Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Schwartz Comments On NSA/Sun OpenSolaris Collaboration

ScuttleMonkey posted more than 6 years ago | from the color-me-skeptical-for-now dept.

Sun Microsystems 92

sean_nestor writes to mention that Sun CEO Jonathan Schwartz took a bit of time recently to comment on last week's announcement that Sun Microsystems would be partnering closely with the NSA for security research surrounding OpenSolaris. Rather than the typical loads of legalese and confidentiality agreements Sun and the NSA are claiming that this move is more about the NSA joining the OpenSolaris community than anything else. I guess only time will tell.

cancel ×

92 comments

Sorry! There are no comments related to the filter you selected.

SLASHDOT SUX0RZ (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22896156)

_0_
\''\
'=o='
.|!|
.| |
more open than open [goatse.ch]

New Meaning of Spyware (-1)

Jeremiah Cornelius (137) | more than 6 years ago | (#22896178)

I'll be dropping this like a hot, forking potato.

As will, I am sure, most other countries in the world. How many people want to unwittingly maintain an Echelon outpost for the Internet?

BTW. These guys are acting outside the confines of legal authority as we speak. Why trust any contibution?

OpenSolaris (5, Insightful)

TheNinjaroach (878876) | more than 6 years ago | (#22896222)

"Open" is the keyword here. It's not like they are going to be submitting binary patches or that we can't review the source code they submit.

I'd also like to point out the SELinux [nsa.gov] project, will you abandon Linux now too?

You should really adjust that tin foil, it's messing with the signals that are already inside your head.

Re:OpenSolaris (0)

Jeremiah Cornelius (137) | more than 6 years ago | (#22896290)

I build without SELinux, and I keep an eye on my compiler, too.

Tinfoil accessorizes more nicely than bullshit. :-)

Re:OpenSolaris (2, Informative)

mrsteveman1 (1010381) | more than 6 years ago | (#22900398)

On systems that do use SELinux, the NSA isn't the one who compiled it in, the distribution did. I fail to see what avoiding SELinux like the plague accomplishes anyway, its just a mandatory access control system. It's also typically disabled at boot time anyway.

SElinux is also a part of the mainstream kernel, so perhaps you don't trust those people either? Perhaps you should review the source line by line, because how do you know that unchecking SELinux in the config REALLY removed it from the final binary? Maybe they are tricking you!

Your compiler was also compiled from source by your distribution, and you think the binary compiler that came with your distribution is subverting all code you compile?

Yes, tinfoil indeed.

Re:New Meaning of Spyware (0)

Anonymous Coward | more than 6 years ago | (#22896632)

Nice troll.

Re:New Meaning of Spyware (2, Insightful)

wizardforce (1005805) | more than 6 years ago | (#22896768)

Why trust any contibution?
because you can literally stare at the source code and audit it. this isn't windows or Mac where you've literally put your security in their hands, FOSS is more or less transparent so if you don't like where things are going you can fork the project and take things your own way. you can submit patches if you find a flaw or backdoor of some sort in the code.

Re:New Meaning of Spyware (1)

hoggoth (414195) | more than 6 years ago | (#22897364)

> you can literally stare at the source code and audit it.

What good does that do if the gcc binary has been modified to insert nasty code when it compiles. All of the source code could be clean, including the source code of gcc. Then anything that gets compiled has backdoors inserted.

Re:New Meaning of Spyware (2, Insightful)

wizardforce (1005805) | more than 6 years ago | (#22898706)

that's hogwash. you don't use a compiler that you don't have the sources to.

Re:New Meaning of Spyware (1)

jhol13 (1087781) | more than 6 years ago | (#22903010)

How do you compile the compiler?

There is this famous trick of having a virus/trojan in the compiler so that when it compiles (another) compiler it will insert the virus into the new compiler too.

See Ken Thompson, Reflection trusting trust.

Re:New Meaning of Spyware (1)

m50d (797211) | more than 6 years ago | (#22903616)

With a compiler from an independent source, compiled with a compiler from another independent source. Thompson's trick is very neat, and worked when there was one standard system compiler. It won't work now that there are two dozen on the internet and GCC is developed at such a rate of knots that your virus would naturally break within six months.

forgetting history (1)

sentientbrendan (316150) | more than 6 years ago | (#22903256)

>that's hogwash. you don't use a compiler that you don't have the sources to.

The grand parent was making a reference to a historical case where a compiler binary was created that would create a back door in compiled software. Editing the compiler sources in this case would normally help, except that the compiler was designed to detect that it was recompiling itself and reinsert the code that had been removed from the sources.

http://blogs.ittoolbox.com/emergingtech/edge/archives/ken-thompson-and-the-selfreferencing-c-compiler-16142 [ittoolbox.com]

In this case, it's impossible to determine the back door exists by reading the sources, or remove it by editing it.

Re:forgetting history (1)

HiThere (15173) | more than 6 years ago | (#22906824)

That's why the comment about compiling it with an independent compiler.
That was the solution last time.

Of course, now with the NSA involved, one could claim that all possible compilers had been jiggered to recognize each other. So to be secure one would need to go back to an early version and compile the chain forwards. Or write your own mini-C compiler in, say, Python, extending it sufficiently to compile an early version of GNU C...and then compile forwards from there. Though I suppose that if you've done that, you might as well extend your own compiler to handle all of the subset of C required to compile the GCC, and then compile directly.

Even then, unless you've reviewed ALL the source, you can't be sure, so it's safer to just use your own compiler.

Do I think anyone will do that? Or reasonably could? No. The community could, but if you're going to trust the community, why not trust the GCC? It has sources not only reviewed by the community, but also by multiple independent governments.

I think that around the time of the GCC-EGCC split and remerger many independent people thoroughly reviewed the source code, and that (partially) independent compilers were frequently compiling different compilers. The Thompson back door was fragile, and depended on Thompson being one of the developers. (In fact, as I recall [from reports, I wasn't there], he originally wrote it as an aid to debugging...then he expanded it.)

Absolute security isn't available. We (the community) try to come as close as is practical.

Re:New Meaning of Spyware (1)

hcdejong (561314) | more than 6 years ago | (#22899582)

That's all good and well in theory, but how well does it work in practice?
IDK how large the source for the average Linux distribution is, but I bet we're talking about dozens, if not hundreds of megabytes of code. You're never going to be able to audit all of it on your own, the only way to do an audit is to assemble a group of people and divide the work. But what if an insidious programmer added seemingly innocuous bits of code to dozens of files, so no single auditor is likely to see the entire backdoor code?

Also, the 'many eyes' argument in favor of FOSS sounds nice, but there's no guarantee those 'many eyes' ever see the entire source code. Seldom-used features will also rarely be audited, if ever.

Re:New Meaning of Spyware (1)

trolltalk.com (1108067) | more than 6 years ago | (#22896870)

How many people want to unwittingly maintain an Echelon outpost for the Internet?

To put it into geek-speak, "We could tell you, but then we'd have to reiserize you."

Re:New Meaning of Spyware (5, Insightful)

bfields (66644) | more than 6 years ago | (#22897366)

The NSA is a huge organization, does a lot of different things, and as a result, it can--like a lot of large companies and agencies--seem a bit schizophrenic.

NSA employees have made significant contributions to Linux already, and there have been the usual arguments over design choices that any such project faces, but there's never been the smallest suggestion of any subterfuge.

OpenSolaris's work is conducted in the light of day, and I doubt the NSA's participation will be any more nefarious there.

Part of the NSA's mandate seems to be to improve the security of everybody's operating systems. That's work that can benefit all of us, is exactly the sort of work that a "national security agency" *should* do, and we should encourage it, while still condemning the projects we disapprove of.

Re:New Meaning of Spyware (5, Insightful)

Zoidbergo (751725) | more than 6 years ago | (#22898424)

I'll be the first to yell out at things like warrantless wiretapping, but believe it or not, even at NSA they use Windows and Linux/Unix on their hardware. It's in their best interest and the interest of their mission (as a consumer of said OSs) to make sure that those OSs are as secure as they can be. And some of the smartest security researchers on the planet work for NSA. So why not?

One of the NSA's growing missions is also to secure the electronic interests of the United States and its citizens. That includes doing anything they can to help secure the infrastructure of US interests. All our banks and national financial stability rely heavily on the security of computer systems. If they can't benefit from this added security, what's the point of securing a defense system if someone can hack into your federal bank system and make you lose billions?

So things like an overall more secure Solaris or Linux (or even Windows Vista) benefits everyone, including the electronic interests of the citizens of the USA, who the NSA also serves. Remember, they ARE a government agency (an occasionally evil one, though most of them do evil things every now and then.)

Re:New Meaning of Spyware (1)

thogard (43403) | more than 6 years ago | (#22899774)

When it comes to the stuff that causes your tin foil hat to get warm, your way to late and they already took care of the rest years ago. For example why does every major Unix and router operating system use the encrypted root (or admin) password to seed the tcp sequence number. So if we look at what Solaris does with its tcp_strong_iss generator, its starts out by leaking bits that are derived from the password hash along with a very weak and predictable pseudo random number. The system is such that you have to watch the thing for a very long time but the entropy from the pseudo random generator goes away after a while and your left with just the bits of the hash which you can work backwards and collect enough of the encrypted password to get decent results in a random table. AIX, HPUX and IOS all do it about the same way.

I'm more worried that the Solaris coder that thought it would be a good idea to rewrite their telnetd in a way that opened a huge back door is still working for them.

MAC's (1)

al0ha (1262684) | more than 6 years ago | (#22896232)

From the article, "MAC's exists so that not just anyone, for example, can look at your passport file without permission..." Whaaaa?? Isn't that what just happened to the presidential candidates?

Re:MAC's (1)

Geoffrey.landis (926948) | more than 6 years ago | (#22896454)

From the article, "MAC's exists so that not just anyone, for example, can look at your passport file without permission..." Whaaaa?? Isn't that what just happened to the presidential candidates?

Yes, that's why he picked that particular example.

Great! I liked Solaris. (4, Insightful)

harshmanrob (955287) | more than 6 years ago | (#22896244)

It takes me forever to pull out SELinux when I deploy a new Linux server and now I have to worry about what the hell OpenSolaris is doing instead of running an application or whatever its purpose is supposed to be doing.

Doesn't anyone else see MAJOR privacy and 4th amendment violations when government and business get into bed with each other?!?! I do not want any agency in the US government helping Sun, Microsoft, and or anyone else with "securing" their products. There is only one reason why the NSA is interested in OpenSolaris and it has nothing to do with "securing" it.

Government spooks helped Microsoft build Vista (4, Interesting)

Jeremiah Cornelius (137) | more than 6 years ago | (#22896366)


Helping a Vole out of a hole
By Nick Farrell: Tuesday, 09 January 2007, 2:26 PM

THE USA GOVERNMENT'S cryptologic organisation, the National Security Agency, has admitted that it is behind some of the security changes to Microsoft's operating system Vista.
According to the Washington Post, the agency which was once so secret that it was jokingly referred to as 'No such Agency' has admitted making 'unspecified contributions' to Vista.

Tony Sager, the NSA's chief of vulnerability analysis and operations group, told the Post that it was the agency's intention to help everyone these days.

The NSA used a red and a blue team to pull apart the software. The red team posed as "the determined, technically competent adversary" to disrupt, corrupt or steal information. The Blue team helped Defense Department system administrators with Vista's configuration.

Vole said that it has sought help from the NSA over the last four years. Apparently its skills can be seen in the Windows XP consumer version and the Windows Server 2003 for corporate customers.

The assistance is at the US taxpayers' expense, although the NSA says it all makes perfect sense. Not only is the NSA protecting United States business, its own Defense Department uses VoleWare so it is in the government's interest to make sure it is as secure as possible.

Microsoft is not the only one to tap the spooks. Apple, with its Mac OSX operating system, and Novell with its SUSE Linux also asked the NSA what it thought of their products. The NSA is quite good at finding weapons of mass destruction that are not there.

Re:Government spooks helped Microsoft build Vista (2, Interesting)

failedlogic (627314) | more than 6 years ago | (#22899370)

I guess the most obvious question: If help was provided with XP and Vista in security, why so many security patches?

Re:Government spooks helped Microsoft build Vista (2, Insightful)

Jeremiah Cornelius (137) | more than 6 years ago | (#22900606)

Help with crypto isn't help with system security. ;-) Especially when you are keeping the master-key.

Re:Great! I liked Solaris. (2, Informative)

BlowHole666 (1152399) | more than 6 years ago | (#22896536)

With Linux don't you have the source? So how can your 4th amendment rights and privacy be violated when you can just remove the stuff? Maybe the businesses are trying to make money and the government has deep pockets so they secure their software so the government will spend money on their products. It is just capitalism at work. The world is full of smart people, I am sure the NSA can not slip some nice little "feature" into an operating system and someone will not find it. Maybe just maybe the NSA is trying to make sure their shit is secure...your privacy is just fine. If you do not think so why don't you analyze it and report to slashdot how the NSA has inserted code that violates your rights. We all would love to know.

Re:Great! I liked Solaris. (0, Troll)

harshmanrob (955287) | more than 6 years ago | (#22896638)

Spoken like a true Sheep. It takes teams of people to understand the ins and outs of large sums of source code, especially for Linux and probably more so for Windows. I have hacked the kernel and made changes but I do not understand the entire thing, not one person could build an OS like Linux and deploy it without community support.

Microsoft makes its employees sign NDA's so if extra "features" get added to Windows, no one is going to know about them unless it gets leaked out. The government spooks coding some of Vista likely explains the problems people are having with it.

The last thing that is in the best interests of ANYONE is any agency of the US government making sure any of the OS's being deployed are "secure" for us to use. If they want a secure OS for their needs...fine, then make one or contract to have one made! I have no interest in using it.

The government is like a sexually transmitted disease, easy to catch and hard as hell to get rid of.

Re:Great! I liked Solaris. (4, Insightful)

Falstius (963333) | more than 6 years ago | (#22896912)

Spoken like a true delusional. Look, this is the NSA. They're pretty smart folks, some of my college classmates are probably there now (not that they'd be able to tell me). If they wanted to insert secret code into an OPEN SOURCE project they wouldn't make an announcement of collaboration, they'd create some fake person (or hire some real person) who starts submitting patches.

I suspect what really is going on is that the NSA doesn't trust closed Microsoft code and wants to make sure there are secure open source operating systems they can use (they may get access to the MS codebase, but I doubt they'd be able to set up their own secure repository and verified build).

Remember, sane people mistrust the NSA. Paranoid people work for the NSA.

Re:Great! I liked Solaris. (2, Informative)

Lally Singh (3427) | more than 6 years ago | (#22896964)

One of the NSA's directives is for helping provide security for the rest of the gov, as a bit of an expert group. Securing OSs for gov use falls in that category.

Your NSA friends can probably tell you they're working for the NSA. They just can't say doing what.

Re:Great! I liked Solaris. (0)

Anonymous Coward | more than 6 years ago | (#22901072)

NSA employees are supposed to say they work for the Department of Defense. They are not technically supposed to mention the NSA. But there are obvious exceptions like college recruiters and whatnot. They don't do a good job of hiding it like they used to.

I've even heard bits and pieces of stuff they do from a very high and somewhat abstract level (from recruiters and other campus events). Not as thrilling as you might think from the sound of it. But neither is working for every other tech company; some specific project teams excluded of course. *shrug*

Re:Great! I liked Solaris. (1)

ShieldW0lf (601553) | more than 6 years ago | (#22897264)

Spoken like a true delusional. Look, this is the NSA. They're pretty smart folks

Smart, and RAND Corporation kind of evil. You can't use evil people, keep an eye on them and end up getting good returns. It's a delusion. If you let evil people be involved in your enterprises, they will fuck them up, and you as well. Most people need to learn this the hard way.

Re:Great! I liked Solaris. (1)

chuckymonkey (1059244) | more than 6 years ago | (#22898532)

Government organizations are the sum of its leadership, the people are just people like you and me. Please don't confuse the two, I can tell you from personal experience that the people who work at NSA are not out to get you, there's no pasty little nerd sitting there cackling to himself about going after Mr. Joe nobody.

Re:Great! I liked Solaris. (1)

Perl-Pusher (555592) | more than 6 years ago | (#22898094)

I will submit patches to everything you post. You'll never notice, you don't read what you post do you? If I submit a 'patch' it is seen by a lot of people. But then again we're all out to get you. EVERYONE

Re:Great! I liked Solaris. (5, Insightful)

TrekkieGod (627867) | more than 6 years ago | (#22897210)

Spoken like a true Sheep.

Spoken like a conspiracy theory nut. Distrust of the government is a very good thing. Blindingly thinking the government is out to get you is as stupid as blindingly believing it's out to help you. In this case, SELinux is completely open and out there for you to see.

It takes teams of people to understand the ins and outs of large sums of source code

Do you think teams of people haven't gone through the SELinux code with a fine-tooth comb? Security researchers were all over that, when the code was first given to the community in 2000. It wasn't placed in the mainline kernel until 2003. There has been plenty of time for people to find echelon-type code in there. Not to mention it would be pretty stupid to put that type of code in the open, as it would destroy people's confidence in the NSA and allow people who looked at the code to use these hooks for their own benefits, thus potentially using it against the US Government itself, since several departments including the DoD and the NSA itself use it.

I have hacked the kernel and made changes but I do not understand the entire thing, not one person could build an OS like Linux and deploy it without community support.

No, but I guarantee you that if you submitted your kernel changes to the mainline tree, several people above you looked at those changes and vetted it as worthwhile for inclusion. And you can bet every one of those people don't understand the entire kernel, but sure as hell understood the part of the kernel you were messing with. And they understood what your code was doing. Anyone can make changes to the linux code, but it's not an open source repository that everyone submits to, there are specific processes to get things accepted to the main tree.

The government is like a sexually transmitted disease, easy to catch and hard as hell to get rid of.

The solution to sexually transmitted diseases is to be vigilant and careful, not to stop having sex. If all humans become so afraid of sexually transmitted diseases that they quit having children humanity would be gone. Similar fate would befall you in total anarchism. Be wary of your government, and require it to be open. Please don't bitch about the good and open things the government has done, we need to encourage more of that.

Re:Great! I liked Solaris. (0, Troll)

harshmanrob (955287) | more than 6 years ago | (#22897552)

You are right...distrust of the government is a good thing and I never said the government was out to get me. I said I did not trust SELinux and have a less of a good feeling now the NSA is meddling with OpenSolaris. So how does that make me a conspiracy nut? And why are you so happy with SELinux?

If you want to me respect your opinions instead of me thinking you are some neocon jackass on some government payroll, why not instead of calling me names, perhaps share your SELinux knowledge? Why is it good? Does it benefit your organization? What kind of experience do you have with it. Doc Ruby had some very good intelligent points I counter and I enjoy that kind of debate.

You on the other hand are a fucktard, and is everyone else who pulled the "conspiracy theory" shit on me as a response. I noticed I got a score of "5". I guess the moderators thought I had something worth saying. HMMMM....

Since when does ANYONE trust the government, especially as of late. Anyone who has been here for any length of time knows the kind of comments I post and I typically do not post unless I have something constructive to bring to the forum.

Re:Great! I liked Solaris. (0)

Anonymous Coward | more than 6 years ago | (#22899686)

f you want to me respect your opinions instead of me thinking you are some neocon jackass on some government payroll, why not instead of calling me names,

People might do that if you were ready to do the same. You called a poster a sheep, and the parent replied by calling you a conspiracy nut. If you want respect, try earning it.

Re:Great! I liked Solaris. (1)

harshmanrob (955287) | more than 6 years ago | (#22912080)

I am not here to earn respect from anybody. Especially when there nothing but trolls, SEO contractors, and political organizations moderating this so called forum. I do not need their respect. I am likely one of the few people here NOT being paid to make comments. Can anyone else say the same? Like damn fucking few,

Piss on everyone else. Moderated my comments and get on with your life. Just because you dislike what I say does not mean I care.

Re:Great! I liked Solaris. (1)

harshmanrob (955287) | more than 6 years ago | (#22897894)

OH! Almost forgot! Do you know what the number one call is to Red Hat Support?

...DISABLING SELinux.

Re:Great! I liked Solaris. (1)

Crag (18776) | more than 6 years ago | (#22898996)

"Similar fate would befall you in total anarchism."

Total anarchism does not mean lack of order, it means lack of hierarchy. Anarchism is not the same as chaos. You can have laws in an anarchy, you just don't give anyone a monopoly on creating or enforcing them. It's not necessarily a free-for-all. It's not Mad Max Beyond Thunderdome. Certainly those worlds are included in the set of all possible anarchistic societies, but they are not the only worlds, they are not innevitable, and few serious anarchists are trying to bring that about.

For more information see http://www.geocities.com/CapitolHill/1931/ [geocities.com] .

Re:Great! I liked Solaris. (1)

Anarke_Incarnate (733529) | more than 6 years ago | (#22899588)

You are half right. Anarchy is not chaos. It is the lack of "unnatural laws." Unnatural laws are the ones that create an uneven benefit to one group or person. A natural law would be the freedom from harm for not interfering with anybody. An unnatural law would be forcing somebody to pay for a service they neither use nor require, aside from your forcing them to do so.

bah!!! (1)

l2b (40934) | more than 6 years ago | (#22900600)

the silly notion that human-reviewed code is somehow safe is a childish fairytale. i don't care how many of you repeat this old wife's tale - it's trivial to prove wrong...

if this were true, we would never ever see a software crash. all it would take is a careful human 'review'.

the dustbin of software system history is quite replete with 'code-reviewed' systems.

the same religious belief drives those who think that they are the only keepers of back doors and that these are so well hidden as to never be discovered by others.

lessee - how many bugs are there in these 'vetted' kernels?

Re: Solution to STDs (1)

some guy I know (229718) | more than 6 years ago | (#22902084)

The solution to sexually transmitted diseases is to be vigilant and careful, not to stop having sex."
Damn, you mean I've been doing it wrong all this time?

Spoken like a true paranoid (2, Insightful)

LWATCDR (28044) | more than 6 years ago | (#22897428)

1. The NSA wouldn't announce that they are trying to make Linux more secure and then slip in back doors. Heck they submit there patches for all the world to see. If they tried it the finger would point right back at them. And don't you think that everybody and their dog will look at the NSA patches just to check them for such a stupid move?
2. If the NSA wanted to pull something like that they would simply create a person and start adding code that ISN"T under their name!

Hate to tell you but this Internet thingy you are using was created in large part by the government spooks that you fear so much.

Re:Spoken like a true paranoid (0)

Anonymous Coward | more than 6 years ago | (#22902154)

they submit there patches

"their".

code that ISN"T under their name

"ISN'T" (apostrophe), but better would be "isn't" (typed as "<i>isn't</i>").

Re:Great! I liked Solaris. (0)

Anonymous Coward | more than 6 years ago | (#22896688)

Shhh... they're monitoring this...

Geeze - that's the point of OpenSolaris - open source code for us to look at... oh that's right you don't look at/understand the code. Whaaa... Microsoft keeps their code closed source... whaaa... doesn't matter when nobody looks into the source of the open source stuff does it?

Are you sure the tin foil hat you're wearing isn't just a tuned cavity that they designed so that they can monitor your thoughts?

I Liked Computers (1)

Doc Ruby (173196) | more than 6 years ago | (#22896860)

Doesn't anyone else see MAJOR privacy and 4th amendment violations when government and business get into bed with each other?!?! I do not want any agency in the US government helping Sun, Microsoft, and or anyone else with "securing" their products.


Not necessarily. Without government and business "in bed with each other" - even ignoring the basic impossibility of avoiding that in the real world, unless the government has its entire separate economy, industrial base, telecom system... which sounds much scarier than current reality - there would be no Internet, no computers. The government was the customer that paid businesses to invent, produce and operate those essential innovations at every step. If the government somehow did have its own parallel universe in which only government was making those things for government use, they'd never have been available to the general public, except perhaps as some purely socialized system, like borrowing "the official standard model" from a local public library or something. Which would never work, and we'd still be back in the 1960s now, telecom wise. Like the Soviet Union was.

There is only one reason why the NSA is interested in OpenSolaris and it has nothing to do with "securing" it.


No, actually, the NSA has more jobs and interests than just the illegal spying they also do (and which should be stopped). It's always good to be paranoid about the government - it's the most American impulse of all - but that doesn't mean we should stop our NSA from improving security whenever it can - which is all that it's supposed to do. Projects like OpenSolaris are open, so the entire public can look at what the NSA has brought to it before deciding to use it. And that includes foreign governments and others with conflicting interests with the NSA, so "official cooperation" doesn't have to keep silent actual security criticisms from other parties not "in bed" with the NSA.

In fact, the NSA spends a lot of our money (and time of the limited amount we can direct our government to spend) securing telecom often operated on less secure systems. So the NSA improving OpenSolaris means the NSA has less work in reacting to telecom crises, because it has helped prevent them. And of course putting the science and engineering that the public pays the NSA to produce into a produce anyone can use means the public is getting more (and more immediate) ROI from what we're spending on the NSA.

And then there's the advantage of getting the NSA invested in openness. After the last decade or so of extreme and always increasing secrecy in the Federal government, especially surrounding NSA "projects", getting the NSA to work more in public, more with the public, is an important organizational reform. Which will also be part of the long road repairing our ruined relationship with foreign intel services we need as allies. All of which can use a common platform that keeps the minimum secrecy for both good engineering and more trustworthy human relationships.

So it's good to see the NSA going for OpenSolaris. It doesn't hurt to be paranoid, but you have to be realistic about what is actually going to be produced, and its actual costs, risks and benefits - compared to the real alternatives. That's security in a nutshell.

Re:I Liked Computers (1)

harshmanrob (955287) | more than 6 years ago | (#22897314)

Doc Ruby...I can totally understand what you are saying and where you are coming from. However, as a person who works in IT Security I can tell you the paranoid attitude is a hard thing to shake, and is a valuable asset. I serve myself and I trust no one unless I am SURE they can be trusted. US government need not apply.

That is the reason I stopped going to Infragard meetings. Those just oozed mistrust. Oh, the FBI will be more than happy to listen to everything you have to say, but tell never return the favor. The FBI has created a intelligence gathering forum that people just come too and start jabbing away thinking it is benefiting their companies. The only thing Infragard does is get me out of doing real work for a few hours out of my day. It was never beneficial and the awkward when talking to any of the agents there. It kinda feels like they are interrogating you. For those who have been or go to Infragard, you know what I am talking about.

Now back to the NSA. Very few people have ANY contact with them and the persons assisting in support of Linux should be concerned about that. I know am. That is why I have established an removal of SELinux procedure for my company before Linux systems go into production.

As for the NSA meddling with OpenSolaris is a good thing? I must disagree. It will be more work on my part as a result and must work more with the Sun Engineers on what the hell those NSA bastards are doing. I am sure a number of them are very unhappy (and I KNOW this for sure since SELinux is a cancer they have dealt with themselves) on what will become of OpenSolaris from here on out...and if it can be trusted.

Re:I Liked Computers (2, Insightful)

Doc Ruby (173196) | more than 6 years ago | (#22898052)

Well, like I said, I encourage the paranoia. But it must be tested by realism.

I would wait before introducing any OS into a secure critical path until after it has had the maximum review I can afford to wait for. Thre's no reason to believe that the NSA or other spooks haven't had their sticky fingers all over the insides of any popular OS, especially a closed one in so many sensitive operations like Solaris has been for so many years. Microsoft goes without saying, but there's no reason that say NetBSD contributors couldn't have been "agents" (witting or otherwise) of NSA or other spook tricks to insert code in that OS that often runs inside secured perimeters. So since the source for OpenSolaris is open for review, that seems like the most securable approach. Public announcements of the NSA participation will even encourage new scrutiny by others who compete directly with the NSA and its "customers", so I'd expect if, for example, the German government and HSBC uses the product that it is trustworthy.

So I'm not advocating an immediate adoption of the "NSA OpenSolaris". I'd say it's worth waiting maybe 6-8 months after release to analyze (and participate in) the open security analysis of the result. But even that is overestimating the safety of the position from which one is moving, because the NSA (and other untrustworthy actors) has had plenty of time to taint previous versions, just without admitting it. And this is true of any OS. If we want to use an OS in the world where NSA and others can manipulate with giant, secret budgets, teams of extremely smart and even evil people, and immunity from any law, we want their operations to go on as much as possible in the clear public view.

If we were talking about closed source, or binaries only, or some code so complex and hard that there aren't any qualified analysts for it outside the NSA, then we could have more grounds for worry. But since the code is open, and is under review by competing interests, it seems likely to produce an OS that's both secure and trustworthy. And it also invests the NSA in doing things in the open, which is the way to keep us all the most secure in every way. My paranoia makes me fear the alternatives more.

Re:Great! I liked Solaris. (1)

gentooligan (936853) | more than 6 years ago | (#22897062)

It takes me forever to pull out SELinux when I deploy a new Linux server
why pull selinux out? isn't disabling it good enough? setting SELINUX=disabled in /etc/selinux/config would do that.

Re:Great! I liked Solaris. (1)

cbart387 (1192883) | more than 6 years ago | (#22898186)

That's what I have done on my Fedora 8 machine. It's actually kind of nice. SELinux will let you know when you've done a system change but without stopping you. That way you know if something has changed (that you yourself didn't do). I guess I'm not geek enough to trail through the log files ;)

Sidenote: why doesn't slashdot allow underlines? I wanted them instead of bold!

Re:Great! I liked Solaris. (1, Interesting)

Anonymous Coward | more than 6 years ago | (#22898464)

I don't know if it's Slashdot's reason, but here's my reason: underlined text isn't a typeface. Underlining is a historical artifact of the days when manuscripts were typed or handwritten before being sent off to be typeset. Typesetters traditionally had two faces at a given size: a standard one and one with emphasis (for naming titles of books and so on). The emphasis face was typically italic or bold, and the way the author of the manuscript indicated he wanted said face was by manually underlining the appropriate text with a pen. Underlined text never appeared in the final product.

http://en.wikipedia.org/wiki/Underline [wikipedia.org]

Re:Great! I liked Solaris. (0)

Anonymous Coward | more than 6 years ago | (#22903198)

... and still my professor insists that all titles be underlined. Ugh.

Re:Great! I liked Solaris. (1)

init100 (915886) | more than 6 years ago | (#22900254)

It's actually kind of nice. SELinux will let you know when you've done a system change but without stopping you. That way you know if something has changed (that you yourself didn't do).

But not when SELinux is disabled, right? When running in permissive mode, it logs all would-be denials, but does not enforce them. When disabled, SELinux doesn't do anything at all.

Re:Great! I liked Solaris. (1)

cbart387 (1192883) | more than 6 years ago | (#22900288)

Oh, my bad. I run it in permissive mode. You're correct.

Re:Great! I liked Solaris. (1)

Deanalator (806515) | more than 6 years ago | (#22897378)

On the contrary, this is exactly what I believe the "National Security Agency" should be doing. They should be using their vast economic and intellectual resources to help the people. Currently my tax dollars pay for a huge amount of internal research, just so they can use the knowledge against perceived enemies should the need arise.

The resources that they spend on static analysis and cryptanalysis should be put to work making the nation more secure. By locking up information, they are making everyone less secure. I am sure they will realize this in time, but I hope it is sooner rather than later.

Don't be so paranoid (0)

Anonymous Coward | more than 6 years ago | (#22897406)

The NSA's primary objective is to keep America safe from foreign spying and other signals manipulation. In the post-cold-war era, that means protection from corporate espionage, and part of that means giving businesses and individuals the tools to protect themselves, via strong encryption, SELinux, and other computational contributions. Don't tell me you pull out anything AES-based from your servers, too.

This isn't about spying on you, it's about preventing Airbus (or the French government on its behalf) from spying on Boeing, for example.

Re:Great! I liked Solaris. (1)

bujon (1157453) | more than 6 years ago | (#22897460)

they could infiltrate any open source project, and submit their backdoor-code. if discovered, it would look like some unintentional coding mistake... (and I think they are already doing it) no need for official partnerships of this kind to dothe dirty job...

Re:Great! I liked Solaris. (1)

CajunArson (465943) | more than 6 years ago | (#22897984)


The 4th amendment:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Please tell me how NSA code contributions to a project involve any form of "searches and seizures", much less "unreasonable" ones. Or alternatively, show me how this is a warrant issuing without probable cause.... I'm not holding my breath waiting for anything approaching an intelligent answer.

Re:Great! I liked Solaris. (1)

aztektum (170569) | more than 6 years ago | (#22898234)

[quote]It takes me forever to pull out SELinux when I deploy a new Linux server[/quote]

Why not use a distro that doesn't use it by default? Or do all distros use it by default? Serious question.

forever to pull out SELinux (0)

Anonymous Coward | more than 6 years ago | (#22906862)

setenforce 0 and a reboot. How the hell long did that take?

We need Radical Transparency now (0)

Anonymous Coward | more than 6 years ago | (#22896340)

Please learn about and help support efforts for Radical Transparency!
http://en.wikipedia.org/wiki/Radical_transparency [wikipedia.org]

E-democracy is a good start:
http://en.wikipedia.org/wiki/E-democracy [wikipedia.org]

Though the Metagovernment is probably the best solution possible:
http://www.metagovernment.org/ [metagovernment.org]

Then there would be no NSA: who needs national security when there are no nations?

Re:We need Radical Transparency now (0)

Anonymous Coward | more than 6 years ago | (#22899490)

Dont be rediculous. The government will take care us us. Just trust them to do their jobs.

SEOpenSolaris (3, Interesting)

krlynch (158571) | more than 6 years ago | (#22896370)

If you read between the lines, and know anything about SELinux (also orginating inside the NSA), you come away with the impression that this is SELinux ported to OpenSolaris. Since the code will be as open as the rest of the OpenSolaris code, it doesn't sound like that big a deal to me ...

Re:SEOpenSolaris (-1, Flamebait)

Jeremiah Cornelius (137) | more than 6 years ago | (#22896394)

The mission and methods of the NSA are contemptible.

Turn your back to the Sekrit Poleese.

Re:SEOpenSolaris (2, Insightful)

AlanWay (470656) | more than 6 years ago | (#22898640)

How is:

"The ability to understand the secret communications of our foreign adversaries while protecting our own communications..." http://www.nsa.gov/about/about00003.cfm [nsa.gov]

contemptible?

From what I can see from Executive Order 12333 http://www.archives.gov/federal-register/codification/executive-order/12333.html [archives.gov] the NSA is charged with Foreign Intelligence gathering and Information Assurance. The second one is at discussion here. I'm sure they, like every other Govt department, use off-the-shelf software where possible to cut down cost (another goal of all Govt departments). Making that software secure protects your Government AND your people.

Admittedly they may have overstepped the letter of the law (which can be quite grey at times) on a few occasions, but I do believe that, in general, agencies of Democratic governments aren't inherently evil, or made up of evil people. They're just normal people trying to do a job and really are trying to do the best for the people they serve.

Having said that, as others have commented, the price of freedom is eternal vigilance. Trust your Government, they probably really are trying to do their best for you, but DO keep an eye on them!

Those of you who are paranoid, we know who you are...

Re:SEOpenSolaris (1, Insightful)

zappepcs (820751) | more than 6 years ago | (#22896650)

Perhaps you will be sleeping well this weekend. I will not. Now I'm going to be looking for any group anywhere on the Internet that is monitoring the source for SELinux and OpenSolaris for oddities that might just be a backdoor for the NSA.

Have you EVER seen a leopard change its spots? ... hmmm... didn't think so. Perhaps that is why the saying came to be. The NSA is the NSA, and they won't be changing their spots. IF, and I really mean IF they had valuable contributions to commercial software or F/OSS regarding security of the system for personal or commercial use, they would be using their OWN FUCKING OS software. Did I say that loudly enough that it's still rattling around in your head? IF they knew how to make OS software safe, they would be using it, not someone else's software. UHHH, why put security enhancements in everyone else's software instead of just making the US government safe?

What they are saying goes contrary to security practices, I don't care how they say it. If you have a secret weapon, you keep it secret. Special security would be a secret. Left hand says we are helping US businesses, right hand says we are helping ourselves to the rest of the world's businesses. It's only a few words different, but a world of difference.

This very reason is why MS should be losing out all over the world to F/OSS. Any country can set up their own development company and take GNU/Linux and make it their own. There will be no back doors, no NSA visits, no sharing among friends without some sort of fair arrangements. If the co-operative efforts are for open software, where is the list of what changes were suggested?

The compiler should be watched too.... sigh

Don't trust someone that doesn't trust you as much as they want your trust. "Trading sight unseen" with the NSA is just about as risky as it gets, unless you are a Tibetan pleading with the Chinese government... that's not saying much really.

oh yeah, no car analogy but "letting the fox guard the hen house" seems to fit here

Re:SEOpenSolaris (4, Informative)

dr2chase (653338) | more than 6 years ago | (#22897248)

[disclaimer - I work for Sun, and I KNOW that some of my friends have worked for the NSA, and I KNOW that I have relatives with security clearances. Who knows what's going on that I don't know.] As has been pointed out elsewhere, if the NSA wanted to insert backdoors in software, it is not likely that they would announce it loudly. Ditto for anyone other country's version of the NSA. There is a legitimate national security reason that the NSA would be interested in plugging holes in software that is widely-used within the US -- as bad as worms/spam etc might be, imagine how it would turn out if a nation decided to launch some sort of a cyber attack, concurrent with who knows what other action. That's bad news that we just don't need to hear. As far as the compiler goes, ab-so-lutely, be wary.

Re:SEOpenSolaris (1)

zappepcs (820751) | more than 6 years ago | (#22897604)

I can imagine cyber attacks that people don't want to hear. Some of them may already be in the wild and still dormant. While a DDoS is underway, company A is not likely to notice the discreet insertion of a specialized virus whose damage will not be apparent until it is needed. For all we know, Facebook may be a virus. While you might argue, also take the devil's side and tell me why that would not work? The ability to spread viruses is merely a test, not just for those that would spread specialized malicious attacks, but for those that are looking to use it for espionage, and nefarious things you would not think about. Collecting data on various items of interest is a long term thing, and goes handily unnoticed if needed. Say, what is the best time of year to attack the power grid in Boston? hmmm surf the net for answers or just set a bug out to find out. If it is innocent enough looking and has some useful function it can set there on the machine forever until called in to use.

The same can be true of compilers, OS software, MP3 player software.... anything. Who else by the NSA et al would be able to go all the way through with a plan to put monitoring software in an MP3 player? That downloads to your machine as music management software?

The complexities of computer software mean that no one is really watching EVERYTHING and there are holes that are big enough to drive an army through if you are patient and willing to wait for infiltration. The human factor means that any system can be compromised with enough time and effort. Some systems are worth the effort if you want to grind a country to a stand still.

Imagine that you manage after some years to get a bug on the control system of network routing for telephone systems. Then, a small wreck or bomb puts that system into play... bang, you have control of it now. That is just one scenario, there are more. None of them will make you sleepy.

The fact that humans are generally honest and fair helps us way more than we know

Re:SEOpenSolaris (1)

whereiswaldo (459052) | more than 6 years ago | (#22903856)

As far as the compiler goes, ab-so-lutely, be wary.

Let's not forget the CPU itself. It's interesting that Sun has put a couple of their chips under a community source license. I'd guess that it would be very difficult to verify whether a chip was fabricated based on a certain set of microcode, unaltered.

I don't know one way or another whether the NSA has other motivations. I do believe that if they wanted to insert a back door in open source products they would be forced to go to great lengths to do so given the scrutiny which security related code is subject to. Proprietary code should be easier to have altered with the centralized, non-forking code base, a single entity to pay off or threaten, non-public business dealings by nature.

Re:SEOpenSolaris (1)

dr2chase (653338) | more than 6 years ago | (#22904024)

I don't mean to be too contrary, but how-do-you-know that the proprietary code should be easier to have altered? The possibility that many eyes could look at open source code (carefully, not casually) does not mean that it happens. Proprietary code also goes past many eyes, and employees come and go, and they poke around code that isn't "theirs" (at least, I do, when I have the chance). If people just assume that the open source stuff is ok because people could be looking at it, well, we all know about ass-u-me.

Someone injecting code into any piece of software would need to be very careful to ensure that (1) it doesn't cause any anomalies in code coverage (because then someone would look at it, carefully) and (2) it is not located near any code implicated or suspected of causing any bug (because then someone would look at it, carefully). They also need to ensure that it won't raise a red flag in some future proof-checking or anomaly-detecting tool. It's a little hard to ensure control of not only the someone who wrote it, but also the someones who do code coverage and bug fixing. More someones = greater risk of disclosure.

I won't say "it doesn't happen" -- an intentionally weak cryptosystem is one obvious possibility -- but it's a little interesting that nothing's turned up anywhere that we know of. All that said, open source does provide a lot more confidence that if you were that paranoid, you could do something about it.

Verifying hardware, that's a problem. Sun open-sourced their test vectors (right? I work for them, but I'm not king), which would impose many more constraints on any hack.

Re:SEOpenSolaris (1)

whereiswaldo (459052) | more than 6 years ago | (#22905480)

I don't mean to be too contrary, but how-do-you-know that the proprietary code should be easier to have altered?

For a few reasons, but here is the main one:

A company could be "bullied" by the government to make certain changes to their code, such as adding a back door. An individual could be bullied as well. But with open source code you can't do that because there is no single owner to bully and there could be people all over the globe willing to run the project from their country, safe from some other government's demands.

The possibility that many eyes could look at open source code (carefully, not casually) does not mean that it happens.

In general, that's true. If we narrow this down to specific projects like Linux, OpenBSD, and OpenSSH, we can say that yes, these projects do receive a lot of very critical inspection. You can find relevant details on the latter two project's websites quite easily.

Someone injecting code into any piece of software would need to be very careful to ensure that...

Good list.

I won't say "it doesn't happen" -- an intentionally weak cryptosystem is one obvious possibility -- but it's a little interesting that nothing's turned up anywhere that we know of.

I'm sure there is a long list of people to thank for that.
Speaking of which, I think I'll start here:
  http://www.openssh.org/donations.html [openssh.org]

Cheers

Re:SEOpenSolaris (1)

init100 (915886) | more than 6 years ago | (#22900400)

Now I'm going to be looking for any group anywhere on the Internet that is monitoring the source for SELinux and OpenSolaris for oddities that might just be a backdoor for the NSA.

SELinux has been out for around eight years, six years in the official Linux kernel. You'd think that they would have found any back-doors by now, if there would really be any.

backdoor (1)

bugs2squash (1132591) | more than 6 years ago | (#22896492)

I wonder if they'll actually use the word "backdoor" in the comments to the code they contribute, or is there a more fashionable word nowadays ?

Re:backdoor (1)

ScrewMaster (602015) | more than 6 years ago | (#22896826)

I think they're calling them "bungholes" nowadays.

Trusted GNU/Solaris? (1)

Doc Ruby (173196) | more than 6 years ago | (#22896622)

Whatever happened to the project embedding a Solaris kernel inside a Debian/GNU OS? Would the current version of that OS work properly with this FMAC and the TrustedExtensions to run "Linux" apps on a much more secure OS?

Back doors? in Open Source? YGTB Kidding. (4, Insightful)

CodeShark (17400) | more than 6 years ago | (#22896904)

Contrary to some of the more paranoid types around here, I think this is a great announcement. As I was reading regarding prior NSA work with Sun on security implementations, what I am seeing is an opportunity-- like Sun does -- to leverage the requirements of a hyper-security aware entity [ the NSA ] into open source systems [Open Solaris] but once opened sourced, those same techniques can be applied to harden just about any operating system.


On the NSA side, having many eyes analyzing their code has both risks -- if holes are found in their security model or implementations, potentially these could be exploited by the blackhat types and benefits -- more weaknesses discovered faster and holes plugged so that the blackhat types get closed out of NSA type stuff faster than they can do it with closed implementations.

But neither of these scenarios will let NSA somehow increase their "big brother reach" because with many eyes comes near perfect scrutiny that would quickly out any code back-doors, etc. that would be usable by the white hats or the black hats.

On the whole I find this to be a cool/worthwhile endeavor on Sun's part and look forward to it's efforts being leveraged into all of the Open Source stuff that can use it.

Re:Back doors? in Open Source? YGTB Kidding. (1)

ScrewMaster (602015) | more than 6 years ago | (#22896992)

You can imagine the hue-and-cry that would result if an NSA-originated back door (or other deliberate remote exploit) was found. In a product like Windows, I suppose they could get away with it (probably already have) but an open-source product is a different matter. No plausible deniability.

I imagine the Chinese will be looking upon this effort with some interest.

Re:Back doors? in Open Source? YGTB Kidding. (1)

markjhood2003 (779923) | more than 6 years ago | (#22898436)

With the NSA involved, I wouldn't even trust the source code. It has to be compiled, and who knows what backdoors they've put into the compiler executable itself. You can't even trust the source code for the compiler if the binary you're compiling the compiler with is bugged. Has anyone built a working version of OpenSolaris with a gcc they've bootstrapped themselves?

Re:Back doors? in Open Source? YGTB Kidding. (1)

CodeShark (17400) | more than 6 years ago | (#22920450)

Good questions, but I still dispute the trust issue. No one in their right mind would attempt to compile an "open source" operating system with a proprietary or closed source provided compiler. The whole goal of the projects is to allow software to be created that meets or exceeds the NSA standards so that they don't have to do it themselves, so why would they then sabotage the process by trying to cheat and get backdoors into the very code they are trying to harden. AKA backdoors weaken security, not enhance it, and any back door they left would inevitably and eventually be discovered and therefore become usable to the black hat types.

the better for linux (2)

recharged95 (782975) | more than 6 years ago | (#22896908)

You take an extremely robust, complex OS and pair it up with a complex, robust/political organization will equate to .... a mess.

All this collaboration will do is create 5% really good gems, and 95% throw away code--and it will take 4yrs to see any result knowing how fast both organization move.

I like openSolaris, but I unless Nexenta gets it butt in gear, Linux will win hands down on the usability front.

Re:the better for linux (1)

init100 (915886) | more than 6 years ago | (#22900346)

I think that you may have missed SELinux, which the NSA contributed in the year 2000 (accepted into the mainline kernel in 2002).

Open Door for Spooks (1)

Doc Ruby (173196) | more than 6 years ago | (#22896922)

Schwartz: Historically, this type of collaboration used to involve reams and reams of legal documents describing all kinds of confidentiality restrictions, intellectual property exchanges, or cumbersome institutional processes. But it got really simple when we embraced the open source community - now our most fruitful collaborations boil down to this: "come join the community." And that's exactly what we're announcing with the National Security Agency, they've joined the OpenSolaris community.

[...]

Vass: If others want to collaborate, just create an account on opensolaris.org and join in.

S: If someone wants to get a hold of your team to talk about FMAC in the open source community, what should they do?
V: Just send me an email, bill.vass@sun.com.


Somehow, I don't think this NSA collaboration with Sun on Solaris' essential embedded security tech consisted of just registering a username/password at Sun.com and sending Bill Vass an email.

This is important in the Federal Government space (1)

bchernicoff (788760) | more than 6 years ago | (#22897046)

Sun sells a lot of equipment to the US government. Anyone who has dealt with adding a new system to a classified network understands the amount of extensive documentation and accreditation that is required before IATO. Hopefully, NSA's contributions to improving Solaris security will pay dividends in reducing this.

Tired Meme ... (1)

daveime (1253762) | more than 6 years ago | (#22897410)

All your (data)base belong to us

tattle-tale (1)

abes (82351) | more than 6 years ago | (#22897676)

This has strong implications on physics. Suppose time does tell, then the NSA decides to 'disappear' time. What then? Huh?

Not the obvious (1)

lawn.ninja (1125909) | more than 6 years ago | (#22897678)

Since veryone has them tin foil hats on... I think it isn't to modify the OS to monitor people, it is to infiltrate the open source community. Remember that they see the internet as a threat and a place for extended warfare. If that is truely the case you need only to have read the art of war to understand what they are trying to do and how they are trying to position themselves.

Trusted Solaris (0)

Anonymous Coward | more than 6 years ago | (#22898340)

A MAC implementation in OpenSolaris would be great, but doesn't Sun already have Trusted Solaris, which the NSA has been using for years?

OpenBSD? (0)

Anonymous Coward | more than 6 years ago | (#22898522)

sun will do everything to "buy" big names line nsa. if nsa is really serious about security, they should partner with the openbsd team and not sun. security through src code review is _real_ security and not creating a complex beast like selinux. complexity is an enemy of security. nothing good will come out of this partnership. solaris is the biggest piece of poo and there are better OSs out there. if nsa is seriously serious about security, they should partner with the openbsd team and not sun who's real intention is to make money by exploiting terms like "open source" and "free software"

FAIlLZORS? (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#22900320)

This isn't news... (2, Informative)

giminy (94188) | more than 6 years ago | (#22901688)

This isn't news. .GOV helped Sun build Trusted Solaris back in the day (they also helped Hewlett-Packard develop Trusted HP/UX). The government isn't doing this stuff to be evil, and I know my saying, "Don't be paranoid," won't make anyone any less paranoid -- but really the government needs certain security features to solve its problems (such as Cross-Domain information sharing), and the commercial industry simply doesn't need that stuff. Or, at least, it doesn't think it needs it. The only way for the government to get the OS features it needs is to work with a company directly to do it, or use an open source alternative.

Originally, .GOV decided to work with companies. Like I said, Trusted Solaris, Trusted HP/UX, and some others that I can't think of, were created. Along came Stephen Smalley and his FLASK security architecture. Linux was the first and easiest place to implement it, and the NSA spearheaded the project. You can imagine that Sun (the only vendor of an OS that supported multi-level data just a few years ago) wasn't all that happy -- .GOV pretty much promised Sun, "If you build and maintain your trusted OS, we'll keep buying licenses and hardware."

Now that isn't so. It seems only fair to help Sun and the Solaris community in the same way that the government has helped RedHat and the Linux community: provide some resources and some know-how to make the OS do what the government wants, so as to not hand RedHat a huge government-assist...the government basically wants competition here. As a taxpayer, I can't say that I'm complaining...

Reid

Gimme a break. (1)

Cr0vv (1223332) | more than 6 years ago | (#22903392)

Quote: "Sun and the NSA are claiming that this move is more about the NSA joining the OpenSolaris community than anything else..." Gimme a big break on that. NSA is afraid of Linux and wants to get away from Microsoft's vulnerability. Thinking they have security through obscurity. Not gonna happen. Besides, why would anyone expect the truth about what they are doing from the National Security Agency? Christ. Cr0vv.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>