An open letter has just been composed to address or at least highlight this issue in India. It praises the final decision and insistence of the nation, but nonetheless raises the very serious concerns that public confessions brought to the media’s attention before. Have a look at some fragments from this post.
On 20th March 2008, the LITD15 committee of the Bureau of Indian Standards voted against Microsoft’s proposed OOXML standard. 29th March 2008 was the last date for participating countries to vote on OOXML. In the interval between these two dates, Microsoft went to the Prime Minister of India and alleged that this committee acted against the national interest. Fortunately, the Indian bureaucrats who met the PM did a good job of defending the committee’s vote against OOXML.
Prof. DB Phatak of IIT Bombay recently wrote a mail to the LITD15 committee saying that, “In my opinion, these actions go well beyond the behavioral boundaries for a commercial entity, some of these amounting to interfering with the governance process of a sovereign country.” IIT Bombay was a member of the LITD15 committee and Prof. Phatak was part of a four-member team at IIT Bombay that did a very intense review of OOXML before the institute voted against OOXML. While Prof. Phatak is a great supporter of open source, he also has a great reputation for being fair and balanced.
[...]
As a committee member, I would like to place on record my deep disappointment at the fact that Microsoft chose to question the decision of this committee at the highest office of our country. For over a year, we have reviewed the proposed standard with a fine tooth comb. Every opportunity was given to Microsoft to put their points across. At every meeting they brought a disproportionate number of participants along; some of these participants were not even Indian nationals. I think the committee as a whole was very courteous in accommodating all this but drew the line when this began to detract from the functioning of the committee. The only words that came to my mind when I heard that Microsoft’s complaint had prompted the Prime Minister of my country to review this committee’s decision was “stabbed-in-the-back.” This was a great disservice to this committee and the country and I hope this never happens again.
[...]
Standards cannot (and should not) be created in a technical vaccum. Without a moral and ethical framework, we cannot create standards that benefit humanity. Mahatma Gandhi summed it up best when he said that, “Real swaraj will come not by the acquisition of authority by a few but by the acquisition of capacity by all.” I believe that this committee should be focused solely on the user’s swaraj (freedom) to encode and decode their data.
We will shortly return to Microsoft’s announcement from the intraoperability [sic] event, but meanwhile, this article from The Register, “Microsoft embraces and extends server promiscuity”, is worth bringing up because of the bits about OOXML.
Microsoft of course has a long way to go before it can match market VMware for virt. technology or market share. But “deep integration” with SystemCenter is the key to how it will play catch-up. And if it fails, the company will certainly hasten the day that VMWare will have to lower its prices.
[...]
A third principle is to encourage data portability, so that customers can move their data, without let or hindrance. That is entirely admirable, but the way Microsoft is working to ensure this, by way of a fourth principle – to work with all the software standards bodies on God’s planet – is the stuff of battlefields, as this year’s furore over Open XML shows. Microsoft is content to work behind the scenes, while its rivals cry foul.
When the rivals stop shouting, we will know that Microsoft truly is fully interoperable and is seen to be fully interoperable. In the meantime, we look forward to reporting the bush wars for many years to come.
Surprisingly enough, some people remain shocked that Microsoft is collaborative when it comes to political, police-related and federal snooping. Robert Scoble even argued with me about this roughly 3 years ago, denying that such an issue even exists. At the sight of yesterday’s pick from Slashdot many such skeptics and deniers have finally come to realise this:
Microsoft has developed a small plug-in device that investigators can use to quickly extract forensic data from computers that may have been used in crimes.
Forget about passwords, security on the network and so forth. It’s enough to only be a suspect and the rules are bound to be misused (they usually are). No warrants are even necessary. Not so long ago, an animal activist received demands for divulging a PGP key, using laws that were introduced to combat terrorism (and justified in this way).
“If SLES/SLED achieves binary compatibility with Windows, it gets harder to trust what’s being delivered out of the box.”The example above is just one among many anti-features, to borrow the phrase used frequently (maybe even coined) by the Free Software Foundation. Microsoft’s customers happen to be the governments, media companies, developers, OEMs and other parties that are certainly not the end users. Features are provided to the real customers, who are rarely actual users of the personal computer.
Why is this subject brought up again? Well, it is already known that there have been interactions between the government and SUSE and the same goes for Apple with Mac OS X. It’s hardly a secret because it’s too difficult to keep it a secret.
Many people will tell you that you can look at and carefully study the source code in GNU/Linux to verify no back doors exist (and then check also the compiler, the computer chip used to run and compile the program, et cetera). It’s all possible, assuming sufficient transparency at the bottom layers exists, along with that trust which comes with it (threat of leaks is accompanied by openness).
Questions arise, however, as soon as you consider what Novell does with Microsoft. Novell gets access to Microsoft source code and it also incorporates some code which simply cannot be studied. Moreover, it relies a great deal on Microsoft protocols, which themselves can have back doors included (a back door as part of the ‘standard’, as shown in the citations at the very bottom). If SLES/SLED achieves binary compatibility with Windows, it gets harder to trust what’s being delivered out of the box.
Some of the reports below were briefly and partly mentioned also in [1, 2, 3]. It’s worth highlighting the problem again, using just references. Here it goes.
For the first time, the giant software maker is acknowledging the help of the secretive agency, better known for eavesdropping on foreign officials and, more recently, U.S. citizens as part of the Bush administration’s effort to combat terrorism.”
Microsoft has added the random-number generator Dual_EC-DRBG to Windows Vista, as part of SP1. Yes, this is the same RNG that could have an NSA backdoor.
It’s not enabled by default, and my advice is to never enable it. Ever.
The kernel meets The Colonel in a just-published Microsoft patent application for an Advertising Services Architecture, which delivers targeted advertising as ‘part of the OS.’
The adware framework would leave almost no data untouched in its quest to sell you stuff. It would inspect “user document files, user e-mail files, user music files, downloaded podcasts, computer settings, computer status messages (e.g., a low memory status or low printer ink),” and more. How could we have been so blind as to not see the marketing value in computer status messages?
Here is another possible shocker (depending on one’s expectations really):
Are you using Windows Vista? Then you might as well know that the licensed operating system installed on your machine is harvesting a healthy volume of information for Microsoft. In this context, a program such as the Windows Genuine Advantage is the last of your concerns. In fact, in excess of 20 Windows Vista features and services are hard at work collecting and transmitting your personal data to the Redmond company.
Microsoft makes no secret about the fact that Windows Vista is gathering information. End users have little to say, and no real choice in the matter. The company does provide both a Windows Vista Privacy Statement and references within the End User License Agreement for the operating system. Combined, the resources paint the big picture over the extent of Microsoft’s end user data harvest via Vista.
There are plenty of unanswered questions about the FBI spyware that, as we reported earlier this week, can be delivered over the Internet and implanted in a suspect’s computer remotely.
This hope was important because earlier this year the German Government had introduced similar language into Section 202c StGB of the computer crime laws, which would have made the mere possession of (creates, obtains or provides access to, sells, yields, distributes or otherwise allows access to) tools like John, Kismet, KisMAC, Nessus, nmap, and the ability to Google effectively a crime.
Austria has become one of the first countries to officially sanction the use of Trojan Horse malware as a tactic for monitoring the PCs of suspected terrorists and criminals.
[...]
Would-be terrorists need only use Ubuntu Linux to avoid the ploy. And even if they stuck with Windows their anti-virus software might detect the malware. Anti-virus firms that accede to law enforcement demands to turn a blind eye to state-sanctioned malware risk undermining trust in their software, as similar experience in the US has shown.
In his speech towards the end of the national conference of the Junge Union, the youth organization of the ruling conservative Christian Democratic Union (CDU), in Berlin the Federal Minister of the Interior Wolfgang Schäuble has again come out in favor of allowing authorities to search private PCs secretly online and of deploying the German Armed Forces in Germany in the event of an emergency.
Hushmail, a longtime provider of encrypted web-based email, markets itself by saying that “not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer.”
But it turns out that statement seems not to apply to individuals targeted by government agencies that are able to convince a Canadian court to serve a court order on the company.
This appears to be more than a mere argument in support of the constitutionality of a Congressional email privacy and access scheme. It represents what may be the fundamental governmental position on Constitutional email and electronic privacy – that there isn’t any. What is important in this case is not the ultimate resolution of that narrow issue, but the position that the United States government is taking on the entire issue of electronic privacy. That position, if accepted, may mean that the government can read anybody’s email at any time without a warrant.
“You can download attack tools from the Internet, and even script kiddies can use this one,” said Mick.
Mick found the IP address of his own computer by using the XP Wireless Network Connection Status dialog box. He deduced the IP address of Andy’s computer by typing different numerically adjacent addresses in that IP range into the attack tool, then scanning the addresses to see if they belonged to a vulnerable machine.
Using a different attack tool, he produced a security report detailing the vulnerabilities found on the system. Mick decided to exploit one of them. Using the attack tool, Mick built a piece of malware in MS-DOS, giving it a payload that would exploit the flaw within a couple of minutes.
A group of researchers headed by Dr. Benny Pinkas from the Department of Computer Science at the University of Haifa succeeded in finding a security vulnerability in Microsoft’s “Windows 2000″ operating system. The significance of the loophole: emails, passwords, credit card numbers, if they were typed into the computer, and actually all correspondence that emanated from a computer using “Windows 2000″ is susceptible to tracking. “This is not a theoretical discovery. Anyone who exploits this security loophole can definitely access this information on other computers,” remarked Dr. Pinkas.
Editors Note: I believe this “loophole” is part of the Patriot Act, it is designed for foreign governments. Seriously, if you care about security, privacy, data, trojans, spyware, etc., one does not run Windows, you run Linux.
In relation to the issue of sharing technical API and protocol information used throughout Microsoft products, which the states were seeking, Allchin alleged that releasing this information would increase the security risk to consumers.
“It is no exaggeration to say that the national security is also implicated by the efforts of hackers to break into computing networks. Computers, including many running Windows operating systems, are used throughout the United States Department of Defense and by the armed forces of the United States in Afghanistan and elsewhere.”
The following two articles are much older and some have doubted their arguments’ validity.
A careless mistake by Microsoft programmers has revealed that special access codes prepared by the US National Security Agency have been secretly built into Windows.
[...]
The first discovery of the new NSA access system was made two years ago by British researcher Dr Nicko van Someren. But it was only a few weeks ago when a second researcher rediscovered the access system. With it, he found the evidence linking it to NSA.
A careless mistake by Microsoft programmers has shown that special access codes for use by the U.S. National Security Agency (NSA) have been secretly built into all versions of the Windows operating system.
There are many more citations like these available, shall any be necessary.
In summary, welcome to the twenty-first century, the age when every ‘binaries-boosted’ GNU/Linux distribution should be taken with a grain of salt (not to mention the NSA and SELinux).
Governments ‘wish’ to ‘give’ you control and to offer you privacy, but it’s often just an illusion. The government is an exception to this condition, rule or semi-true promise.
The stories above hopefully illustrate just why Free software is so important (even to national security, assuming you live outside the United States). That’s why those who support back doors-free computing will often be labeled “terrorists”, or those who defend “terrorists”. It’s a straw man really. It’s means for introducing new laws and using the “T” word as an excuse for virtually everything. Here is a discomforting thought:
Do you imagine that any US Linux distributor would say no to the US government if they were requested (politely, of course) to add a back-door to the binary Linux images shipped as part of their products? Who amongst us actually uses the source code so helpfully given to us on the extra CDs to compile our own version? With Windows of course there are already so many back-doors known and unknown that the US government might not have even bothered to ask Microsoft, they may have just found their own, ready to exploit at will. What about Intel or AMD and the microcode on the processor itself?
Back doors needn’t be incorporated only at software-level. Mind the following articles too:
Shamir said that if an intelligence organization discovered such a flaw, security software on a computer with a compromised chip could be “trivially broken with a single chosen message.” The attacker would send a “poisoned” encrypted message to a protected computer, he wrote. It would then be possible to compute the value of the secret key used by the targeted system.
Trouble with Design Secrets
“Millions of PCs can be attacked simultaneously, without having to manipulate the operating environment of each one of them individually,” Shamir wrote.
You could then argue that Sun has some GPL-licensed processors, but who is to check the physical manufacturing process to ensure the designs, which comprise many millions of transistors, are consistently obeyed? This, however, is a lot more complex and far-fetched. How about back doors in standards?
Which is why you should worry about a new random-number standard that includes an algorithm that is slow, badly designed and just might contain a backdoor for the National Security Agency.
“Hey, Steve [Jobs], just because you broke into Xerox’s store before I did and took the TV doesn’t mean I can’t go in later and steal the stereo.”
–Bill Gates, Microsoft
For a company that possibly shelters software patents and also accumulates them at a high pace, the following report seems like a begged-for punishment. Apple should really know better.
During the first four months of 2008, Apple was named as a defendant in eight patent infringement lawsuits, up from five during the same period in 2007. Only one such lawsuit was filed during the first four months of 2006, on behalf of Burst.com. Apple settled that lawsuit for $10 million last November. The first four months of 2005 also brought just one patent lawsuit against Apple. In 2004, three patent lawsuits were filed against Apple from January through the end of April.
“Among those that suffer from Apple’s stance on software patents you also have GNU/Linux.”Has it not been proven yet that, other than exclusion of Free software, patents on algorithms are not economically or practically viable? Bear in mind that Apple is no friend of open source (relevant articles are appended at the bottom), so it has little incentive for demanding and actually bringing change. DRM, which is a wonderful tool and excuse for platform lock-in, is an excellent analogous case.
In a public relations stunt last year, Apple publicly protested against DRM (keeping up appearances, shifting blame to music labels). It probably ought to do the same to address software patents and the troll epidemic, or else it will carry on suffering [1, 2, 3].
Among those that suffer from Apple’s stance on software patents you also have GNU/Linux. Take for example this rant from KDE, or even Compiz-Fusion. Apple patents prevent them from implementing or at least ‘safely’ incorporate features into GNU/Linux desktops.
To make matters worse, there is also Apple’s stance on standards. It would be frank enough to state that, as far as standards are concerned, Apple has never truly been better than Microsoft and not much as changed.
Apple’s incompatible filesystem
[...]
What I don’t get is why didn’t they just stick with a standard UNIX-like file system? Wouldn’t this have: (a) made less work and (b) ensured UNIX compatibility?
Or is that my answer? Did Apple not want UNIX compatibility? On a number of occasions (and with a number of devices), I have had to deal with incompatibilities on the part of Apple. And the more I deal with it, the more I start feeling like Apple is like Windows back in the 90s — when I was struggling to get any given version of Windows to talk with Linux. Ultimately, I won that battle. But the OS X battle seems to be one that might be more of a challenge, and that is disturbing.
Only days ago we mentioned Steve Jobs' snub of Linux. At the bottom of this post you’ll find evidence suggesting that Wozniak wouldn’t have been more receptive than Jobs. In addition, Apple supports OOXML and Microsoft used this as a marketing tool to change people’s minds and discriminate against ODF. To give another recent example which involves BT and/or Asustek, this bundle of an OOXML Trojan horse isn’t helping.
BT bundles MS Office with Linux laptop
[...]
This week’s award for the Most Astutely Selected Software Bundle goes to BT after the teleco tried to hook potential purchasers of Asus’ Linux-running Eee PC 900 by offering to ship it with a copy of Microsoft Office.
BT is offering the 20GB 900 for £335.99, but if anyone out there is willing to buy it for £422.34, the telco will include a copy of Office Home and Student in the box.
So now you can have Linux along with some anti-Linux poison. What a bundle. Lovely! Curious minds might speculate that the Linux-powered Eee, which uses OpenOffice.org, has urged Microsoft to offer BT some discounts so that an OpenOffice.org-incompatible/hostile product (Office 2007) should be seen as enticing.
Corporate user’s reluctance to deviate from a hardware path once it is established carved a deep trench through which flows Microsoft’s seemingly endless supply of revenue. Despite the fact that DOS, and its follow-ups, Windows 1.0 and 2.0, were genuinely inept and insulting products, even by the standards of the day, Microsoft was always granted another chance to get it right.
No matter how awful, DOS running on a PC clone was the anointed “standard,” regarded as so sacrosanct that it hardly mattered what sort of grief people were forced to put up with to use it, how long a product was delivered after it was promised, or whether it even worked as advertised when it arrived on the market. Microsoft may wish to take credit for instituting an OS standard, but history suggests that this occurred despite their best efforts, not because of them.
[...]
As Paul Saffo of the Institute of the Future suggests, this explains why Microsoft is “a company that is desperately resisting change.” According to Saffo, Microsoft is attempting to “hang onto what it’s got: making the operating system important even though we’re moving into a world where the OS becomes steadily less important…. [e]verything it’s doing is going into that. It is a classic case of a change-hating company; it is desperately trying to retard change.”
There is a cost for not being a good Open Source citizen and that cost is loss of goodwill in the community. That loss is more expensive in the long run than Apple realizes.
In the speech predicting how Apple would expand its market share, Jobs showed a slide with Safari dominating almost a quarter of the market–a market shared only with a single other browser, Internet Explorer.
Lilly says he doesn’t believe that this was an omission or simplification, but instead an indication that Jobs is hoping to steal people who use Firefox and other smaller browsers in order to run a “duopoly” with Redmond.
In an interview with eWeek, Woz said that there are always people who want things to be free and the open-source movement starts with those sort of people.