Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [News] No Second Chances for Windows Security As Homeland Security Cracks Whip

__/ [ Beve Stallmer ] on Saturday 12 August 2006 16:21 \__

> Hadron Quark wrote:
>> Beve Stallmer <stall-more@xxxxxxx> writes:
>> 
>>> Roy Schestowitz wrote:
>>>> ,----[ Quote ] | Not only has he had to deal with Katrina and
>>>> Osama. Now he's also got to | whip Steve Ballmer and the crew at
>>>> Microsoft into shape.
>>> Apparently nobody but me is alarmed that the US Government is
>>> directing computer users to download a mysterious patch with
>>> unknown functionality from their friends in Redmond. And this comes
>>> shortly after the US Govt was exposed for monitoring phone calls
>>> illegally.
>>> 
>>> I have never seen a better reason to use Linux. Never.
>> 
>> And how do you feel about nearly all distros requiring connection to
>> the relative repositories to download most of the disk heavy
>> applications we use in out day to day life. Do you read every bit of
>> source, or check that each binary corresponds to the that source? No?
>> Thought not.
> 
> I don't think you can compare open source code repositories to
> proprietary code in any circumstance, especially this one. Granted, the
> repositories may be compromised for a short while in some way, but that
> is nothing compared to loading a bunch of NSA-doctored DLLs from M$ into
> permanent use on your computer. Be very afraid.

I agree. You can always rely on some bored geek (I am sometimes among them)
staring at the code. It doesn't take more than a single alert person. With
today's blog phenomenon, you would not want to embed something fishy like
spyware in the source code. It leads to chaos and reputation is in jeopardy.
I have seen that happening in WordPress, for example (unintentionally
HotLinked image in version 1.5).

If binary patches are delivered and they are separated from the source, doubt
remains as to how the source was compiled and /what/ source was compiled.
Either way, it's more transparent and less prone to hiccups. Also
interesting is the timing of the HS request and the events in the UK
(terrorist threat and capture). Again, these are all just conspiracy
theories. I am not suggesting that Microsoft is liaising with governments
[1], but it may decide to do so one day.

Best wishes,

Roy

[1] http://news.bbc.co.uk/1/hi/uk_politics/4713018.stm

,----[ Quote ]
| UK officials are talking to Microsoft over fears the new version of
| Windows could make it harder for police to read suspects' computer files.
`----

PS - Beve Stallmer, good luck with Linux. Enjoy the ride and don't sling any
chairs at your collagues. For the sake of humanity...

-- 
Roy S. Schestowitz      |    Warning 0x12C: ispell feels tired
http://Schestowitz.com  |  SuSE GNU/Linux   ¦     PGP-Key: 0x74572E8E
         run-level 5  Jul 20 12:15                   last=S  
      http://iuron.com - help build a non-profit search engine

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index