like mom telling son to stop taking cookies from the cookie jar. Sure, the kids stops for a while, but she'll never let her guard down. She knows that sooner or later the kid will try to sneak one, and inevitably he will.

In other words, the whole world needs reform. So ... things will either get worse and worse until everything collapses or erupts, or we will attempt to fix it all, and everything will still collapse or erupt. I am usually very optimistic, but unless we do almost everything just perfectly... what's the use?

Re:Trouble is...

[cyber-vandal]

Moral reasons. As if US corporations don't use the same tactics and get as many government subsidies as European ones. Anyone who thinks otherwise should do a search on corporate welfare on Google and see that more of your taxes go to wealthy corporations than go on benefits to the poor, and yet those same corporations via the puppet media are the ones advocating cuts in poverty benefit.

Re:Trouble is...

[LuckyLuke58]

Interesting article. By the sounds of it, instead of bribes, the US spies so they can blackmail - "we caught your company taking bribes from such-and-such European company - we'll be quiet about it, of course, if you provide such-and-such US company with some major contracts" :)

What a joke. Seriously, where do Americans get this arrogant idea that they are the world's only technological innovators? Do they teach it in US schools or something? Many major technological advancements (such as fiber optics, CD ROM's) were done in UK/Europe/Japan.

The guy implies that the two times that they were caught are the only two times they ever spied. Quite laughable. Then goes on to explain how great America's economic policies are (which explains why the US has never had an economic depression, right?). Anyway, who appointed the USA as the police of world economic corruption? I can't remember anyone doing so. Isn't it kind of like the pot calling the kettle black anyway? I mean, nobody in their right minds would even imply that US business is free of bribery and corruption. How do such narrow-minded bigots get appointed in such high positions?

Re:Trouble is...

[LuckyLuke58]

Our company used to be next door to a local Peanut company (not in the US BTW). This is a small company, with maybe 10 or 20 people, and not exactly cutting-edge or anything like that. I was quite surprised when I learned that their phone lines had actually been bugged (about a year ago, by competitors). Really, if even a small Peanut company in an *apparently* mild competitive climate has such problems, I find it difficult to imagine this stuff not happening at multi-billion dollar global corporations like Boeing. I would be fairly surprised actually if it hadn't happened.

Re:Trouble is...

[Bender+Unit+22]

Get serious, Europeans. Stop blaming us and reform your own statist economic policies. Then your companies can become more efficient and innovative, and they won't need to resort to bribery to compete.
So US companies are more efficient? I am not saying they suck, but a study showed that European workers are more efficient, even with the lower number of working hours in a week.

Well, of course we can debate how serious a study reported on CNN is. My personal expirence with US companies are that they had long work hours and the people had a low "stress threshold".
--------

Re:Trouble is...

[xDe]

Interesting article you linked to there. Since it's a former CIA agent justifying spying on allies we should hardly expect honesty, but I find the justification he uses interesting:

Stop blaming us and reform your own statist economic policies. Then your companies can become more efficient and innovative, and they won't need to resort to bribery to compete.

As you say, the article is bigoted, but these misconceptions about European economics are ones that many Americans seem to share - I think the article is aimed not at Europeans, but at those among the Wall Street Journal's primarily American readership who may be uneasy with the CIA's actions.
Either that, or he's just astonishingly stupid.

Re:Trouble is...

[Henry+the+Orange]

In economic terms, Europe is more than a match for the USA (or anyone else) already, and the integration of the east (with or without Russia proper) at similar levels of economic development would dwarf America and Japan economically (not to mention China, which in currency terms has an economy which I believe is still smaller than Italys).

However, the political project of a European state is not very popular in the north (i.e. Norway, Sweden, Denmark and the UK), and I dont think it will happen. Already, the thought of ugly euro coins and notes replacing beautiful national ones is repellant.

Translation of Spiegel Article plus comments

[Hanno]

[Everything in brackets is my comment. I am German.]

http://www.spiegel.de/netzwelt/politik/0,1518,1231 70,00.html

Enemy Software

German Army bans Microsoft Software

In fear of US secret services, the German foreign ministry and the German army are planning to close security holes. Instead of American software, federal computers will run German software in the future. [German software? There is no German operating system that I know of. DPA has a competent staff of tech writers, but I doubt they got this right.]

Original article by Deutsche Presse Agentur [an independent, but huge commercial German press agency].

(Image caption: In danger of spies - the German army shoots against Microsoft.)

Computers that are used in security-sensitive areas shall not run Microsoft software anymore. According to German government security advisors, the American secret service NSA has full access to the complete source codes of the US company and is thus able to read even encrypted [Microsoft] files. Because of this, the German ministry of defense uses encryption technologies offered by the local companies Siemens and Telekom [the formerly state-owned, now largest telephone and internet provider].

Meanwhile, the ministry of foreign affairs has halted plans to use video conference technology to communicate with their embassadors and foreign offices. During a Telekom presentation in Berlin at the beginning of March, State Secretary Gunter Pleuger was informed that for technical reasons, every satellite transmission is routed to the American city Denver, Coloroda.

Pleuger thinks the detour to the USA is a security risk. "Then we could do our conferences in Langley right from the start" joked a staffer of the Pleuger office. Langley, Virgina, is the location of the US secret service CIA.



------------------

Re:Translation of Spiegel Article plus comments

[Jobe_br]

Germany may not have a Microsoft, but I believe RedHat has representation in Germany, SuSE is definitely huge in Germany (maybe even a German company?) so the options there are pretty open.

Re:Translation of Spiegel Article plus comments

[cybercuzco]

(Image caption: In danger of spies - the German army shoots against Microsoft.)

I dont know what is scarier, Microsoft, or the German army shooting Microsoft. If not for Germany, we'd all be spaking english right now

Re:Translation of Spiegel Article plus comments

[haystor]

Even if they were to change Linux the changes could remain confidential as long as the users of each system still had access to the source code.

Just because you change your own systems doesn't mean you ahve to tell everyone about it.

Re:Translation of Spiegel Article plus comments

[portege00]

[German software? There is no German operating system that I know of. DPA has a competent staff of tech writers, but I doubt they got this right.]

What about SuSE Linux? It's free as in beer, free as in speech, and very German. It's also a very good OS. It would only make sense that the German government would adopt it. This is the same reason China won't use M$. It's sad to see that only foreign governments are realizing that Microsoft software is not secure!

Re:Translation of Spiegel Article plus comments

[Drone-X]

I'd find it suprising if Microsoft didn't have a representation in Germany. But that's not really the same as having the Microsoft (or Red Hat for that matter) HQ in your country.

Re:Translation of Spiegel Article plus comments

[3247]

There is also SINIX, a Unix-like operating system made by Siemens (now obviously Fujitus/Siemens). I don't know any details however.

However, I don't think it can be more sercure - or be easilier checked for security - than systems like GNU/Linux...

Re:Translation of Spiegel Article plus comments

[hsweeney]

Amazing transformation. When I worked on it 15 years ago, it was a DOS/VSE clone.

Re:Translation of Spiegel Article plus comments

[Sique]

there is of course BS2000. a siemes unix clone.

BS 2000 is _no_ UNIX clone. It is a OS/390 clone.

Sique

Re:Translation of Spiegel Article plus comments

[DickBreath]

I believe RedHat has representation in Germany, SuSE is definitely huge in Germany (maybe even a German company?)

Suse is a German company.

Re:Translation of Spiegel Article plus comments

[Doktor+Memory]

There is no German operating system that I know of.

Untrue. Siemens-Nixdorf has had their own version of SVR4 for a long time now. It's called "Reliant UNIX" these days, but was known as "SINIX" for most of its history. It runs on the old Pyramid/Siemens workstations and servers. Not very well known in the states, but you can usually tell sysadmins who've touched it by the way they start cringing when it's mentioned.

Re:Translation of Spiegel Article plus comments

[Henry+the+Orange]

Very little of the code in SuSE Linux is of German origin (most is American), and an even smaller portion is actually owned by SuSE. Auditing such a large amount of untrusted code would be a significant task, and would not change the ownership problem, nor the fact that any attacker would be able to scan the code for weaknesses.

There is, however, a UNIX owned by Siemens, which is called Sinix. Since Siemens is mentioned by name in the article, it seems very likely it will use its own operating system. Of course, most UNIX code is also of American origin, but Sinix is fully owned by Siemens, and any changes to code inherited from BSD, or purchased from AT&T/USL, can therefore be kept confidential

Re:Translation of Spiegel Article plus comments

[Henry+the+Orange]

Youll have to to better than making general claims without any backing, and Linux is only a tiny portion of SuSE anyway. For some real evidence, look at the Free Software Foundation contributors page: http://www.fsf.org/people/people.htm.

If youre too lazy to look, a majority of the contributors are American, and the USA is unquestionably the largest single source of contributors. Even among the contributors who are not actually Americans, a great many live in the USA (as, of course, does the most famous contributor to Linux).

Re:Heh.

[Requiem]

Right.

Re:Oh Please, This Is Just German Nationalism

[stesch]

I can't remember any "Buy German"-Campaign like
the "Buy American"-Campaigns in the US.

Re:Backdoors?

[sharkey]

No, no "backdoors" in software means that the author, publisher, NSA, etc. can get in while you think the software is secure.

Outlook, on the other hand, is not a backdoor, it tends to "backdoor" the user. This is using "backdoor" as a verb, in the sense of prisons, or porn put out by Seymour Butts.

--

Okay, but...

[flamingdog]

I can understand the concern, but having the source code to some MS software doesn't equal having access to the germans computers. Maybe they could find a way in easier if they had the source code, but still, I hate to be a troll, but there are plenty of bugs and exploits being discovered for MS software WITHOUT having the source code, you would think THAT would be their reasoning....

---------------------------
"I'm not gonna say anything inspirational, I'm just gonna fucking swear a lot"

Re:Okay, but...

[fors]

The article is about backdoors not source code. A back door will allow access regardless of the amount of security you use. The only way to protect against a back door is to find it and neutralize it. The way I would do it is to have it use an unusual port. Modify the system software so that the port doesn't show as used and then only allow connections to that port that are formatted a certain way. I think it would be pretty near impossible to find and use.

Re:Wha? us and them

[alfredo]

the intelligence community protects its secrets under layers of "need to know." Though we know that some NSA agents worked at MS, we did not know what they were doing there. We didn't have the need to know. Even the president can be shut out from info because he may not have a need to know. so he won't know that he doesn't know, so he will not want to see info he doesn't know exsists. It would be naive to think that the NSA doesn't use the most widely used software for government and business, for its own purposes. It is also naive to think that MS isn't getting something in return. And to think that the Justice department wouldn't go after MS is naive too. To not go after them would raise suspicion. the software community would have blown the whistle, saying they are backing off the case because MS is in bed with the NSA. Most NSA guys are just normal geeks who like the work, and don't think of the moral consequences of what they are doing. They party as hard as they work.

Re:Give me a break

[GC]

Linux is not US Software, it is from Finland.

Re:Don't count on it.

[Arandir]

Don't count on Siemens having the nerve to say no to Microsoft. If you look at the most recent Dr. Dobbs, they are the featured "client" of Microsoft NT Embedded. Also, I work for a company that just got aquired (peacefully) by Siemens AG. We were a long time user of LynxOS for realtime embedded medical software. The word has now come from above that we will discontinue the use of LynxOS, and use Syngo(tm), which is Siemens Medical Software divisions' WinNT/2K based ActiveX framework.

Re:Give me a break

[Arandir]

98% of SuSE is not german.

If I wanted the ultimate secure OS for a PC-based server, I would want to use OpenBSD. But too bad, it's developed in Canada...

Re:Can you tell us the name of your employer?

[Arandir]

You know I can't say who it is :-)

Suffice it to say that we used to be an engineering organization with an engineer/physician CEO. Now our Siemens CEO is a marketing dude, and our marketing department, dancing on their puppet strings, are creating our engineering *specs*. Gaaagh!

We were best of breed, the most respected company of our type. And we got bought out by number eight in a field of nine competitors.

It's time to get my resume in order...

Re:Give me a break

[Arandir]

Linus Torvalds, Richard Stallman, Larry Wall, and Guido van Rossum are but four major authors of SuSE Linux that are not German. You see, SuSE did not write 98% of SuSE. They only took existing components and fit them together, along with some of their own. SuSE may have created the SuSE Linux operating system, but they didn't create the vast majority of components.

This is just dumb

[Saint+Stephen]

Wouldn't it be significantly easier for spooks to form a small software front company and sell custom software to the desired target that would contain bugs? The larger the organization, the more chance of leaks!

Re:Serious Euro-funding for Open Source on the way

[AnteTempore]

GnuPG was partly funded by the German government.
Search for 300.000 here. So it is not the first time German government turns to Free Software.

Overreaction

[JohnZed]

This really is a bit silly, and I wonder if it isn't just a magazine report blowing comments out of proportion. Remember the old story about China dropping Windows for Linux? It turned out to be a complete exaggeration and misunderstanding. Besides, if they're really concerned about backdoors, why don't enter into Microsoft's new source code sharing program? I'm no more a fan of Windows than any other Slashdotter, but I do recognize that MS makes a lot of money overseas, and they'll take whatever steps they consider necessary to regain trust in these areas, especially as the US software/PC markets slow due to economic concerns and market saturation. --JRZ

Re:Overreaction

[DickBreath]

Is Microsoft willing to let their source code out of the US? Really? Especially to countries like China where piracy is rampant and MS would have to trust the foriegn government to keep it's source a secret? Who does MS complain to if foriegn power does not respect MS's NDA? Even in such an event, the damage is done, even if there were an effective higher power to complain to? (aside: wouldn't MS complain to a "lower power"? Hey, buddy ol' pal Satan, some foriegn power released our source code.)

I can see why MS is so tight lipped about their source. Even in the US. Even with legal recourse. If their source code escaped, imagine the consequences. Okay, Company X, and it's employee Cmdr Taco are found guilty of violating MS's NDA. They are to pay $200 billion in damages. C'mon, do you really think that any company besides MS could afford such a judgement? The damage is done. Period. No amount of money can undo it.

Bottom line: MS is NOT going to do "whatever it takes" to earn back people's trust. Even if MS truly has nothing in their source to hide.

(another topic: even if they have no NSA back doors to hide, they might have other secrets to hide in their source. Anticompetitive features. Code to sabatoge competitors. Undocumented features to benefits only MS apps. Code that violates other's patents or copyrights. Admittedly, this last one is quite a stretch.)

Re:Oh Please, This Is Just German Nationalism

[Mozo]

Needs to be said:

The English the English the English are best!

I wouldn't give tuppence for all of the rest!

(Flanders and Swann)

The thing is, the song was meant to be a joke, while cyber-vandal's post apparently wasn't....

Re:Wha?

[fitsy]

Sir being the title of a Knight in the UK, for those who didn't know.

Nah, Sir being how much you offered in brown envelope "donations" to the government in power.

Re:Protectionism

[claes]

Well, can you tell me what part of an airplane could be more important?

Re:Wha?

[RomulusNR]

Yeah, and if there was a tunnel under the Russian Embassy, you'd think Putin would have used it to avoid the rain.

Thanks for the translation!

[Rocketboy]

Thanks for the translation: my German is lousy after 20+ years of disuse. :)

Re:Consider this

[chill]

Firewalls are completely irrelevant.

Most software is now so "helpful" that it has ways to bypass firewalls by tunneling through known-open ports, like 80 (HTTP).

RealAudio/Video, Windows Media Player, etc.

If you are connected to the Internet via ANY port then data can go out -- like embedded in a URL.

Also, unless you own the ENTIRE NETWORK you are traversing, your data could be sniffed on a "public" point. If the encryption is flawed, you're screwed.

Re:Ever hear of encryption

[chill]

Most of the encryption software on Windows goes thru the CryptoAPI built into the system. This way it is "integrated" and easy to use.

If the CryptoAPI implementation is compromised, then everything else is, too.

Amazingly enough, you are not allowed to compile your own version of Windows so you can validate the CryptoAPI. (No, seeing the source is NOT enough. How do you know the souce you are seeing is the one that was compiled for your system?)

As for software that DOESN'T use the CryptoAPI, it is few and far between. There are also several other ways to compromise security if the OS is evil.

The ONLY way would be to encrypt the data elsewhere, no no unencrypted version ever touched the questionable system. You would have to have complete trust in the system doing the encryption (aka -- not an MS product for anyone who HASN'T had a lobotomy).

China, Mexico City, the German Military... one by one they will be assimilated into the NEW collective.

Re:Give me a break

[chill]

Actually, the U.S. Gov't is one of the bigger users of OpenBSD (Canadian).

The Linux kernel started Finnish (Linus) and is now an international product (look at the list of contributors).

The won't spend the money to start from scratch -- it will cost too much. The will most likely use an existing open source product (BSD or Linux) and go from there.

Can you see them writing EVERYTHING from scratch? OS, word processor, spread sheet, etc.? All the daily use stuff?

Forget it. Have your own code boys audit Linux/BSD and the open source packaged you use (Open Office -- which BTW used to be STAR Offce -- from STAR DIVISION, a GERMAN COMPANY).

Re:Let them review the code

[chill]

Irrelevant.

You must be able to COMPILE the source and use it. You must also trust the compiler (make --bootstrap), which means have the source, etc.

The song "Head Like A Hole" is about Microsoft. Listen to the lyrics. (NIN, I think.)

"Head like a hole, black as your soul,
I'd rather die, than give you control.
Bow down before the one you serve,
you're going to get what you deserve".

If that ain't Bill G. and MS, I don't know what is. :-)

Its all about control, boys and girls. The RIAA, MPAA, MicroSoft, Sun, the U.S., German and any other gov't... all of it. Everything else is secondary.

Re:Serious Euro-funding for Open Source on the way

[chill]

Wrong. Source is good, if you can USE it -- unlike Windows. If they even bother to let you see the source, there is no way you can compile it and use it.

Only a fool trusts separate binary and source packages.

Re:Serious Euro-funding for Open Source on the way

[chill]

True, but the military doesn't count as "most users". They hae a level of paranoia most people only have nightmares about. "Trust" takes on an entire new meaning.

Of course, if the source were open, you might not have to audit everything yourself. A trusted 3rd party (like the OpenBSD core) does the job. It's a question of WHO to trust and Microsoft has proven itself to be UNTRUSTWORTHY by its actions.

Re:Compiling GCC

[chill]

I have compiled GCC twice in the last week (making a new system using linuxfromscratch.org materials), and with the just release of 2.95.3, I'll be compiling again this week. :-)

GCC has a "make bootstrap" which means to compile GCC, then compile again with the newly compiled version and compare the two. This is why using something other than GCC for step #1 would be good -- odds of it bugging GCC to bug GCC are astronomicly small.

Founding New York

[chill]

If we find the receipt, can we give it back?

:-)

Re:Oh Please, This Is Just German Nationalism

[el_chicano]

Every time a german buys an MS operating system some money flows out of germany and into the US. Great for us, sucks for germany.

I don't see a penny of that money, so it you properly should have said great for Bill Gates and Microsoft investors.

I have to use M$ crap at work so actually things are not so great for me...
--
You think being a MIB is all voodoo mind control? You should see the paperwork!

Did anyone notice the link on the bottom?

[macpeep]

Namely, "US Navy carrier to adopt Win2k infrastructure" that goes to http://www.theregister.co.uk/content/archive/11929 .html

I guess their problems with NT were't as bad as many people here would like to believe.

Re:Oh Please, This Is Just German Nationalism

[Malcontent]

Nevertheless it's a good idea. Every time a german buys an MS operating system some money flows out of germany and into the US. Great for us, sucks for germany. Every country should make a policiy to use it's own products in it's own government. Anything else is saying your own countryman could not create a decent product and what the hell kind of an endorsement is that?

I am always shocked when I hear that another government has standardised on some american product or another. Even if the products made in your own country are somewhat inferior why would you give away the tax dollars collected from your own citizens to a foreign corporation? Besides I am finding it hard to believe that a country which can make BMWs could not produce quality software.

good enough excuse

[Kenshin]

Hey, it's a good excuse as any to turf Microsoft...

Re:good enough excuse

[ZaneMcAuley]

yeah, we cant have an article WITHOUT turfin MS :) For moral reasons ofcourse :)

Re:i thought this was good news...

[Betcour]

I sort of thought that "German armed forces" counted as a major military organization.

That was true... before 1945. Now although it is a modern and well equiped army, it doesn't have the same firepower as the USA, Russia, France, UK or China. The germans themselves are mildly happy about having big military forces, considered what they did with it in the past.

Re:The rest of the EC will follow.

[charon.de]

Perhaps Germany, and other nations will start using alternate software. According to netcraft, the german armed forces (Bundeswehr) www-server: >bR> The site www.bundeswehr.de is running Apache/1.3.14 (Unix) PHP/4.0.3pl1 on Linux.

It might be right that on corporate/private dektop M$ is used up to 99%, but do you think someone would trust, his mission critical services to systems made in Richmond?
Nope.
Michael

Re:The rest of the EC will follow.

[charon.de]

Why is this PREVIEW button next to the SUBMIT?
Damn...

Michael

Re:The rest of the EC will follow.

[charon.de]

Check your facts: That site is a privately run site arguing/counseling young people how to evade the draft.

According to whois bundeswehr.de
domain: bundeswehr.de
descr: Bundesministerium der Verteidigung
descr: Presse- und Informationsstab
descr: Postfach 1328
descr: D-52003 Bonn
descr: Germany
[...]

Doesn't look like a bunch of young people..

Better you check your facts before you reply!

Michael

Re:Oh Please, This Is Just German Nationalism

[GlowStars]

...and a Scotsman invented the telephone in the US

Philipp Reis was a scotsman?

Reis, Johann Philipp

The real inventor of the telephone

SCNR

The tradition was started by the NSA i believe

[gotan]

Well, the NSA apparently felt the need for a secure operating system. They went about it in the only sensible way (i believe) with an open source system. If there was a sensible alternative out there the NSA wouldn't have felt the need to throw money at the problem. This means, that even the NSA feels that Microsoft products don't do their job securitywise, and even if they can look at the source (i think the NSA has the necessary influence to do this) they might find it too complicated, apparently it's easier to start over with Linux anyway. Now, if even the US american NSA doesn't consider windows in their search of a secure OS why should the German Bundeswehr, or any other country for that matter. I think an Open Sourced OS would be the cheapest solution (and even allow for some interoperability).

Also consider that MS' might build something into their OS so it can be switched off remotely (maybe if they think you didn't buy the licence, or you didn't update often enough). Also it becomes harder and harder to keep control over your computer once you installed an MS OS or MS applications. Already you have to turn off automatic updates. The system actively resists some tampering with system files (yeah, it's for the best of the user, but even someone who knows what he is doing can't turn it off). Well an obscure blackbox wich doesn't allow for tampering isn't what makes a happy security expert. He prefers a modular and well structured overseeable system (not an easy feat with todays OSes). I think a version of Linux would be a good start, but maybe some people at Siemens did some lobbying (that is to be expected, although american politicians call it bribery when it happens outside of the US, of course none of that happens in the US at all, and G. W. Bushs plans to distibute money to his rich friends are for the best of USA, but i digress ...).

Re:The tradition was started by the NSA i believe

[Henry+the+Orange]

According to the website for Security-Enhanced Linux, Linux was chosen to allow the NSA to create an example showing that their security ideas could be added to a mainstream operating system, as well as to contribute to further research.

However, if the intention was to allow these ideas, and research based on them, to be used in the overwhelming majority of operating systems which are not licensed under the GPL, the NSA made the wrong choice. Based on the comments, it sounds like this was indeed the intention, so it is likely the people who approved the use of Linux didnt understand the GPL. Maybe this is was spurred Jim Allchins well-known comment about `educating legislators.

Double Take

[Wire+Tap]

Man... When I first read that, I thought it said "Budweiser Says Microsoft Software Verboten." *grins*

Re:Double Take

[YetAnotherDave]

Good, I'm not the only one...

Not that I'd drink Budwater even if they did
run Linux/BSD, but I'd at least make fun of
them a little less...

:)

Re:Wha?( www.budeswehr.de running Linux)

[guisar]

Check it out- the Budeswehr is running their offical site on Linux and Apache. Practicing what they preach- imagine that! Justin

Re:Backdoors?

[dwater]

> Outlook, on the other hand, is not a backdoor

Indeed. Isn't Outlook more of a 'front door'?
'Open door' might be more accurate.

Max.

Re:Does Germany follow all the MS trouble woe's?

[_xen]

I'd like to see the claims by Deustch Telekom and Sigmen.

The way I read the article, it is not a claim by Telekom or Siemens, but by German security authorities.

Nach Erkenntnissen deutscher Sicherheitsbehörden verfügt der amerikanische Spionagedienst NSA über alle einschlägigen Quellcodes der US-Firma und kann so selbst verschlüsselte Daten lesen.

Now my German isn't as good as it could be (so please any German speakers correct me if I've got this wrong!), but I would translate this as: German security services have discovered that the American spy service NSA has access to all relevant source code of the US Company and is able to read even encrypted files.

Of course, you are unlikely ever to see the basis of the claims that any national 'security' service makes.

Re:Wha?

[kevinank]

Even if you count the NSA key as belonging to the NSA, it really isn't likely to be a back door.

The way that Microsoft managed to get their software exported despite potentially strong crypto was that they could inhibit companies from loading arbitrary strength crypto by requiring the library to be signed.

As a result it isn't possible for a foreign windows user to load e.g. an open source crypto library, since it won't have the appropriate signature.

Now it stands to reason that the NSA wouldn't want to get their internal test crypto libraries signed by microsoft every time they want to test a new algorithm, so MS might well have added an extra load key so that the NSA could load their own libraries.

But being able to load a new library doesn't make it a back door. Normally you would prefer it if you could load any library as a crypto service provider. Adding the extra key only allows an additional set of libraries to be loaded, it doesn't of itself insert anything untoward in your operating system.

Re:Microsoft's explanation of NSAKEY is reasonable

[kevinank]

I think that the official explanation is unreasonable because it implies that the NSA was unaware of the security impact of having two keys, one of which is effectively never used. (Namely that the latter can be replaced with another key in the binary, thus bypassing the foreign DLL prevention.)

Personally I don't think the NSA would be that blind unless the key was inserted at the last minute just for their use (which would have a psychological blinding effect.) But it could be as you say; the NSA might have simply f--cked up.

Hell of it is...

[Greyfox]

Even if MS shows them the source, there's no guarantee that the source that they get shown is the same source that gets compiled. You could just diff in your NSA backdoors right before compiling and no one would ever know the difference.

Re:Hell of it is...

[jooniqzb1tch]

huh .. what about compiling it yourself, once you got the code ?

Re:Oh Please, This Is Just German Nationalism

[weinford]

If you understand politics, it surely isn't about what they say it's about. Of course, this is not about "security reasons". But even if this was about giving Siemens or Telekom a chance to earn a lot more money, I wouldn't call this "Nationalism" but rather "Commerce" or "Capitalism", which was invented in US (:-)). Yes, there is quite some unemployment in germany, especially in the east, but the germans aren't so dumb that they would accept this story as a plus against unemployment in election wars (they are just about to start right now). There have already been rumors that german government was to use open source software in the future (for price and security reasons, IIRR). And remember, even if the main reason is not security, if they get the source of the (german) programs they use, they at least get security as an "extra". I wonder why they don't just use open source and PGP, anyway.

Re:Oh Please, This Is Just German Nationalism

[Cheshire+Cat]

I never said that the American's didn't do the same thing. They do it, quite a bit.

Secondly, drop that smarmy attitude unless your country invented the Internet.

Oh Please, This Is Just German Nationalism

[Cheshire+Cat]

Citing "security concerns" is just a way for Germany to encourage the use of products from German-based companies. Right now Germany needs to do all it can to encourage economic growth at home. In former East Germany, unemployment is rampant. Its as high as 20% in some places.

I believe that they can't simply bar American software for various trade legalities. So they need to use "security concerns" as a cover to justify this. It doesn't mean that MS has backdoors in its code; rather the *rumor* that such things exist is the perfect reason for the German's to use software from their country.

Re:Oh Please, This Is Just German Nationalism

[Lispy]

Actually i was thinking this too in the first moment. I am german and this really seemed to make sense. On the other hand i doubt that the Bundeswehr is really interested inupdateing their systems just because of getting a german company a job. These folks are so lazy they never would do this if there wasnt a real need for it... Lispy

Re:Oh Please, This Is Just German Nationalism

[cyber-vandal]

Integrating a second world country into a first world one is not an easy task. What is wrong with Americans? I used to want to scream when I heard on CNN that Germany's problems were due to their socialist government. East Germany is a mess because it is a recovering Soviet client state that doesn't have the Soviet Union propping up it's economy, and reversing 40 years of misrule doesn't happen overnight, or even in 11 years. Just imagine how well the US would do if it decided to integrate Mexico into the US. Economic stagnation would be the result, just as has happened in Germany. Blame Chancellor Kohl, it was his dumb idea, based on a Germany that never existed in the first place.

Re:Oh Please, This Is Just German Nationalism

[cyber-vandal]

No paedophiles in the US then? You can own a gun, we just don't hand them out to any lunatic or 2 bit punk.

Re:Oh Please, This Is Just German Nationalism

[cyber-vandal]

People from my country (UK) invented the computer, the television and the car and a Scotsman invented the telephone in the US. The internet is undoubtedly a great invention, but it was an Englishman who created HTML and made it useful, and the next big thing on the internet will be mobile computing via 3G cellphone networks in which the US is woefully behind.

Re:Oh Please, This Is Just German Nationalism

[numo]

It is quite bogus to link unemployment in former East Germany with encouraging software development in the Germany. Right now Germany is hungry for the software developers and tries to attract them from the whole world - East Europe, India, ... There are green cards for 5 years and similar programs and if Germany does this, they must really see this as a problem.

I don't think the Bundeswehr really wants to switch from american software to software written by a bunch of Russians, Indians etc. I worked at Siemens Austria (I am a Slovak) and our team was two Slovaks, one Hungarian and our boss was from Iran. Now I work for another austrian company and the situation is not very different.

I think they will develop some security modules by their own staff and that will pretty much be it.

Re:Oh Please, This Is Just German Nationalism

[LuckyLuke58]

Fiber ("fibre") optics, England. CD-ROM, Netherlands/Japan. A-bomb, America, but vast majority of physicists non-American. Any more?

It also seems to me that many things that were invented in the USA were invented by people from elsewhere in the world who were researching in the USA. The USA seems to provide a good climate for research. I don't think that Americans in general are any more (or less) inventive than people in other developed nations.

Re:Oh Please, This Is Just German Nationalism

[LuckyLuke58]

Hear hear. Same thing here in South Africa with the dismantling of apartheid. It's only been what, seven years? And people (local and international) question why there is still such an imbalance. Nobody seriously contests though that it was a dumb idea :) OK - there are quite a few die-hard right-wingers who do. But most people see them for the brainwashed morons that they are, so they don't swing too much weight around here.

In the States, it's taken nearly a hundred years to get from "women getting the vote" to "it looks like there might even be a woman US president in the foreseeable future". American's official racism policies were dismantled about 40 years ago or so, and racism is still fairly well ingrained in the US system, and I doubt we'll see even the possibility of a black American president for the next 50 years. But I believe it will happen, and it will be no great shocker to the people then when it does. These things just take time.

I believe the problem is that most people suck at long-term thinking. They expect results *now*. Like many South African blacks who complain that their people still aren't as super-rich as local whites (which isn't really true, whites aren't "super rich", on average SA whites are worse off than average USA whites) Due to the lack of education, many don't understand economics etc very well (not that I do) but they seem to think that simply placing (unskilled) blacks into the same positions that were occupied by (skilled) whites will somehow result in lots of wealth. I can understand that from their position it probably looked like white people were rich simply because they were lucky/priviledged and/or because of apartheid. These people are now starting to learn that it also takes skills as well as a lot of hard work. Existing wealth dries up *very* quickly without skills and hard work to maintain it. Nonetheless things are going relatively well here and the economy is (I believe) in relatively good shape (seems to be getting better).

Re:Oh Please, This Is Just German Nationalism

[LuckyLuke58]

The east notwithstanding, the German economy is actually in pretty good shape at the moment.

"It doesn't mean that MS has backdoors in its code; rather the *rumor* that such things exist is the perfect reason for the German's to use software from their country."

Uh, I'm certainly no security expert, but even I can recognize the most basic principles of trust in a system. There does not even need to have been a rumour of backdoors - the more basic principle is that you're using a system that you simply DO NOT KNOW can be trusted, in an application where complete trust is imperative. The fact is, Germany simply has no way of knowing if MS systems can be trusted, and if you are the person responsible for implementing security in such a sensitive system, and you choose systems whose trustworthiness is inherently unknown, you should have your ass fired on the spot. The fact that the US goverment has spying backdoors in most major communications technologies exported from the states certainly should tell you that MS systems most likely *can't* be trusted. But even without this background knowledge, you know that the MS system is less than 100% trustable. When you absolutely need 100% trustable, then anything less cannot be accepted.

You do have a point, and I'm sure that part of the reasoning is to encourage the use and development of home-grown stuff. But those "security concerns" are more than just a useful excuse for this - they are probably very valid concerns too.

Re:Oh Please, This Is Just German Nationalism

[corvi42]

I believe that they can't simply bar American software for various trade legalities. So they need to use "security concerns" as a cover to justify this.

This would be true if they wanted to implement an across the board ban on all M$ or all American software in Germany ( makes you wonder what they'd have left? ) - or impose trade sanctions against all american or M$ software. However, the policy decisions of what one business or govt. agency is going to use for its own software is not prohibited by trade sanctions - that would just be ridiculous. If it were the case a govt. would have to have equal numbers of computers made by american, japanese, russian ( god forbid ), and other companies just to keep it fair. They don't need to cook up such an outrageous story just to cover what comes down to an IT dept. decision of buying local stuff instead of american.

Re:Oh Please, This Is Just German Nationalism

[westfieldscientific]

I'm not German, but my company doesn't run billyware here (at all) either. Pathetic security is simply one of a long list of objections.

A strongly held opinion that Windoze Sux is neither surprising, nor restricted geographically to the German nation. It truly does puzzle me however, that qualified managers in my country, who have the background to see m$ for what it is (or isn't) have been so laggard in reaching an indentical decision. The fact that m$ was able tp reach the prominence it did within our inductry is an embarrasment to me as an American, and those crooks have clearly had a deleterious effect on our industry.

As Linux continues it's destiny to mature further and gain marketshare, the German decision seems like just one of the earlier major corporate and national defections away from Redmond I expect to see across the unfolding history of this decade. Also, the selection of Solaris, one of the BSDs, or some similar platform does no damage, nor does it invalidate the point.

Hopefully, this time around, users will choose wisely, and base their choices on good code, and quality of engineering and good design, although I know some airheads will still look to popularity statistics for guidance, or be influenced my marketing pitches.

In time m$ will loose desktop majority status, which will accelerate the process, until it fades into a well-deserved failure and obscurity.

Re:Oh Please, This Is Just German Nationalism

[mvdwege]

Oh yeah, like US congressmen suddenly demanding an investigation on the takeover of the chipmaker SVG by the dutch company ASML, citing security concerns, after first giving the go-ahead half a year ago!

Don't go giving us that holier-than-thou attitude, when it comes to nationalism the US is as bad, maybe worse than Europe.

The world is bigger than the US you know. Dolt.

Mart

Re:Oh Please, This Is Just German Nationalism

[mvdwege]

Uh no, we didn't invent the internet. We did found New York, does that count?

So nice of you to prove my point. Thanks

Mart

Re:Oh Please, This Is Just German Nationalism

[mst42]

It's not Nationalism.

The Operating System Industry is not that large in Germany. In fact I don't know any products except Linux Distributions, if you count them as Operating System.

Furthermore the German Army is not a mass customer like a Company like Siemens. I doub't that the average bureau worker within the army will have to switch operating systems to write their letters.

As a second point I would mention that I'm relatively sure that only the software is bought from an external country (e.g.: Monopoly MicroSoft/USA).
All maintenance / support is aquired from Resources within the country.
So no "argument" from a nationalist point of view.

Re:Oh Please, This Is Just German Nationalism

[Henry+the+Orange]

Most American pension funds own shares in Microsoft, and its basic economics that there are knock-on effects. For instance, Microsoft builds buildings, buys computers, pays employees (who spend money on all manner of things), etc.

Modern economies are very interconnected, both interally and with each other. When, for instance, a Microsoft shareholder or employee buys a BMW, money flows back to Germany. You could even carry this further to an investor in the firm that builds Microsoft buildings, etc.

Re:Nobody checks Spiegel's credibility here....

[jeti]

Der Spiegel is a general magzine and not specialized on computing. Apart from that, der Spiegel is certainly one of the more credible german magazines.

Re:Gesundheit

[portege00]

Another oddity is why would they just come out of the blue and state these transmissions are going to Denver?

Read the Omega File. The NWO headquaters will soon be under Denver International Airport. It also says that Germany is set to be a key player in the coming of the New World Order, and that they were heavily involved with Grey aliens in WWII. It all makes sense thanks to conspiracy theories!

Backdoor? Like hell!

[Raymond+Luxury+Yacht]

Come on! The NSA would never use a backdoor to spy on a friendly nation! That would be *snort* That would be unethic*guffaw*al! This is the US gov*chortle* govern*laugh*ment...

*baaahahahahahahhaa!!!* oh god, I knew I couldn't complete that sentense with a straight face.

It looks to me like...

[Snoe]

Sure, there may be backdoors in the ms stuff, but it seems like the German gov't just got scared off of windows by some local company looking to replace ms with their own software...

It looks like it worked too.

Re:It looks to me like...

[cyber-vandal]

US corporations of course receive no money from their government.

Re:It looks to me like...

[Alatar]

Hahaha, yeah, right the NSA is going to share their intelligence with some corporation. I realize it must sound plausible from Europe, but from here it's simply ridiculous that the NSA would lower itself so and possibly compromise its intelligence-gathering activities so that some corporation can win some temporary contract. How does this help the national security of the USA?

If there is espionage, it is more than adequately explained by the mundane activities of trash-sifting, corrupt employees, and the like. It's pretty difficult to feel sympathy for Airbus, as well, since they're a government-subsidized consortium funded by taxes, not a corporation that doesn't get any help (well Boing can probably get any laws passed it wants by calling in favors from its campaign donation activities, but that's hardly the same).

Re:It looks to me like...

[mvdwege]

Are you by any chance referring to the SuSE A.G. in Nueremberg?

You're right, this sounds awfully suspicious, but remember there has been a lot of bad feelings over the Echelon program lately, especially considering the fact that US companies suddenly come up with a better deal just as some EU company is about to sign a major contract (as for example Boeing vs Airbus when some Arab airline wanted to upgrade it's fleet). Germany, being an industrial powerhouse, was most incensed by this suspicion of industrial espionage sanctioned by the US government, and Germans being historically paranoid about eavesdropping, this is not a surprising reaction.

Mart

Re:It looks to me like...

[Henry+the+Orange]

Perhaps, but how is computer software any different to the hardware/software controlling other military equipment? Are you saying all military equipment should be built internally by governments? If so, the suggestion is obviously absurd.

Re:Give me a break

[frost22]

> 98% of SuSE is not german.

Check your facts. The overwhelming majority
of Suse employees are living and working in
Germany and have German citizenship.

f.

Re:The rest of the EC will follow.

[frost22]

The site www.bundeswehr.de is running Apache/1.3.14 (Unix) PHP/4.0.3pl1 on Linux.

Check your facts: That site is a privately run site arguing/counseling young people how to evade the draft.

The Bundeswehr is aware of it and currently tries to get them stop using that domain.

f.

Eating my words...

[frost22]

According to whois bundeswehr.de
domain: bundeswehr.de
descr: Bundesministerium der Verteidigung

Yo are right. I eat my words. I was confused by this Article, which dealt with verteidungsministerium.de.

f.

Re:Give me a break

[StandardDeviant]

In case you were thinking that this is somehow a "win" (whatever that is) for Linux, think again: They are going to home-grow their secure solutions using a German software company.

Hmmm, ever heard of SuSE? Nothing stops them from making a DGSE-linux in cooperation with SuSE, sort of analogous to the NSA's security enhanced linux... (Was DGSE the german foreign intelligence agency or do I even have the right country? oh well, what ever acronym is right the point is the same) Now does this mean that they'll release a new linux binary called /usr/local/bin/sniffgermansecrets? doubt it. but if they find and release fixes for kernel bugs and whatnot, hey, that's a win...

--
News for geeks in Austin: www.geekaustin.org

erf

[Lord+Omlette]

I've seen on slashdot before the article about the aircraft carrier using Win2k (I think...) but think about it: We (Americans) absolutely refuse to get in line with the rest of the world? Governments refusing to run Microsoft while we put MS squarely in the middle of our power projection platforms? Did someone set us up the stupid?
--
Peace,
Lord Omlette
ICQ# 77863057

Re:erf

[Asic+Eng]

Well, war is not the only international interaction in which you might want to preserve secrets. Lets say you try to negotiate some form of international agreement. Now you want to tell your ambassador "You can conceded point A and B, as long as you get C, but try hard to get us A and B, too."

Obviously if the other country learns of these instructions he'll not negotiate A and B... They'd know exactly how hard they can press him.

I remember there was a news story a while back: the Irish government had used an encryption system from an American company. As it turned out while negotiating over Northern Ireland with the UK their communications with their ambassadors were known to the UK government. The system contained a backdoor for the US secret service and they were passing the data to the UK.

I can't say I blame them, this is what intelligence work is about. On the other hand, this is the danger you face when you have insufficient control over your security systems.

Re:erf

[Asic+Eng]

I disagree, the article's headline refers exclusively to the Bundeswehr, the article's content does not. The text just below states "wollen das Auswärtige Amt und die Bundeswehr Sicherheitslücken schließen" - so that refers to the Bundeswehr and the foreign ministry, both. It also states "In Computern, die in sensiblen Bereichen eingesetzt werden" - which means "computers which are used in sensitive areas" - that's a very long way from a general "ban". The headline is pretty confusing in that respect...

Re:erf

[Henry+the+Orange]

Yes, yes, yes, but this article is discussing an apparent decision by the Bundeswehr (German Army) to ban non-German software. There is no suggestion of a general ban throughout the government.

Re:erf

[Henry+the+Orange]

Dear me, surely you know the difference between a process crashing and an operating system crashing?

Apart from the fact that its a process, not the operating system, that crashed, the result of an integer divide-by-zero is undefined, and good operating systems dont let processes continue to run after theyve generated, and not handled, fatal exceptions. I know, for instance, that FreeBSD does the same thing (core dump), and Im fairly sure Solaris does too. Systems that dont core dump can get stuck in unintentional infinite loops, which is worse, or start corrupting data (much much worse).

If your code is likely to divide by zero, and you know what you want to do in that case, you simply handle the exception. If youre not expecting it to divide by zero, and it does, it usually means a bug, so dumping core is the right thing to do (so you can either find and fix the bug, or add an exception handler).

Re:erf

[Henry+the+Orange]

You may be right; the article is not very clear. I had read it as referring to two separate things: the software requirement by the German Army, and the teleconferencing concerns of the German Foreign Office. However, I can easily read it as saying the software requirement applies to both, though the teleconferencing issue clearly refers to the Foreign Office alone.

Re:erf

[Henry+the+Orange]

The most advanced military forces in the world use American and British equipment, and the most powerful espionage system in the world (Echelon) is run by the Anglophone powers (USA/UK/Canada/Australia/New Zealand). Surely the stupid ones are those who put national pride before military effectiveness?

If the Bundeswehr anticipate a war in which the Anglophone powers will not be on the same side as Germany, I think the last thing they should be worried about is which software their systems will be running when they're vapourised.

Re:Wha?

[Lord+Omlette]

The NSA has to report to someone right? If they spy on foreignors while the FBI spies on Americans, the thing kinda looks like

NSA->State Dept

FBI->DOJ

Well there has to be some sort of oversight such that

(diagram removed because it was 'lame')

And I'm sure that oversight can coordinate a little information exchange between the NSA and the DOJ. I'm of the opinion that there is no NSA backdoor in Windows, because it would have been found and exploited by now. I think it's just some European nationalism thrown in to cover up the fact that someone in the IT dept. fucked up and now they need an alternative.

It's fairly obvious where Deutsche Telekom hails from, but I didn't know Siemans was a German company... I suppose asking them to use NSA Linux is out of the question =) Anyone have any insight into what design decisions they'll be making?
--
Peace,
Lord Omlette
ICQ# 77863057

Re:Who works for the NSA?

[Bandazaar]

Now, consider the resources that the NSA would expend on getting backdoor (highly obscured buffer overflow) access into a few of the most popular Linux distros. All they would have to do is get maintenance control of a couple key packages. This can rather easily be done.

At least with open-source somebody could find this backdoor since a reasonable large number of people could stumble over the backdoor, whereas with any kind of proprietory work only a select few will be able to even see the backdoor, and they might not recognise it.

Bandazaar

Heh.

[crashnbur]

So after a history of imperialism and being a nuisance to most of the world (early 20th century), Germany suddenly turns the tables, and the United States is now the greater evil because it sticks its nose into everything.

I'm an American, and I'll almost go along with that. The U.S. is attempting to play daddy for the world, attempting to keep control here and there, trying to keep conflicts down, and trying to promote itself all the while. I wouldn't be at all surprised if we did have backdoor access and were stealing foreign secrets in this way.

Still, I'm just a kid, and I don't know what I'm talking about. Right? :-)

Re:Heh.

[cyber-vandal]

Trying to keep conflicts down? Ha! I think you should have a look at this and then judge how great a force for peace the US has been over the past 30 years. Not that the Europeans or Japanese have exactly covered themselves with glory either.

Re:Heh.

[cyber-vandal]

How to look an idiot by forgetting to close quotes. Try looking here.

Re:Wha?

[_Shad0w_]

Not sure how German Siemens is, but Siemens HQ is in Nurenberg; I've had to phone their Industrial HMI support team there before and I have to say the Germans are bloody sight more useful that their English counterparts...but I diegress.

Siemens I think is/was owned by Sir William Siemens, the UK HQ is called Sir William Siemens House and it's in Manchester. So maybe it's a half German half English company?

Sir being the title of a Knight in the UK, for those who didn't know.

--

Why Now?

[bmasel]

Everyone, including the Bundeswehr has known for years that MSware is compromised.

Could the decision to do something about it now be related to German troops in Macedonia being shelled by a CIA surrogate army?

It was about time...

[Lispy]

...a year ago a friend of mine, who is in the germany army, told me that they are using MS Win95 on their Radarsystems...argh! That scared me...these areas are just too sensible for a OS wich you can enter by pressing on login ;-) Same with hospitals. I cant wait until we germarns ban MS out of our healthsystem...that looks like the next logical step... Lispy

Re:Nazis burning again!

[Lispy]

Scheisse! This is soo poor! Where are the moderator points when i need them. So tell me, whose the Nazi in here? Lispy

Re:Nobody checks Spiegel's credibility here....

[Lispy]

There really shouldnt be a doubt about Spiegels credibility. I trust them. Lispy

Re:Gesundheit

[Lozzer]

Germany is a very powerful force within the European Union as well so chances of this rubbing off into other countries will likely take place in the not-to-distant future.

Germany are about as popular in Europe as the US is throughout the world. The chances of France, Italy or the UK following them "just because Germany did it" are pretty slim.

Re:Well, it's a start

[cyber-vandal]

Because the NSA have it and the German government doesn't. If they used a truly open system then backdoors could be planted but a security audit would find them.

Re:Unsafe Secrets?

[cyber-vandal]

Well Microsoft did it. Sort of anyway.

Re:Inventions german or british?

[cyber-vandal]

John Logie Baird invented the television, and you're right it wasn't an Englishman who invented the first car it was a Frenchman. Saying that Daimler invented the car is as hilarious as saying it was Henry Ford that did it.

Germany

[kruczkowski]

I work for a German Company and have visited a lot of German companys. From what I have seen is that all the companys run Windows NT and a few run Windows 2000. If they run Windows NT it's with SP5. I have also seen a lot of companys experment with Linux, mostly running internal websites.

But the article talks about secure servers, I just see the "front end" not the secure servers, and from those that I have seen, they are running Suns.

I wonder who is winning on this? SuSE?

Inventor of the Computer

[3247]

"People from my country (UK) invented the computer."

Nope. The first computer as a programmable, general-purpose calculation machine was build in 1941 by Konrad Zuse.
Of course, there were numerous electronic or electromechanic calculation machines back then, but none of them was truely programmable.

Re:Inventor of the Computer

[Henry+the+Orange]

The Zuse devices were not actually full computers, because they lacked conditional branching, so a program had only one path of execution. The link, http://www.inf.fu-berlin.de/~widiger/ICHC/papers/a nnals/node21.html, discusses early computing devices, including the first computer, the M-Mark 1, developed at the Universtity of Manchester, England. It explains why earlier machines were not universal computers.

An additional reason (according to some) why the M-Mark I qualifies as a computer, while earlier machines do not, is that it stored program code in memory. The Zuse machines, in contrast, used memory to store data, but read instructions directly from punched tape (so there was no `software, as we know it).

Re:i thought this was good news...

[nr1]

considering that the Bundeswehr (according to NATO plans) was supposed to be at the forefront of defense against the 7000+ warsaw pact tanks that could have invaded western europe, i would consider it a major military organization.

also, as one poster said (unfortunately modded down to 0) standing man power was 500000+ (now down to 280000 or so). mobilization levels within 3 months were 1000000+, i think.

in addition, it is a little known fact that the federal republic of germany has, in fact, nuclear weapons. Check out this article (babelfished).

There is a German Tornado strike bomber squadron that is assigned to carry American B61 nuclear bombs. Officially, these weapons are still under US control, but that is probably just a formality.

Re:Correction

[nr1]

"They didn't claim that the NSA is in Langley, Virginia. They said that the CIA is in Langley, Virginia." why was this modded down????

Re:i thought this was good news...

[sethgecko]

Define major Military Organization.... I don't think it includes the Bundeswehr....

from the Register article I was quoting: German armed forces ban MS software, citing NSA snooping.

I sort of thought that "German armed forces" counted as a major military organization. How about you?

i thought this was good news...

[sethgecko]

until I read the write-up at The Register which ends:

The two companies [Siemens and Deutsche Telekom] have supplanted Microsoft (and anything else American) and will be producing a secure, home-grown system that the German military can be confident in.

So basically, instead of having a proprietary American software running a major military organization, they'll have proprietary German software running a major military.

Re:i thought this was good news...

[+Addict-09+]

"So basically, instead of having a proprietary American software running a major military organization" Define major Military Organization.... I don't think it includes the Bundeswehr....

To whom does the NSA report? was: Wha?

[skybird0]

The NSA while administered by the DoD reports to the DCI who reports to the NSC who reports to the POTUS.

From the NSA web site:

The National Security Council, a group of appointed senior officials, assists the President in formulating foreign policy and intelligence priorities. The Director of Central Intelligence (DCI) directs and coordinates the diverse activities of all the U.S. intelligence organizations. The IC has representation from many intelligence agencies, including intelligence functions in the DoD, Departments of Justice, Treasury, Energy, and State, and the CIA. While not a military organization, NSA is one of several elements of the IC administered by the DoD.

"Then came the Holy One, blessed be He, and slew the angel of death, that killed the shohet that slaughtered the ox that drank the water that quenched the fire that burned the stick that beat the dog that bit the cat that ate the goat my father bought for two zuzim."

Nah.

[Defender2000]

It's not a backdoor. It's a feature.

Re:Nah.

[ZaneMcAuley]

A feature, isn't that a technical term for a bug :)

Bullshit

[Fervent]

citing security concerns

Right. Let's install RedHat instead...

German security authorities suspect that the US National Security Agency (NSA) has 'back door' access to Microsoft source code, and can therefore easily read the Federal Republic's deepest secrets.And then we're going to help Mulder crack his biggest case!...

Bullshit deux

[Fervent]

citing security concerns

Right. Let's install RedHat instead...

German security authorities suspect that the US National Security Agency (NSA) has 'back door' access to Microsoft source code, and can therefore easily read the Federal Republic's deepest secrets.

And then we're going to help Mulder crack his biggest case!...

Comment removed

[account_deleted]

Comment removed based on user account deletion

Backdoors?

[Sir_Real]

What like Outlook? :)

Re:Backdoors?

[Alien54]

What like Outlook? :)

Like the classic sig file says:

"I picked up a Magic 8-Ball (tm) the other day and it said 'Outlook not so good.'

I said, 'Sure, but Microsoft still ships it.'"

;-)

Re:Wha?

[Bender_]

Siemens is munich based, not Nurenberg.

Wilhelm Siemens was the brother of the Siemens founder, Wernher von Siemens, and was responsible for the English subsidiary.

Further information here: click

Re:Wha?

[Erasmus+Darwin]

I'm of the opinion that there is no NSA backdoor in Windows, because it would have been found and exploited by now.

Let's not forget the whole NSA backdoor key in Win2k debacle. There were, of course, reports from Microsoft denying that this was a key for the NSA. There is, at least, sufficient doubt to make it impossible to rule out the presence of a delibrate NSA backdoor.

Even if that weren't enough, one could argue that such a backdoor, if found, might be (or possibly has already been) classified as a bug instead of a backdoor.

Re:Correction

[WildBeast]

Are you implying that the NSA will break the law?

In other news ...

[wiZd0m]

The us Military will use Win2k to sink it's ships, ERR, Sail it's ships ...

Related Story

Re:In other news ...

[SexyAlexie]

Sadly for you, it's a criminal offence in the States to connect /any/ military or classified system to the Internet.

Re:Protectionism

[ponxx]

wasn't there just some story on the news that there were problems with the new barets the US army ordered because some of them were not manufactured in the US?

I think most armies have some form of protectionism built into their purchasing policies, this makes sense as you don't want to rely on someone who might end up on the wrong side in a conflict for supplies, and also because money fed into your own economy makes its way back into the budget in a few years anyway...

Bugged software

[mickwd]

Some-one tell them that MS software is full of a different kind of bug.

PS: Believe it or not, Siemens really does have a Staines office (Siemens Building Technology). If only Wang had an office in Cologne.

Well, it's a start

[Zecho]

Hopefully this is a precursor to a world where people will realize the value of having the source code to the software they use and rely upon. Especially where security is a major concern.

Re:Well, it's a start

[Henry+the+Orange]

How is that? In this case, the concern seems to be that the Windows source code it too open! It is believed that the NSA may have access to it, and can therefore find weaknesses to exploit, where as they lack access to source code owned by Siemens. If the code is open, the NSA obviously have access to it, along with intelligence agencies from actual enemies (rather than allies), which would make things much worse.

Re:Well, it's a start

[Henry+the+Orange]

But their complaint is not that they lack access to it (in which case the answer would be to request full access or ban it). Their complaint is that the NSA have access; a complaint which favours tighter control of source code, not looser.

Your argument may have merit, but it is not the argument that is being made in this article, which is that the ability of the NSA to see the code (which is suggested as a possibility, not a fact) is the problem. The article is in fact techinically incompetent (the ability to see encryption source code does not itself allow access to data encrypted by that code), but that is beside the point.

Re:Give me a break

[DickBreath]

98% of SuSE is not german

But at least you can examine, or modify the source code for 98% of SuSE. The other 2% of SuSE, you don't have to install.

With SuSE being a German company, they might be less inclined to spy on their own government -- or, the government migtht be able to cooperate/coerce SuSE in various ways.

Re:Let them review the code

[DickBreath]

I replied to another message with basically the following argument...

MS would never allow their source code outside the US. Who would they complain to if foriegn power violated the NDA? Imagine even inside the US where MS has the legal system in their pock..er.., um.., I mean, on their side. If a US company violated MS NDA, no amount of money in a legal judgement could make up for it. Period. Damage is done. So given the absence of any legal recourse, why would MS release source code outside of the US?

This is not just paranoia...

[Sindri]

This is not just paranoia, the us government has done this kind of thing before, see: this article
So this would not be the first time a US company has spied for the country.

I've thought this for years

[Atlantix]

You know, my friends and I have joked about MS (and other companies) having backdoors in their software for years. We've always known the NSA has incredible powers when it comes to finding out what they want to know. It's only a quick leap of logic to assume they've got systems that make Carnivore look like a toy. Besides MS, I'd say the next biggest target is Cisco's routers. Think about the incredible potential if the NSA can just reroute anything they want through their own network.

Re:Nobody checks Spiegel's credibility here....

[mami]

It can be trusted, but it's not a newspaper, it's a weekly magazine. The story though is very untypically short for "The Spiegel". That can't be all, I am sure there will be a follow-up when time comes. I think most of you are completely overreacting here.

Wha?

[BigumD]

You think that if the government had access to Microsoft's software then they'd have a stronger case against them...

Re:Wha?

[corvi42]

The different branches of govt. likely wouldn't be sharing this kind of info. Its unlikely that if the NSA and/or CIA were using undisclosed backdoors in M$ software to snoop on people ( an act which would violate any number of laws within the US and any number of international treaties outside of it ) they would be wanting to tell the justice dept. of all people anything about it.

Re:Wha?

[Henry+the+Orange]

Siemens is fully German. Wilhelm Siemens headed the London operations during the 19th century, and was at some point knighted as Sir William ('William' is the Anglicised version of 'Wilhelm') by Queen Victoria.

Re:Wha?

[Henry+the+Orange]

It seems the original link (http://www.cryptonym.com/hottopics/msft-nsa.html) which started this rumour is no longer valid. However, I found a reasonable analysis here: http://www.counterpane.com/crypto-gram-9909.html#N SAKeyinMicrosoftCryptoAPI It will of course fail to appease people who think aliens are secretly running everything, but its good enough for me.

If the Cryptonym `Chief Scientist who reported this had any confidence in his claims, he would probably not have removed them. On the whole, this sounds like a storm in a teacup caused by a naïve `scientist who cried wolf upon seeing the word NSA, then decided to slink away by removing his announcement rather than apologising to those he had needlessly worried.

Re:Give me a break

[Bloodwine]

Actually SuSE is a germany-based linux distro. I am sure that the German government could work with SuSE to work out any possible international security kinks.

Re:dis6runtled post

[rabtech]

Sorry; my comment was more in regard to the article at The Register, which details that they are phasing out ALL non-German software from their most secure areas. For normal governmental work and other divisions, they will probably continue using Windows, since that is the platform on which you'll find most business apps.


-------
-- russ

"You want people to think logically? ACK! Turn in your UID, you traitor!"

Give me a break

[rabtech]

If anyone bothers to read the article, it states that Germany isn't going to use ANY American or foreign software in its most highly secured areas. Why the hell did timothy feel the need to specifically cite only Microsoft software?

In case you were thinking that this is somehow a "win" (whatever that is) for Linux, think again: They are going to home-grow their secure solutions using a German software company.


This is the same thing our United States military does. They contract with American-owned companies for custom software solutions (like the recent Windows Datacenter custom system for running Battleships and aircraft carriers, or the NSA's development work on a secure Linux system.)


Can't Slashdot just stop focusing on Microsoft for even one minute? Please?

Oh well.... life goes on :)


-------
-- russ

"You want people to think logically? ACK! Turn in your UID, you traitor!"

Re:Give me a break

[Da+Masta]

Us canadians would never even consider having a secret plot to take over the world. Definitely not. Our niceness is definitely not a front. All our lax immigration laws are definitely not for harbouring foriegn defectors with top secret documents. No way. And no, of course we arent secretly forming our own language. What a stupid proposition, eh?

Re:Give me a break

[CargoCult]

Insightful...puhleeeaase!

Zo ve 'ave zer Deutsche Apfel, der Deutsche Zonne und der Deutsche IBM (who actually actively supported the 3rd Reich...really)

Das ist gut zoftware?.....nicht...

Re:Give me a break

[shd99004]

Why the hell did timothy feel the need to specifically cite only Microsoft software?

Well it was a great opportunity to once again attack Microsoft... and that's all there is to it, actually.

"Can't Slashdot just stop focusing on Microsoft for even one minute? Please?"

Hardly. It is one of the things this site lives on: Attack Microsoft for all sorts of things... and only Microsoft!

Nobody checks Spiegel's credibility here....

[msergeo]

which is *more* than ... doubtfull. I mean, the reporter of Der Spiegel never heard of Source License... oh, well, they will not reprint this in two year's time. Actually, Der Spiegel is known for such things.

Re:Nobody checks Spiegel's credibility here....

[antek9]

Hm, I'm curious why my post mentioning anti-semitic rants in DER SPIEGEL was deleted. What the ..?

Re:NSA Backdoor

[einhverfr]

The basic problem is that all encryprion/decryption in Microsoft software passes through the CryptoAPI. If it were compromised, it shoudl be possible to eavesdrop on encryption (and hence discovery of keys, etc.).

You are right, Word source code would not help, but access to this chokepoint of Windows encryption would help a great deal.

I find it interesting, though, that this si the second setback that Microsoft has faced in nearly as many days regardign foreign gov'ts using thier software. See http://slashdot.org/article.pl?sid=01/03/14/235625 4&mode=thread.

Ever hear of encryption

[+Addict-09+]

"According to a colleague of Pleuger's this meant that the German foreign services "might as well hold our conferences directly in Langley." We're not entirely sure whose interesting video conferencing via satellite service has a vital groundstation in Denver, but we note that Pleuger seems to have gleaned this information from a presentation held earlier this month in Berlin by, er, Deutsche Telekom."

Well, if they are not using and hardware key based encryption then it serves them right!

Re:Gesundheit

[+Addict-09+]

There are some major satellite teleports in the suburban Denver area...

Consider this

[the+real+jeezus]

Yesterday someone posted a connection between Microsoft & CoS. The Germans have good reason for their decision, especially considering that the disk-caching and defragmentation utilities shipped in NT & 2K were developed by a company founded by a Scientologist. Germany and CoS are not good friends (read more on google)

The internet has spawned interesting phenomena such as rtmark, which seeks to subvert worldwide corporatization by arranging contributions to fund legal anti-corporate activities. It's about time for someone to conduct similar efforts toward confirming back doors in OS software.

Until then, we all have to wonder whether this is paranoia from the intelligence community, or reality.

If you love God, burn a church!

Re:FCPA - Why not start at home?

[hughk]

I'm aware about the CIA statement about using espionage to monitor foreign companies engaging in corrupt practices to win contracts. OTH, look in certain countries (check out the bottom of the list)that are known for their corrupt practices. Do we see US companies standing back and not paying bribes in the country. Sorry, think again. They are out there leading the pack (they are often financially stonger).

I quote from an unnamed source in Uzbekistan, a US citizen working for a US owned joint venture.

Sure we pay bribes, the (US) govt should get real and exert real pressure at the diplomatic, not the business level.

So why do they really bug software? Just look at the business between Boeing and Airbus. Govt sponsored commercial espionage! Both sides.

Unsafe Secrets?

[Kooshman]

I'm sorry, but it always gets me that governments get so panicky when it comes to their "deepest secrets". Um, why would you have your servers (be they Microsoft OS'ed or not) that contain your most vital information accessible to the public at all? If all the server is connected to is a power socket, there are few ways anybody in America could pull information off of it. I doubt they have their classified documents in the local public library with a sign on it that says 'Do not disturb'.
"[The two companies] will be producing a secure, home-grown system that the German military can be confident in". Isn't that called "Linux" in America? Or really, "BSD". Anybody here who wants real security grabs their favorite distro and locks it down tighter than Trinity's leather pants. Wasn't this one of the stupid plot elements in "Antitrust", how the corporation put their secrets unencrypted on an internet server? Give me a break.

Re:Denver? -- the answer

[rfsayre]

Besides NORAD, there's the Denver Federal Center

Correction

[Maskirovka]

The NSA is based in Fort Mead, Maryland; not Langley, Virginia.

If germany develops a new OS in house, they'll have to develope it on SOME kind of platform, right? Assuming this conspiracy theory is on track, at least one computer with the source on it will be online at some point in time. There will also be bugs in whatever they develope that they don't catch immediatly. Ok, even if the source isn't stolen or sold at once, the os will be deployed onto computers connected to the net and in government offices all over the place. At some point it will be possible to steal a hardrive from one of the computers, and smuggle it out. Their security isn't that great. Given the NSA's capabilities, my guess is that they could reverse engineer just about any peice of software or at least get an idea of what it looks like. From there they could find bugs that would allow them to penetrate the main system, and get the whole source off a server somewhere.

Sound far fetched? Yeah. I'll bet I'm wrong..but then again you never know.

Maskirovka

Does Germany follow all the MS trouble woe's?

[To0n]

I mean, You'd think MS wouldn't really want to help the government after having all the legal troubles they did, what with the case and all. I'd like to see the claims by Deustch Telekom and Sigmen. Just curious...

Who works for the NSA?

[bryanbrunton]

Ok, consider the resources that the NSA might expend on a hypothetical backdoor into Windows. It would probably take significant lobbying of top MS execs. Or they could "buy" one or two important people on the MS build team.

Now, consider the resources that the NSA would expend on getting backdoor (highly obscured buffer overflow) access into a few of the most popular Linux distros. All they would have to do is get maintenance control of a couple key packages. This can rather easily be done.

Just because Linux is open source doesn't mean its impregnable. In fact the Linux distributed packaging and maintenance system would seem to make it trivial for spying agencies to attack it.

Well, uh...

[Scoria]

... Shouldn't computers containing stuff that shouldn't be seen not be networked in the first place?

Re:I always knew

[joleonard]

Hey, what's this cool new word "gig" mean?

dis6runtled post

[deran9ed]

German Federal Armed Forces banish Microsoft programs from fear of US secret services the Foreign Office and the German Federal Armed Forces safety gaps want to conclude. Instead of American software on the national computers in the future German programs will operate. In computers, which are used in sensitive areas, no software from Microsoft is to be used anymore. After realizations of German security authorities the American espionage service NSA has encoded data all relevant source codes of the US firm and can read in such a way.

Apparently the article and everything it states is directly supported by the article. And it was me not timothy who posted the comment and it was no way done to boost any use of Linux.

besides... last uname -a I did showed FreeBSD

Gesundheit

[deran9ed]

Siemens is a mega corporation, so its going to be neat to see how this plays out on other European countries using Microsoft based products, as well as the governments of Germany and America's trust in each other (remember with a company like Siemens, its not like its a mom and pop company ranting off.) Germany is a very powerful force within the European Union as well so chances of this rubbing off into other countries will likely take place in the not-to-distant future.

Another oddity is why would they just come out of the blue and state these transmissions are going to Denver? Out of all the places (for a conspiracy theorist to mention) in the US Denver and not someplace like Washington. Well here are the only places I know offhand capable of capturing, sorting info in the Colorado area along with respective information: ITS, NSA orders (keep in mind these are publicly accessible websites and known locations)

I wonder if MS would comment on this article or will they ignore it. This isn't the first time MS has been accused of having backdoored software.

(In fact here ya go enjoy... gov doc a, gov doc b, Slashdot's prior MS/Backdoor article)

Also its not the first time someone in the European Union has accused the United States of odd actions involving espionage. There was also something along the lines of ECHELON being by the U.S. used to promote industrial espionage in order to beat the EU to a large (billions of dollar large) aerospace deal with Saudi Arabia.

Anyways...

if [ -e bombdropping ];
then
mkdir /jail ; chroot /jail deran9ed
echo "it could happen to you too"
else
for i in `find /somewhere/over/the/rainbow -name deran9ed
do
wget -U spooks www.google.com/query?deran9ed
mv $i /jail
done
fi

Well here's the babelfishified version of the German article:

German Federal Armed Forces banish Microsoft programs from fear of US secret services the Foreign Office and the German Federal Armed Forces safety gaps want to conclude. Instead of American software on the national computers in the future German programs will operate.

In computers, which are used in sensitive areas, no software from Microsoft is to be used anymore. After realizations of German security authorities the American espionage service NSA has encoded data all relevant source codes of the US firm and can read in such a way. In order to protect secrets, the Ministry of Defense sets Siemens and Telekom therefore on encoding techniques of the domestic companies.

The Foreign Office reset meanwhile its plan to introduce video conferences with its representations abroad. Undersecretary of state Gunter Pleuger experienced with a Telekom presentation in Berlin at the beginning of March that all satellite transmission ways for technical reasons run over the American city Denver in the Federal State Colorado.

Pleuger was too uncertain the detour via the USA. " then we can hold our conferences directly in Langley ", spoettelte a Pleuger coworker. In Langley (Virginia) the American secret service CIA resides.

crummy translation...

vroom vroom

The rest of the EC will follow.

[SmoothOperator]

This may mean that rest of the EC will follow Germany's example. The German military might seem a bit paranoid, but Germany, as a country, has tremendous influence in the European Economic Community. Perhaps Germany, and other nations will start using alternate software, (maybe SuSE Linux) and MS will lose its market overseas. That, combined with Russian crackers and bad software/hardware security in Asia, might just contribute to the decline of MS. Who knows?

Re:The rest of the EC will follow.

[bacchusrx]

"The German military might seem a bit paranoid ..."

*Of course* they're paranoid. They're the MILITARY. It would be sheer folly for an industrialised nation's secured military systems to run off code which could not be audited.

They will contract private German-based companies to develop proprietary, secure systems. Any sane military *would.*

BRx.

Inventions german or british?

[Lars+-1]

Really? I'm curious about this: Television with its tube ist based on the "Braunsche Roehre". Is K.F. Braun German or British? Cars: The motor was developed by Karl Otto and Gottlieb Daimler. Who are the british people you speak of? cu Lars

Not a surprise

[jdun]

This should not come as a big surprise. Most foreign government suspected this for a long time. Foreign intelligent agencies do not use Microsoft product for security concerns. Microsoft product runs on most PC, naturally the NSA will want to get a hand in its development. Its beats trying to hack into foreign government computers. It save a lot of time and money. Now the question is what Microsoft getting out of this from the NSA? Microsoft is not giving it out for free, we all knows.

On the issue of OS. Germany intelligent agencies has there own OS as well as the Russian, etc. They are smarter then that to trust Microsoft or other foreign companies. The problem is that most intelligent agencies do not and will not share there technology unless they force to as we have seen with GPS.

I also think that all major companies foreign or not should be worry about this. If Microsoft have a back door key, vital information can be stolen by Microsoft and will be use against them or worst patent it. Even if Microsoft don't have a back door key in place, it's still very unsecured and I personally do not recommend it to my clients if security is there number one concern.

Hmm, I would suspect Microsoft

[genderbender]

I would suspect Micro$oft, But If this were the case microsoft wouldn't be in court against the government. Or is that just a cover to keep people from thinking microsoft and the Government are in cahoots. of course this might just be a classic case of one hand of the government not knowing what the other hand...

o'course this could just be the one of the best augments for open source ever.

I don't think any one in the CIA or else where in the government is smart enough to have pulled this off in the first place.

-- "Format C :" the only command you need to fix Windows.

NSA Backdoor

[thopo]

Nach Erkenntnissen deutscher Sicherheitsbehörden verfügt der amerikanische Spionagedienst NSA über alle einschlägigen Quellcodes der US-Firma und kann so selbst verschlüsselte Daten lesen.

Did anyone read what is really written here ?
It says: German Security Authorities think they KNOW ("nach Erkenntnisen" means ~ "they have knowledge/they believe to have found out") that the NSA has the source to all M$-Products. They don't assume it, they actually seem to be 100% sure of it.

So it isn't really important if the NSA has access or not, as long as the Bundeswehr believes they do (and the B. does believe it) they will replace M$-Products.

A German Solution.

[sordid]

Who needs Windows 2000 when the Germans have Enigma boxes, hah, sit on that and rotate Mr NSA! :o)

I always knew

[Diplomat73]

I always was sure Microsoft was in some murky waters. I mean Microsoft has been so far winning in its monoply case. I think this is done with the help of someone on the inside. They help microsoft, Microsoft helps them. As the article said: Which just happens is that they have picked up the gig. The two companies have supplanted Microsoft (and anything else American) and will be producing a secure, home-grown system that the German military can be confident. So long Microsoft. The revolution has begun!

Let them review the code

[evenprime]

Spiegel claims that German security authorities suspect that the US National Security Agency (NSA) has 'back door' access to Microsoft source code, and can therefore easily read the Federal Republic's deepest secrets.

If Microsoft really is going to open their source code to a select few parties, they better make the German government one of those parties. I think the potential economic (and PR) impact here makes it obvious that the Germans need to feel comfortable with the code

Microsoft also verboten for EFT/POS

[gd23ka]

The German ZKA (Central Committee of Credit Institutions) - a body that standardizes and certifies the electronic processing of financial transactions in Germany also specifically prohibits the use of Microsoft software in the security relevant aspects of EFT/POS (electronic fund transfer / point of sales). We don't do ATM machines but I know for a fact that most ATM machines run either a proprietary firmware or they're based on a ZKA certified version of OS/2.

Re:Oh Please, This Is Just ENGLISH Nationalism

[mst42]

World Domination UK ! (do they still control the world with their marine forces ?) (ups ... wrong century) If you still count the USA as a colony...

Re:Serious Euro-funding for Open Source on the way

[Henry+the+Orange]

Most users lack the time and also the ability to scan the millions of lines of source code for all the software they use. Acquiring binaries from a trusted supplier is generally much safer (but you have to trust both the honest and competence of that supplier).

At the end of the day, the issue is trust. Without a willingness to trust others, something as simple and basic as banking becomes impossible. Software is no different to anything else in this respect.

Re:Minor detail, but....

[Henry+the+Orange]

Bell was born in Scotland (Edinburgh), though I dont know what his citizenship status was when he developed his telephone. He may have been Canadian or American at that point.

Re:Serious Euro-funding for Open Source on the way

[Henry+the+Orange]

True enough that the military are different, so if they dont trust non-German companies, its proper to avoid non-German products (not just software) in sensitive areas. However, I was responding to your comment about only fools trusting separate binary and source packages. If that was meant in a military context, I simply misunderstood.

As for me, I trust them all: my bank, my hardware suppliers, my software suppliers, etc. In fact, since Ive nothing to hide, I dont actually care if these security agencies are monitoring my every move. Theyd have to be awfully bored to be doing that, though.

Protectionism

[Henry+the+Orange]

This should not be a surprise. Germany, like France, is very keen to use its military budget to protect domestic industry. It is done in most areas of defence spending already, so if it is believed that a viable alternative to Windows is available from a German firm, any excuse will be made to switch.

One of the reasons the British military is so much more effective than the French and German militaries is that spending is based on what is best for the job, not on politics. This often means buying American (or even French/German) equipment rather than British. The American military is fairly protectionist, but BAE Systems (formerly British Aerospace) is given equal treatment to American defence companies. In any case, the enormous size of the American defence budget is enough to make up for any inefficiencies caused by protectionism.