Bonum Certa Men Certa
Apple's Latest Software Patent Headaches, Disregard for Standards | Links 30/04/2008: KDE 4.1 Reaches Alpha, Microsoft Proxy Fight Against Yahoo Foreseen

Novell's 'Binary Bridges': Could SUSE Ever Inherit the Anti-Features of Windows?

Dozens of reasons to avoid mimicking Windows

Surprisingly enough, some people remain shocked that Microsoft is collaborative when it comes to political, police-related and federal snooping. Robert Scoble even argued with me about this roughly 3 years ago, denying that such an issue even exists. At the sight of yesterday's pick from Slashdot many such skeptics and deniers have finally come to realise this:

Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes.


Forget about passwords, security on the network and so forth. It's enough to only be a suspect and the rules are bound to be misused (they usually are). No warrants are even necessary. Not so long ago, an animal activist received demands for divulging a PGP key, using laws that were introduced to combat terrorism (and justified in this way).

“If SLES/SLED achieves binary compatibility with Windows, it gets harder to trust what's being delivered out of the box.”The example above is just one among many anti-features, to borrow the phrase used frequently (maybe even coined) by the Free Software Foundation. Microsoft's customers happen to be the governments, media companies, developers, OEMs and other parties that are certainly not the end users. Features are provided to the real customers, who are rarely actual users of the personal computer.

Why is this subject brought up again? Well, it is already known that there have been interactions between the government and SUSE and the same goes for Apple with Mac OS X. It's hardly a secret because it's too difficult to keep it a secret.

Many people will tell you that you can look at and carefully study the source code in GNU/Linux to verify no back doors exist (and then check also the compiler, the computer chip used to run and compile the program, et cetera). It's all possible, assuming sufficient transparency at the bottom layers exists, along with that trust which comes with it (threat of leaks is accompanied by openness).

Questions arise, however, as soon as you consider what Novell does with Microsoft. Novell gets access to Microsoft source code and it also incorporates some code which simply cannot be studied. Moreover, it relies a great deal on Microsoft protocols, which themselves can have back doors included (a back door as part of the 'standard', as shown in the citations at the very bottom). If SLES/SLED achieves binary compatibility with Windows, it gets harder to trust what's being delivered out of the box.

Some of the reports below were briefly and partly mentioned also in [1, 2, 3]. It's worth highlighting the problem again, using just references. Here it goes.

NSA Helps Microsoft with Windows Vista

NSA Helps Microsoft with Windows Vista



Is this a good idea or not?
For the first time, the giant software maker is acknowledging the help of the secretive agency, better known for eavesdropping on foreign officials and, more recently, U.S. citizens as part of the Bush administration's effort to combat terrorism."


Microsoft could be teaching police to hack Vista

Microsoft may begin training the police in ways to break the encryption built into its forthcoming Vista operating system.


UK holds Microsoft security talks

UK officials are talking to Microsoft over fears the new version of Windows could make it harder for police to read suspects' computer files.


Microsoft's Vista stores much more data—and may affect the discovery process

Vista—Microsoft’s latest operating system—may prove to be most appropriately named, especially for those seeking evidence of how a computer was used.


Dual_EC_DRBG Added to Windows Vista

Microsoft has added the random-number generator Dual_EC-DRBG to Windows Vista, as part of SP1. Yes, this is the same RNG that could have an NSA backdoor.

It's not enabled by default, and my advice is to never enable it. Ever.


Will Microsoft Put The Colonel in the Kernel?

The kernel meets The Colonel in a just-published Microsoft patent application for an Advertising Services Architecture, which delivers targeted advertising as 'part of the OS.'


Microsoft patents the mother of all adware systems

The adware framework would leave almost no data untouched in its quest to sell you stuff. It would inspect "user document files, user e-mail files, user music files, downloaded podcasts, computer settings, computer status messages (e.g., a low memory status or low printer ink)," and more. How could we have been so blind as to not see the marketing value in computer status messages?


Here is another possible shocker (depending on one's expectations really):

Forget about the WGA! 20+ Windows Vista Features and Services Harvest User Data for Microsoft

Are you using Windows Vista? Then you might as well know that the licensed operating system installed on your machine is harvesting a healthy volume of information for Microsoft. In this context, a program such as the Windows Genuine Advantage is the last of your concerns. In fact, in excess of 20 Windows Vista features and services are hard at work collecting and transmitting your personal data to the Redmond company.

Microsoft makes no secret about the fact that Windows Vista is gathering information. End users have little to say, and no real choice in the matter. The company does provide both a Windows Vista Privacy Statement and references within the End User License Agreement for the operating system. Combined, the resources paint the big picture over the extent of Microsoft's end user data harvest via Vista.


German spyware plans trigger row

The e-mails would contain Trojans - software that secretly installs itself on suspects' computers, allowing agents to search the hard drives.


FBI ducks questions about its remotely installed spyware

There are plenty of unanswered questions about the FBI spyware that, as we reported earlier this week, can be delivered over the Internet and implanted in a suspect's computer remotely.


German Security Professionals in the Mist

This hope was important because earlier this year the German Government had introduced similar language into Section 202c StGB of the computer crime laws, which would have made the mere possession of (creates, obtains or provides access to, sells, yields, distributes or otherwise allows access to) tools like John, Kismet, KisMAC, Nessus, nmap, and the ability to Google effectively a crime.


Austria OKs terror snooping Trojan plan

Austria has become one of the first countries to officially sanction the use of Trojan Horse malware as a tactic for monitoring the PCs of suspected terrorists and criminals.

[...]

Would-be terrorists need only use Ubuntu Linux to avoid the ploy. And even if they stuck with Windows their anti-virus software might detect the malware. Anti-virus firms that accede to law enforcement demands to turn a blind eye to state-sanctioned malware risk undermining trust in their software, as similar experience in the US has shown.


Schäuble renews calls for surreptitious online searches of PCs

In his speech towards the end of the national conference of the Junge Union, the youth organization of the ruling conservative Christian Democratic Union (CDU), in Berlin the Federal Minister of the Interior Wolfgang Schäuble has again come out in favor of allowing authorities to search private PCs secretly online and of deploying the German Armed Forces in Germany in the event of an emergency.


Here is a video of Richard Stallman talking about back doors in Microsoft Windows, among other things. I will be fortunate enough to attend a talk from Stallman tomorrow evening.



Encrypted E-Mail Company Hushmail Spills to Feds

Hushmail, a longtime provider of encrypted web-based email, markets itself by saying that "not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer."

But it turns out that statement seems not to apply to individuals targeted by government agencies that are able to convince a Canadian court to serve a court order on the company.


No email privacy rights under Constitution, US gov claims

This appears to be more than a mere argument in support of the constitutionality of a Congressional email privacy and access scheme. It represents what may be the fundamental governmental position on Constitutional email and electronic privacy - that there isn't any. What is important in this case is not the ultimate resolution of that narrow issue, but the position that the United States government is taking on the entire issue of electronic privacy. That position, if accepted, may mean that the government can read anybody's email at any time without a warrant.


Microsoft exec calls XP hack 'frightening'

"You can download attack tools from the Internet, and even script kiddies can use this one," said Mick.

Mick found the IP address of his own computer by using the XP Wireless Network Connection Status dialog box. He deduced the IP address of Andy's computer by typing different numerically adjacent addresses in that IP range into the attack tool, then scanning the addresses to see if they belonged to a vulnerable machine.

Using a different attack tool, he produced a security report detailing the vulnerabilities found on the system. Mick decided to exploit one of them. Using the attack tool, Mick built a piece of malware in MS-DOS, giving it a payload that would exploit the flaw within a couple of minutes.


Duh! Windows Encryption Hacked Via Random Number Generator

A group of researchers headed by Dr. Benny Pinkas from the Department of Computer Science at the University of Haifa succeeded in finding a security vulnerability in Microsoft's "Windows 2000" operating system. The significance of the loophole: emails, passwords, credit card numbers, if they were typed into the computer, and actually all correspondence that emanated from a computer using "Windows 2000" is susceptible to tracking. "This is not a theoretical discovery. Anyone who exploits this security loophole can definitely access this information on other computers," remarked Dr. Pinkas.

Editors Note: I believe this "loophole" is part of the Patriot Act, it is designed for foreign governments. Seriously, if you care about security, privacy, data, trojans, spyware, etc., one does not run Windows, you run Linux.


From Wikipedia:

In relation to the issue of sharing technical API and protocol information used throughout Microsoft products, which the states were seeking, Allchin alleged that releasing this information would increase the security risk to consumers.
"It is no exaggeration to say that the national security is also implicated by the efforts of hackers to break into computing networks. Computers, including many running Windows operating systems, are used throughout the United States Department of Defense and by the armed forces of the United States in Afghanistan and elsewhere."


The following two articles are much older and some have doubted their arguments' validity.

How NSA access was built into Windows

A careless mistake by Microsoft programmers has revealed that special access codes prepared by the US National Security Agency have been secretly built into Windows.

[...]

The first discovery of the new NSA access system was made two years ago by British researcher Dr Nicko van Someren. But it was only a few weeks ago when a second researcher rediscovered the access system. With it, he found the evidence linking it to NSA.


NSA Builds Security Access Into Windows

A careless mistake by Microsoft programmers has shown that special access codes for use by the U.S. National Security Agency (NSA) have been secretly built into all versions of the Windows operating system.


There are many more citations like these available, shall any be necessary.

In summary, welcome to the twenty-first century, the age when every 'binaries-boosted' GNU/Linux distribution should be taken with a grain of salt (not to mention the NSA and SELinux).

Governments 'wish' to 'give' you control and to offer you privacy, but it's often just an illusion. The government is an exception to this condition, rule or semi-true promise.

The stories above hopefully illustrate just why Free software is so important (even to national security, assuming you live outside the United States). That's why those who support back doors-free computing will often be labeled "terrorists", or those who defend "terrorists". It's a straw man really. It's means for introducing new laws and using the "T" word as an excuse for virtually everything. Here is a discomforting thought:

"Trusted" Computing

Do you imagine that any US Linux distributor would say no to the US government if they were requested (politely, of course) to add a back-door to the binary Linux images shipped as part of their products? Who amongst us actually uses the source code so helpfully given to us on the extra CDs to compile our own version? With Windows of course there are already so many back-doors known and unknown that the US government might not have even bothered to ask Microsoft, they may have just found their own, ready to exploit at will. What about Intel or AMD and the microcode on the processor itself?


Back doors needn't be incorporated only at software-level. Mind the following articles too:

Chip Design Flaw Could Subvert Encryption

Shamir said that if an intelligence organization discovered such a flaw, security software on a computer with a compromised chip could be "trivially broken with a single chosen message." The attacker would send a "poisoned" encrypted message to a protected computer, he wrote. It would then be possible to compute the value of the secret key used by the targeted system.

Trouble with Design Secrets

"Millions of PCs can be attacked simultaneously, without having to manipulate the operating environment of each one of them individually," Shamir wrote.


You could then argue that Sun has some GPL-licensed processors, but who is to check the physical manufacturing process to ensure the designs, which comprise many millions of transistors, are consistently obeyed? This, however, is a lot more complex and far-fetched. How about back doors in standards?

Did NSA Put a Secret Backdoor in New Encryption Standard?

Which is why you should worry about a new random-number standard that includes an algorithm that is slow, badly designed and just might contain a backdoor for the National Security Agency.


NSA Backdoors in Crypto AG Ciphering Machines

We don't know the truth here, but the article lays out the evidence pretty well.

See this essay of mine on how the NSA might have been able to read Iranian encrypted traffic.


Inheritance of protocols does not seem like a very safe idea. Novell should enter these territories with its mixed-source strategy.

Comments

Apple's Latest Software Patent Headaches, Disregard for Standards | Links 30/04/2008: KDE 4.1 Reaches Alpha, Microsoft Proxy Fight Against Yahoo Foreseen

Recent Techrights' Posts

A Month After "End of 10" analytics.usa.gov Says More People Use Vista 7 Than Use Vista 11
Does it get any more pathetic than this?
Techrights Protects Against Collective Amnesia (Forgetting History the Rich and Powerful Want Us to Forget or be Misled About)
Keeping full access to our material with a good search facility is a priority for us
Mainstream Media Compliments Techrights on Its Work
Google isn't "the Web" and this site isn't "the Web" either
LLMs Will Never Work, You Need to Type What You Know
Voice recognition is too imprecise to be practical or really save any time if you can type fast
IBM Will Carry on or Carry Out Mass Layoffs Until Tomorrow, Based on Unverified Claim (Silent Layoffs Under Secrecy Clauses/Deals)
Red Hat (as a "company" with a Web site) will probably never announce layoffs again
Slopwatch: Spam, Scams, and Plagiarised Information Synthesis Systems (LLMs)
The way things are going, LinuxSecurity might become entirely inactive
IBM "Trying to Memory Hole the RA With Positive News."
it's clear they have no real plan, just vapourware
 
Links 13/11/2025: "Fight for Control Over In-Car Technology" and "Climate Crisis is a Health Crisis"
Links for the day
Gemini Links 13/11/2025: Disbelief in the Moon Landings and Doom That Came to Scrolling
Links for the day
Links 13/11/2025: Ghost (E-mails) of Jeffrey Epstein Chases Cheeto, Uproar Over SLAPP Threats Against British Broadcasters
Links for the day
IBM Layoffs Seem to Have Reached Europe
Is it Europe's turn to fall on its sword?
A Lot of What's Left of the Online "Media" is Paid-for SPAM
How much of online media can people still trust?
Synopsys, Which Controls a Microsoft FUD Operation (Black Duck), to Lay Off Hundreds of Workers
Microsoft had plenty of layoffs this year, well over 30,000 in total, including at least two waves of layoffs last month
The EPO Has Spent Years Attacking European Media, Led by a Cocaine Addict (the EPO's Spokesperson)
The EPO silences critics
Prominent German Media Dares Not Mention Cocaine at the European Patent Office, Germany's "Cash Cow" (Seller of Monopolies for the Whole of Europe)
It seems like a case of the corrupt hiring the corrupt to bully those who speak about the corruption
Microsoft-Sponsored FSFE is Exploiting the Success of Jean-Baptiste Kempf to Market Itself and Its GAFAM-Funded Messaging (While Pretending to be "FSF" Europe)
No doubt Jean-Baptiste Kempf accomplished a lot (not limited to VLC) in not so many years
A Week of Techrights Search
Tomorrow it'll be one week since we turned 19
Your Computers Are Work and Entertainment Tools, Not a Fashion Statement
If you're into fashion, find another job or keep cruft out of the workplace
The Federation? Almost 90% of Its Users Have Quit Participating.
If one counts offline (historic) instances, it's even worse than this
Under IBM, Red Hat Isn't a Linux Company, It's Sold to Clients as "AI Company"
IBM is sacrificing Red Hat for Wall Street (share price)
It Looks Like Microsoft is Really Abandoning XBox (the Brand "XBox" Means Just an Online "Games Store" or Streaming)
Published last night
The Register MS Has Just Taken Money to Promote Microsoft Windows Under the Guise of "HEY HI" (AI)
Just 'consume' the ads disguised as "journalism" at The Register MS
Apple is Waning, Shows Data (Web Stats)
Is Apple doing as well as Apple-sponsored (paid to run Apple ads) claims?
IBM is a Buzzwords Vendor
Does anyone even pay attention to anything IBM promises these days?
It's Patently False That Apple Has Avoided Layoffs
be sceptical of people who say Apple hasn't got layoffs
IRC.com is Vendor-Locked (Freenode)
Web client
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, November 12, 2025
IRC logs for Wednesday, November 12, 2025
Gemini Links 13/11/2025: Pictures From the Aurora and Cryptography of the Internet
Links for the day
Links 12/11/2025: Botulism Outbreak and Increased Russian Censorship
Links for the day
British Army Officer Said Ubuntu Needed to Abandon Sudo for Rust's Imitation of Sudo and You Can Guess What Happened Next...
The not-so-drop-in replacement
The Open Web Has Fallen, It's Just Chrome
We cannot envision any other rendering engine (or "base") making any measurable headway
Patients' Data Should Not be Outsourced to Any Party at All, Let's Redo the Storage Scheme
Far better than giving all our data to Microsoft and Palantir (US)
The EPO's Central Staff Committee Complains About the EPO's Management Faking "Production" (Monopolies) to Make More Money
The Central Staff Committee has a new communication
The Second-Largest Institution in Europe (EPO) is Playing With Fire and Now It Puts the Largest One (EU) at Risk
The EPO will have some more shake-ups
Ethical Consumer Could Use a Mention of "Ethical Software"
Maybe the Free Software Foundation (FSF) can get in touch with them
Links 12/11/2025: A US President (Insurrectionist) Attacking British Media, Hyundai's Digital Restrictions (DRM)
Links for the day
Gemini Links 12/11/2025: Trains in Switzerland, Software Survival, and More
Links for the day
The EPO's Own 'Drug Bust': Berenguer is Gone, But Who Else?
EPO latest news
Trying to Cancel People and Projects That You Don't Like by Changing the Focus to Politics
Don't fall for it
What Kind of Bubble is AI? We'll Find Out Very Soon
In 2022 and 2023 Cory Doctorow was one among many who asserted "AI" was a bubble
Mandrake's Gaël Duval Debunks Clickbait Nonsense From ZDNet, a Non-Coder Pushing Bot-Made 'Code' (Plagiarism Done Poorly)
"Why AI won't "Kill Open Source”
Improving Clarity When Presenting LLM Slop and Slop Images
There will likely be more changes (improvements) to improve the visibility of our labels
Groklaw Won't be the Latest (Nor the Last) Major Site We Lose
Many other sites will go offline; the more popular among those will get hijacked by rogue actors
Slopwatch Turns 1 Next Month
2024-12-14 is when Slopwatch began
The Issue With Firefox is Not Its Brand
Mozilla seems to be the biggest enemy of Firefox at this point
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, November 11, 2025
IRC logs for Tuesday, November 11, 2025
Gemini Links 11/11/2025: Kentucky, Bluesky, and Slop
Links for the day
The European Patent Office (EPO) is Still Hiding From Scandals
"No answers from VP1 to our letters to two Directors"
Like the Serial Strangler From Microsoft, Donald Trump is Out of Time and Has Jurisdiction Issues in the UK
The court system or the courts of a nations are meant to serve the nation and its media, not media lawyers or litigation profiteers
Articles About "Linux" That Are Actually Promotions of Microsoft Windows
The solution is to leave Windows, not get something "like Linux" or "similar to Linux"
Local Occupational Health, Safety and Ergonomics Committee (LOHSEC) in The Hague: Staff Representation Surprised at "Recent Changes in the Staffing of OHS Occupational Health Services (OHS)"
Once upon a time the Office offered to-notch services to all staff
Slopwatch: Many Fake Articles About "Linux" on Monday and Today
A lot of the Web is pure garbage. A lot of 'articles' are 100% fake.
IBM Exits Continue This Week
Some people talk about it anonymously, naming their role/position/unit, number of years (or band) etc.
Richard Stallman to be First Speaker at Ethereum Cypherpunk Congress 5 Days From Now, FSF Looking to Raise $400,000 by Year's End
the 40+ years-old FSF, which Dr. Stallman created to help promote Software Freedom and support GNU, is starting a new fund-raising campaign
Links 11/11/2025: Misinformation/Disinformation in Twitter/X and BBC in Trouble
Links for the day
Links 11/11/2025: Slop Ruins Music, Facebook "to Discontinue Like and Comment Buttons on Third-Party Websites"
Links for the day
Adrian & Diana von Bidder-Senn, Debian: detailed history of a death
Reprinted with permission from Daniel Pocock
The Voice of Microsoft
Marketing disguised as a science
"MIT Technology Review Insights" is the Selling of Ponzi Schemes for Sponsors (MIT Lacks Integrity)
Just like IBM, they're chaining buzzwords now
Rust Keeps Breaking Ubuntu in All Sorts of Extraordinary Ways (and All Distros Based on Ubuntu Will Break Also)
The FSF's stance on this is unclear
Boot-locking Laptops and Desktops After Falsely Marketing That As 'Security' and Not Obligatory
If anyone can confirm this to us
With Net Income of One Billion Dollars Tesla Claims It Can Pay a Fake Founder (Who Paid for This Lie) 1,000 Billions
What does this tell us about Wall Street?
GNU/Linux Cannot Buy Fake Journalism and It Won't Bribe Large Publishers
Free software developers don't purchase "sponsored" placements and that will never change
The 'Politics' of Operating Systems (or Exclusion for Inclusion's Sake)
This whole 'wrongthink' policing is getting out of hand
Static Site Generators (SSGs) Save You Lots of Money and Problems
We've basically reduced the environmental/carbon footprint of the site by a factor of ~100 (2 orders of magnitude)
IBM Does Not Care About Families, Communities, and Even Its Own Workers
Red Hat isn't a family and to believe that it is would be the makeup of cults
Too Much of Today's Web is Fake, Not Just Fake News
We'll continue to advocate for adoption of Gemini Protocol
Simulating a Downtime Tomorrow Night
It is expected that network redundancy will make this maintenance invisible to us, but IRC hangups or general slowness are still a possibility
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, November 10, 2025
IRC logs for Monday, November 10, 2025
Links 11/11/2025: Conflicts and Politics From National Broadcasters
Links for the day
Gemini Links 11/11/2025: Poetry and Electronics Studies
Links for the day
Apple's Debt Grew by About 16 Billion Dollars This Past Year, "Disappointing iPhone Sales" Reported
People who buy Apple's goods based on some false notion that Apple is "cool" or ethical or "underdog" (late 90s) aren't just living in the past; they're fools
Turning Down Proprietary Software is About Making Society Better
We should not be tempted to shame people for merely trying to keep programmers honest and human rights-respecting
Debian GNU/Linux Became the Most Popular (Most Distros Are Based on It) Owing to Richard Stallman
New presentation
The Internet is Becoming Dead or a Zombie
The Internet is becoming like a giant botfarm
A Day for Poppies
This site will run as usual today. We continue our fight for Software Freedom.
"Modern" Doesn't Mean Better, It Typically Just Means Newer
RMS demonised as someone who rejects "modern society" ("rejecting modern society") by a site that uses slop extensively
The Cocaine Patent Office - Part IV: European Patent Office to Come Under Media and Political Scrutiny
We'll persist until we get some answers