I don't think you have any idea how the OpenBSD project works, do you ?
Internally, no. I honestly have no idea. But it is FOSS and that means it's subject to external audit, if enough people care enough to go through the code.
Don't flame me...I'm just adding a bit of context to the original comment.
-JJS
No flames here, just gonna make the point that each of the books pulled from Amazon for incest probably has at least as much context surrounding its incest scenes.
One thing I want to point out is that Lot didn't voluntary sleep with his daughters.. so him being a righteous man stands as a valid point in the ancient fairy tale collection.
Good point, his daughters got him drunk and took advantage of his condition. So the incest is really on them, not him. Still a damn dirty story though. And he did voluntarily offer his virgin daughters up for gang rape by the angry mob of Sodomites. Kind of hard to call that sort of behavior righteous, in my book.
I sure hope they removed The Holy Bible, too. Lot has sex with both of his daughters, it's right there in Genesis. And Lot's even the hero of the story, the one righteous man allowed to escape Sodom. It would be a real shame if they applied a double standard.
Yeah, but would the hardware in question be pervasively duplicated? Why would they want a backdoor limited to one device, when they could have one that was guaranteed to spread over time?
If it is true, it was submitted as source code, subject to review, accepted by the community, and installed by users. I see nothing illegal here.
Not illegal until the backdoor were actually used. Although the community could probably sue for common-law fraud; if you knowingly offer something that is not what you claim it to be, allowing the recipient to review before accepting is usually not a defense.
Actually, I take that back. Not because it's not fraud, but because of sovereign immunity. You can't sue the FBI except in exceptional circumstances, spelled out by statute.
If it is true, it was submitted as source code, subject to review, accepted by the community, and installed by users. I see nothing illegal here.
Not illegal until the backdoor were actually used. Although the community could probably sue for common-law fraud; if you knowingly offer something that is not what you claim it to be, allowing the recipient to review before accepting is usually not a defense.
I also don't see where it's necessarily warrantless wiretapping. Sure, it could be used for that, but this kind of thing could also absolutely be used for warranted wiretapping. The FBI goes to a judge, gets a warrant, captures the traffic, and decrypts it using the backdoor. Again, nothing illegal.
Yeah, to charge warrantless wiretapping they would have to find evidence the backdoor was actually used without a warrant. Besides which, why would the US gov't charge its own agents for working on its behalf? GP makes no sense on this point.
There are ethical issues with intentionally subverting such a project, but I don't see legal issues such as you claim.
Well, if there are any they're muddy and obfuscated, just like this backdoor.
In the case of a company, you have to either subvert or plant employees there. Doing that without a court order would be illegal. It also has to go on undetected, of course, and that is much harder since the employee works physically at the company.
Or you could just ask management nicely to put it in for you. For example, if you were the NSA and you were dealing with Microsoft...
In other words, as long as everyone's too lazy/cheap/dumb to actually DO an audit, yes, FOSS is by no means more secure than CSS.
With FOSS, though, all it takes is for ONE person to not be too lazy/cheap/dumb to actually notice an anomaly and people will be all over it like piranhas on a floating cow.
Yeah, so the only problem here is that OpenBSD didn't even have that one. Not that the model is busted. OpenBSD just shoulda been more popular and accessible.
Commercial is different though, with FOSS I and (everyone else should for that matter), expect that there are no backdoors and it does exactly what it says it does.
Ok, you're free to believe something as absurd as that, but why would you tell us that we all should as well? As a general rule is foolish to expect that ANY piece of software will have NO back doors and do exactly what it says it does. ALL software has bugs, and I've never heard anyone claim that FOSS is any different. I generally expect FOSS to have fewer backdoors and be something closer to what it says it does than proprietary software, but there are a ton of caveats to that; for example, the more widely-used a FOSS product is, and the wider the developer base, the more likely I would expect it to be that there are no back doors. I would never assume it were 100%, even for a big, well-funded product like Ubuntu. That's why I get security updates a couple times a week.
That is supposed to be one of the biggest "selling points" of FOSS.
One of the biggest selling points is supposed to be that it's perfect? I don't think so. Better on average than closed-source, yes. Perfect, no.
Most of the guys at the top making these decisions are old and don't understand how the internet works.
These decisions are made by Congress. Not everyone in Congress is old, and not all of them are guys.
Since when is the Secretary of the Air Force (or the Chief of Staff of the Air Force, or the Under Secretary of the Air Force...) a member of congress?
Trolling much? I'll feed the troll. USAF pilots are by and large very bright individuals (yes, I have spent a lot of time around a number of them). You don't get to be an Air Force pilot by being "dumb as bricks."
That's why GWB was only allowed into the Guard and the Reserve.
Slashdot Mirror
I don't think you have any idea how the OpenBSD project works, do you ?
Internally, no. I honestly have no idea. But it is FOSS and that means it's subject to external audit, if enough people care enough to go through the code.
Point of context:
...
Don't flame me...I'm just adding a bit of context to the original comment.
-JJS
No flames here, just gonna make the point that each of the books pulled from Amazon for incest probably has at least as much context surrounding its incest scenes.
One thing I want to point out is that Lot didn't voluntary sleep with his daughters .. so him being a righteous man stands as a valid point in the ancient fairy tale collection.
Good point, his daughters got him drunk and took advantage of his condition. So the incest is really on them, not him. Still a damn dirty story though. And he did voluntarily offer his virgin daughters up for gang rape by the angry mob of Sodomites. Kind of hard to call that sort of behavior righteous, in my book.
I sure hope they removed The Holy Bible, too. Lot has sex with both of his daughters, it's right there in Genesis. And Lot's even the hero of the story, the one righteous man allowed to escape Sodom. It would be a real shame if they applied a double standard.
Didn't Amazon say that they would no longer remove books remotely?
This is why we don't believe things Amazon says it will or won't do.
Yeah, but would the hardware in question be pervasively duplicated? Why would they want a backdoor limited to one device, when they could have one that was guaranteed to spread over time?
If it is true, it was submitted as source code, subject to review, accepted by the community, and installed by users. I see nothing illegal here.
Not illegal until the backdoor were actually used. Although the community could probably sue for common-law fraud; if you knowingly offer something that is not what you claim it to be, allowing the recipient to review before accepting is usually not a defense.
Actually, I take that back. Not because it's not fraud, but because of sovereign immunity. You can't sue the FBI except in exceptional circumstances, spelled out by statute.
If it is true, it was submitted as source code, subject to review, accepted by the community, and installed by users. I see nothing illegal here.
Not illegal until the backdoor were actually used. Although the community could probably sue for common-law fraud; if you knowingly offer something that is not what you claim it to be, allowing the recipient to review before accepting is usually not a defense.
I also don't see where it's necessarily warrantless wiretapping. Sure, it could be used for that, but this kind of thing could also absolutely be used for warranted wiretapping. The FBI goes to a judge, gets a warrant, captures the traffic, and decrypts it using the backdoor. Again, nothing illegal.
Yeah, to charge warrantless wiretapping they would have to find evidence the backdoor was actually used without a warrant. Besides which, why would the US gov't charge its own agents for working on its behalf? GP makes no sense on this point.
There are ethical issues with intentionally subverting such a project, but I don't see legal issues such as you claim.
Well, if there are any they're muddy and obfuscated, just like this backdoor.
Especially when OpenBSD asks us to play a "nice game of Chess" whenever we log in. We shoulda suspected...
if classified, it would be CIA. FBI has nether mandate, nether authority to declare anything 'classified'.
Nether mandate? Are you telling me the FBI is Hell's agency?
Who watches the Watchmen?
Not me, I'd rather re-read the graphic novel.
In the case of a company, you have to either subvert or plant employees there. Doing that without a court order would be illegal. It also has to go on undetected, of course, and that is much harder since the employee works physically at the company.
Or you could just ask management nicely to put it in for you. For example, if you were the NSA and you were dealing with Microsoft...
In other words, as long as everyone's too lazy/cheap/dumb to actually DO an audit, yes, FOSS is by no means more secure than CSS.
With FOSS, though, all it takes is for ONE person to not be too lazy/cheap/dumb to actually notice an anomaly and people will be all over it like piranhas on a floating cow.
Yeah, so the only problem here is that OpenBSD didn't even have that one. Not that the model is busted. OpenBSD just shoulda been more popular and accessible.
Commercial is different though, with FOSS I and (everyone else should for that matter), expect that there are no backdoors and it does exactly what it says it does.
Ok, you're free to believe something as absurd as that, but why would you tell us that we all should as well? As a general rule is foolish to expect that ANY piece of software will have NO back doors and do exactly what it says it does. ALL software has bugs, and I've never heard anyone claim that FOSS is any different. I generally expect FOSS to have fewer backdoors and be something closer to what it says it does than proprietary software, but there are a ton of caveats to that; for example, the more widely-used a FOSS product is, and the wider the developer base, the more likely I would expect it to be that there are no back doors. I would never assume it were 100%, even for a big, well-funded product like Ubuntu. That's why I get security updates a couple times a week.
That is supposed to be one of the biggest "selling points" of FOSS.
One of the biggest selling points is supposed to be that it's perfect? I don't think so. Better on average than closed-source, yes. Perfect, no.
Many eyes makes FOSS software invulnerable to this sort of attack?
Only for those FOSS projects that actually have many eyes on them.
Most of the guys at the top making these decisions are old and don't understand how the internet works.
These decisions are made by Congress. Not everyone in Congress is old, and not all of them are guys.
Since when is the Secretary of the Air Force (or the Chief of Staff of the Air Force, or the Under Secretary of the Air Force...) a member of congress?
The knowledge remains dangerous until something is done to counter whatever the threat is. Thus it remains classified until the threat is countered.
So once that nosy-ass American public has been neutralized, the military will be able to go about their business again.
Trolling much? I'll feed the troll. USAF pilots are by and large very bright individuals (yes, I have spent a lot of time around a number of them). You don't get to be an Air Force pilot by being "dumb as bricks."
That's why GWB was only allowed into the Guard and the Reserve.
Dude! Pizza! Path to world peace!
Be excellent to each other.
I want an email provider and DNS service that allows metasyntactic variables.
Well, why didn't you say so in the first place, your_slashdot_username_here?
You'll have to excuse me for having been a small child at the time the appropriate RFCs were published.
Shoot whoever read your e-mail, whoever didn't protect your e-mail, and while you're at it, anyone on your lawn.
But what if they're all on the other end of the Series of Tubes[TM] and our connection doesn't support Bullet Transfer Protocol?
My address is [my first name]@[major provider]. It's ancient and I plan on keeping it.
Wow! I want an email provider and DNS service that allows brackets and spaces!
I want an email provider and DNS service that allows metasyntactic variables.
To shoot a hole in my emails? I don't follow...
Our email is safe!...kind of...
"Shall not be infringed" is how...
Once again, how is a background check an infringement on the right to keep and bear something?