Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Linus Torvalds Admits He's Been Asked To Insert Backdoor Into Linux

samzenpus posted about a year ago | from the getting-in dept.

Privacy 576

darthcamaro writes "At the Linuxcon conference in New Orleans today, Linus Torvalds joined fellow kernel developers in answering a barrage of questions about Linux development. One question he was asked was whether a government agency had ever asked about inserting a back-door into Linux. Torvalds responded 'no' while shaking his head 'yes,' as the audience broke into spontaneous laughter. Torvalds also admitted that while he as a full life outside of Linux he couldn't imagine his life without it. 'I don't see any project coming along being more interesting to me than Linux,' Torvalds said. 'I couldn't imagine filling the void in my life if I didn't have Linux.'"

Sorry! There are no comments related to the filter you selected.

Would probably be found (5, Funny)

MadX (99132) | about a year ago | (#44891237)

*If* such a mechanism was coded in, the nature of open source would mean it would be found by others. This in turn would compromise the trust of the ENTIRE kernel. That trust can take years to build up - but be detroyed in a heartbeat.

Re:Would probably be found (4, Insightful)

phantomfive (622387) | about a year ago | (#44891249)

That trust can take years to build up - but be detroyed in a heartbeat.

You'd think so, but somehow people still trust Windows, even though it most certainly has been compromised.

Re:Would probably be found (4, Insightful)

DerPflanz (525793) | about a year ago | (#44891257)

Being compromised isn't the issue. The Linux kernel has been compromised as well.

The issue here, is that there is a backdoor being built-in deliberately. That could compromise trust.

Re:Would probably be found (5, Insightful)

phantomfive (622387) | about a year ago | (#44891277)

The issue here, is that there is a backdoor being built-in deliberately. That could compromise trust.

There is [americablog.com] that possibility [wikipedia.org] . Once again, this is a possibility we've known about for a while, and it hasn't caused people to leave Windows in droves. I think it's something most people just must not care about.

Re:Would probably be found (4, Interesting)

vague regret (1834800) | about a year ago | (#44891557)

According to the recent human brain study [alternet.org] , facts do not matter. So no wonder people still believe in things like Windows (or open-source) safety and security...

Re:Would probably be found (5, Interesting)

Joining Yet Again (2992179) | about a year ago | (#44891757)

From the description of the study, it seems to me that people who have formed an opinion won't change it just because they see a single piece of potentially falsified or misleading evidence. For example (looking at one of the experiments), if someone has an opinion on joblessness in the US - which might bring in factors of job stability, hours worked or attainment of a living wage - seeing a single graph on number of employed people in recent years does not allow us to conclude that joblessness has been reduced under Obama, unless you have a very primitive interpretation of "joblessness".

The only damning conclusion is that some academics are so arrogant that they assume test subjects must be faulty if they don't immediately believe the academic's interpretation of some data presented to them.

Re:Would probably be found (5, Interesting)

michelcolman (1208008) | about a year ago | (#44891647)

Then again, the back door would be easier to find by criminals. I don't personally care that much about the NSA snooping through my e-mails. But if some criminal can read them just as easily, it's a different story.

Re:Would probably be found (5, Insightful)

Anonymous Coward | about a year ago | (#44891689)

You seem to assume that there are no criminals at all part of "the NSA". Considering the number of employees they have with most having fairly complete access it is almost certain that there are criminals with access to a lot of NSA data.

Re:Would probably be found (5, Insightful)

AlphaWoIf_HK (3042365) | about a year ago | (#44891707)

It is foolish to assume that the people working for the government are perfect angels who could never mean you any harm; this has never been true and never will be true.

Re:Would probably be found (1)

Anonymous Coward | about a year ago | (#44891683)

I think the fact that people (myself) actually don't care is that most of us (99.99%) wouldn't have a problem, since we're not doing anything illegal. I know that it is still wrong, but i just don't care

Re:Would probably be found (4, Insightful)

Joce640k (829181) | about a year ago | (#44891755)

What if it was your neighbor reading your mail? Would you still shrug it off?

Re:Would probably be found (0)

Anonymous Coward | about a year ago | (#44891287)

Oh, right. We forgot that Windows is compromised due to one big, accidental programming error.

Re:Would probably be found (2, Interesting)

gigaherz (2653757) | about a year ago | (#44891325)

Most of us don't feel important enough to worry about some government knowing our secrets. Yes, we know this gives a means for those governments to identify the people who have something to hide, and that isn't always a good thing, but it's easier than being paranoid.

Re:Would probably be found (5, Insightful)

AlphaWoIf_HK (3042365) | about a year ago | (#44891349)

You don't even need to have something to hide; you just need to anger the wrong people at the wrong time. What the government thinks is 'bad' is not necessarily what you think is 'bad,' so you're always in danger, no matter how unimportant you believe yourself to be.

Re:Would probably be found (1)

404 Clue Not Found (763556) | about a year ago | (#44891423)

I'm not in Gitmo yet. Ergo, I'm not important. They may be monitoring me, but spying is cheap. You're nobody until someone tortures you.

Re:Would probably be found (2)

AlphaWoIf_HK (3042365) | about a year ago | (#44891473)

They don't have to torture you to make your life miserable.

Re:Would probably be found (1)

mcvos (645701) | about a year ago | (#44891575)

Discrediting people is much more efficient than torturing them.

Re:Would probably be found (1)

AHuxley (892839) | about a year ago | (#44891559)

It could be a list of efforts first: A break in? A fake utility worker? Small truck hitting a car door?

Re:Would probably be found (5, Insightful)

Talar (1245824) | about a year ago | (#44891601)

This, and add to it that whatever is 'bad' doesn't have to be 'bad' today since the data will be kept practically forever for any future government to analyze. If you still don't have anything to hide you must have a confidence in both the current and all future governments that is so unshakeable I'd almost call it stupidity.

Re:Would probably be found (4, Insightful)

ObsessiveMathsFreak (773371) | about a year ago | (#44891749)

What a lot of people fail to recognise is that the people in charge of governments and the state tend to have the mentality and vindictiveness of very small children. Unfortunately, they also have an adults guile. Assumming that small children will behave rationally, reasonably, or for the common good is not a legitimate strategy.

Re:Would probably be found (-1)

Anonymous Coward | about a year ago | (#44891589)

proof yet again that ANY--ANY anti-microsoft post in this echo chamber will get modded up to +5.

Re:Would probably be found (0)

mdm42 (244204) | about a year ago | (#44891655)

As it should be.

Re:Would probably be found (4, Insightful)

Rosco P. Coltrane (209368) | about a year ago | (#44891269)

Yes, that's the conventional wisdom with open-source. But tell me: when was the last time you went inspect the code deep in the kernel? How many open-source code users do you think have the time, desire and ability - and probably paranoia - to go and inspect the code in *any* open-source project of reasonable size, let alone something as complex as the kernel?

I don't think someone could slip funny code in the main kernel tree - too many specialists reviewing the patches - but I'm convinced that if Canonical, SuSE or RH wanted to distribute a tainted kernel, they could do it undetected for a very long time, if not indefinitely.

Re:Would probably be found (4, Interesting)

Starky (236203) | about a year ago | (#44891297)

Code does not have to be fully reviewed for the open source development process to discipline attempts at compromise. There is a nonzero probability that any given piece of code will be reviewed for reasons other than looking for a back door, and if the probability is higher than trivial, it would dissuade parties from attempting to surreptitiously put in a back door. If a back door were found, the contributor would be known and repercussions would follow.

Moreover, I would not be at all surprised if foreign governments who have a national security interest in running uncompromised operating systems have devoted time and resources specifically to code review of the kernel for potential compromises.

Re:Would probably be found (4, Insightful)

rioki (1328185) | about a year ago | (#44891347)

Do you compile your programs from source and check that it is the last valid version from the project or do you install rpm or deb binary packages? Even if the actual project is vetted, it is near impossible to validate everything that comes though the automatic updates. This is definitely a point of failure, since you only need one person, the person that has access to the signing keys and the update server. So you trust canonical, red hat, SuSe to be fully vetted? Open source is better than closed source vendors, but in the end, if you download binaries you are in the mercy of the person who built them.

Re: Would probably be found (3, Informative)

Anonymous Coward | about a year ago | (#44891409)

As Thompson explains in his Reflections on trusting Trust (http://cm.bell-labs.com/who/ken/trust.html) even if you download everything in source form, and review it, you are still susceptible to manipulation if you use the compiler binary and haven't reviewed it's source.

Or the source of the compiler compiling that compiler, and so on.

Re:Would probably be found (4, Insightful)

Mr. Freeman (933986) | about a year ago | (#44891419)

You raise a good point, and there's actually a lot of evidence proving you correct. There have been more than a few security vulnerabilities that have persisted in the code for various widely-used pieces of open-source software for years. One was even found and patched but then quickly reverted without anyone noticing.

What people fail to understand is that proper security reviews are more than "let's just take a look at the code and make sure that it's not sending email to the NSA." You also can't perform a proper review with a bunch of hobbyist coders, you need highly-trained experts. Every single line of code needs to be checked, double checked, and triple checked against every single other line in the code to make sure that there isn't anything that could possibly compromise the security of the system. These failures are always subtle and usually unintentional.

This is best summed up with an example. Any idiot can look at the code and say "wait a second, this code copies the decryption key and sends an email to the NSA!" Only a very methodical search with a lot of people can say "hey, we've determined that this implementation of this specific part of this specific algorithm probably doesn't have a large amount of randomness over a long period of time. It likely decays such that the complexity is reduced to such and such a number of bits after such and such an amount of time and in these specific situations. This is a problem!"

Compiler checks = more needed (0)

Anonymous Coward | about a year ago | (#44891729)

Re:Would probably be found (0, Funny)

Anonymous Coward | about a year ago | (#44891731)

You also can't perform a proper review with a bunch of hobbyist coders, you need highly-trained experts.

Yeah damn those unwashed hobbyist, we need real professionals, like the ones working for Microsoft. /sarcasm

Re:Would probably be found (1)

Dagger2 (1177377) | about a year ago | (#44891779)

Any idiot can look at the code

But not if it's closed. Being open source may not be a magical panacea, but it is a prerequisite.

Re:Would probably be found (4, Insightful)

jamesh (87723) | about a year ago | (#44891533)

How many open-source code users do you think have the time, desire and ability - and probably paranoia - to go and inspect the code in *any* open-source project of reasonable size, let alone something as complex as the kernel?

There's a whole industry evolved around finding exploitable holes in Windows, and there's no source available for that at all[1]. You can be sure the bad guys have given it a thorough going over and if there was a generic hole (I doubt you could slip an "if password = NSA then accept" style patch by the gatekeeper so it would need to be subtle and generic) it would be found. Admittedly this is not ideal but as soon as the bad guys use their exploit it will be effectively disclosed and then fixed.

[1] actually it would be reasonable to assume that at least some source for windows is in the hands of the bad guys...

Re:Would probably be found (0)

Anonymous Coward | about a year ago | (#44891679)

[1] actually it would be reasonable to assume that at least some source for windows is in the hands of the bad guys...

Yeah, I hear Microsoft has some of it ;-)

Re:Would probably be found (2)

Bert64 (520050) | about a year ago | (#44891721)

[1] actually it would be reasonable to assume that at least some source for windows is in the hands of the bad guys...

And that is the worst part...

The malicious groups have more access than the good guys. A legitimate security researcher cannot get to see the source code without complying with the terms dictated by the vendor, while a malicious hacker can obtain copies of the source and go through it freely.

Re:Would probably be found (0)

Anonymous Coward | about a year ago | (#44891787)

[1] actually it would be reasonable to assume that at least some source for windows is in the hands of the bad guys...

The Russians have full source code of Windows XP, Windows 7 and Office. Courtesy of Microsoft themselves. Even the Russians didn't want Vista :)

Do they track each others kernels? (1)

Per Abrahamsen (1397) | about a year ago | (#44891537)

I wonder if anonical, SuSE and RH track each others kernels, perhaps to see what the competition is up to, ensure compatibility, and lift useful additions. If so, they would be in a good position to catch suspicious developments, and would have motivation to make it public.

Re:Would probably be found (0)

Anonymous Coward | about a year ago | (#44891671)

i look at the code A LOT
its beautifully written
this may sound weird but its like poetry
it has structure and meaning
linus has done well in keeping his code in order

Re:Would probably be found (1)

Bert64 (520050) | about a year ago | (#44891703)

The conventional wisdom is that while open source is not perfect, it's still better than the alternatives - and the same applies to virtually everything.

I would rather have something that i *can* investigate and/or modify to suit my needs, and where multiple unrelated third parties can do the same thing. The chance of a backdoor existing are lower, and the chance of one being found if it were introduced is higher...

And this is for me as an individual, a foreign government is likely to be far more concerned, and also far better funded so they can employ a large number of people to audit the code thoroughly.

Re:Would probably be found (4, Insightful)

mwvdlee (775178) | about a year ago | (#44891279)

If anybody were somehow forced to submit a backdoor, it would be very easy to just tip off a random fellow developer to "discover" it.

Re:Would probably be found (5, Insightful)

jma05 (897351) | about a year ago | (#44891285)

It's unlikely that such a backdoor, should it exist, would be coded so obviously, since the source is published. Instead, it would more likely be in the form of a subtle buffer overflow that results in previlige escalation or such, such that when found, it could simply be labeled as a bug rather than an backdoor... plausible deniability.

Re:Would probably be found (1)

Anonymous Coward | about a year ago | (#44891411)

Or you use a compromised compiler to insert the backdoor.

Re:Would probably be found (1)

jamesh (87723) | about a year ago | (#44891549)

Or you use a compromised compiler to insert the backdoor.

Yes it can always be injected at the source->binary level, even maliciously by your distributor themselves...

Re:Would probably be found (0)

elucido (870205) | about a year ago | (#44891431)

It's unlikely that such a backdoor, should it exist, would be coded so obviously, since the source is published. Instead, it would more likely be in the form of a subtle buffer overflow that results in previlige escalation or such, such that when found, it could simply be labeled as a bug rather than an backdoor... plausible deniability.

Exactly.

Re:Would probably be found (1)

oneandoneis2 (777721) | about a year ago | (#44891511)

Since bugs like those crop up anyway, it's probably easier to find & exploit existing bugs than to force somebody to introduce them..

Re:Would probably be found (1)

q.kontinuum (676242) | about a year ago | (#44891715)

Since bugs like those crop up anyway[...]

Well, that's the thing... Do they crop up anyway or are these bugs already the intentional backdoors?

No (1, Insightful)

thegarbz (1787294) | about a year ago | (#44891289)

*If* such a mechanism was coded in, the nature of open source would mean it would be found by others.

The nature of open source means it MAY be found by others. Sure you have a higher chance and an audit trail but you're making multiple assumptions here:

a) The code will be audited, and while this is true for the Linux kernel it may not be true for *insert small open source project with few developers here*.
b) You're relying on the audit to look in the right place, i.e. it's one thing to compromise the Linux network stack, and quite another to compromise *insert convoluted X11 protocol no one has touched in years here*.
c) You're relying on the fact the auditors can actually identify the fault in the code. Given that a backdoor can be inserted as easily as putting a = sign where an == sign belongs and given the quality of entries in the Underhanded C Contest [xcott.com] I would say that not nearly every coder is competent at identifying nefarious code. Not to mention the number of exploitable bugs that exist at large.
d) You're assuming the source code matches the binaries, and while people may be routinely looking at your code, the vast majority of projects not built from source are NOT decompiled and checked against their source to see if someone hasn't tainted the binaries.

Having auditable code does not magically make you safe.

Yes (5, Insightful)

FatLittleMonkey (1341387) | about a year ago | (#44891463)

The nature of open source means it MAY be found by others. Sure you have a higher chance and an audit trail but you're making multiple assumptions here:

The difference is that with a closed source OS, if the other devs with access to the code find the backdoor, they can be ordered by the company to STFU or lose their jobs. The NSA only needs to compromise (either legally or illegally) the head of the company and that also gets them every single dev with access to the source.

There's no way for even Linus at his most shouty to completely control what other Linux devs discover. (And, as the previous poster noted, that makes it easy for Linus to tip off another dev on the sly to publicly "discover" and patch the "bug", without exposing Linus to legal issues from not cooperating with the NSA.)

Given the difference between "effortless to compromise" and "insanely difficult to compromise", which would you pick as the safest?

Re:No (1)

sjames (1099) | about a year ago | (#44891485)

It makes you safER. One thing I can be sure of is that proprietary code has not been examined by anyone not on the payroll and/or under a gag order.

Re:Would probably be found (5, Insightful)

Jeremi (14640) | about a year ago | (#44891293)

*If* such a mechanism was coded in, the nature of open source would mean it would be found by others. This in turn would compromise the trust of the ENTIRE kernel. That trust can take years to build up - but be detroyed in a heartbeat.

If it was obviously a deliberate back door, sure. Which is why the clever hacker/government-agency would be a lot more subtle -- rather than a glaring "if (username == "backdoor") allowRootAccess();", they'd put a very subtle [mit.edu] mistake into the code instead. If the mistake was detected, they could then simply say "oops, my bad", and it would be fixed for the next release, but other than that nobody would be any the wiser. Repeat as necessary, and the visible results might not look too different from what we actually have.

Re:Would probably be found (1)

JavaBear (9872) | about a year ago | (#44891407)

One current example is the subtle weakening of the RNG's which in turn is claimed to reduce for instance 128 bit symmetric keys to effectively just 32-bit strength.

I can't recall where I saw that stated, and I have no idea how that would work.

Re:Would probably be found (3, Interesting)

ozmanjusri (601766) | about a year ago | (#44891567)

I can't recall where I saw that stated, and I have no idea how that would work.

It was a potential exploit on Intel's Ivy Bridge RNGs, and it wouldn't work on Linux, as /dev/random etc mix RDRAND with many other sources of entropy.

Re:Would probably be found (0)

Anonymous Coward | about a year ago | (#44891719)

The problem with subtle mistakes is that they have a fairly high risk of being discovered by others.
So one question is: how likely is the NSA to add a backdoor when it might be used by e.g. the Chinese against US companies vs. one the NSA believes only they can use because it needs some kind of password?
There is also the question if such a subtle mistake is any better than those subtle mistakes you can just find via security research without having to place it first...

Re:Would probably be found (1)

Camembert (2891457) | about a year ago | (#44891341)

Well, many people use a precompiled linux distribution. It is not trivial to know whether there is a backdoor in any of those binaries.

Re:Would probably be found (0)

Anonymous Coward | about a year ago | (#44891401)

Anyone here remember 'Black Sunday'? That same secret embedding of little bits of seemingly harmless extra code over time to create something nasty in the end can happen to any project, any commercial program, any hardware firmware, or embedded software.

Not necessarily (1)

elucido (870205) | about a year ago | (#44891425)

it depends on how it's coded. It's possible to code it in such a way that it's impossible to find by anyone but the person coding it. You gotta trust your programmer as much as you trust your doctor.

Re:Would probably be found (5, Informative)

dmcq (809030) | about a year ago | (#44891563)

Have a look at some of the code from the 'Underhanded C Contest' at http://underhanded.xcott.com/ [xcott.com] where people write code that looks straightforward and nice and clear but contains deliberate evil bugs. I think that should remove any complacency and the NSA has a lot of money to spend on people posing as developers never mind the ones they stick onto standards bodies.

Re:Would probably be found (1)

Chrisq (894406) | about a year ago | (#44891573)

*If* such a mechanism was coded in, the nature of open source would mean it would be found by others. This in turn would compromise the trust of the ENTIRE kernel. That trust can take years to build up - but be detroyed in a heartbeat.

As a Linux user who downloads a compiled distribution I can't help worrying that the organisations building the distributions may also have been asked, and maybe given incentives, to put backdoors into the binaries. How do I know that the binary comes from the public source?

Re:Would probably be found (2)

cardpuncher (713057) | about a year ago | (#44891619)

Or possibly, the discovery of such a mechanism would conveniently distract attention from the possibility of, say, a backdoor in the processor itself by means of which an unlikely but valid instruction stream might, for example, give kernel privileges to a program running in user mode. An open source software exploit might be intended to be found, and removed, thus restoring your false sense of security in your possibly compromised hardware.

Re:Would probably be found (1)

byeley (2451634) | about a year ago | (#44891651)

Attempts have been discovered, ie http://www.securityfocus.com/news/7388 [securityfocus.com]

They haven't compromised trust to any significant degree, presumably because they're obscure?

I'm torn on the question of whether there's a deliberate backdoor at present. On one hand, discovered security breeches are like roaches (many exist for each one you discover), but on the other, I don't know of any found in actual releases and the find mentioned above was some damn fine code review.

Re:Would probably be found (0)

Anonymous Coward | about a year ago | (#44891659)

*If* such a mechanism was coded in, the nature of open source would mean it would be found by others. This in turn would compromise the trust of the ENTIRE kernel. That trust can take years to build up - but be detroyed in a heartbeat.

The complexity of the Linux kernel can only be understood by a few. Not unlike the AES encryption algorithms, detecting a backdoor in a sequence of carefully applied changes can be very tricky.

Re:Would probably be found (1)

michelcolman (1208008) | about a year ago | (#44891661)

http://underhanded.xcott.com/ [xcott.com]

It's amazing what some of these people come up with to hide malicious code using seemingly honest coding mistakes that are hard to spot. And I'm sure the NSA can do even better than them. Certainly in a huge, complex piece of code like the Linux kernel. And how many people really inspect that code anyway?

Re:Would probably be found (1)

Greyfox (87712) | about a year ago | (#44891781)

It'd just be an option when you compile the kernel. "NSA Backdoor: Enable this to install a back door in your kernel which the NSA can use to spy on you. [on][off]"

Shaking? (1)

Anonymous Coward | about a year ago | (#44891241)

We nod our heads for yes and shake them for no.

Re:Shaking? (5, Informative)

Pikewake (217555) | about a year ago | (#44891275)

Unless you're in Albania, Bulgaria or Macedonia ;)

Re:Shaking? (5, Interesting)

waitamin (2811853) | about a year ago | (#44891309)

This is so weird to most Europeans and Americans.... A common question by American teachers in my high-school in Bulgaria was, "does it make sense", usually followed by about half the people shaking their heads and half the people nodding, to the obvious (yet silent) horror of the teacher. They got used to it eventually.

What is best however is the never-ending rotational head movement that some people from the Indian subcontinent use.

Re:Shaking? (2)

Camembert (2891457) | about a year ago | (#44891375)

What is best however is the never-ending rotational head movement that some people from the Indian subcontinent use.

Yes indeed, i t is initially very puzzling.
Eventually I learned that it does not mean yes or no or maybe; but simply "I understand you" (this does not imply agreement).

Re:Shaking? (1)

fonske (1224340) | about a year ago | (#44891635)

My Bulgarian Karate teacher has spent years in the USA and now lives in Belgium.
When he visits his mother in Sofia he rotates his head when saying yes or no, having difficulty of conforming to two different sets of agreement.

Re:Shaking? (1)

rvw (755107) | about a year ago | (#44891315)

We nod our heads for yes and shake them for no.

Yeah those Finnish people. It must be the Vodka!

Not only he's been asked (-1)

Anonymous Coward | about a year ago | (#44891253)

Torvalds should admit he did put backdoors in his Operating System.

Just have a look how enormous are all these ptrace bugs.

Details of the backdoor (1)

aneroid (856995) | about a year ago | (#44891267)

'linus' is an alias for 'root' on all systems running the kernel since Windo...err, Linux 3.11.
Password for said alias is 'root' (some of the backdoor-accessing programs don't accept blank passwords).

Never know, since it's not possible to look for such backdoors, unless it's open source.

And even IF it was, you'd have to worry about Trusting Trust [bell-labs.com] .

(mostly sarcasm.)

Well, did he do it? (0)

Anonymous Coward | about a year ago | (#44891283)

Who cares if he got asked. I can ask for a lot of things too, but what I actually get is what matters. What did the government get?

No. (0)

Anonymous Coward | about a year ago | (#44891303)

Yes, I put in without request.

Some people ... (4, Insightful)

daveime (1253762) | about a year ago | (#44891321)

... can't tell the difference between humour and reality.

Torvalds said no while nodding his head yes is a JOKE people, not a fucking admission. Please, save the tinfoil paranoia for Reddit, and keep the serious tech discussions here.

Re:Some people ... (0)

elucido (870205) | about a year ago | (#44891433)

... can't tell the difference between humour and reality.

Torvalds said no while nodding his head yes is a JOKE people, not a fucking admission. Please, save the tinfoil paranoia for Reddit, and keep the serious tech discussions here.

Obviously it's a joke. It's not like anyone would admit something like that.

Re:Some people ... (4, Insightful)

Anonymous Coward | about a year ago | (#44891441)

... can't tell the difference between humour and reality.
Torvalds said no while nodding his head yes is a JOKE people, not a fucking admission. Please, save the tinfoil paranoia for Reddit, and keep the serious tech discussions here.

I don't know if you've been following the news lately, but when it comes to backdoors a lot of the "tinful paranoia" of years past has turned out to actually be true. Statistically speaking it is no longer such a certainty that it's just paranoia anymore. The true tinfoil cynic might say that agencies like the NSA are actually depending on "serious tech people" discounting stuff like this as tinfoil paranoia.

Re:Some people ... (1)

AHuxley (892839) | about a year ago | (#44891517)

Re:Some people ... (1)

c0lo (1497653) | about a year ago | (#44891523)

... can't tell the difference between humour and reality.

I can't.

Torvalds said no while nodding his head yes is a JOKE people, not a fucking admission. Please, save the tinfoil paranoia for Reddit, and keep the serious tech discussions here.

Unless I'm reading Linus'es admission of a joke, I will continue to be unable to tell the difference... if it's indeed a pure joke, I don't get it.
That may make me "humor impaired", but since when being so is a symptom of paranoia?

Re:Some people ... (-1)

Anonymous Coward | about a year ago | (#44891665)

Worse, people misunderstood the question. The real question was, "Do you like to take it up the backdoor?" While he can't publicly say, "Yes", due to the massive backlash of public reticule that would surely follow, the affirmative nod was understood by the participants at Linuxcon who, like Linus, also enjoy gay sex.

Re:Some people ... (1)

oji-sama (1151023) | about a year ago | (#44891727)

the audience broke into spontaneous laughter.

Yes, I would go with the audience reading the non-verbal clues pretty accurately. I doubt that he would joke about it if it was true.

The Pragmatics of the Truth (5, Insightful)

Zanadou (1043400) | about a year ago | (#44891337)

One question he was asked was whether a government agency had ever asked about inserting a back-door into Linux. Torvalds responded 'no' while shaking his head 'yes,'

That's actually quite a cunning answer: possibly, regardless of his answer to the back-door request (I hope the answer was something like "No, fuck you"), like others in comparable situations have hinted at, maybe he's being held accountable to some kind of on-going government "Non-disclosure clause" concerning such a request/conversation.

But can body language and gestures be held up to the same legal gagging? I'm sure no legal precedent been held for that yet, and Linus probably is aware of that.

A cunning, cunning way of answering the question.

Umm... read between the lines? (1)

Anonymous Coward | about a year ago | (#44891343)

'I don't see any project coming along being more interesting to me than Linux,' Torvalds said. 'I couldn't imagine filling the void in my life if I didn't have Linux.'"

Isn't it the nature of the US govt to arrest (without means to defend) anyone who does not comply with their (illegal) demands?

If Linus was threatened with his removal from Linux...permanently... and he can't imagine life without Linux.... isn't it time for some serious independent kernel reviews?

Re:Umm... read between the lines? (0)

Anonymous Coward | about a year ago | (#44891383)

Sure, go right ahead. You have the source here: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/

Dig right in and make sure to tell us what you found.

Btw, Walmart has a tinfoil special this week, 2 sheets for the price of 3. I'm sure you could make a kick ass hat out of that.

Re:Umm... read between the lines? (1)

jones_supa (887896) | about a year ago | (#44891503)

Hmm, that's a cool log actually. I browsed that a bit and there's a funny patch where someone corrects typos [kernel.org] of HDMI being written "HMDI".

Re:Umm... read between the lines? (1)

Adam Colley (3026155) | about a year ago | (#44891495)

No.

Slip the backdoor into a precompiled GCC instead (5, Interesting)

GauteL (29207) | about a year ago | (#44891363)

Seems we need reminding of this classic [bell-labs.com] by Ken Thompson.

Slip a backdoor into a RHEL 6.x (or any other major Linux distribution) version of GCC and make it do two major things:
1. Slip a backdoor into any Linux kernel it compiles.
2. Replicate itself in any version of GCC it compiles.

Choose some entry point which changes very rarely so the chances of incompatibility with new code is small.

This would probably keep RHEL with any kernel version tainted for generations of releases without very little chance of being spotted, because there are no changes in the distributed source code of either project

Re:Slip the backdoor into a precompiled GCC instea (1)

elucido (870205) | about a year ago | (#44891437)

Seems we need reminding of this classic [bell-labs.com] by Ken Thompson.

Slip a backdoor into a RHEL 6.x (or any other major Linux distribution) version of GCC and make it do two major things:
1. Slip a backdoor into any Linux kernel it compiles.
2. Replicate itself in any version of GCC it compiles.

Choose some entry point which changes very rarely so the chances of incompatibility with new code is small.

This would probably keep RHEL with any kernel version tainted for generations of releases without very little chance of being spotted, because there are no changes in the distributed source code of either project

Or bugs in the random number generator.

Re:Slip the backdoor into a precompiled GCC instea (1)

AHuxley (892839) | about a year ago | (#44891521)

Random number generator would be the way to go on some projects. Would the users and devs pick it up in time, over time? Be activity looking for an issue like that?

Re:Slip the backdoor into a precompiled GCC instea (1)

jones_supa (887896) | about a year ago | (#44891507)

I wonder if anyone actually takes the responsibility to do this check. Maybe there are GCC binaries in the wild which replicate a backdoor.

Expect to be deported (1)

HansKloss (665474) | about a year ago | (#44891457)

Now Linus can expect visit from the current regime security forces. Many people in the U.S was treated this way. No matter if they had bank accounts, 401K, houses, they were put on the plane and sent home.
When I think about it's not only government forces behaving this way. There are stories about hospitals shipping immigrant patients to the country of their birth.
Imagine when you wake up in some foreign hospital after living in US for 30 years.

Re:Expect to be deported (2)

Nutria (679911) | about a year ago | (#44891631)

No matter if they had bank accounts, 401K, houses, they were put on the plane and sent home.

Right. Because somewhere else is their home, and they're here illegally (whether by crossing the southern border or overstaying a visa).

If they really want to be here, there are multiple well-defined sets of rules which hundreds of thousands of people use every year to get here legally,

Re:Expect to be deported (0)

Anonymous Coward | about a year ago | (#44891705)

. There are stories about hospitals shipping immigrant patients to the country of their birth.
Imagine when you wake up in some foreign hospital after living in US for 30 years.

They'd probably get better care there.

Well, he says that... (0)

91degrees (207121) | about a year ago | (#44891471)

Turns out using the username "Joshua" gave me full access to NORAD's network.

The second, most important, question is missing (1)

m.alessandrini (1587467) | about a year ago | (#44891501)

Did he comply? We've seen that NSA has pretty solid arguments to force people.

Insert anal joke here: (1)

Nikhil Mahajan (3018943) | about a year ago | (#44891639)

Or would that be too childish

if Linux was asked, the MS were asked (5, Insightful)

Anonymous Coward | about a year ago | (#44891695)

If the Govenrment asked for Linux, then certainly they asked for Windows, and whereas I trust Torvalds, I don't trust Microsoft - not in a nasty way, just in the sense that they're a very large company over whom the Government has a great deal of power and where very large companies typically are not morally motivated. I don't mean that in a nasty sense, I just mean there's so many people, taking a moral stance - e.g. accepting a cost for a benefit you personally do not see - is in practical terms very, very unlikely.

So I think I have to assume there is a backdoor in Windows. In fact, it's hard to imagine anything anyone could say to reassure me. If the NSA said it was not so, I'd laugh. They twist words with the pure purpose of deception. If MS said so, I'd be thinking they were legally compelled, such that they could not even say that uch a request had occurred. The NSA surely now have a problem, in that I absolutely cannot trust their word - and indeed I cannot see how that trust can be re-established. If there was a full disclosure, that would be a start, followed by a credible reform programme. I don't think either even remotely likely; and by that, I rather think the NSA has either sealed its doom, or *our* doom. The NSA has gone too far. Either they will be replaced, in which case the problem is addressed, or, if they are not replaced, then *we* have a problem, because the NSA is too powerful to remove (and violates all privacy and security).

So, what do you know? turns out this *will* hurt MS sales, because now I *have* to move to Linux. I've been thinking about it for a while, but the cost of learning a new system to do only exactly what you can do already means where I'm very busy, it hasn't happened; but now there is a *need* for me to do, privacy.

So... (1)

Anonymous Coward | about a year ago | (#44891753)

The remark: "I couldn't imagine filling the void in my life if I didn't have Linux." is Linus telling us: "They threatened to take Linux away from me so I complied with their demands."?

Re:So... (1)

Wonko the Sane (25252) | about a year ago | (#44891799)

That sounds like a reasonable interpretation.

Re:So... (1)

RDW (41497) | about a year ago | (#44891807)

The remark: "I couldn't imagine filling the void in my life if I didn't have Linux." is Linus telling us: "They threatened to take Linux away from me so I complied with their demands."?

No, he compiled without their demands.

I couldn't imagine filling the void in my life if (3, Funny)

TheGratefulNet (143330) | about a year ago | (#44891803)

yeah, he's a "char star" alright. yup.

if you have char-stars you don't care about voids, really.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?