On the other Foot:
Microsoft Opens Source to China

Reader NZheretic points out that less than a year ago, Jim Allchin swore under oath that disclosing the Windows operating system source code could damage national security.

Transcript of Internet Caucus Panel Discussion
Re: Administration's new encryption policy. Date: September 28, 1999.
Weldon statement.

Rep. Curt Weldon : Thank you. Let me see if I can liven things up here in the last couple of minutes of the luncheon. First of all, I apologize for being late. And I thank Bob and the members of the caucus for inviting me here.
...
But the point is that when John Hamre briefed me, and gave me the three key points of this change, there are a lot of unanswered questions. He assured me that in discussions that he had had with people like Bill Gates and Gerstner from IBM that there would be, kind of a, I don't know whether it's a, unstated ability to get access to systems if we needed it., Now, I want to know if that is part of the policy, or is that just something that we are being assured of, that needs to be spoke. Because, if there is some kind of a tacit understanding, I would like to know what it is.
Because that is going to be subjected to future administrations, if it is not written down in a clear policy way. I want to know more about this end use certificate. In fact, sitting on the Cox Committee as I did, I saw the fallacy of our end use certificate that we were supposedly getting for HPCs going into China, which didn't work. So, I would like to know what the policies are. So, I guess what I would say is, I am happy that there seems to be a coming together. In fact, when I first got involved with NSA and DOD and CIS, and why can't you sit down with industry, and work this out. In fact, I called Gerstner, and I said, can't you IBM people, and can't you software people get together and find the middle ground, instead of us having to do legislation.

.

Compared with all the AI slop that is being trust upon us, It all looks so dated.

Kessler syndrome

Genesis - Jesus He Knows Me (Official Music Video)

Not to be confused with Ghost's cover

I'm sorry but every fiction franchise that has been gobbled by the Disney corporation has become so utterly repeatedly overdone to the point of just becoming boring to endure.
I haven't seen a Marvel/DC/Star Wars movie in a cinema for over seven years & have utterly regretted the utter waste of time watching the few I have seen on streaming services.
Give us newly authored fiction & characters, not rehashed tropes from decades ago.

Crypto-Gram January 15, 2002 by Bruce Schneier

Honestly, security experts don't pick on Microsoft because we have some fundamental dislike for the company. Indeed, Microsoft's poor products are one of the reasons we're in business. We pick on them because they've done more to harm Internet security than anyone else, because they repeatedly lie to the public about their products' security, and because they do everything they can to convince people that the problems lie anywhere but inside Microsoft. Microsoft treats security vulnerabilities as public relations problems. Until that changes, expect more of this kind of nonsense from Microsoft and its products. (Note to Gartner: The vulnerabilities will come, a couple of them a week, for years and years ... until people stop looking for them. Waiting six months isn't going to make this OS safer.)

"unstated ability to get access to systems"

First posted to Jeff Geerling Dear Red Hat: Are you dumb?

Given the effect the decision by IBM to cut access to the source has on the market, which effectively considers RH clones as public infrastructure, why hasn't the USA Federal Trade Commission stepped in, especially given the lock in through the OEM agreements with Microsoft & RH?

For example as with the Telecom industry attempt to move away from the Network Neutrality model in 2006.
https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fitheresies.blogspot.com%2F2006_07_01_archive.html
https://ancillary-proxy.atarimworker.io?url=https%3A%2F%2Fwww.ftc.gov%2Fnews-events%2Fnews%2Fpress-releases%2F2006%2F08%2Fftc-chairman-addresses-issue-net-neutrality

When you consider how many business, organisations, governmental services & just people use services hosted on CENTOS clones.

The main problem is that OEMs test & even validate server/workstation/desktop/laptop hardware for both Microsoft & RedHat OSs on the OEM provided hardware, under agreements which MAY have caveats that effect competition.

Currently you can get around this by when you purchase, lease or collocate OEM hardware originally purchased with the NO-Operating-System option or more likely second hand, but if the hardware has been tested with Red Hat Enterprise Linux it should work as expected under CENTOS clones.

It opens the market to other providers as does Telecom Network Neutrality. IBM's decision to limit source access under any licence limiting redistribution significantly changes the market and should be investigated by the FTC and other competition monitoring agencies in the EU & worldwide.

From 2004 Twelve Step TrustABLE IT : VLSBs in VDNZs From TBAs

[12] Governments, organisations and individuals are becoming increasingly concerned about software compatibility, conflicts and the possible existence of spyware in the software applications they use. If you have access to the source code, then you can check it and compile it for yourself. This is not an option for closed source proprietary applications, and not everyone has the resources to check each line of source code. One solution for these issues is to employ a trusted third party, separate from the application developer, who is tasked with maintaining a trusted build environment, to build the binaries from source code. The Trusted Build Agent (TBA) would hold the source to each build in escrow, releasing the source code for only open source licensed code. Competing businesses providing a TBA service in a free market would compete with each other in not only price and level of certification, but also on the ability to detect hostile, vulnerable, incompatible or just plain buggy source code. You could request a trusted build from multiple TBAs test the ability to detect defects. Defects would be reported back to the application developers, along with any patches and suggestions that provide a fix. To a lesser extent, most Linux distributions and other operating system vendors that build and redistribute open source licensed code already provide this role.

Our Data:an appeal - a "Plimsoll line" for apps

In a recent speech "Fixing Network Security by Hacking the Business Climate", also now on Technetcast, Bruce Schneier claimed that for change to occur the software industry must become libel for damages from "unsecure" software. However, historically this has not always been the case, since most businesses can insure against damages and pass the cost along to the consumer.

The Ford Pinto and more recently the Ford Explorer's tires are two examples of public and media pressure being more successful than just threat of lawsuits. Even so, just as with the automotive industry, eventually though public pressure the governments around the world have to step in and pass regulations that set up a minimum set of requirements an automobile has to meet to be deemed "road worthy". This includes crash testing as well as the inclusion of safety equipment on all models. The requirement are not constant and change to meet the expectations and demands of the public and lawmakers.

The onus is not only on the automotive industry itself but also on the users. Most countries require that all automobiles undergo regular inspection and maintain an up to date "Warrant of Fitness".

In the same way, if you want a secure IT infrastructure, eventually the software design, implementation and each deployment will have to undergo the same type of regulation and scrutiny.

Telegram is not the bastion against the courts that some people think it is.

Telegram shares users data in copyright violation lawsuit

... with an even longer line of claimants of even biblical proportions.

Telegram reportedly surrendered user data to authorities despite insisting '0 bytes' had ever been shared

Der Spiegel reports from sources that Telegram has fulfilled a number of data requests from Germany's Federal Criminal Police Office involving terror and child abuse suspects.

TYS From May 2006

I'm over forty years old. I have lived though, vividly remember and fully comprehend the late 1970s oil crisis, New Zealand's own 1984 balance of payments crisis and the 1987 share market crash. My Father was born a year after the 1926 stock market crash and is well acquainted with the effects of the resulting depression. I have repeatedly seen fools and so called wise men throw their fortunes on various markets and schemes based upon expected high return on investment. Eventually and inevitably the pyramid schemes -- for in the end that's all the revolving investment schemes are -- collapse.