I'm seeing lots of hyperbolic statements from people like you who: 1. Are convinced that the NSA runs Intel because... uh... conspiracy? 2. Are convinced that Via (to name one example) isn't on the NSA list.. which is why this is just a thinly disguised 2 minutes of hate on Intel with a veneer of "it's for the people!" 3. While you are 100% convinced that every number from RdRand is an NSA conspiracy, you flat out refuse to believe in real security holes that actually happened and that are actually documented.
If you have that level of paranoia, then you ought to just stop using any instruction of any kind on any big-bad Intel CPU (and ARM/ARM/etc. for that matter).
Basically, you are saying that even though it is easy to verify that the output of RdRand is random (and it is) that RdRand is "unauditable". Well guess what? If one instruction on a big-bad Intel CPU is "unaditable" then they ALL ARE. Add instructions? Can't be trusted. Mul instructions? NSA backdoors. Comparison ops? Obviously doctored to let NSA code sneak through?
You know what an "audited" software PRNG from a bunch of NSA-hating hackers is? A bunch of instructions that are executed on a CPU, that's what it is. But... we've just shown that all instructions on the CPU are really NSA backdoors, so even your magic "open source" PRNG is just another NSA backdoor! Have fun!
Ooh look.. an AC... do you work for the NSA? Are you here intentionally trying to plant a false flag about RdRand to push people into using crappy RNGs that are easier for you guys at Club Meade to break?
If I were the NSA, I'd be doing everything in my power to get the paranoid types to *NOT* trust good security solutions because of phantom magical "backdoors" that don't exist, while I would simultaneously exploit *REAL* security holes to spy on those exact same people. Just sayin...
You know what *ISN'T* truly random? When guys just like you who are all paranoid about the NSA went and broke OpenSSL in Debian for over 2 years in the name of "fixing" code: http://research.swtch.com/openssl
Oh, and are you and the petitioners going to be intellectually honest and demand the complete removal of Via Padlock support from Linux, or is this only an anti-Intel fanboy rant thinly disguised as "sticking it to the man?"
Guess what the NSA loves: When lemmings throw away real security solutions because they think the NSA engineers every transistor in every piece of hardware. Go ahead and try to put together your own crypto solutions, the NSA *wants* you to do that, because they are a hell of a lot smarter than you are.
Uh... deliberately weakened from what exactly? The magical multi-gigabit random number generator that doesn't exist in earlier chips?
It's pretty easy to go look at randomness and test it you know.... and Intel's RNG has stood up to testing and scrutiny by a whole bunch of real security researchers, not just paranoid basement dwellers who see the NSA around every corner.
If this petition is actually about people who think that an RNG is some evil NSA plot then I have news for you: THE NSA IS PROBABLY #1 IN LINE SUPPORTING THIS PETITION BECAUSE THE RDRAND GENERATOR PROBABLY MAKES THEIR LIVES A WHOLE LOT HARDER COMPARED TO CRAPPY DIY RNGS THAT THE PARANOID BASEMENT DWELLERS "INVENT" TO AVOID BIG-BAD INTEL!!!
Shouldn't we be welcoming RdRand with open arms? It's a mathematically proven high-quality random number generator that lets chips like Ivy Bridge & Haswell produce large amounts of true random data (not a simple PRNG data) at multi-gigabit speeds.
I would strongly recommend using it wherever feasible as it is a great boon to security in Linux.
So is some AMD/ARM fanboy saying that it's not fair that AMD/ARM haven't bothered to implement RdRand yet so therefore nobody should be allowed to use it? How about we extend that logic to other pieces of hardware? Say, when AMD comes out with an improved GPU, let's say that Linux shouldn't support it because Intel doesn't have the same hardware.. fair is fair right?
Now that Dear Leader Obama is the president and has decided that we all need to give war a chance, NPR has taken to calling anyone who doesn't want his war to be an "isolationist."
You'll note that this term was never used against people who disagreed with wars in Afghanistan or Iraq... instead those people were "anti-war" or "pro-peace". We basically need another Republican as president so that the press can go back to attacking the president instead of being his trained lapdog.
Yes you are right... it is unrealistically favorable to AMD that is since if you had bothered to look at the charts you'd note that the benchmark was a CPU-only test that gave AMD the advantage of being able to run the GPU at very low power since it isn't being stressed and redirect the power consumption to the CPU...
Oh and they also tested with discrete GPUs that completely relieve the APU of having to expend any energy on the IGP at all.
These chips are slightly faster (given equal core counts) than their predecessors but not in any interesting way.
However, you have to remember that these are really server chips that are repurposed for high-end desktop use. The one vital metric where these chips shine is in their power consumption (or lack thereof): Techreport did a test where the 6-core 4960X running full-bore is using about the same amount of power as a desktop A10-6800K part ( http://techreport.com/review/25293/intel-core-i7-4960x-processor-reviewed/9 )
That level of power efficiency will do wonders in the server world and these chips (and their 12-core bigger brothers) should do quite well in servers.
I've used tesseract + ghoscript as a front end to do OCRs of PDF documents. From my experience, tesseract is OK if you have original images that are pretty high quality (300 DPI minimum) printed using standard fonts with pretty standard layouts (the newest versions mostly works OK with a basic 2 column format). You'll still only get results in the high 90% range (which sounds good but is actually pretty atrocious compared to high-end OCR systems that are well up into the 9's for reliability). Oh, and even though you specify a language, tesseract has very little contextual knowledge of what it is scanning so you'll regularly see it run together two letters in properly spelled words to come up with mispelled words.
Oh, and you have to have a blacklist of characters since tesseract is absolutely in love with the idea of the letter A with the circle coming out of the top even though you tell tesseract that you are specifically scanning English documents where you just have the plain ordinary letter "A". A few other characters are like that too.
If, however you leave the reservation of high-quality scans of standard black & white printed text with normal layouts, tesseract quickly turns into a lovely random noise generator.
Looking at the mods that are done to my post is very interesting... when regular people who read the article and comments see my post, it goes up to +5 Insightful quite quickly.
Then DailyKos brigade and other paid schills show up with their accounts and promptly downmod the post in the name of their religious leaders. It's an interesting phenomenon and frankly it doesn't speak well to Slashdot's moderation system.
1. Article is behind a registration paywall, not that any of the editors bothered to proofread or click the link. 2. The "editors" probably chose this submission for the sole reason that it says "MoFo"... I have heard that Beavis & Butthead is back on the air so I guess the Slashdot editors are trying to get back to that level of discourse.
All I heard was Al Gore use the typical cop-out line of "some people say X" so he can put forth a position and blame it on those mythical "some people" later if it turns out that his tentative position turns out to be a bunch of B.S. (which it did).
Trust me, Al has no problems taking credit for something later if the magical "some people" turn out to be right about whatever point he is putting forward.
The Plasma Desktop, which provides the basic desktop experience for KDE (start menu, taskbar, widgets, etc.) is now going into long-term maintenance while the developers focus on Qt 5 & Qt Quick 2 for the new KDE frameworks. (P.S. --> This upgrade path will be massively less intrusive than what happened with the KDE 3 -> 4 upgrade so thankfully we should avoid the massive drama that happened during that transition)
Programs that are associated with the larger KDE project will still get upgrades and you'll see a gradual transition from Qt 4 to Qt 5 over time. It doesn't have to happen overnight and Qt 4 and Qt 5 applications can coexist just fine.
Basically: KDE is still being developed, but the plasma component of KDE 4 is now in maintenance mode while new developments shifts to Qt 5. The good news is that it is very mature software at this point, and there will still be bug fixes as needed.
I've got two different systems running Arch using these boards. One of them is booting in traditional BIOS mode, and when I turned off the secureboot and followed Arch's UEFI installation procedure, I got the second one booting with UEFI just fine.
Have you seen what the EPA has done to people? Calling them the Gestapo isn't that far off and I'm getting a little tired of the exact same people who think that the NSA spying on *anyone* (even North Korea) is some insane violation of the Constitution having zero problems with the EPA spying on American citizens and effectively confiscating their property and livelihoods because they think a slug might live within 50 miles of their homes.
So when Google/MS/etc. etc. all were heaping money on for the pro-gay marriage debate why was protest by company employees not allowed while this is seen as being a "moral' thing to do?
I'm not taking a position either way on either topic, I'm just pointing out that lots of people on this site and in general have very blinkered views where paying money to support the "correct" politicians is perfectly fine while paying money to support the "incorrect" politicians should somehow be illegal.
"We are the champions, my friends. And we'll keep on fighting, 'till the end! We are the Champions, We are the Champions! No room for losers, cause we are the Champions, Of the World."
It's kind of sad that people on Slashdot no longer understand that operating systems include modular components that can be replaced.
I installed Windows 8.. on a 5 year old Core 2 duo system using a spare hard drive. You know what? While I sure didn't like the UI choices MS made for Windows 8, it was at least as fast as my Arch Linux installation on the exact same box (the difference being that Arch got an SSD while Windows 8 was on an older mechanical hard drive).
In many ways the Windows graphics stack is well ahead of X (Wayland is fixing this fortunately, but it has taken a long time). The interesting thing is that the actual 3D stack in Linux, which practically ignores the X server in modern implementations, is actually quite good, but the actual core graphics in Windows are also very good despite what Slashtrolls would like to believe. Nvidia has done a very good job at getting comparable performance levels out of both platforms.
Oh yeah! As long as there is absolutely no chance of making a profit I'm sure safety will shoot right through the roof!
Just look at the death toll from Three Mile Island! Do you know that since the accident THOUSANDS of people in Pennsylvania have died from cancer! It's a crime!
Now look at Chernobyl where Progressive Soviet Idealism has shown the light that will conquer the corrupt imperialist western scum! Did you know that the death toll from cancer in Pripyat has been ZERO for over twenty years! This shows the superiority of the Soviet system over the profit-seeking scum who intentionally caused Three Mile Island and Fukushima because they made insane fortunes from nuclear accidents! Dear Leader Kim Jong Un will soon deliver us to a new world where there are no profits of any kind except to his ruling elite! Join us or die!
Wayland & Weston are coming along pretty well and we are seeing increased adoption in both GTK+/QT toolkits and in desktops with upcoming versions of KDE.
One area where the developers need to go out and evangelize is on the front of EGL for proprietary drivers. Yes it's great that Intel's open source drivers (and to a lesser extend the open-source AMD & Nvidia drivers) have EGL support, but both AMD & Nvidia need to be convinced that EGL is important to their upcoming proprietary drivers too.
The irony here is that Mir, which is is seen as a huge competitor to Wayland, could end up helping Wayland enourmously since Canonical doesn't seem to be afraid to pick up a phone and call people at AMD/Nvidia to talk about updating the drivers.
Chromebooks most certainly are self-serving products for Google. Just because they aren't selling on the same scale as Android doesn't make them charity devices.
To really use a Chromebook do you need to have a Google account? Yeah?
Will you be bombarded with ads? Sure?
Are the two complaints I just listed above huge bones of contention for Windows 8 & 8.1 (substituting Microsoft's online services for Google's)? YES.
So just because the Google version is "free" does that make it insanely great while a Windows machine is full of spyware? Not necessarily. A Chromebook running real Linux is nice, but a better-specced Windows notebook that also runs real Linux can be quite a bit nicer.
So basically the NSA has been granted the same level of access as every low-grade Taiwanese device manufacturer, the Mozilla foundation that wrote the firefox browser I'm using, and probably multiple front companies associated with the PLA. Check.
Still doesn't prove or even suggest there's a backdoor, and as far as I know, even the big-bad NSA would have to send traffic over a network to control my PC remotely. How come nobody has ever seen that traffic? In order for the traffic to be completely invisible, the NSA would by definition also have to have backdoors in Linux that prevent Linux based security monitors from seeing their traffic.
So basically we have two big choices: 1. The NSA has backdoors in everything (Windows and Linux) and the exact same security researchers who find holes in software on a daily basis are too stupid to see what would undoubtedly have to be highly complex rootkit software right in front of their noses. Basically, you think that Bruce Schneier isn't all that bright. OR: 2. When the NSA wants to do dirty work it uses the exact same exploits that crackers use every day, albeit with probably a greater degree of sophistication since they have a big budget. Since there are security holes in Windows, Linux, OS X, iOS, etc. etc., the NSA can certainly do nasty things, but they don't do it via magic, they do it exactly the same way that everyone else does it.
As I posted above... why does the NSA need Stuxnet to attack Windows computers in Iran when they have magical access to every Windows machine in existence already?
P.S. --> At no point in my post did I ever say that I trusted the NSA, I just pointed out facts that an open-source project is not magically invulnerable to security breaches simply because people can read the source code. If the Windows source was so uber-secret, how would you even know that it is approximately 50 million lines?
As a followup to my other response, if this magical backdoor into every Windows system on the planet is so great, then why was there a need for Stuxnet to ever come into existence?
The NSA should have built-in access to every Iranian Windows computer without the need for highly complex malware package!
Slashdot Mirror
I'm seeing lots of hyperbolic statements from people like you who:
1. Are convinced that the NSA runs Intel because... uh... conspiracy?
2. Are convinced that Via (to name one example) isn't on the NSA list.. which is why this is just a thinly disguised 2 minutes of hate on Intel with a veneer of "it's for the people!"
3. While you are 100% convinced that every number from RdRand is an NSA conspiracy, you flat out refuse to believe in real security holes that actually happened and that are actually documented.
If you have that level of paranoia, then you ought to just stop using any instruction of any kind on any big-bad Intel CPU (and ARM/ARM/etc. for that matter).
Basically, you are saying that even though it is easy to verify that the output of RdRand is random (and it is) that RdRand is "unauditable". Well guess what? If one instruction on a big-bad Intel CPU is "unaditable" then they ALL ARE. Add instructions? Can't be trusted. Mul instructions? NSA backdoors. Comparison ops? Obviously doctored to let NSA code sneak through?
You know what an "audited" software PRNG from a bunch of NSA-hating hackers is? A bunch of instructions that are executed on a CPU, that's what it is. But... we've just shown that all instructions on the CPU are really NSA backdoors, so even your magic "open source" PRNG is just another NSA backdoor! Have fun!
Ooh look.. an AC... do you work for the NSA? Are you here intentionally trying to plant a false flag about RdRand to push people into using crappy RNGs that are easier for you guys at Club Meade to break?
If I were the NSA, I'd be doing everything in my power to get the paranoid types to *NOT* trust good security solutions because of phantom magical "backdoors" that don't exist, while I would simultaneously exploit *REAL* security holes to spy on those exact same people. Just sayin...
You know.. I've seen plenty of real security research that says that the RdRand RNG is actually very good and produces very high quality output.
Here's just one set of results showing that the output is truly random, so-called NSA "backdoors" or not:
http://smackerelofopinion.blogspot.com/2012/10/intel-rdrand-instruction-revisited.html
You know what *ISN'T* truly random? When guys just like you who are all paranoid about the NSA went and broke OpenSSL in Debian for over 2 years in the name of "fixing" code: http://research.swtch.com/openssl
Oh, and are you and the petitioners going to be intellectually honest and demand the complete removal of Via Padlock support from Linux, or is this only an anti-Intel fanboy rant thinly disguised as "sticking it to the man?"
Guess what the NSA loves: When lemmings throw away real security solutions because they think the NSA engineers every transistor in every piece of hardware. Go ahead and try to put together your own crypto solutions, the NSA *wants* you to do that, because they are a hell of a lot smarter than you are.
Uh... deliberately weakened from what exactly? The magical multi-gigabit random number generator that doesn't exist in earlier chips?
It's pretty easy to go look at randomness and test it you know.... and Intel's RNG has stood up to testing and scrutiny by a whole bunch of real security researchers, not just paranoid basement dwellers who see the NSA around every corner.
If this petition is actually about people who think that an RNG is some evil NSA plot then I have news for you: THE NSA IS PROBABLY #1 IN LINE SUPPORTING THIS PETITION BECAUSE THE RDRAND GENERATOR PROBABLY MAKES THEIR LIVES A WHOLE LOT HARDER COMPARED TO CRAPPY DIY RNGS THAT THE PARANOID BASEMENT DWELLERS "INVENT" TO AVOID BIG-BAD INTEL!!!
Shouldn't we be welcoming RdRand with open arms? It's a mathematically proven high-quality random number generator that lets chips like Ivy Bridge & Haswell produce large amounts of true random data (not a simple PRNG data) at multi-gigabit speeds.
There are some excellent slides describing RdRand here: http://software.intel.com/en-us/tags/20757
I would strongly recommend using it wherever feasible as it is a great boon to security in Linux.
So is some AMD/ARM fanboy saying that it's not fair that AMD/ARM haven't bothered to implement RdRand yet so therefore nobody should be allowed to use it? How about we extend that logic to other pieces of hardware? Say, when AMD comes out with an improved GPU, let's say that Linux shouldn't support it because Intel doesn't have the same hardware.. fair is fair right?
Now that Dear Leader Obama is the president and has decided that we all need to give war a chance, NPR has taken to calling anyone who doesn't want his war to be an "isolationist."
You'll note that this term was never used against people who disagreed with wars in Afghanistan or Iraq... instead those people were "anti-war" or "pro-peace". We basically need another Republican as president so that the press can go back to attacking the president instead of being his trained lapdog.
Yes you are right... it is unrealistically favorable to AMD that is since if you had bothered to look at the charts you'd note that the benchmark was a CPU-only test that gave AMD the advantage of being able to run the GPU at very low power since it isn't being stressed and redirect the power consumption to the CPU...
Oh and they also tested with discrete GPUs that completely relieve the APU of having to expend any energy on the IGP at all.
These chips are slightly faster (given equal core counts) than their predecessors but not in any interesting way.
However, you have to remember that these are really server chips that are repurposed for high-end desktop use. The one vital metric where these chips shine is in their power consumption (or lack thereof): Techreport did a test where the 6-core 4960X running full-bore is using about the same amount of power as a desktop A10-6800K part ( http://techreport.com/review/25293/intel-core-i7-4960x-processor-reviewed/9 )
That level of power efficiency will do wonders in the server world and these chips (and their 12-core bigger brothers) should do quite well in servers.
I've used tesseract + ghoscript as a front end to do OCRs of PDF documents. From my experience, tesseract is OK if you have original images that are pretty high quality (300 DPI minimum) printed using standard fonts with pretty standard layouts (the newest versions mostly works OK with a basic 2 column format). You'll still only get results in the high 90% range (which sounds good but is actually pretty atrocious compared to high-end OCR systems that are well up into the 9's for reliability). Oh, and even though you specify a language, tesseract has very little contextual knowledge of what it is scanning so you'll regularly see it run together two letters in properly spelled words to come up with mispelled words.
Oh, and you have to have a blacklist of characters since tesseract is absolutely in love with the idea of the letter A with the circle coming out of the top even though you tell tesseract that you are specifically scanning English documents where you just have the plain ordinary letter "A". A few other characters are like that too.
If, however you leave the reservation of high-quality scans of standard black & white printed text with normal layouts, tesseract quickly turns into a lovely random noise generator.
Looking at the mods that are done to my post is very interesting... when regular people who read the article and comments see my post, it goes up to +5 Insightful quite quickly.
Then DailyKos brigade and other paid schills show up with their accounts and promptly downmod the post in the name of their religious leaders. It's an interesting phenomenon and frankly it doesn't speak well to Slashdot's moderation system.
1. Article is behind a registration paywall, not that any of the editors bothered to proofread or click the link. ... I have heard that Beavis & Butthead is back on the air so I guess the Slashdot editors are trying to get back to that level of discourse.
2. The "editors" probably chose this submission for the sole reason that it says "MoFo"
All I heard was Al Gore use the typical cop-out line of "some people say X" so he can put forth a position and blame it on those mythical "some people" later if it turns out that his tentative position turns out to be a bunch of B.S. (which it did).
Trust me, Al has no problems taking credit for something later if the magical "some people" turn out to be right about whatever point he is putting forward.
The Plasma Desktop, which provides the basic desktop experience for KDE (start menu, taskbar, widgets, etc.) is now going into long-term maintenance while the developers focus on Qt 5 & Qt Quick 2 for the new KDE frameworks. (P.S. --> This upgrade path will be massively less intrusive than what happened with the KDE 3 -> 4 upgrade so thankfully we should avoid the massive drama that happened during that transition)
Programs that are associated with the larger KDE project will still get upgrades and you'll see a gradual transition from Qt 4 to Qt 5 over time. It doesn't have to happen overnight and Qt 4 and Qt 5 applications can coexist just fine.
Basically: KDE is still being developed, but the plasma component of KDE 4 is now in maintenance mode while new developments shifts to Qt 5. The good news is that it is very mature software at this point, and there will still be bug fixes as needed.
I've got two different systems running Arch using these boards. One of them is booting in traditional BIOS mode, and when I turned off the secureboot and followed Arch's UEFI installation procedure, I got the second one booting with UEFI just fine.
Have you seen what the EPA has done to people? Calling them the Gestapo isn't that far off and I'm getting a little tired of the exact same people who think that the NSA spying on *anyone* (even North Korea) is some insane violation of the Constitution having zero problems with the EPA spying on American citizens and effectively confiscating their property and livelihoods because they think a slug might live within 50 miles of their homes.
So when Google/MS/etc. etc. all were heaping money on for the pro-gay marriage debate why was protest by company employees not allowed while this is seen as being a "moral' thing to do?
I'm not taking a position either way on either topic, I'm just pointing out that lots of people on this site and in general have very blinkered views where paying money to support the "correct" politicians is perfectly fine while paying money to support the "incorrect" politicians should somehow be illegal.
Here's the speech:
"We are the champions, my friends.
And we'll keep on fighting, 'till the end!
We are the Champions,
We are the Champions!
No room for losers, cause we are the Champions,
Of the World."
Oh... wait.. you meant THAT Queen?
Nevermind.
It's kind of sad that people on Slashdot no longer understand that operating systems include modular components that can be replaced.
I installed Windows 8.. on a 5 year old Core 2 duo system using a spare hard drive. You know what? While I sure didn't like the UI choices MS made for Windows 8, it was at least as fast as my Arch Linux installation on the exact same box (the difference being that Arch got an SSD while Windows 8 was on an older mechanical hard drive).
In many ways the Windows graphics stack is well ahead of X (Wayland is fixing this fortunately, but it has taken a long time). The interesting thing is that the actual 3D stack in Linux, which practically ignores the X server in modern implementations, is actually quite good, but the actual core graphics in Windows are also very good despite what Slashtrolls would like to believe. Nvidia
has done a very good job at getting comparable performance levels out of both platforms.
Oh yeah! As long as there is absolutely no chance of making a profit I'm sure safety will shoot right through the roof!
Just look at the death toll from Three Mile Island! Do you know that since the accident THOUSANDS of people in Pennsylvania have died from cancer! It's a crime!
Now look at Chernobyl where Progressive Soviet Idealism has shown the light that will conquer the corrupt imperialist western scum! Did you know that the death toll from cancer in Pripyat has been ZERO for over twenty years! This shows the superiority of the Soviet system over the profit-seeking scum who intentionally caused Three Mile Island and Fukushima because they made insane fortunes from nuclear accidents! Dear Leader Kim Jong Un will soon deliver us to a new world where there are no profits of any kind except to his ruling elite! Join us or die!
Wayland & Weston are coming along pretty well and we are seeing increased adoption in both GTK+/QT toolkits and in desktops with upcoming versions of KDE.
One area where the developers need to go out and evangelize is on the front of EGL for proprietary drivers. Yes it's great that Intel's open source drivers (and to a lesser extend the open-source AMD & Nvidia drivers) have EGL support, but both AMD & Nvidia need to be convinced that EGL is important to their upcoming proprietary drivers too.
The irony here is that Mir, which is is seen as a huge competitor to Wayland, could end up helping Wayland enourmously since Canonical doesn't seem to be afraid to pick up a phone and call people at AMD/Nvidia to talk about updating the drivers.
Chromebooks most certainly are self-serving products for Google. Just because they aren't selling on the same scale as Android doesn't make them charity devices.
To really use a Chromebook do you need to have a Google account? Yeah?
Will you be bombarded with ads? Sure?
Are the two complaints I just listed above huge bones of contention for Windows 8 & 8.1 (substituting Microsoft's online services for Google's)? YES.
So just because the Google version is "free" does that make it insanely great while a Windows machine is full of spyware? Not necessarily. A Chromebook running real Linux is nice, but a better-specced Windows notebook that also runs real Linux can be quite a bit nicer.
So basically the NSA has been granted the same level of access as every low-grade Taiwanese device manufacturer, the Mozilla foundation that wrote the firefox browser I'm using, and probably multiple front companies associated with the PLA. Check.
Still doesn't prove or even suggest there's a backdoor, and as far as I know, even the big-bad NSA would have to send traffic over a network to control my PC remotely. How come nobody has ever seen that traffic? In order for the traffic to be completely invisible, the NSA would by definition also have to have backdoors in Linux that prevent Linux based security monitors from seeing their traffic.
So basically we have two big choices:
1. The NSA has backdoors in everything (Windows and Linux) and the exact same security researchers who find holes in software on a daily basis are too stupid to see what would undoubtedly have to be highly complex rootkit software right in front of their noses. Basically, you think that Bruce Schneier isn't all that bright.
OR:
2. When the NSA wants to do dirty work it uses the exact same exploits that crackers use every day, albeit with probably a greater degree of sophistication since they have a big budget. Since there are security holes in Windows, Linux, OS X, iOS, etc. etc., the NSA can certainly do nasty things, but they don't do it via magic, they do it exactly the same way that everyone else does it.
As I posted above... why does the NSA need Stuxnet to attack Windows computers in Iran when they have magical access to every Windows machine in existence already?
P.S. --> At no point in my post did I ever say that I trusted the NSA, I just pointed out facts that an open-source project is not magically invulnerable to security breaches simply because people can read the source code. If the Windows source was so uber-secret, how would you even know that it is approximately 50 million lines?
As a followup to my other response, if this magical backdoor into every Windows system on the planet is so great, then why was there a need for Stuxnet to ever come into existence?
The NSA should have built-in access to every Iranian Windows computer without the need for highly complex malware package!