Slashdot Mirror
A Secure OS For the Dalai Lama?
Jamyang (Greg Walton) writes "I am editor of the Infowar Monitor and co-author of the recent report, Tracking Ghostnet. I have been asked by the Office of His Holiness, the Dalai Lama (OHHDL) and the Tibetan Government in Exile (TGIE) to offer some policy recommendations in light of the ongoing targeted malware attacks directed at the Tibetan community worldwide. Some of the recommendations are relatively straightforward. For example, I will suggest that OHHDL convene an international Board of Advisers, bringing together some of the brightest minds in computer and international security to advise the Tibetans, and that the new Tibetan university stands up a Certified Ethical Hacking course. However, one of the more controversial moves being actively debated by Tibetans on the Dharamsala IT Group [DITG] list, is a mass migration of the exile community (including the government) to Linux, particularly since all of the samples of targeted malware collected exploit vulnerabilities in Windows. I would be very interested to hear Slashdot readers opinions on this debate here." (More below.)
Jamyang continues: "Allow me to play devil's advocate for a moment here: in the short term, moving to a platform that is perhaps less familiar to the attacker provides considerable relief, but it is essentially less difficult to write exploits for Mac OS/Linux than it is for Windows, given the many anti-exploitation mechanisms Microsoft has embedded in the last years, so in the long run, if the attackers want your data, the entire move is moot. People should choose a platform based on their productivity requirements instead of purely security. Furthermore, most of the web servers broken into during these attacks (to be used as command and control servers) were not Windows, but Linux. What do you think?
(While I have the floor I'd also like to take this opportunity to plug two initiatives where Slashdot readers can directly help the Tibetan tech community, either through sharing your expertise or your cash! Firstly, one of the obstacles to migrating to Linux for a Tibetan speaker is the lack of decent Tibetan font — can you help? Secondly, Avaaz is raising funds for projects that will help End The Blackout in Tibet, including a proposal to support the deployment of Psiphon's circumvention network. Thanks, or in Tibetan, thuk.je.che!"
(While I have the floor I'd also like to take this opportunity to plug two initiatives where Slashdot readers can directly help the Tibetan tech community, either through sharing your expertise or your cash! Firstly, one of the obstacles to migrating to Linux for a Tibetan speaker is the lack of decent Tibetan font — can you help? Secondly, Avaaz is raising funds for projects that will help End The Blackout in Tibet, including a proposal to support the deployment of Psiphon's circumvention network. Thanks, or in Tibetan, thuk.je.che!"
I'm not claiming there aren't Chinese spies inside microsoft. I'm claiming there are probably not enough to corrupt the kernel, and the critical people are being watched too closely to succeed in coordinating a successful subversion attempt.
On linux, freebsd, ... nobody's even seriously attempt to check people. Chinese (or Indian, or muslim, or just plain criminals or even bored adolescents) literally don't have to get up from their desk chair to do what would require organizing a coordinated effort right in the middle of America while being watched by several powerful institutions whose mission is nothing else than preventing that sort of thing.
Also the consequences of a failed attempt for the individual inside microsoft are none too pleasant, probably involving several decades in a little box with no windows. In the open source case, the consequence of a failed attempt is probably a few months work building a new nickname's coding reputation, if even that.
God knows I've spent many a week restoring linux servers that had been backdoored in some stupid way. It's not hard.
At the very least, it's not hard enough.
Yes, using linux to help restore an oppressive religious regime..go Linux!
You people might want to actuall read up on what life was like in Tibet before the Chinese came in and made it better.
Yes, the Chinese pale next to what the monks did to the people.
Hey, an elite class governing on there whim and not by law, nothing could possible go wrong~
Stupid bumper sticker hippies.
The Kruger Dunning explains most post on
Congratulations, it looks like you've Slashdotted the site you linked to.
I have to ask, though... how do we know that whatever content is there is factual, and not just Chinese propaganda? I know the pre-occupation history of Tibet, and I, too, have considerable reservations about the Tibetan freedom movement led by its aristocracy figures in light of that, but I also know the history of my own country, when it still was the USSR, and how happily it could twist facts and straight out lie to promote the party line.
Just avoid led frag rinux.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
You mean: If you buy a Tibet here, you will get another Tibet for just one penny! If you can find a cheaper Tibet anywhere... INVAAADEEE IIIT!
(Yes, I know. Very insensitive. Tibetans: I'm with you!)
Any sufficiently advanced intelligence is indistinguishable from stupidity.