02.24.14
Posted in Apple, GNU/Linux, Microsoft, Security at 9:06 am by Dr. Roy Schestowitz
Summary: The risk of back doors in GNU/Linux comes not from source code but from blobs, back room deals, the build process, and bogus standards with weaknesses cleverly shoehorned into them
IT HAS BEEN a while since we last wrote about Mr. Srinivasan from Microsoft-Novell. Suffice to say, Novell did a lot for Microsoft and some former staff of Novell continues to work for Microsoft (either directly or indirectly). One gift from Novell to Microsoft was OOXML inside FOSS/OOo. Another was Mono and let’s not forget intrusion into Linux itself. Robert Pogson goes as far as saying that Microsoft “Hacked Linux!”
“My configuration,” Pogson argues, “has CONFIG_HYPERV not set. The code in question is Copyright 2010, Novell (mshyperv.c), and Copyright 2009, M$ (vmbus_drv.c). K. Y. Srinivasan is listed as one of the authours on both. I’m not about to run that other OS on Beast, but thank you, Thomas Gleixner, for fixing things.” (see this link)
Performance issues overlook the much bigger problem — a problem which we addressed several times before. We already know that the NSA is pursuing back doors in Linux [1, 2, 3, 4] and as we pointed out before, the NSA might already have some.
incidentally, as we have shown before, Yahoo was fighting against NSA surveillance in court. When Microsoft took over Yahoo it became apparent that Yahoo stopped fighting and soon became part of PRISM. While some new reports suggest that Yahoo might be ready to escape Microsoft “Yahoo is still in NSA’s pocket though even if they break free of Microsoft,” explains iophk.
Likewise, even if Linux does not engage with Microsoft, the code from Microsoft remains stuck inside Linux and even if there are no back doors in the code itself, this connects to a system, Hyper-V, which is developed by a back doors specialist (Microsoft). There are binary-level back doors from which to access GNU/Linux systems because if the host machine runs Windows, then we already know that the NSA has access. A nearby company that I once visited, UKFast (the UK’s largest ‘cloud’ provider), runs GNU/Linux servers under HyperV, based on what they told me. How insane is that?! GCHO must love it!
Adding to some concerns about back doors, NSA ally and PRISM partner Apple turns out to have hidden a back door. As Think Progress puts it, “Apple quietly released a major update Friday to fix a security glitch in its iOS 7 systems. But independent security experts say the seemingly routine update covers up what arguably could be Apple’s biggest security lapse, exposing iPhone, iPad and iPod Touch users to hackers.”
Whether it’s a back door or just direct access does not matter, but it enables Apple to dance around important questions. It works across several Apple platforms, even desktop platforms [1].
As iophk put it, in relation to this other new article [2] “Potential problems with an official back door in HTTP 2.0, though only in a proposed draft so far. But because of the ways certificates are currently (mis-)managed, this kind of interception of HTTPS is already easy.”
“See one example with four steps,” he added, pointing to [3] from the OpenBSD mailing lists.
It’s not as though GNU/Linux is immune to back doors (Debian has some new security advisories [4,5]), but at least with access to source code the back doors remain very shallow and too risky/difficult for malicious/covert entities to hide. It’s when proprietary software gets added that we lose the ability to ascertain security and privacy. █
Related/contextual items from the news:
-
-
If you care about Internet security, especially what we call “end-to-end” security free from easy snooping by ISPs, carriers, or other intermediaries, heads up! You’ll want to pay attention to this.
You’d think that with so many concerns these days about whether the likes of AT&T, Verizon, and other telecom companies can be trusted not to turn our data over to third parties whom we haven’t authorized, that a plan to formalize a mechanism for ISP and other “man-in-the-middle” snooping would be laughed off the Net.
But apparently the authors of IETF (Internet Engineering Task Force) Internet-Draft “Explicit Trusted Proxy in HTTP/2.0″ (14 Feb 2014) haven’t gotten the message.
What they propose for the new HTTP/2.0 protocol is nothing short of officially sanctioned snooping.
-
This mail includes a quite detailed explanation of the attached diff that adds support for SSL Interception (“SSL-MITM”) to relayd. If you don’t want to read the story, just skip to the configuration example and diff below.
-
-
Permalink
Send this to a friend
Posted in Deception, Microsoft at 8:25 am by Dr. Roy Schestowitz
Summary: Slashdot is promoting Microsoft spin/agenda, insinuating that people who dislike Microsoft are irrational and that it’s the equivalent of discrimination
OVER THE PAST few years the blatant Microsoft affinity at Slashdot turned into somewhat of a disease (like in ZDNet, where top-level sections are all about Microsoft and writers are from Microsoft), with additional hires of Microsoft boosters as staff writers and subsequently grooming of the Gates Foundation, Microsoft, and people who work for Microsoft. Selling agenda is the business model now. Slashdot rapidly became a Microsoft mouthpiece, choosing agenda instead of news. No wonder readers are moving elsewhere, abandoning Slashdot and sometimes even boycotting it.
Don’t expect sites like Slashdot to cover what sites like Activist Post are covering, reminding us again that Bill Gates remains an inherently malicious, greedy and selfish individual, spying on children for profit. As Activist Post puts it: “New York state authorities are outsourcing data collection on school kids. The program, which is to be launched state-wide, is supposed to gather information on students starting from the age of five to better “tailor education” to the needs of children.
“New York hired a non-profit private contractor inBloom, funded by the Bill Gates Foundation, as the gatekeeper of this data.”
The latest agenda-selling from Slashdot can be found here, linking to a self-described employee of Microsoft (“Web Platform Team at Microsoft”). Slashdot hardly discloses this relationship, nor does it bother to highlight the fact that Microsoft employment is a choice, not a condition (nobody is born a Microsoft employee). The messenger actually chose to work for the criminal organisation, but now he pretends that the crimes have absolutely nothing to do with him. He is trying to portray disdain for crime as a psychological issue of some kind and to also pretend Microsoft has changed while it’s clear that it did not.
This is a typical Microsoft tactic and Slashdot should be ashamed of itself for pushing this agenda. “Dice publishing shills,” iophk wrote about it, “quite shameless” (here is the alternative link he sent).
The Microsoft spinner says: “I think that Microsoft is very aware of perceptions and is actively trying to counter them by actually being open. I’d say we’re more concerned than a Google or Apple about how folks perceive us.”
Nonsense. Marketing. His closing words are: “I said, find a new reason to hate Microsoft. I didn’t kill your Pappy, son.”
What utter nonsense. He uses projection from collective to personal in an attempt to cleanse his employer from liability for crimes.
“Scott Hanselman disagrees,” Mr. Robert Pogson responds. “He claims we should forget history.”
It’s not just history, it’s the present too, including bribes, racketeering, etc.
To quote further from Pogson: “Bill Gates offered to pay Intuit to ship IE instead of Netscape. That’s not a business deal. That’s a criminal conspiracy to drive Netscape out of business. That’s what Bill Gates is all about, harming others going about their businesses. He’s still in charge last time I checked.”
Lastly, here is where Pogson addresses the deception pattern which is to equate choice with a condition: “Hatred like any mind-set can be rational or irrational. We are right to hate the dog chewing on the kid. We take brisk action to deal with that evil. We are wrong to hate someone for something they can’t help like skin colour, genes, or their ancestral home. There’s nothing anyone can or should do about things like that. Microsoft? It’s definitely in the rational hatred category. M$ is out to get us. It has been from early on in its existence and it’s still run by the same people. Some have changed. But Gates and Ballmer are still around. They are evil people trying to harm us all by supporting and exploiting monopoly to do unspeakable things in IT, meddling with the business of software development, manufacturing, retailing, end-users to enrich itself at the expense of everyone else. Proper businesses serve customers, not enslave them.”
Nobody hates Microsoft staff for racial reasons, but it’s easy for Microsoft to try and spin it like that, especially with its new CEO (we covered this before and predicated this move last year). People hate the choice to commit crimes and the choice to join criminals.
Slashdot could not defend the editorial choice by saying it’s newsworthy. It’s not news, it’s not noteworthy, and there is a conflict of interest here. █
Permalink
Send this to a friend
Posted in DRM at 8:00 am by Dr. Roy Schestowitz
Summary: Microsoft’s close partner, Netflix, is quickly turning the Internet into another Big Cable/Telecom-controlled DRM streaming conduit
WHEN Net Neutrality was dying in the US many people wondered why Netflix did almost nothing in response. Well, just like Google, Netflix should not be assumed to be an advocate for Net Neutrality. Both companies, along with Microsoft, promote DRM on the Web. Google pretty much stopped fighting for Net Neutrality several years ago. All Google cared about was itself. If it could make the policies work out for its business model (e.g. not discriminating among users of YouTube), then why should it bother with the interests of the vast majority of the population? The same goes for privacy and the so-called ‘resistance’ NSA faces from Facebook, Google, Microsoft, et al.
According to new reports, Comcast and Netflix sort of collude against Net Neutrality (even though the corporate press will not say it like that). “Comcast,” says the New York Times, “the country’s largest cable and broadband provider, and Netflix, the giant television and movie streaming service, announced an agreement Sunday in which Netflix will pay Comcast for faster and more reliable access to Comcast’s subscribers.”
This is appalling. So Netflix is now actively helping Big Cable/Telecom end Net Neutrality. Suffice to say, the bias from the press of Rupert Murdoch continues shamelessly [1], comparing the situation of Net Neutrality to “Traffic Jam” (right there in the headline) while the Internet’s Net Neutrality is not even mentioned (in the whole article). The corporate press (all of it from New York in this case) is now telling us [2] that Tom Wheeler, the mole inside the FCC, is going to write new rules. Perhaps it’s all about normalising this new status quo. He never really fought for Net Neutrality. The mega-corporations got their way on the Internet (and the Web) yet again. We are losing the battle for free and equal speech. Those in power eliminate it little by little. █
Related/contextual items from the news:
-
Tom Wheeler, chairman of the Federal Communications Commission, announced Wednesday that there would be new rules written to guarantee net neutrality. It’s a good thing any website can reach any person unimpeded by tolls, and it’s good that Wheeler still wants to make this possible. The Internet service providers will first work to dilute the new rules, of course, and then sue to overturn them. Entire legal departments, lobbying outfits, and public-relations firms live for this moment, the beginning of a now-familiar three-year grind with the FCC.
-
Deal Ends Standoff Over Streaming, Would Give Netflix Direct Access to Comcast Systems
Permalink
Send this to a friend
Posted in GNU/Linux, Microsoft at 7:40 am by Dr. Roy Schestowitz
Summary: A report about migrations to GNU/Linux and how UEFI ‘secure’ boot is making it hard for ordinary people to make such migrations succeed
Microsoft is losing the battle and it knows this. The common carrier is becoming Android. Microsoft is rightly worried. It is reportedly dropping the price of Windows (dumping), as claimed by corporate press. As Sosumi put it, Microsoft “is slashing prices of windows licenses by 70%… according to them, to compete with Apple… so windows 9 to be a toy OS? that fails at even accomplishing that… or not to just shove the monstrosity that vista 8 is with its disjointed GUI” (Vista 8 was a disaster in terms of adoption and usage, to the extent that I never saw anyone using it).
Based on some of the latest news, “11 Percent of Windows XP Users Will Switch to Linux” [1], there are some real stories about large migrations to GNU/Linux [2], usage of GNU/Linux doubles on the Net [3,4], and non-techies also manage to cope with GNU/Linux [5]. One client of ours (with over 100 seats) is moving to GNU/Linux desktops, not just servers. It’s because Windows XP support (security patches) will end soon. Microsoft is already reacting to it by trying to adapt to price differences, just as it did back in the days of major GNU/Linux gains in sub-notebooks. It is, as iophk put it, “price dumping of Vista8, probably out of fear of GNU/Linux.”
At ZDNet, one pundit says that “Office is the only thing that can kill a Chromebook”, but let’s face it, document formats lock-in not a feature. It is more of a reason to escape Windows, not stay with Windows. It’s why Microsoft tries so hard to derail ODF. Adding to all this mess, because businesses [1] and schools [2] are moving to GNU/Linux, Microsoft seems to be leaning towards artificial inconveniences for GNU/Linux at hardware level. Already, UEFI makes it harder even for GNU/Linux enthusiasts. Very recently we saw the NSA acknowledging that any claims of improved security were bogus because security was actually harmed by all this complexity. Microsoft is making it more difficult for people to install GNU/Linux and one ZDNet pundit whom the UEFI Forum tried to appease/silence continues to show that what Microsoft did was harmful to everyone. It’s too complicated dealing with UEFI and it may very well confuse new users [5], which is exactly what Microsoft wants. What’s needed now is another antitrust complaint. Microsoft is just playing dirty, as it always did. Reject any claims that Microsoft has changed. █
Related/contextual items from the news:
-
The research group asked organisations still using Windows XP about their plans post-April, when Microsoft ceases providing official support and security fixes for the 11-year old OS.
-
Recently, a High School in Millersville Pa struck a cord with me personally. Like many east coast advocates of Linux, I often have to watch California, Europe, and other countries from the sidelines, engaging fun and interesting Open Source events and projects. Imagine my excitement when I learned of one such champion of Open Source, but not from Europe, from a place not more than a few hours from me. Deploying over 1700 laptops, armed to the teeth with Ubuntu and Open Software to students, I knew there was more to the story than the small stories floating around. Even if for my own personal education, I wanted to know more.
-
By comparison, Linux Web traffic grew from 1.1 percent to 1.9 percent over the last five months. Chitika didn’t provide statistics for Windows or Mac, but they presumably account for nearly all of the remaining desktop traffic.
-
Chitika, a former advertiser on Phoronix, has issued a new report about Chrome OS and Linux web usage growth from September 2013 through January 2014. Chitika found that the number of Chrome OS devices rose from 0.1 to 0.2% of all accounted web traffic by the network. Meanwhile, for Linux devices in general, they found Linux rose from 1.1% last September to now at 1.9% when ending their numbers at the end of January. The Linux growth really took off in October has continued since.
-
I suggest you take a look at Linux. Why? Because Linux can serve your basic computing needs well enough that the experience is comparable to your previous operating system of choice.
Permalink
Send this to a friend
Posted in Microsoft at 7:15 am by Dr. Roy Schestowitz
Summary: A reminder of Nokia’s real agenda and goals, which are not to be confused with support of Android/Linux
WHEN Microsoft took over Nokia (way back in 2011 or even 2010 when the mole had been put in place) it had a clever but abusive plan to use patents against the competition, e.g. by feeding large trolls/proxies. A top European official has already warned Nokia (i.e. Microsoft) against this behaviour. That was months ago. The debate over patents is dead or dying because corporations, and even the EFF on the face of it, lost focus. The EFF’s latest take is a statement endorsing weak/pointless ‘reform’, saying: “We welcome the White House’s and the Patent Office’s commitment to combat patent trolls and fix the system. Now let’s get a strong bill through Congress to set important reforms in stone.”
“This is all about disrupting and harassing Android, making it look bad whilst also attacking it using patents.”As iophk put it: “Trolls are only a small symptom of the real problem.” Yes, indeed, and by “trolls” they usually mean only the small patent aggressors. The patent cartel carries on attacking Free software like Android and Nokia plays a major role by pretending to have embraced Android (“Normandy” is the turning of Android into a Microsoft surveillance and espionage platform). Fans of the old Nokia should move on to Jolla, which we last covered some days ago. It is all over the news these days [1-7], provided one looks hard enough.
For some, Nokia’s role is benign. Muktware, for example, continues with its overly optimistic angle. It now says: “This will be the first time the Finnish smartphone maker will be trying their hands at producing an Android device. The buyout of Nokia by Microsoft has not completed yet and before the deal goes through fully, Nokia might be able to get three Android smartphone in the market. We have been already hearing a lot about Nokia X, but if we are to believe the rumours, Nokia is planning to have a portfolio of devices spread across different price bands.”
It is very unlikely that Nokia can escape Microsoft’s grip now. Pointing at this article, Ryan from our IRC channels writes: “The Microsoft Media shells out big bucks slandering Android by claiming it is unforkable, then Microsoft collaborator Nokia forks Android to serve Microsoft.”
This is all about disrupting and harassing Android, making it look bad whilst also attacking it using patents. █
Related/contextual items from the news:
-
In addition to making the entire OS available for Android users, the company is also working on bringing the unique Jolla UI launcher to Android as an application.
-
-
Jolla’s Sailfish software reaches commercial readiness — and you’ll be able to try it out as a launcher on your Android phone.
-
Jolla unveiled Sailfish OS 1.0, plus a Sailfish UI launcher app for Android devices, and tipped partnerships, including one for a custom Angry Birds phone.
Jolla announced the completion of version 1.0 of its MeeGo Linux based Sailfish OS, which runs on its Jolla smartphone, now shipping throughout Europe. The Finnish company also announced a Sailfish user interface launcher for Android, “which can be used to simulate the Sailfish OS experience on Android devices.”
-
Jolla has teamed up with F-Secure, and will be using F-Secure’s Younited cloud service storage, in order to enable the users to easily backup and share their on-device content. For more information, see the official announcement. Also, more details about this will be presented at MWC 2014, where Jolla is invited.
-
-
A while ago, the Jolla developers have announced that Sailfish OS will get out of Beta with the release of Sailfish OS 1.0, which will be ported for Android devices soon.
Permalink
Send this to a friend
Posted in Europe, Microsoft, Open XML at 6:52 am by Dr. Roy Schestowitz
Microsoft may be doing the “add your name here and spam away” routine once again, this time in Britain
Summary: There are two days left for British people to consider sending feedback regarding Microsoft’s crimes and fiction of a ‘standard’
THIS will be our last reminder to British readers who are able to do good service not just for the UK but for the whole world (by setting an example).
Microsoft was caught not only bribing but stuffing ballots and writing templates for sockpuppets and partners to mail officials, e.g. at ANSI. For those who cannot remember or were not paying attention at that time (about 7 years ago), Microsoft engaged in a large volume of illegal activities for which it was never punished. Now it wants to use these activities to extinguish a long-overdue policy in favour of Free software. Microsoft is trying the familar "me too" strategy.
“I guess you got these already,” iophk wrote. “It’s all a repeat of the ‘Windows, too’ or ‘equal’ time tactic” (or “choice”, where choice means Microsoft only but “no exclusion in principle” of competition of Microsoft). Choice means proprietary and spyware. Not open, not freedom.
Those who are familiar with what Microsoft did can mention the bribes, not focus only on technical arguments. The bribes were needed because of lack of technical value. For some more background and links for leaving feedback to the British government see the following reports [1, 2, 3] from the British press or even the Slashdot link to Andy Updegrove (Simon Phipps from the OSI wrote about it in his personal blog) And “while /. lasts,” iophk says, “UK FOSS people need to all send in some good comments. It’s not anything the outside community can take on.”
It’s like we are back to 2007/2008 — back when Microsoft was stuffing ballots and spamming people to get its way. One way to fight back is to expose those tactics, not just counter them in the same way. As the comments in Linux Today help show (there are hardly any comments in Linux Today since QuinStreet took over), people are very emotional about this and they are eager enough to do something substantial. Microsoft is back to using criminal activities (not just lobbying), bringing people like Updegrove back out from the woodwork. █
Permalink
Send this to a friend
Content is available under CC-BY-SA