11.24.13

Trusting Trust and Trusting Red Hat et al.

Posted in Microsoft, Red Hat, Servers at 5:27 am by Dr. Roy Schestowitz

Even Red Hat’s logo does not inspire confidence

Red Hat logo

Summary: Why companies which are based on the United States cannot be trusted as US law requires them to provide access to personal information (or even back doors) without ever disclosing this

Red Hat Enterprise Linux 6.5 has just come out [1,2,3]. Red Hat targets the so-called 'cloud' (surveillance-friendly) market with it, quite frankly as usual [4]. Cutting-edge RHEL prototypes like Fedora 20 are to be released soon, and Scientific Linux (not just CentOS) will need to catch up by rebranding RHEL (they are being compared in terms of performance in [5]). Some people are remixing [6] Red Hat’s distributions, not rebranding them. But few people actually audit RHEL code line by line. Disassembling RHEL binaries is an even greater challenge, so nobody knows for sure what RHEL does. It’s a vast body of software and it is deployed in many mission-critical operations, not just in the United States.

“Trusting Trust” is an old concept, coined by some of the earlier UNIX folks. This subject happened to have been raised during business lunch earlier this week and it speaks on the degree of trust we must place on compiler developers, chipmakers, high-level software companies, and even Free software developers whose code we never personally audited (or continue to audit every time a new release is made available). Verifying the security of a small piece of software like a CMS (as Germany currently does) is feasible, but for entire operating systems it is virtually impossible and then there’s the peril of checking chip designs, their fabrication process, and the same for software (compilers). IBM et al., those who infect computers with TPM (NSA connections) only lead to mistrust. We are talking about a “special surveillance chip” here. And yes, there is history to it. Slashdot published this bit of analysis a few months ago. Read the comments too. One says: “I work for Red Hat…. The NSA asks me to put code in the Linux kernel and I pass it to Linus.” (see the context for more interesting information of this kind).

There is currently a discussion in Diaspora about this. It is argued that Red Hat will need to appease the government — especially the Pentagon/DOD — in order to keep winning major contracts that are derived from black budgets sometimes. There are stories I am aware of (but cannot share) about the role spies play in procurement for government. They can veto and influence decisions. This is a very ugly side of procurement which many people are simply not aware of. It only makes sense for Red Hat to try to appease the NSA and perhaps attach code from the NSA, with or without sufficient scrutiny (it goes well beyond involvement in SELinux, which is not the NSA’s only role in Linux). Well, some in Twitter wanted more information about this, so I reminded them that several years ago I wrote about how RHEL goes through the NSA before release; the same is true for SUSE. Now we know for sure that Linux was the target of NSA back doors [1, 2, 3, 4]; more new reporting on this [7-10] is starting to appear (people are catching up) and a new report tells us that “NSA infected 50,000 computer networks with malicious software” [11].

“he law in the US has become somewhat incompatible with freedom-respecting software.”We already know that the NSA worked closely with Microsoft and got a widely-used platform (internationally) with back doors it has exclusive access to, which basically means that Microsoft Windows is a Trojan horse for the NSA. Just remember where Linux is being developed. It’s the same country as Microsoft and Apple. Projects like Debian inherit some code from Red Hat, which complicates things further. The chain of trust is undone.

After the new report from the New York Times [12,13] (published to make huge impact this weekend) perhaps it’s time for Torvalds to withdraw his newly-acquired US citizenship and move back Linux development to Finland. With all sorts of National Security Letters, gag orders, oppressive laws like PATRIOT Act etc. we just know that those based in the US can be forced to facilitate surveillance (without ever speaking about it publicly). This may sound like a radical solution, but when companies like Red Hat and the Linux Foundation need to comply with US laws we just simply cannot have any trust. Torvalds pretty much lied to us (in a clever way) about NSA request for back doors in Linux, but his father, who is a European politician based in Europe, told us the truth.

In the past we argued that Red Hat should move to Europe because of software patents (I asked Red Hat’s CEO about it and he dismissed the possibility). Now we have another reason to suggest relocation. The law in the US has become somewhat incompatible with freedom-respecting software.

Related/contextual items from the news:

  1. Red Hat Enterprise Linux 6.5 Delivers Precision Timing
  2. Red Hat Launches Latest Version of Red Hat Enterprise Linux 6
  3. Red Hat Enterprise Linux 6.5 arrives
  4. Red Hat and eNovance to accelerate adoption of Red Hat Enterprise Linux OpenStack platform

    Red Hat Inc. and eNovance, an emerging European leader in the open source cloud computing market, are collaborating to deliver OpenStack implementation and integration services to joint customers. The companies made the announcement at the OpenStack Summit in Hong Kong.

    The collaboration between Red Hat and eNovance is aimed at accelerating enterprise adoption of OpenStack globally. According to a new report from 451 Research, OpenStack-related business revenue is expected to exceed $1 billion by 2015 as the enterprise market for OpenStack evolves.

  5. Fedora 20 Beta vs. Ubuntu 13.10 vs. Scientific Linux 6.4
  6. Update on x2go

    I’ve been playing with / using x2go more lately and I sure do like it. I originally learned about it by reading the Fedora 20 ChangeSet and saw that it will be a new feature in the upcoming Fedora 20. I started using Fedora 20 shortly before the alpha release came out. Fedora 20 Beta was released on 2013-11-12… and I’ve been building my MontanaLinux remix about once a week.

  7. NSA wanted a backdoor in Linux, confirms Linus’ father
  8. Did NSA contact Linus for a backdoor in Linux? [updated]
  9. Linus’ father confirms NSA attempt at backdoor in Linux
  10. Mastering Linux, Backdoor’d, & openSUSE 13.1
  11. NSA infected 50,000 computer networks with malicious software
  12. N.S.A. Report Outlined Goals for More Power

    In a February 2012 paper laying out the four-year strategy for the N.S.A.’s signals intelligence operations, which include the agency’s eavesdropping and communications data collection around the world, agency officials set an objective to “aggressively pursue legal authorities and a policy framework mapped more fully to the information age.”

    Written as an agency mission statement with broad goals, the five-page document said that existing American laws were not adequate to meet the needs of the N.S.A. to conduct broad surveillance in what it cited as “the golden age of Sigint,” or signals intelligence. “The interpretation and guidelines for applying our authorities, and in some cases the authorities themselves, have not kept pace with the complexity of the technology and target environments, or the operational expectations levied on N.S.A.’s mission,” the document concluded.

    Using sweeping language, the paper also outlined some of the agency’s other ambitions. They included defeating the cybersecurity practices of adversaries in order to acquire the data the agency needs from “anyone, anytime, anywhere.” The agency also said it would try to decrypt or bypass codes that keep communications secret by influencing “the global commercial encryption market through commercial relationships,” human spies and intelligence partners in other countries. It also talked of the need to “revolutionize” analysis of its vast collections of data to “radically increase operational impact.”

  13. Latest Snowden leak reveals NSA’s goal to continually expand surveillance abilities

    In a mission statement last year the US National Security Agency described how it would continue to expand its power and assert itself as the global leader in clandestine surveillance, according to a new report based on the Edward Snowden leaks.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

This post is also available in Gemini over at:

gemini://gemini.techrights.org/2013/11/24/tpm-back-doors-patriot-act-etc/

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 2/8/2021: XEyes 1.2 and Fwupd 1.6.2 Released

    Links for the day



  2. Freenode is IRC... in Collapse

    Freenode is now down to just 13,194 online users, which makes it the 6th biggest IRC network. Months ago it was #1 with almost 6 times as many users as those below it. The graph above shows what the latest blunder has done (another massive drop in less than a week, with a poem and the all-time chart at the very bottom).



  3. Barrier and Synergy Can Work Together, Connecting Lots of Different Machines

    Barrier and Synergy can be configured to work properly in conjunction, though only provided different port numbers (non-default) are specified; in my current setup I have two computers to my right, working over Barrier, and two older ones on the left, working over Synergy; the video explains the setup and the underlying concepts



  4. Links 2/8/2021: Open Science in France and Zoom Pays to Settle Privacy Violations

    Links for the day



  5. It Almost Feels Like Battistelli Still Runs the EPO (by Extension/Proxy)

    The "Mafia" that destroyed the EPO is still being put in charge and is using the EPO for shameless self-promotion; it is never being held accountable, not even when courts demand remediatory action and staff seeks reparations



  6. [Meme] Vichyite Battistelli Committed Crimes and His Buddy António Snubs Courts That Confirm These Are Crimes

    Staff of the EPO is coming to realise (or reaching acceptance of the fact) that the spirit of Battistelli — not just people he left in charge of the EPO — dooms the Office and there’s no way out of this mess



  7. Links 2/8/2021: Linux 5.14 RC4 and 20% Growth in Steam

    Links for the day



  8. IRC Proceedings: Sunday, August 01, 2021

    IRC logs for Sunday, August 01, 2021



  9. Links 1/8/2021: LibreOffice 7.2 RC2 and Lakka 3.3

    Links for the day



  10. Was Microsoft Ever First in the Market?

    Confronting the false belief that Microsoft ever innovates anything of significance or is "first" in some market/s



  11. Links 1/8/2021: 4MLinux 37.0, IBM Fluff, and USMCA Update

    Links for the day



  12. Microsoft Knows That When Shareholders Realise Azure Has Failed the Whole Boat Will Sink

    The paranoia at Microsoft is well justified; they've been lying to shareholders to inflate share prices and they don't really deliver the goods, just false hopes and unfulfilled promises



  13. [Meme] Nobody and Nothing Harms Europe's Reputation Like the EPO Does

    Europe’s second-largest institution, the EPO, has caused severe harm/damage to Europe’s economy and reputation; its attacks on the courts and on justice itself (even on constitutions in the case of UPC — another attempt to override the law and introduce European software patents) won’t be easily forgotten; SUEPO has meanwhile (on Saturday, link at the bottom in German) reminded people that Benoît Battistelli and António Campinos have driven away the EPO’s most valuable workers or moral compass



  14. IRC Proceedings: Saturday, July 31, 2021

    IRC logs for Saturday, July 31, 2021



  15. [Meme] When it Comes to Server Share, Microsoft Azure is Minuscule (But Faking It)

    Don't believe the lies told by Microsoft's charlatans and frauds; Azure has been a total failure and that's why there are layoffs as well



  16. [Meme] Mozilla Has Turned From Technical to Marketing

    Way back, long before Mozilla and Firefox got hijacked by politics (turning Mozilla into a VPN reseller that lies about its stance on privacy), geeks were driving the company, not corporate lawyers and spying/marketing people



  17. Over 1,500 (Known/Unorphaned) Gemini Capsules and Over 160,000 Page Requests in gemini.techrights.org During July

    Techrights is expanding at gemini:// (Gemini space) and over 1,500 capsules are reported to have been found (less than 4 months ago it was about 1,000)



  18. Links 31/7/2021: Kernel Additions and Linux Mint 20.3 Release Date

    Links for the day



  19. Microsoft Azure Stagnating

    Reprinted with permission from Mitchel Lewis, former Microsoft employee



  20. For 17 Days (and Counting) António Campinos Has Failed to Respond to Call for Compliance With the Law

    Team Campinos has been so arrogant and so evasive that there’s no indication (yet) that it will follow court orders (Willy ‘Guillaume’ Minnoye openly bragged about ignoring court orders and he's still cheering for the EPO's abuses); therefore, staff of the EPO takes collective action



  21. Raw: Elodie Bergot Breaking the Law by Threatening Against the Exercise of Fundamental Rights

    Over the years we saw a number of rude letters from Elodie Bergot, the grossly under-qualified spouse of a friend of Vichyite Benoît Battistelli; most of these we never published (we already have these and can always publish if the need arises), but those paranoid and insecure “Mafia”-like ‘cabal’ need to be exposed for the mobsters they are; for nearly a decade they’ve illegally bullied EPO staff in clear violation of the law (and for over 3 years António Campinos has kept those bullies on board); why does Europe do nothing and why is it never holding high-profile abusers accountable (only low-level facilitators)? Is it because the EU too is being infiltrated by them?



  22. Linspire Should Be Avoided in 2021 Just Like It Was Avoided 14 Years Ago

    The brand "Linspire" was brought back, but the agenda seems to be more or less the same, namely pushing proprietary software and serving Microsoft's commercial agenda (in 'Linux' clothing)



  23. The Death of Freenode Would Be Freenode's Own Fault

    Freenode is going dark and now it’s asking people to create accounts at IRC.com (just to get back into the network that they may have already occupied for decades) as if Freenode owns “IRC” as a whole



  24. Links 31/7/2021: KDE Progress and Activision Catastrophe

    Links for the day



  25. IRC Proceedings: Friday, July 30, 2021

    IRC logs for Friday, July 30, 2021



  26. The Smartest Meter of All

    Yesterday a lady came over to take our power readings (electric/gas meter); secure these people's jobs as they help protect people's privacy (dignity) at home



  27. [Meme] A Web of False Dichotomies

    A reminder that Techrights is fully available (all blog posts and wiki pages) in gemini://



  28. Freenode Shrinks by Another Quarter and Gemini Continues to Grow (For Techrights at Least)

    Freenode continues to perish faster than we've imagined; it's a good thing that we've had contingencies set up; regarding the monopolised and increasingly centralised Web, we're still making baby steps towards weaning ourselves off it



  29. Links 31/7/2021: Wine 6.14 and Chrome 93 Beta

    Links for the day



  30. European Media Does Not Care About Europe's Second-Largest Institution Crushing Basic Laws and Fundamental Rights

    New video about the latest publication from SUEPO (the EPO’s staff union); it was published yesterday, seeing that the “Mafia” (what EPO staff actually calls the management!) hasn’t done anything to comply with a wide-ranging set of court rulings from ILO-AT; why has the media said nothing about this and what does that say about today’s media? The material is all in the public domain, in widely understood languages, and SUEPO spoke about it more than 3 weeks ago.


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts