Slashdot Mirror
Pentagon Creates 'Do Not Buy' List of Russian, Chinese Software (defenseone.com)
An anonymous reader quotes a report from Defense One: The Pentagon is warning the military and its contractors not to use software it deems to have Russian and Chinese connections, according to the U.S. Defense Department's acquisition chief. Officials have begun circulating a "Do Not Buy" list of software that does not meet "national security standards," Ellen Lord, defense undersecretary for acquisition and sustainment, said Friday. The Pentagon started compiling the list about six months ago. Suspicious companies are put on a list that is circulated to the military's software buyers. Now the Pentagon is working with the three major defense industry trade associations -- the Aerospace industries Association, National Defense Industrial Association and Professional Services Council -- to alert contractors small and large. Lord said defense officials have also been working with the intelligence community to identify "certain companies that do not operate in a way consistent with what we have for defense standard." Asked if programs and weapons were compromised by foreign software, Lord said, "These are more widespread issues. I don't think we're focused on one particular system."
What walls can we build next? Oh, right: 200-foot walls along all our borders to keep the monsters and zombies at bay....
Hey, Russia - if you're listening - put all Microsoft products on that list.
Great to know, a list of software that doesn't contain US government sanctioned backdoors. If the Pentagon doesn't like it, then you can be 99% sure it values your privacy and doesn't harvest your private data.
The irony, is that i might sound like a troll, but this is the truth.
Will get you off the list.
they are doing this?? Buncha Rip Van Winkies...
All that telemetry spying on your military.
If we're being frank though, Microsoft products should also be on that list. It's not because they could be beholden to foreign power but because they are pretty shoddy as far as security.
Anons need not reply. Questions end with a question mark.
A perfectly reasonable idea that will be used for all the wrong reasons. So, standard operating procedure, I guess
What walls can we build next? Oh, right: 200-foot walls along all our borders to keep the monsters and zombies at bay....
Which was a campaign promise, which a lot of people want, which would help us economically, and which should be at the very least debated without rancor.
Show us how unrestricted immigration will benefit us and we'll listen.
Debate by insult is not debate.
My do not use software list is... MS, Apple.
Because the current behaviour of Russia and China isn't very friendly to say the least, it's very aggressive. And with such a whimp as a president who just needs to hear the magic words and he will give you the droll lock and roll over for Putin like a pet for his owner.
And please don't compare the behaviour of Russia or China to US-Israel-stuxnet. On the one side nobody in his right mind wants to have a nuclear armed Iran and on the other the action taken was precisely directed towards one goal, uran enrichment and not against the goverment system of iran.
Just skimmed the article and pdf, don't see any specific software listed.
Wait, it is 2018 and this list didn't exist already???
US & Israel are good, always good, and will be good forever.
On the other hand, China & Russia are bad, always bad, and will be bad forever.
Stuxnet is good, but anything coming out of China / Russia is bad.
Is that what you are saying??
Yeah compile your list of software that runs on Chinese hardware, maybe its in the processor, or maybe the soundcard, perhaps the network card, or the router, or the switch or the USB controller, raid controller, flash memory, or the graphics card, who knows ?.
face it, you are fucked.
Facebook, Instagram, Twitter, Snapchat, Whatsapp, and other social media platforms that foreign countries contaminate with ad-buying.
It little behooves the best of us to comment on the rest of us.
... list?
It little behooves the best of us to comment on the rest of us.
You can add the United States to that list of "Do Not Buy" software.
Proprietary software cannot be trusted. It must always be treated as potential spyware. Only free-as-in-freedom software can be allowed for critical tasks.
Circumcision is child abuse.
so it's a buy list?
Russia has engaged the US on the Syrian battlefield as an enemy multiple times this year, but China just wants to do business. Treating them the same way plays down the threat posed by Russia and inflates the one posed by China. It excuses Trump and vilifies Xi.
You know, that list is for government, not for "the little people", right?
China has every intension of being the #1 power in the world. Plans to overcome everyone by all means, documented. They DO NOT *just want to do business.*
I'm looking forward to Russia and China releasing their own tit-for-tat list of consumer products that come with preinstalled NSA/CIA backdoors.
The military and its contractors gave away thousands of times more secrets than Snowden or Assange, but they still have their jobs, pay and security clearance.
Want to see the list! Where is it? Who is making it? NSA? FBI? CIA? What is the purpose of the list and how can we use it to make software safer? This is so cool! Need list!
We just got hacked by the Russians and now you whine like a bitch when the government actually does something about it?
Are you fucking stupid or a Russian bot?
Much of this, used in many telephone companies, is developed in Moscow.
-- I ignore anonymous replies to my comments and postings.
"When you think government spyware, Buy American!"
This space for rent
Since when does slashdot link to stories with tracking on them - ?oref=d-topstory - ? I thought that was against the slashdot code.
Best case scenario Beau just copied the link from somewhere else with the tracking already on there.
They forgot to put Cisco on that list of backdoor-ed software
Page 11 reads like a recommendation what to invest in ^_^
What about Tibet? True, Tibet was conquered by the "Chinese" empire when China itself was under Mongol rule. So in that sense, it was the Mongols that conquered Tibet. Tibet, having regained independence after the Chinese overthrew the Mongols, was actually an independent state before the Red (Mainland) Chinese under chairman decided to "liberate" it from its Buddhist religious overlords.
Actually the irony is that you can not be sure of that at all precisely for the same reason we can not trust so much of the software on and off this Pentagon list. Your post is currently moderated as "Interesting" but would be better moderated as "Funny" because it might be a joke, but it certainly isn't true.
The way we come to trust a program is by examining its source code, then modifying that program to suit our needs, running the version of the program we trust, and we can help our community by distributing a copy of the program and its source code under a free software license. These are the four freedoms of free software—software users are free to run, inspect, modify, and share for any reason even commercially. Therefore free software is worth trusting; when those who are skilled and motivated to do the vetting do that work, they can come to trust that software. Those who trust their efforts can get copies of programs from them.
Nonfree software (proprietary, user-subjugating software) is frequently malware and is untrustworthy by default. We don't know what's in it and we're unable to inspect its source code. This means we can't "be 99% sure it values your privacy and doesn't harvest your private data". Perhaps it does that but is part of a malware scheme separate from the US Government and American corporate malware schemes we've come to learn about. We also don't know if they have "US government sanctioned backdoors" but direct the spied-upon data somewhere else. If we find out a proprietary program is malware we can't do anything to fix that program (modification is not legally allowed), and even if we modify a copy of the binary we can't legally distribute a copy of that fixed binary to others to help our community.
Therefore this list doesn't help us evaluate trustworthiness at all. At best it uses a proxy for trustworthiness—nationality (if that even means anything, considering software development firms hire worldwide): the nationality of people or an organization that had something to do with writing the code. But that's not terribly helpful. If the NSA hired a contractor to write a program, then released that program as free software, we could vet that program's source code and that code might be useful to us in the free world despite that the code came from the NSA (which is justifiably widely untrusted in so many of their other activities). In another example we're told that Apple's iTunes contained a security flaw that went unpatched for years and "allowed intelligence agencies and police to hack into users' computers for more than three years". I'm guessing people working with both the NSA and Apple come from many countries.
Digital Citizen
This was all before the welfare state.
> false dilemma on your "either we get a wall or we get unrestricted immigration". Nobody is arguing in favor of unrestricted immigration
Many, many people, especially Democrat politicians, are in fact saying we should not enforce immigration law, and indeed violating their oath of office by refusing to enforce the law. Ignoring, and even actively frustrating, the law is acting for unrestricted immigration, and then some. Giving driver's licenses and even voter registration cards to people who came in illegally because they couldn't get in legally favors more entry by people who aren't legally qualified. This is turn reduces the amount of legal immigration we can have before it's simply too many people too quickly.
If you personally think that when we make laws we ought not ignore them, that what we decide is the law, and write down as law, should actually be the enforced law, that's cool. That's a point of common ground from which we can discuss further. Many people don't believe that. Many people believe in passing laws legitimately via the Constitutional process and then utterly ignoring them. In some areas, the people who want to ignore the law are the majority.
Re economic effects:
It can be shown that there are benefits to properly managed immigration. Having a moderate number of highly skilled workers added to the country increases our tax base and skill base.
It can also easily be shown that having 30 million illiterate people with little to no job skills enter the country this year would be an economic catastrophy. Of everyone from Mexico City came to Texas, then Texas would very quickly become a lot like Mexico City. The same people doing the same things would get the same results that they get there.
If you're at all familiar with the drug wars in Mexico, it doesn't take much imagination to think about what the effects of drug gangs armed with machine guns would do to low-income communities in the US.
So it's clear that immigration can have significant effects. Significant economic effects and significant other effects. You seem to be at least literate, so I can't imagine you can disagree with that. What effects it has depends entirely on who comes in, from where, an how many in a given year. Thirty German scientists was very good for the US. Ten thousand MS-13 members would be very bad.
So we know there are definite significant effects, and they can be positive or negative depending on who, from where, how many, etc. That means you can get great benefits by policies that manage immigration well, and really bad problems from policies that manage it poorly, or not at all. A de facto open border, failing to secure ones border, selects for more of the people who break the law, rather than having that capacity available to law-abiding people who follow the legal process. So the worst possible policy is one that doesn't let in many law-abiding people, while allowing those who don't follow laws to come in whenever they please.
Ask Microsoft and Oracle for their best Malware today!
Maybe they had trouble finding it because systemd didn't mount the drive correctly?
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
good
Putin says it's safe so hey, what can we do?
I hate article like that one. I want to see the list!
Otherwise you print a "do not buy" list. America is the land of the free until they feel the competition.
"Why don't you adopt our wonderfulvalues?" they ask. Well, it's because you don't follow them.
Asked if the military's security expectations were arbitrary and unfair, Pentagon Spokesman Squamous Turdstocking III said, "It's not that we're catagorically against back doors in our software. We just want to make sure only Russia and our Commander In Chief have a set of keys.
I've calculated my velocity with such exquisite precision that I have no idea where I am.
It beggars belief that any "power" relies on the software built by other "powers". Even the software from your "friends" is likely to have hidden exploits, because they will want to know what your plans are.
It's sad that everything has become political and you cannot be sure that there are any security reasons for these listings.
Assorted stuff I do sometimes: Lemuria.org
I guess hacking from Zionist for the last 20 years doesn't matter. Or do they just bribe better.
Everyone in the defense industry should be required to buy American. It's fucking insane that we let Chinese and Russian technology into the industry at all.
One would ask why they were ever allowed to be on the list in the first place.
Don't buy any software that's for sale.
Seriously, there's a strong correlation between: lasting security, honesty, open source, and free (as in beer). Certainly, for anything where security is a concern (e.g. chat), start by eliminating everything but FOSS (which is usually free as in beer).
Russian cyber security firm, Kaspersky Lab, is being investigated by the F.B.I. for possible links to Russian security services. Quote from NY Times 9/12/2017. US govt put out notice to remove this anti-virus from all government not only DOD computers within 90 days ordered by Elaine C. Duke, the acting secretary of Homeland Security. Boxes with embedded code, like routers, cable modems, computers desk & laotop, etc may be infected with backdoor or corrupted software put there in China's production factories by People's liberation army cyber experts. Unless we know the embedded code is pristine, we have given our country's cyber system access to America's enemies. Look at Stuxnet code launched against Iran's nuclear enrichment machines, Iran had no idea that they had been hacked but good. We need AI, machine learning or something to detect the malicious low level code that controls hardware and keep our systems from harm both foreign and domestic sources.