Slashdot Mirror

← Back to Stories (view on slashdot.org)

Snowden: What Happened In 2013 Couldn't Have Happened Without Free Software (networkworld.com)

Posted by msmash on from the affinity-for-foss dept.

An anonymous reader writes from a NetworkWorld article: NSA whistleblower Edward Snowden spoke at Free Software Foundation's LibrePlanet 2016 on free software, privacy, and security. He credited free software for his ability to help disclose the U.S. government's far-reaching surveillance projects. "What happened in 2013 couldn't have happened without free software," he said, particularly citing projects like Tor, Tails (a highly secure Linux distribution) and Debian. "I didn't use Microsoft machines when I was in my operational phase, because I couldn't trust them," Snowden stated. "Not because I knew that there was a particular back door or anything like that, but because I couldn't be sure."

120 comments

  1. links? by Anonymous Coward · · Score: 0

    Links to those OSS things he mentions?

    1. Re:links? by allo · · Score: 1

      gnupg.org

    2. Re:links? by Pseudonym · · Score: 2

      Sure! It's secure-free-software-here.totally-not-the-nsa.gov.sorry-i-mean.org

      --
      sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
  2. "Couldn't be sure" by Anonymous Coward · · Score: -1

    Like he audited every line of his free software..

    1. Re: "Couldn't be sure" by Type44Q · · Score: 2

      No but other people have. Your strawman not withstanding, the biggest problem is backdoored hardware, proprietary binary blobs and cellular sideband processors...

    2. Re: "Couldn't be sure" by Anonymous Coward · · Score: -1

      Not a strawman, troll. But back on topic, what people? They can be trusted? Fact is, you can't really know for sure. You can only assume your odds are better since the "many eyes" are protecting you, in theory. You can do all the philosophical mind flips you like and turn that assumption into fact, but that's only in your mind.

    3. Re: "Couldn't be sure" by slashping · · Score: 1

      Despite the many eyeballs, serious bugs in open source software have been found before. The NSA doesn't have to insert their own backdoor, they can just dig through the existing code, and find a bug that allows them to get in.

    4. Re: "Couldn't be sure" by Anonymous Coward · · Score: 0

      And this applies to closed sores as well.

    5. Re: "Couldn't be sure" by slashping · · Score: 1

      And this applies to closed sores as well.

      It's a lot easier to find the bug when you have the source code.

    6. Re: "Couldn't be sure" by Computershack · · Score: 0

      No but other people have.

      If that were the case then there wouldn't be the number of security issues they've found, the number of exploits they've found, the show stopping bugs that exist.

      --
      I only please one person per day. Today is not your day. Tomorrow isn't looking good either. - Scott Adams
    7. Re: "Couldn't be sure" by Anonymous Coward · · Score: 0

      But it's impossible to audit the source code of closed source software if you don't have the source code.

      I agree that "sure" is a bad choice of words, but arguing that closed source software is better in this regard is just plain stupid.

    8. Re: "Couldn't be sure" by slashping · · Score: 1

      But it's impossible to audit the source code of closed source software if you don't have the source code.

      Correct, but I think the NSA is much more motivated to find an exploit in millions of lines of code than other people are to audit the same.

    9. Re: "Couldn't be sure" by ShanghaiBill · · Score: 5, Insightful

      With OSS you still need to trust people, but you need to trust fewer people, you know who those people are, and you can see who else trusts them. With proprietary code, there is a chain of trust that is only as strong as its weakest link. With OSS, there is a web of trust. I can look at the git log and see who wrote a particular algorithm, and I can often see what other code they have written. I can see the changes that were made later, and who made them. For many OSS projects, I can see who reviewed/audited the code. None of this is magic, and there is never a 100% assurance, but OSS has come clear advantages.

    10. Re: "Couldn't be sure" by im_thatoneguy · · Score: 2, Insightful

      And yet.. Heartbleed.

    11. Re: "Couldn't be sure" by allo · · Score: 4, Informative

      Think the other way round: try to sneak in a backdoor in opensource.

      1) You're never sure, who reads the source and finds it. And when this will happen
      2) It can probably be attributed to you in some way
      3) The big security does not come from the source alone, but from the open development process. Go, read the Linux source and look for security holes. Much work? Indeed! But now go and look at the commits from today. Read the summary, read the code, check if it seems to match, watch out for possible security hole. This can be done and this is done by many people.

      On the closed source side: You get from time to time one big update, no code at all. If you want to make yourself some work, you can try to disassamble the binary. People do so and people find security bugs and backdoors, but it's a lot more efford.

      And the third thing: If you already suspect something, you can go and read the corresponding code of the misbehaving part, while you are still without source when using closed source.

      So yeah, nobody has a guarantee for no backdoors, but it's harder to sneak one in.

    12. Re: "Couldn't be sure" by allo · · Score: 1

      Snowden is fighting against people, who have the source for software, where he does not have the source. This makes it even worse for him.

    13. Re: "Couldn't be sure" by ShanghaiBill · · Score: 1

      It's a lot easier to find the bug when you have the source code.

      1. Many security researchers have claimed that this is not true. They often find bugs just by pushing the running code past its limits: giving it more input data that it is expecting, giving it binary data when it is expecting ascii, or exploiting corner cases, like negative numbers when it is expecting only positive numbers or triggering arithmetic overflow on a pointer, etc. You don't need the source to do any of this.

      2. Just because you don't have access to the source, doesn't mean the NSA/CIA/FBI/FIS/MSS doesn't have the source. Many times they simply buy access, as they did with RSA. Sometimes they demand access as a condition of doing business, as they did with Microsoft. Sometimes they hack their way in. Other times they infiltrate or bribe low level developers.

    14. Re: "Couldn't be sure" by Type44Q · · Score: 1

      You're right, you're right: in open source, other people do not check the code. Ever. (I stand corrected; thank you for putting me in my place.) ;)

    15. Re: "Couldn't be sure" by Anonymous Coward · · Score: -1

      You're right: heartbleed is the proof that open source software was an enormously bad idea, can't work, and we should all go home.

      Good thing we have all those safe proprietary products like Microsoft Windows, Cisco and Juniper VPNs and routers, etc. protecting those people smart enough never to buy into all that OSS mumbo-jumbo.

      I never got heartbleed in my Windows 95 machine. #winning

    16. Re: "Couldn't be sure" by gweihir · · Score: 1

      Indeed. The stupid is strong with that one. The thing is that in OSS, backdoors will be found sooner or later, sometimes much later. And that is something the NSA/GCHQ/GeStaPo dreads as it exposes them. Does not matter that much even if it is 5 years or 10 years later.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    17. Re: "Couldn't be sure" by gweihir · · Score: 4, Informative

      Which is a good example how and why OSS works: It was found, documented, traced back (no sign of foul play) and fixed. What do you think would have happened in a commercial, closed library?

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    18. Re: "Couldn't be sure" by Anonymous Coward · · Score: 1

      The US, Russian and Chinese security services have all the source code to Windows. The difference is that security researchers don't have access to it.

      So, the adversaries have it but none of the people we would hope to be protecting it.

      The NSA has essentially been shown to have known vulnerabilities they use for eavesdropping, but never notify the vendor. Why would they? They have a key to the kingdom. What possible motive would they have to fix that vulnerability? They don't care a bit about privacy and security: just access to the data. If they have it, likely so does every other adversary.

      So basically everybody is happy except for the users who rely on both the vendors and security services to keep them safe. Massive failures all around.

    19. Re: "Couldn't be sure" by gweihir · · Score: 1

      And if it gets discovered, there is an excellent chance it will also be attributed and whoever out it in will be burned and that makes such an attack extremely costly. For example, the forward-hashes of git serve exactly this purpose: No revision of the change-history after commit.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    20. Re: "Couldn't be sure" by slashping · · Score: 1

      I agree that NSA and friends manage to get the source code for many projects. But that proves my point that having the source code helps to find bugs, otherwise they wouldn't have to go through that much trouble. Entering invalid input is a great way to catch easy bugs, but some bugs may be much more subtle, and require various pieces of input to align accurately.

    21. Re: "Couldn't be sure" by gweihir · · Score: 1

      You do not get it: Nobody at all (except morons like you) claim OSS is bug-free. The claim is that closed-source software is much, much worse. From some code security reviews I did under NDA, I fully and completely agree to that claim.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    22. Re: "Couldn't be sure" by penguinoid · · Score: 1

      And this applies to closed sores as well.

      It's a lot easier to find the bug when you have the source code.

      What makes you think the NSA doesn't have access to the source code of any but the smallest closed source project they wish to examine?

      --
      Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    23. Re: "Couldn't be sure" by slashping · · Score: 1

      Nobody at all (except morons like you) claim OSS is bug-free

      I didn't claim it either, moron.

    24. Re: "Couldn't be sure" by Anonymous Coward · · Score: 0

      It's a lot easier to acquire the source code if you're a government agency who knows *everything* about the employees of a company with closed source products, and thus knows how to apply the right pressure. As far fetched and right-out-of-a-movie at it might sound, it becomes much more plausible when we remind ourselves that government agencies have no issue allowing ten year old children to be sold into slavery if it furthers their agendas.

      If a TLA wants something from you bad enough, they're really good at finding a way.

      ...and when they get the source code, it's just them that has it, not the entire world.

    25. Re: "Couldn't be sure" by slashping · · Score: 1

      Depends. They probably have access to source code from plenty of American companies. I guess they'll have a much harder time getting the source code of non-friendly foreign companies. Given enough motivation, they may find ways to get it, but it won't be nearly as easy as downloading it from the interwebs somewhere.

    26. Re: "Couldn't be sure" by Type44Q · · Score: 1

      And it's a lot easier to keep that exploit hidden (i.e. available) when the source is closed. Did you have a point?

    27. Re: "Couldn't be sure" by Type44Q · · Score: 1

      But that proves my point

      No, it doesn't; however, your misplaced confidence in your intellectual abilities definitely does amuse. ;)

    28. Re: "Couldn't be sure" by slashping · · Score: 1

      And it's a lot easier to keep that exploit hidden (i.e. available) when the source is closed

      Having the source code allows you to find the really subtle exploits that can remain hidden for a long time. Also, people aren't as likely to audit old code that they and others have already looked at before.

    29. Re:"Couldn't be sure" by Aighearach · · Score: 1

      Exactly; it is a really weak claim.

      He could have used proprietary encryption products, a self-hosted commercial VPN instead of Tor, an obscure proprietary OS not on the list of things worth backdooring, etc.

      He did use some libre software, so we know what happened could happen using those tools. But we don't know anything about this idea that he couldn't have done it otherwise.

      Avoiding Windows in particular is prudent for a wide variety of reasons; not least, products designed for the masses will have sacrificed some security for convenience.

      And keep in mind, almost all the software I use is Free or OSS. I do also use a proprietary email app on my mobile device, and I use the LTSpice circuit simulator. (Only for simulation of the OSS-generated netlist)

    30. Re: "Couldn't be sure" by Aighearach · · Score: 1

      Which is a good example how and why OSS works: It was found, documented, traced back (no sign of foul play) and fixed. What do you think would have happened in a commercial, closed library?

      In commercial software it would be found, documented, traced back, and fixed. Documentation would be internal.

      I'm pretty strongly against using proprietary stuff in my tool chain, but I just don't think this is a real difference.

    31. Re: "Couldn't be sure" by ShanghaiBill · · Score: 2

      But that proves my point that having the source code helps to find bugs

      They don't want the source code to "find bugs". They want the source code so they can modify the source, insert backdoors, and install/distribute the compromised binaries ... like they did with Cisco switches and Xerox printers.

    32. Re: "Couldn't be sure" by ShanghaiBill · · Score: 3, Insightful

      In commercial software it would be found, documented, traced back, and fixed.

      Only if the company made it a priority and budgeted for it. Then it would be rolled into the next release, which may not come for months, or even years. Oh, and the next release will only be installed by users that can afford the upgrade fee.

    33. Re: "Couldn't be sure" by Anonymous Coward · · Score: 0

      It was identified and fixed only after it had been exploited. I believe that same sequence of events applies to OS and closed source. Maybe all the many eyes perusing the source were a little far sighted. And why doo people keep spouting the old canard about OS being more secure because you can look at the source code. That may have been true once upon a time but the low hanging fruit has been pretty much dealt with. You can take a perfectly safe piece of OS software and introduce gaping holes when building and deploying said software to the target machine. Most of the security weaknesses in both OS and closed source is not the software but the idiot in charge of deploying and administering the software. Another thing about the "many eyes" theory is that there is a gigantic gap between OS programming and application programming and the former only represent a small percentage of people claiming to be software developers.

    34. Re: "Couldn't be sure" by Aighearach · · Score: 1

      Same is true for open source.

      On github this week, I fixed a bug where the ticket was over 5 years old, and the project owner finally realized it is a real bug and the solution is harmless.

      It hasn't been accepted yet, of course. Give it a couple more years.

    35. Re: "Couldn't be sure" by Bert64 · · Score: 1

      That's the whole point, your odds are better... Nothing is perfect.

      With closed source only a single party really has access to the source, anyone else they grant access to will be under the terms (eg NDA) of the vendor and so may be unable to disclose finding anything bad even if they do, plus if they're working together they likely have the same agenda.

      There is also the chance that source code has leaked, in which case blackhats have it, even if they do find backdoors or bugs such people are more likely to make use of them for their own nefarious purposes than disclose them to the public.

      With open source the possibility exists for anyone to get their hands on the code, including multiple parties with conflicting goals. If a backdoor existed then at least some of those with access to the source are going to be against the backdoor and disclose/close it.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    36. Re:"Couldn't be sure" by Anonymous Coward · · Score: 0

      (other AC)

      I see this over and over again. The rebuttal is also formulaic. But let me offer another kind of rebuttal:

      Likely he did. It's there for everyone to read, and for example I DO audit it. You don't?

      That's also why I keep the amount of strange packages on my system low. I didn't read the source? It doesn't get installed.

    37. Re: "Couldn't be sure" by Anonymous Coward · · Score: 0

      And yet.. Windows 10, Apple's Thunderbolt option ROM bug, Flash, every single iOS jailbreak, the PS3's botched digital signature verification and copies of the PSP master keys...

      See how easy it is to miss shit and call people out on it after the fact with the benefit of 20/20 hindsight? Just because you can look at the source does not mean that all of the bugs have been found and patched. Having the source available does mean that you *CAN* look at it for yourself to see if a bug exists and report it, or fix it yourself. Having the source code however does not magically protect an end user from bugs, because the typical end user (and most people in general) does not even bother to check and therefore takes what ever is given to them. Bugs and all, expecting that the hard work of searching for bugs has been done for them, and then getting upset when a bug is found that they took no action themselves to find or report / fix.

      And then they do something like post crap online about how OSS development is just as bad as proprietary software development, because they couldn't be bothered to engage in half of what the OSS community expects of them. They want their free software without any kind of bugs what so ever NAOW! Without actually helping in the work needed to get to that goal.

    38. Re: "Couldn't be sure" by Anonymous Coward · · Score: 0

      But it was fixed for you and anyone else applying your patch.

    39. Re: "Couldn't be sure" by Anonymous Coward · · Score: 1

      In commercial software it would be found, documented, traced back, and fixed.

      How would you know?

      Documentation would be internal.

      Case in point.

    40. Re: "Couldn't be sure" by KGIII · · Score: 1

      > Did you have a point?

      Just recently they began posting in abundance. I'd speculate sockpuppet but who knows? I'll let you draw any conclusions you might wish about their reasoning and logic skills. They have some.. Some, shall we say, unusual opinions and seem inclined to stick with those opinions regardless of evidence presented. I don't really have much/any interaction. Such is simply an observation.

      I've an odd habit of reading the "by" field prior to reading the post. Given that I'm retired, it affords me plenty of time to read and sometimes even check comment histories. A sock for whom, I have no idea and it's purely speculation. They may not be but a quick skim through their post history is insightful. As always, draw your own damned conclusions. ;-)

      --
      "So long and thanks for all the fish."
    41. Re:"Couldn't be sure" by KGIII · · Score: 1

      I'm inclined to disbelieve you. Given the sheer volume associated with the task, I've absolutely no reason to believe that you've read every line of code that you use. There's simply not enough time in the day to do so and remain even remotely close to secure - you'd be reading code from years and years ago. There are simply too many component pieces for me to believe you.

      Yes, yes I am calling you a liar. I'm not sorry, if I was sorry I'd not be doing it. You have not read all the code in your OS and in the applications that you use. I won't even count the applications that you use outside of your control - those that are on the web.

      However, I'll give you the chance to try to change my mind - if you feel inclined to undertake that effort. I wouldn't. What the hell does it matter if I don't believe you? But, if you want to change my mind you're free to do so but you're gonna have to make it believable. What OS do you use? How do you get online? What hardware are you using? You have *zero* binary blobs? You've somehow managed to read and then re-read the code for every single piece of software you have - and keep up with updates for security problems?

      Yeah, I'm thinking that, at best, you might skim through some or speed-read without comprehension at best and, even then, you certainly don't do so with any modern OS and keep up with the myriad updates that come down the pipe daily. Which OS is this? Chances are, unless it's proprietary, I've used it. Hell, even if it is proprietary, I've probably used it.

      --
      "So long and thanks for all the fish."
    42. Re: "Couldn't be sure" by Type44Q · · Score: 4, Interesting

      There's a disinfo unit out of Fort Meade that uses low-grade nerds in uniform to overwhelm people in chatrooms when certain subjects come up; the government has openly solicited bids for software to allow these clowns to "handle multiple simultaneous chatbots and user accounts."

    43. Re: "Couldn't be sure" by orledrat · · Score: 1

      Yup, the jig's now up. Anyone who disagrees simply can't see the forest for all the straw, man.

    44. Re: "Couldn't be sure" by Anonymous Coward · · Score: 0

      Anyone taking the long view could work around something as simple as reputation and periodic change reviews and easily link together ostensibly unrelated pseudonymous commits across minor and major releases.

    45. Re: "Couldn't be sure" by Anonymous Coward · · Score: 0

      You don't need source code to find vulnerabilities. You can read machine code, either binary or disassembled, as easily as you can read C or any other "language."

    46. Re: "Couldn't be sure" by KGIII · · Score: 1

      I had not heard or read anything about this. That is not even remotely surprising. I know the Russians use it and I know that there are some paid posters with various companies. I'm not terribly surprised that the US government would be involved though I guess it's a bit surprising that it is in the hands of the Army as opposed to something a bit more clandestine or tasked with a different charter. I could envision the US Army wanting to do so for defensive and offensive purposes when dealing with externalities but, internally? That's a little odd for the Army to be tasked with.

      Surprising? No, not really. Just in who it is. That's the only odd thing that I got from your post. I'd expect something, perhaps the NSA, different to be involved. Maybe the CIA but probably not the FBI. The Army is surprising but they've got a pretty decent "cyber warfare" program. I'd expect it to be external but, then again, the web is (by its nature) international.

      I've no idea if that's applicable here, with this particular person. If it is, then they're doing a very poor job of it and need to fire this guy. If it is automated then they need to tune them up again. They're illogical, inconsistent, instigating, interrupting, and inferior. (That's just a few of the words beginning with the letter "I".) They should ask for a refund, unless being unbelievable and obtuse is their goal? If "instantly recognized as a meatstick" is a desired operational parameter then they've achieved that.

      Oddly, this is not the first time I've made such observations and a few of them have quietly disappeared when others noticed. I do wonder if you're are indeed onto something? It does seem a strange program for the Army to be involved in. I'd really expect a group tasked with such would be under a different heading - though perhaps it's buried under the Pentagon itself and is just manifest through the Army as they're already set up with a "cyber defense" program? I'd love more information, if you have it.

      --
      "So long and thanks for all the fish."
    47. Re: "Couldn't be sure" by Anonymous Coward · · Score: 0

      Well its true, that they *announced* the new version along with the problem with the old version. The new version fixed the problem. And people who couldn't upgrade right away potentially (or really) had problems. OpenSSH has had a lot of cleanup (and a fork) since then. And the *real* big issue is that there is little non-open software to replace it. Sometimes weenies will offer up statements like the following: "Oh I could write an operating system", "oh, I could design a nuclear reactor", "oh, I could create an anti-gravity-time-travel machine". And in this case "oh, I could write a secure shell library". But the truth is that you need to be a cross between an advanced network engineer and a cryptographer, at the PhD level. Usually that's more degrees than most employers are willing to employ. So they use OpenSSL. And ...you get people saying "oh I could make one of those". no.

    48. Re: "Couldn't be sure" by gweihir · · Score: 1

      Apparently you also have bad memory and dyslexia. And your creativity in insults is lacking, as you cannot even do more than copy. Seems my estimation of your level of insight is exactly right, namely none at all.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    49. Re: "Couldn't be sure" by gweihir · · Score: 1

      Ahahahahahaha, your naivety is cute.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    50. Re: "Couldn't be sure" by shawn2772 · · Score: 1

      Which is a good example how and why OSS works: It was found, documented, traced back (no sign of foul play) and fixed. What do you think would have happened in a commercial, closed library?

      In commercial software it would be found, documented, traced back, and fixed. Documentation would be internal.

      Not in the vast majority of companies. I've been a professional software engineer for better than 25 years, and I've worked for a lot of different companies. In almost none of them is there any focus at all on going back to identify and fix problems in existing code. It's always about the next product release, or the next customization request... what will bring in more money.

      There are some exceptions, but they're mostly companies and products who are facing significant outside scrutiny. These days, I'm sure Cisco is spending a lot on internal security research, but only because they've been caught several times very publicly with their pants down, for example.

      OSS isn't a panacea, obviously. But it does mean that when someone decides they do care enough to look, they can find the problems, and fix them.

    51. Re: "Couldn't be sure" by Anonymous Coward · · Score: 0

      Same could be said of any closed service. But since your employer peddles in closed services I'll go ahead and guess you don't think that is true.

    52. Re: "Couldn't be sure" by Anonymous Coward · · Score: 0

      Which is a good example how and why OSS works

      The point is until it was found it was the same as proprietary software: you didn't know it was there despite having the code, in fact you don't know about the many other cirical vulnerabilities that still exist. It cant be exploited until it is found so the only advantage that open source has is that (assuming you have the requisite level of knowledge) you can fix it yourself whereas in the proprietary world the vendor has to fix it.

      Anybody saying "proprietary software is worse because bugs may exist but you don't know about them" is an idiot because the exact same thing applies to open source.

    53. Re: "Couldn't be sure" by Anonymous Coward · · Score: 0, Informative

      Only if the company made it a priority and budgeted for it. Then it would be rolled into the next release, which may not come for months, or even years. Oh, and the next release will only be installed by users that can afford the upgrade fee.

      Have you really got so little experience in this industry that you actually think that's how it works? This is the sort of idiotic FUD that makes open source evangelists just look like complete imbeciles that have absolutely no idea what they're on about and only serves to undermine the open source movement as a whole. You really don't get updates with proprietary software? You really think that everybody that does get updates has to pay for them? You really think these updates come only after months or years of fixing an issue?

      Take your blatant stupidity elsewhere, the open source movement doesn't need your braindead bullshit. It can survive and thrive on its merit!

    54. Re: "Couldn't be sure" by Type44Q · · Score: 1

      though I guess it's a bit surprising that it is in the hands of the Army as opposed to something a bit more clandestine or tasked with a different charter.

      Considering their choice of location, it's easy to surmise that this is a joint military/intelligence endeavor of some sort...

    55. Re: "Couldn't be sure" by KGIII · · Score: 1

      Yeah, it is Meade. Hmm... I'll see what I can dredge up about it. I have some friends that are still in and have increased in rank a great deal. However, they're all Marines or Navy. Still, they might have some scuttlebutt. If anything interesting pops up, I'll email you. No need to respond, obviously.

      --
      "So long and thanks for all the fish."
    56. Re: "Couldn't be sure" by cold+fjord · · Score: 1

      There's a disinfo unit out of Fort Meade that uses low-grade nerds in uniform to overwhelm people in chatrooms when certain subjects come up; the government has openly solicited bids for software to allow these clowns to "handle multiple simultaneous chatbots and user accounts."

      "Clowns," huh? Unless you have some other info you seem to be confused about this program:

      U.S. Central Command 'friending' the enemy in psychological war

      By Shaun Waterman - The Washington Times - Tuesday, March 1, 2011

      The U.S. Central Command is stepping up psychological warfare operations using software that allows it to target social media websites used by terrorists.

      The Tampa, Fla.-based military command that runs the wars in Iraq and Afghanistan recently bought a special computer program that troops use to create multiple fake identities on the Internet. The military uses the fictitious identities to infiltrate groups and in some cases spread disinformation among extremist organizations such as al Qaeda and the Taliban with the goal of disrupting their operations, according to documents and U.S. officials.

      --
      much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
    57. Re: "Couldn't be sure" by cold+fjord · · Score: 2

      It looks to me like "Type44Q" is confused about this program that has been previously discussed on Slashdot IIRC:

      U.S. Central Command 'friending' the enemy in psychological war

      Not really what is implied by him.

      --
      much of left-wing thought is a kind of playing with fire by people who don't even know that fire is hot - George Orwell
    58. Re: "Couldn't be sure" by Anonymous Coward · · Score: 0

      American Hasbara trolls?

    59. Re: "Couldn't be sure" by Anonymous Coward · · Score: 0

      Don't forget there are people doing OSS projects who give a rat's ass about your security and privacy. If companies could get away with XORing output from the rand() function and calling that encryption, they would. Actually, in the past, before PGP, they did.

      Yes, one could always fret about a compiler inserting in stuff, masks on the CPU which have more "features" than the designer intended... but lets be real here. If an organization had that much backdoored, they will not be tipping their hand to prosecute someone and lose that advantage, other than a big fish. With a closed source OS, you have far less assurance of security, other than "trust us" items from the marketing people. It just might be that a closed source encryption utility is secure... but you never know, and you will not know until it is too late.

      Oh, it is harder to demand an OSS project add a backdoor. If someone checks in code adding an ADK to every OpenPGP transaction for GnuPG in GitHub, in a matter of minutes, there would be numerous forks.

    60. Re: "Couldn't be sure" by Anonymous Coward · · Score: 0

      Philosophical mind flips from the dumbass LaoWai. We've tumbled before when I called you our for being a scumbag foreigner who thought he was hot shit for living in the ghetto. The point is, none of the neckbeards attached to any particular project are people you can actually trust unless you knew them intimately, first hand, face to face. You haven't. You just feel good about them because they're in your little clique that you feel so proud to be in.

    61. Re: "Couldn't be sure" by Anonymous Coward · · Score: 0

      When will I (a 20 year professional engineer) be allowed to look at the source code of all the Google services that track me around the internet and ensure to my satisfaction that it's doing only what I'm being told in ToS?

      Google open sources just enough stuff to further their interests. You should not pretend it to be anything other than that, or people will rightly question the purity of your opinions.

    62. Re: "Couldn't be sure" by Anonymous Coward · · Score: 0

      How do you know the govt doesn't have the source to "closed source" projects?

    63. Re: "Couldn't be sure" by Aighearach · · Score: 1

      Also known as "professional experience," but maybe you have a hard time dealing with word meanings?

      "He says something different than what I believe" doesn't imply naivety. It only implies we're different people.

      Make a point next time, beyond the raw pejorative.

    64. Re: "Couldn't be sure" by Anonymous Coward · · Score: 0

      How many times do people find bugs via use, versus pouring through lines of code in an audit?

    65. Re: "Couldn't be sure" by allo · · Score: 1

      Of course. But this takes a lot more efford and you still have the chance, that somebody fixed your "small bug" before you finish your evil masterplan.

  3. No more BASIC by Sir+Holo · · Score: 0

    Yeah, that's why I stopped programming in MS-BASIC. It just couldn't be trusted any more.

    Slashdotter's response: ". . . What's MS-BASIC? Is that like COBOL and FORTRAN's love-child?"

    1. Re:No more BASIC by Z80a · · Score: 1

      MSX Basic was quite secure due MSX not supporting any sort of networking.
      Of course, if your Datassette was the loud annoying kind, NSA probably can record your data with a hidden mic.

    2. Re:No more BASIC by Anonymous Coward · · Score: 0

      Sorry, but I think most people have heard of Quick BASIC at least....

      Certainly the Gorillas demo script was fun to good with when I was 9...

  4. It couldn't have happened without free software by Anonymous Coward · · Score: 0

    buh-bye free software!

  5. 2013? by Anonymous Coward · · Score: -1

    What happened in 2013? Candy Crush?

  6. Snowden for President by Anonymous Coward · · Score: 0

    I would accept Anthony Romero as a second-best option.

    Or Randall Munroe

    Any of these would represent us much better (which is to say...at all) than any of the current candidates.

  7. Soon... War on Open Source by r0kk3rz · · Score: 3, Insightful

    Thanks Snowden for pointing this out, now we will see a movement against open source software because it aids terrorists, just like unlockable iphones or other means of secure communications.

    1. Re:Soon... War on Open Source by Anonymous Coward · · Score: 0, Interesting

      Well President Obama has declared that using an IPhone makes you a pedophile, so you are correct.

      Don't be a terrorist; Use Microsoft products.

    2. Re:Soon... War on Open Source by Anonymous Coward · · Score: 1

      Thanks Snowden for pointing this out, now we will see a movement against open source software because it aids terrorists, just like unlockable iphones or other means of secure communications.

      We are already there. Now we'll see routers begin to lock out open source software, but is it outside the realm of possibility to think that this could slowly extend to all wifi devices, including those in, say, laptops?

      After all, Windows 10 can't have other operating systems allowing people to use computers without sending everything about you to Microsoft and any government and/or corporate entities that they are partnering with.

    3. Re:Soon... War on Open Source by Anonymous Coward · · Score: 0

      It's allready here.
      Systemd.

  8. Re: It couldn't have happened without free softwar by Anonymous Coward · · Score: -1

    dear mr snowden ...please dont try to be our friend. while i understand the logic of your statement(oss being more secure), for us it is like getting a character reference from a pedophile.

  9. See Snowden's talk and understand nonfreedom by jbn-o · · Score: 5, Informative

    You can see Edward Snowden's talk for yourself.

    There are no configuration changes you can make, programs you can install, or other changes you can make to make proprietary (user-subjugating, nonfree) software trustworthy. It won't matter what the "privacy" settings say you can do; the proprietor has the upper hand and can easily write software to rat you out. Software freedom is a prerequisite for computer privacy and security and all of the other things that go into treating computer users ethically. All computer users deserve software freedom.

    --
    Digital Citizen
    1. Re:See Snowden's talk and understand nonfreedom by Anonymous Coward · · Score: 0

      Bullshit, Stallmanite. Surprised you didn't throw out the word "Slavery" a few times. That's one of his favorites.

    2. Re:See Snowden's talk and understand nonfreedom by Anonymous Coward · · Score: 0

      what an amazingly well reasoned and supported counterargument

    3. Re:See Snowden's talk and understand nonfreedom by Anonymous Coward · · Score: 1

      Bullshit, Stallmanite. Surprised you didn't throw out the word "Slavery" a few times. That's one of his favorites.

      And... then along comes Windows 10 to prove Stallman's point spectacularly.

    4. Re:See Snowden's talk and understand nonfreedom by Anonymous Coward · · Score: -1

      The worst thing about it is that the whole mentality creates a risk-averse sort of technological paralysis, where one basically isolates themselves from the world in the name of "freedom". I can't imagine the lack of friends and/or cognitive dissonance in those who truly believe all this crap is worth caring about.

      If you are working on sensitive proprietary information and you compete with defense contractors or are based outside the US, then I can see why there's a concern.

      If you're a US citizen though, the only thing you should worry about is the morale of a nation that spawns such people as Edward Snowden, Chelsea Manning, The Naval Yard shooter, that paramilitary Doerner guy out west, etc. Having your highest institutions, which were supposed to stand for integrity and honesty, be so incredibly two-faced and hypocritical, is almost irrevocably damaging to a country's spirit.

    5. Re:See Snowden's talk and understand nonfreedom by Anonymous Coward · · Score: 1

      Astute and trenchant. As with all interactions involving humans, you can only trust that which you can verify.

    6. Re:See Snowden's talk and understand nonfreedom by Anonymous Coward · · Score: 0

      So, how are those personal attacks working for you? Not very well, eh?

    7. Re:See Snowden's talk and understand nonfreedom by Anonymous Coward · · Score: 0

      No, you have to have bug free code and hardware if you want computer privacy and security. Having a code base be open source doesn't magically make it more secure.

      So if I installed verified and trusted software on my network card that inspects and cleans (including randomized timings, etc...) all out going traffic, how can the OS spy on me? Well it can, but it won't be able to tell anyone the results so the spying doesn't matter. You can secure untrusted code/hardware by controlling all its access points (network, all cables, radio waves, visibility, etc...) and then destroying it when you're done.

      And open source is relative. I may have the code and trust it yet you don't have access. That's technically closed source software. Open source is great, but far too many people spread too much bullshit about it.

    8. Re:See Snowden's talk and understand nonfreedom by Anonymous Coward · · Score: 0

      >The worst thing about it is that the whole mentality creates a risk-averse sort of technological paralysis, where one basically isolates themselves from the world in the name of "freedom".

      I agree. You see, technology doesn't have to be a net positive for me or the world, and in many cases, it isn't. It has been a long time since I was naive enough to see technology through rose-colored glasses. In reality, most of it makes our lives worse (and the Earth, and other people's lives etcetc) and it would be better if this technology wouldn't exist.

      So to isolate yourself from some things can be the correct choice.

      But I agree it can be a practical problem. But guess what? It works in the other direction as well - more, I'd say. That's more or less the point of the GPL: as an equalizer: now, the shoe is on the other foot.

      > I can't imagine the lack of friends and/or cognitive dissonance in those who truly believe all this crap is worth caring about.

      If, in 2016, after the Windows 10 debacle, the NSA debacle, Superfish, the backdoored firewall solutions debacle, the digital heists, the break-ins into medical insurer's machines etcetc you still believe control over your computing is not worth caring about for any person on Earth, I can't help you. *shakes head*

      Do you use money? Yes? Then you should care.
      Do you have health insurance? Yes? Then you should care.

      In 2000, I would have agreed with you, who cares? But now, the writing is not only on the wall, it's on the major news outlets.

      I agree that the other things you mentioned are important, too. But if you use a computer and don't care about free software, you are inviting your own downfall and the downfall of your friends, sooner or later. As computers get more integrated into our lives, it gets more and more important to have free software, not only as a matter of principle but as a practical safeguard of our lives.

      Also, as the field matures, software will be handled just like other stuff, say plumbing, has: you have something in your house, all parts visible and owned by you. If you want to fix it or change it, you either do it yourself (!) or you call ANY plumber to change it. The situation now where in some cases the creating software company is the only one that can do changes is temporary and it will pass - because it's insane to give anyone that much control.

      >If you are working on sensitive proprietary information and you compete with defense contractors or are based outside the US, then I can see why there's a concern.

      ?? The majority of people, me included, are based outside the US. What was that about?

      Also, every other country is tempted to be just as controlling as the USA. Being outside the USA doesn't help much. (it does help, but not much)

    9. Re:See Snowden's talk and understand nonfreedom by Anonymous Coward · · Score: 0

      Yeah, and that's all well and good. But if software freedom comes at the expense of lower-quality software, then you can't be surprised why Linux still has bugger-all users when people discover they can't run top-tier apps like the Adobe suite, MS Office, AutoCAD, their Tax app or their niche app they rely on that does not contain a Linux alternative.

      Software freedom sounds great until it hits the wall of practicality for most people. It does NOT trump the ability for people to do their job with the software they require or prefer, and it's crazy to me to why people who seem to think software freedom is more important than these factors still don't understand why Windows is still so popular.

    10. Re:See Snowden's talk and understand nonfreedom by Anonymous Coward · · Score: -1

      How about we inject some other view points to your outlook on computer security. What "NSA debacle" are you revering to? The NSA is doing their mandated job. Don't like it? Fine. Get every other foreign intelligence service in the world to shut down and then we can talk about curbing NSA activities. The US computing info structure (civilian, industrial, military, government) is the largest target on the planet so a little protection may be in order. The NSA does not have the resources to waste on the average prole who thinks someone really gives a shit about what they say or do on the internet. Although starting up a crowd sourcing project to better arm ISIS might get the NSA to pay attention to you. No doubt the NSA has some powerful tools to use on those who show up on their radar but trolling every byte streaming through the internet is a worthless endeavor and this type of program was actually abandoned by the government according to one of the stolen documents Snowden released. Wouldn't it bee interesting to see ALL the documents Snowden released so we could actually get the full picture of NSA activities? Instead all the documents released were cherry picked to ensure maximum harm to the US. The US is aggressive and controlling (or at least tries to be) because any lack of effort in this are and the controller ends up being the controlled. As things currently stand whenever there is some catastrophic event any place in the world everyone the Whitehouse foreign switching network practically melts down because of people looking for the US to solve their problem. And the number one computer security problem is not the software but the people using the software. All the relatively recent cases of security breaches were 100% the result of someone clicking on a link in their e-mail. Or better yet just make a couple calls to the IT support desk and just ask for sign-in credentials because you lost yours. Even the Stuxnet virus, one of the most successful and damaging virus's out there, needed someone to carry the USB drive into one of Iran's most secure lab and plug the drive in. The Sony hack a few years ago was also made possible by an insider stealing the security credentials from the IT administration office.

    11. Re:See Snowden's talk and understand nonfreedom by Anonymous Coward · · Score: 0

      Cute, a precursory spit at me with flash and then talk of untrusting "proprietary software" and deserving "software freedom". Not sure if hippocratic or having a laugh...

    12. Re:See Snowden's talk and understand nonfreedom by FlyHelicopters · · Score: 1

      If, in 2016, after the Windows 10 debacle

      What "Windows 10 debacle"?

      Windows 10 appears to be doing quite well, it is now installed on 1/3 of the machines as reported by Steam, it runs very well, on a vast array of hardware, with no fuss.

      ---

      Now of course I can read between the lines and assume that you meant "evil M$ released Windoze 10 that you don't like", but that doesn't make it a debacle.

      ---

      I can't help you. *shakes head*

      Many of us are shaking our head right back at you.

      ?? The majority of people, me included, are based outside the US. What was that about?

      The NSA is legally able to spy on you. They probably aren't, because they don't care about you, but they can.

      Also, every other country is tempted to be just as controlling as the USA. Being outside the USA doesn't help much. (it does help, but not much)

      Windows isn't written outside the US, that is the difference.

  10. it may have once been true... by Anonymous Coward · · Score: 0

    I use almost exclusively open source SW myself, but these days I think assuming it's not backdoored by the NSA would be naive. It may have once flown under the radar, but not any more. It's running enough critical infrastructure that it's a juicy target.

    An organization as subversive and capable as the NSA is not stupid. If something that tempting is "dark" to them, they will do everything they can to invite themselves in. An OSS OS like Linux or BSD is a huge and complex base of code. One mole secretly on the NSA paycheck is all it really takes. There have been a stream of "innocent" bugs exposed over the last few years that have essentially negated some of the most important security mechanisms. I think it's foolish to assume there aren't others that have been inserted surreptitiously. It only takes one. (NSA: "You have to be right about everything. We only have to be right about one thing.")

    Yes, it DOES help to have many eyes looking at code, which helps Linux be better than Windows about this. But much code never gets that kind of review, and when it does, things like the Underhanded C Code Contest show that you can create code that "looks" correct, but has extremely subtle and exploitable holes.

    So any more, I would not assume that just because it's OSS, it's free from prying eyes.

    1. Re:it may have once been true... by bmo · · Score: 1

      but these days I think assuming it's not backdoored by the NSA would be naive.

      The problem the NSA is up against is that they have to compromise every copy of the source code that's out there, or even a large number of binaries to make a backdoor work reliably.

      There are literally hundreds of mirrors of Ubuntu alone, each with hashes that need to match. That's only one distribution of one OS. Then there's the BSDs, which are dying, according to Netcraft.

      --
      BMO

    2. Re:it may have once been true... by slashping · · Score: 1

      If you get a backdoor in through a legitimate developer, all copies will be compromised automatically.

    3. Re:it may have once been true... by Anonymous Coward · · Score: 0

      Exactly. It isn't about subverting the repo, its about slipping in some innocent looking code with a very subtle behavior that they know about, but isn't clear from reading the code. Into the real source.

      They aren't above getting someone on the inside who appears in every way to be serving the project they work for, but really has another master.

    4. Re:it may have once been true... by KGIII · · Score: 1

      It is important, to me, to realize that it doesn't have to be in isolation. Innocuous looking code may be truly benign -- until it is compounded by externalities beyond the control of the user and their systems. Who's to say, for example, that there's no hidden magic where packets are injected with content while in transit and that the injection doesn't alter the results? There's no reason to believe it needs to be simple, there could be many varied (and trivial-seeming) manipulations that chance the expected behavior without actually changing the expected results.

      Security is a process, not an application. Nothing is completely secure - nor will it ever be. Security is deciding what you want to do and making informed choices about the risks you'll accept to achieve the goals needed to reach the desired end. It is about accepting risks - or not accepting risks. It is about varied levels as there is no such thing as complete security. It is not a binary thing and the answer is not even remotely associated with software licenses.

      I've said many times how much I admire Snowden but his continued opining on things he knows nothing about is annoying. That doesn't mean we should stop giving him attention - not at all. We just need to accept that he's annoying as of late. We need to keep him around and in the limelight a while longer, ideally until a conclusion is reached. It was amusing to hear him opine on Apple. The guy's been out of the scene since before the phone was released, was never a part of the FBI, but felt qualified to authoritatively and affirmatively state the capabilities of multiple parties. I pointed that out. Nobody actually bothered to pay attention to what they were responding to and seemed more interested in asserting that Snowden somehow, mysteriously, was eminently qualified to make absolute statements.

      Speculation? I'd have been more open to. "It seems likely that they can do..." Instead it was, "They can do..." Pointing out the difference made me a troll, for some reason? I kind of giggled at the replies. They simply fail to see the difference.

      --
      "So long and thanks for all the fish."
    5. Re:it may have once been true... by JazzLad · · Score: 1

      Security is a process, not an application. Nothing is completely secure - nor will it ever be.

      It may not be an application, but I'd like the see the NSA, et al recover from one of these.

      I jest, of course, but these things fascinate the little kid in me.

      --
      "If you have nothing to hide, you have nothing to fear." - Every fascist, ever
  11. Wait, by Anonymous Coward · · Score: 1

    What does this have to do with anything? His "operational" phase consisted of him asking clueless users for their passwords. Open Source or backdoors had nothing to do with what he did, or how he did it.

    Yeah, I get that Snowden gets a lot of love around here, but on a technical or knowledge basis, he's one of the least interesting people out there. Ever most script kiddies are more interesting than he is.

  12. Open Source, enabling traitors since 2013? by Anonymous Coward · · Score: 0

    Or was it an exceptionally successful disinformation campaign?

  13. Snowden can fuck off already by Anonymous Coward · · Score: -1

    I'm tired of him whining from his hiding spot in Russia. I give zero shits what this traitor has to say.

  14. Yet most devs deep throat apple by Anonymous Coward · · Score: 0

    As mentioned a few days ago on Slashdot, most devs use Apple because they could care less about freedom, ethics, and all that fluffy stuff.

  15. Note for whiplash by Okian+Warrior · · Score: 4, Interesting

    Note the following:

    [...] citing projects like Tor, Tails (a highly secure Linux distribution) and Debian.

    "Tor" and "Debian" are well known and probably don't need explanation, while "Tails" is more obscure and has a quick explanatory note.

    This is how you do it, this is a good method. (It's in the original article.)

    Looking through the past 3 pages of Slashdot I couldn't find any examples of obscurity, but I found lots of examples of references that had a hint of help for the reader - a word of context or a placing phrase or something that illuminates the subject for the reader.

    It looks like things are getting better. Keep up the good work.

    1. Re:Note for whiplash by cfalcon · · Score: 1

      I think there's a pretty sharp cap for where slashdot can go, as far as participants. Websites now compete on controversy, and slashdot, as an early entrant into this, only flirts with it- it's too information heavy to swing in that arena. You can't dogpile someone with downvotes or jerk yourself off by upvoting platitudes, instead you only have a few mod points some of the time, and have expectations for using them to get actual conversations. You can't have a whole thread with everyone saying the same thing because people can post anonymous. It just doesn't give you the same sense of "I belong to a team, and we are ENFORCING THE LAW" that later evolutions do.

      But what it can do is be ACTUALLY GOOD, and I agree completely that the new editors are doing a great job of pushing that envelope. Very pleased.

  16. Re: It couldn't have happened without free softwar by Anonymous Coward · · Score: 0

    This.

    Countdown to US congress losing their shit over open source software in 3... 2.... 1.....

  17. Don't assume the NSA is well-managed. by Anonymous Coward · · Score: 0

    "The NSA doesn't have to insert their own backdoor, they can just dig through the existing code, and find a bug that allows them to get in."

    It amazes me that people usually think that the NSA and other secret government agencies are well-managed. The NSA has a very bad reputation. Most people who have the technical ability to find bugs in code would not work for the NSA.

    Someone works for the NSA. He's at a party. Someone else asks what he does for a living. He says NSA. The other person shows distaste and walks away.

    Secret agencies easily get taxpayer money, with almost no supervision. They get money even if they make huge mistakes, because there is almost no oversight; they can keep the mistakes secret. The politicians who give them money almost always have no understanding of technology.

    1. Re:Don't assume the NSA is well-managed. by orledrat · · Score: 1

      The NSA has a very bad reputation. Most people who have the technical ability to find bugs in code would not work for the NSA. Someone works for the NSA. He's at a party. Someone else asks what he does for a living. He says NSA. The other person shows distaste and walks away.

      Listen, you choose to wheel out a Matt Damon quote, and that's cool, that's fine. I don't have a problem with that. But do at least try to get the quote right, would ya?

  18. Undo moderation. by godel_56 · · Score: 1

    Yep

  19. Make A Bet by JimSadler · · Score: 3, Informative

    I would be shocked if the government did not have all kinds of stuff planted in Microsoft products. And that can lead to very dangerous actions. Suppose, as an example that the government becomes informed of a very dangerous criminal due to bugs planted in an OS or browser. But it is obvious that making an arrest would reveal the existence of that bug. People could be made to vanish and never be heard from again. The problem is it could be someone else that used your computer. With no open trials taht could be a very real problem.

  20. Bull! FOSS on closed hardware is not 100% secure. by dsmatthews9379 · · Score: 0

    Snowden is spouting bullshit, FOSS is great, but to suggest it is all you need is complete and utter rubbish. Unless you are running completely open hardware right down to the CPU microcode level you cannot audit 100% of the system, as Snowden's Russian masters know, otherwise they would not have gone to the trouble of fabricating their own CPUs (to be sure that the only back-doors in them were the ones thy put there themselves.).

  21. Obviously it worked well for him by Anonymous Coward · · Score: 0

    Yea, how'd that work out for Mr. Snowden?

  22. Government surveillance uses Open Source by bug1 · · Score: 1

    Free and open source software can be _used_ for any purpose, good or evil.

    Sure we can acknowledge the good that is done, but lets not forget the evil its used for.

    If there was an ethical licence, it would not be considered free or open, unfortunately.

  23. Edward Snowden by Anonymous Coward · · Score: 0

    Heeeeeeeeere, Eddie Eddie Eddie... :-) Oh, how we miss you so.

  24. link hmmm by Anonymous Coward · · Score: 0

    http://20committee.com/2015/07/19/the-painful-truth-about-snowden/

  25. snowden reader by Anonymous Coward · · Score: 0

    http://20committee.com/2014/05/31/the-xx-committee-snowden-reader/

  26. Bad publicity for free software by GuB-42 · · Score: 1

    Snowden used free software to commit what is basically a crime and brags about it...
    That his crime is defensible using whistleblower protection, that it is "for greater good" doesn't make it different from a technical standpoint.

    And while anyone that understand the idea behind free software and encryption know that it can help good citizens and criminals alike but it may not be the same for the general public. And many of them view Snowden as a traitor.

    1. Re:Bad publicity for free software by Anonymous Coward · · Score: 0

      And many view you as a bootlicker

  27. is this good for OSS? by sad_ · · Score: 1

    Is this a good thing for OSS, that Snowden mentions it made what he did possible? Snowden may get thumbs up by most on this site, i believe the average joe takes the side of the government and think he's a 'terrorist'. What people know about OSS (if at all) is what MS and other companies have bombarded them with the last +10 years or so (communist, cancer, etc). So putting these two together, how will this affect the reputations of OSS more? might give the government more free play to limit OSS development.

    --
    On a long enough timeline, the survival rate for everyone drops to zero.
    1. Re:is this good for OSS? by Anonymous Coward · · Score: 0

      Govt will regulate OSS. They already regulate open source hardware (under ITAR export laws).

      http://diydrones.com/forum/topics/3drobotics-stops-its-shipements-to-the-world-except-us-and-canada?commentId=705844%3AComment%3A1658097

      3DRobotics was forced to stop shipping the Pixhawk flight controller overseas. Which pushed development overseas.