Announcement

Collapse
No announcement yet.

The FBI Paid OpenBSD Developers For Backdoors?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • phoronix
    started a topic The FBI Paid OpenBSD Developers For Backdoors?

    The FBI Paid OpenBSD Developers For Backdoors?

    Phoronix: The FBI Paid OpenBSD Developers For Backdoors?

    Government organizations, whether they be from the United States, the European Union, or anywhere else for that matter, contributing to open-source projects is not new. Heck, Security Enhanced Linux (SELinux) in the mainline kernel can largely be attributed to the United State's National Security Agency (NSA). More organizations contributing to open-source isn't bad -- government or not -- when it's mutually beneficial work with good intentions. However, there are new allegations being made today about OpenBSD's networking stack, in particular it's IPsec code. The FBI allegedly paid OpenBSD developers to insert back-doors into the code-base...

    http://www.phoronix.com/vr.php?view=ODkxMw

  • smitty3268
    replied
    Originally posted by KDesk View Post
    It is not so. The companies don't buy Red Hat's software, they can get the sources and compile, or what many do, install CentOS. The companies buy Red Hat's support. Or seen by another side, the buy a pack of software+support.
    If they get a Red Hat DVD, or links to software on a Red Hat server, then they are buying code. Whether you want to admit it or not.

    Obviously they're buying the support as well, as it's the more difficult thing to obtain.

    Leave a comment:


  • KDesk
    replied
    Originally posted by smitty3268 View Post
    I can sell water out of a facet, it doesn't matter if the water is free for anyone to drink, i can still sell it to you. The same concept applies to Red Hat.
    It is not so. The companies don't buy Red Hat's software, they can get the sources and compile, or what many do, install CentOS. The companies buy Red Hat's support. Or seen by another side, the buy a pack of software+support.

    Leave a comment:


  • smitty3268
    replied
    I can sell water out of a facet, it doesn't matter if the water is free for anyone to drink, i can still sell it to you. The same concept applies to Red Hat.

    Leave a comment:


  • Wyatt
    replied
    Originally posted by yotambien View Post
    You are right, $100x3 ($200x3 including the offer from the pfsense team) is not serious money to audit that code. However, given how quickly some people are assuming the supposed backdoors to be real, I imagine some hundred bucks will be a good incentive for them to reveal their own sources and audits, based on which they arrived at their informed conclusions. After all, so far they're doing it for free.
    If you look through the thread, there are a bunch more offers. It ends up being $1400*3 last I saw. That's a nontrivial sum.

    Leave a comment:


  • deanjo
    replied
    There is also the situation where XYZ pays to add ZYX function to be added to the software.

    Leave a comment:


  • BlackStar
    replied
    @crazycheese: in other words, Red Hat develops and sells free software. Why is it so difficult for you to accept this?

    Did you even read the FSF links? Or Jim Whitehurst's interview?

    Do you understand the distinction between free-as-in-speech and free-as-in-beer? It's fundamental: Red Hat sells RHEL. This is free-as-in-speech software (source-code available) but is is *not* free-as-in-beer: you need to pay Red Hat in order to use it.

    If you don't wish to pay, you can get the source-code and do whatever you want with it - but then you are not using RHEL, you are using something else entirely.

    But please go on bubbling about how you cannot sell free software (even though the FSF explicitly says you can) or how Red Hat doesn't sell free software (even though the Red Hat CEO says they do). Be my guest.

    Leave a comment:


  • yotambien
    replied
    Originally posted by DebianAroundParis View Post
    $100 for such an important and difficult work? What a preposterous offer!
    This guy is a cheap blogger looking for publicity.
    He also is a naive citizen who refuses to believe that states are not good-intentioned mothers.
    Unconsciously he must know the truth since he will not offer his house as a bounty.
    He is too weak to consciously face reality.
    You are right, $100x3 ($200x3 including the offer from the pfsense team) is not serious money to audit that code. However, given how quickly some people are assuming the supposed backdoors to be real, I imagine some hundred bucks will be a good incentive for them to reveal their own sources and audits, based on which they arrived at their informed conclusions. After all, so far they're doing it for free.

    Leave a comment:


  • crazycheese
    replied
    Originally posted by yogi_berra View Post
    Red Hat tells you to shut your machine off when your subscription runs out. The "evil" Oracle doesn't even do that.

    Oh @ BlackStar if you think I have a problem with a company making money from selling software, you are an idiot, I have a problem with the business model of extorting money from security updates.
    Somebody has to write those fixes, not?
    And this requires costs. From food and electricity to money for hacker's children education.
    It is human work to find, debug, waste time.
    The ready result, however, is free to have and they submit it upstream.
    Just somebody has to do it.

    Either professionally and seriously like RedHat, in free time(Slack, Gentoo, Arch, Debian) or redneck barber-debugger way - throwing unstable software on common Joe the barber (Ubuntu).

    And first thing is best and most direct, when you have money of course.

    Leave a comment:


  • crazycheese
    replied
    Originally posted by BlackStar View Post
    Yes, Red Hat sells free software. They've built a thriving business around this.
    Man, whats the problem with you?
    Software as in information, (1)dies if it is NOT used(google for very old unpopular thing); (2) multiplies if it is USED.
    Human work, hardware as in product, (1) dies if it is USED; (2) stays in one piece if it is NOT used.

    Infomation and its carrier - matter are of two different natures.

    Red Hat is selling what it uses - human work, sandwiches and luxury houses for talented people. But the result is free to have once it is ready. Just creating this result costs money, not the result in the end.

    They have build a brilliant model around creating worlds, not around cloning and replackaging.

    Leave a comment:

Working...
X