NSA Releases Updated SELinux
darthcamaro writes "Looks like our federal tax dollars are hard at work - improving security on Linux! The NSA - you know the folks that are shadowy figures on X-files - have released the latest updates to SELinux (security enhanced). Internetnews.com has got a piece on it
where they talk to Gentoo and Red Hat about the release's significance."
Security = 1/Convenience Solve for your favorite variable.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
Seeing as any changes the NSA make are presumably only used internally by the agency, they are under no obligation to release the source. So this is quite a community spirited move on their part.
:-)
Unless of course they are trying to sneak some NSA backdoors into Linux kernels
Homme petit d'homme petit, s'attend, n'avale
I find extremely disheartening that our tax dollars go into products, ideas and research that is then turned around and used for the benefeit of ONE company (see big drug companies, defense contractors, and certain university proffesors). That just seems plain "un-american". Here we have a rare exception, our tax dollar going to improve something for ALL americans (and the world too).
Sadly Microsoft is lobbying to shut down the NSA's involvement in free software, claiming that the government is essentially "competing" with them. Somehow our tax dollar going to work securing windows isn't communist according to MS. Just if it also helps someone that ISN'T MS. Lets hope they fail.
In the end, this can only be a good thing for ALL OS designers. It helps them look at how the people that stay awake at night worrying a lot think about security in an operating system.
AngryPeopleRule
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
You can say whatever you like about backdoors and the like, but you can be goddamned sure i want some of the brightest minds in this country looking at the code i use as opposed to the dumbfucks that i graduate with that go to work for regular companies. As for the brightest minds? Just take a look at the requirements to work for the NSA vs. Microsoft (and NO, i'm not talking about security requirements).
Well, those who are able should be going over the source closely anyways. The adversaries are!
Remember, NSA has two mandates:
1) Help Americans secure their boxen, and
2) Be able to 0wnz0r any non-American's boxen.
Just because #2 gets all the press on Slashdot doesn't invalidate #1. The net effect of "more machines on the network are secure, even though some of those machines are used by non-Americans, and even if that fact makes some things a little more difficult for the other half of NSA" is still an increase in security for Americans.
SELinux is consistent with NSA's goals in providing a secure information infrastructure for US Citizens. Given that NSA knows that the code will be closely examined by both NSA-friendly and NSA-hostile folk alike, I'd expect SELinux code to be safe, and would treat such code with a policy of "trust, but verify." (More precisely: "Verify, but trust.")
the combination of linux being open source plus the legal requirement that all US government employees must release code they develop as public domain results in SElinux.
in other cases it results in a very good statistical test suite being dumped into the public domain.
http://csrc.nist.gov/rng/
I'd rather pay taxes to support the stability of Linux, than to pay taxes to keep a piece of vulnerable software running any day.
"Instant gratification takes too long." - Carrie Fisher
Do you read all of your source code before you use the software?
:)
No, but if someone made changes and enhancements to my code or related to my code, I would most definitely like to see the changes.
Especially if its an agency like the NSA.
And am sure, so would the contributors to the various kernel and networking parts of Linux (or for that matter other Open Source works).
Besides, ever seen your average mail (and the number of mails) on Bugtraq or Security Focus mailing lists? There are quite a few people out there who would be quite interested.
Also, remember that even if NSA wanted to introduce backdoors, this would be too early - they would need to build up the trust to a level when people will get a little careless and then take advantage
Just what 100% commercial private railway did you have in mind?
Almost all railways are national interests, including passenger service in the United States. Only _very_ recently has privatization become fashionable for railservice and it is usually marked by miserable failure. Take Britain where it was suggested that they basically dump British rail north of Manchester because there's no profit in servicing BFE. That's the point of state-owned services. The state will not dump a region simply because it isn't making a buck and the service is more important than profit.
The vast majority of airlines are state-sponsored (outside the U.S., that is) and vary from states as majority stakeholders to 100% state-ownership. American carriers being privately held is more the exception to the rule.
If not for massive government investment, international travel would still resemble an Indiana Jones plot line.
The government had always spent money in infrastructure, either directly or indirectly. The examples you choose illustrate this point.
Cars-building would not be so lucrative if there were not good roads. The government pays for these. In addition, most factories are now subsidized by tax incentives. We would probably have almost no cars built in this country if local and federal authorities did not pay the manufacturers to locate here.
In the early days airlines made their profits delivering mail. It was a while before they were independent. Also, airports are generally built and heavily subsidized by local and federal money.
It is my understanding that the railroads were given land. They wanted to own the rails so they built them, with immigrant labor, externalizing a number of costs related to said labor. Lately the rail lines have been complaining that they have to pay for maintain of the rails with the government pays for the airports. The difference is that the rail didn't want to share. Of course, the government spend huge amounts of money subsidizing the rail lines. Which is good because for many thing rail is more efficient than road or air. The rail people later used their exclusive use of the right-of-way to develop long distance telephone service, another thing that would not exist with heavy government support.
Operating systems are infrastructure. It is proper that the government helps to make sure that this important business tool is suitable. The government has always subsidized the development of these technologies through research grants, not to mention the computer time that gates and co original took from university computers. On a higher level, some analysts think much of the profit MS generates is due to specific tax breaks they have been given.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
Anyone that can read and understand C. Thank God for OSS.
A better question would be, who would trust Microsoft?