New Security-Enhanced Linux Release 179
James Cho writes: "Four days ago, the 2nd public release of the NSA's 'security-enhanced' version of Linux (it's not an entire distribution) came out. The NSA describes it as having 'a strong, flexible mandatory access control architecture incorporated into the major subsystems of the kernel". However it must be noted that this 'is not intended as a complete security solution for Linux' and that there is 'still much work needed to develop a complete security solution'."
Nice to see NSA contributing (Score:5, Interesting)
Re:Nice to see NSA contributing (Score:1)
Re:Nice to see NSA contributing (Score:1)
Wrong government entity. Mr Becker's network drivers are copyright NASA, not NSA.
Re:Nice to see NSA contributing (Score:1)
Copyright 1993 United States Government as represented by the Director, National Security Agency. - Doesn't look like NASA to me.
Re:Nice to see NSA contributing (Score:1)
A closed mouth gathers no foot, I guess.
Re:Nice to see NSA contributing (Score:1)
I steal your
There's Open, and then There's Open (Score:3, Insightful)
Not everybody who does Open Source is into the whole "community development" ideology. Some, such as the NSA and cryptography developers, are simply interested in the security advantages. Personally, I consider the main strength of Open Source to be its ability to create standards without falling into the design-by-committe trap. To see what I mean, compare KDE with CDE [opengroup.org].
Re:Nice to see NSA contributing (Score:2, Informative)
Re:Nice to see NSA contributing (Score:2, Insightful)
Re:Nice to see NSA contributing (Score:2)
Suggestion (Score:2, Informative)
The NSA is doing a bang up job, but their work will be seriously compromised if the USA Gov't is successful in legislating mandatory back doors in all encryption products.....
Re:Suggestion (Score:1)
Re:Suggestion (Score:2)
Interesting point, but i'm not sure how they would do that... It could be quite difficult to to backdoor an open source project without someone noticing, which would be fun.
Very flexible, lots of hooks (Score:5, Informative)
This is looking very nice. They're putting hooks into lots of places in the kernel. If the hooks themselves are accepted into the core kernel, then many of the different Linux security projects (like LIDS [lids.org]) will be able to work with little (or even no) kernel patching. It also has clean seperation between it's various components, so that anyone can plug in their own implentation of any of the sub-systems; thus, just like in Perl, ther'll be More Than One Way To Do It.
Re:Very flexible, lots of hooks (Score:1)
Does anyone else worry about the NSA making the Linux kernel easy to modify? All I could think about while reading the above comment was "what else are they planning to put in?" I am not normally a very paranoid person and I applaud the NSA for its effort, but I can't help but get the feeling that they should be watched like hawks.
Irrational Paranoia (Score:4, Insightful)
The NSA creates a system where you can plug in the security architecture that you want and you complain? Would you rather that they hardcoded it so only NSA provided security features could be used?
I guess it just goes to show that you can't please everyone.
Re:Irrational Paranoia (Score:1)
Idiot (Score:1)
You are not being reasonable. They are providing peer-reviewed well-architected security enhancements that fix almost all the hugest problems in operational security that Unix has ALWAYS had. Eventually, we will all use some version of these new ideas, because as you may have noticed, dividing processes into root/user just leads to root exploit after root exploit.
This is all GPL'd and not terribly obfuscated. I really think that you need to get these anxious feelings under control.
Marc
Re:Idiot (Score:2)
Sigh. Something that wouldn't happen if people would pay attention when they designed and wrote their root daemons. Qmail's never been cracked like that (No, I'm not saying I like DJB, but his code is pretty good.)
Re:Very flexible, lots of hooks (Score:1)
In addition to Carnage4Life's comments, I should point out that the first SELinux release was a direct patch.
It was presented at a Kernel summit (I can't remember which) and one of the suggestions made was that the various people who were interested in increasing the security of Linux get together and work on a common set of hooks for SELinux, LIDS, etc. The hooks are the result of that.
This is NOT Encription (Score:5, Interesting)
This is NOT encryption. What SELinux provides is stronger access control mechanisms. This means that users and programs only have access they need in order to get their job done.
This is a totally different thing from encryption. Encryption is one thing this is actually NOT touching. Encryption on most systems is useless if someone can break in and obtain the key needed to decript whatever you are trying to keep secret.
In a environment with better access control, it makes it a LOT harder for someone to actually gain that type of access. If someone breaks into your mail daemon or your http daemon, they only gain the rights that program had, nothing more.
I do agree however, that it is nice to see the government helping community (opensource/free speech) software. I think this is something we could use a lot more of.
Re:This is NOT Encription (Score:1, Funny)
Thats right, it's not encription.
Re:This is NOT Encription (Score:2)
Dwonis ducks.
Re:This is NOT Encription (Score:1)
Good to hear (Score:2, Insightful)
...as far as I could throw 'em. (Score:1, Insightful)
They desire (and probably have) access (however limited) to anything they want - private computer systems are a major hurdle in their mission to have complete access. What better way to change that than to release their OWN operating system, in the form of a Linux distro?
They can't exactly introduce a brand new thing to compete with Windows or the MacOS; so join the Linux crowd. Perfect.
Anyone who uses this is simply helping the NSA spin their web; and its getting bigger as always. Protect privacy... stick to YDL
Re:...as far as I could throw 'em. (Score:5, Insightful)
Here's the other way to look at it... as in "why would they do this?". If you consider the security of the servers used by american businesses as a national concern (and remember that the US Govt has a LONG history of getting involved JUST to help businesses), then helping make a stronger, more secure Linux kernel *IS* a national security issue.
I'd go on in more detail but it's 3:20 AM and my wife is complaining.
Re:...as far as I could throw 'em. (Score:3, Insightful)
The NSA has two tasks charged to it: 1) obtaining elint in non-US nations and 2) preventing other nations from gaining elint in the US.
Part of the second task is securing US government systems. Many US gov't installations can only use Solaris, HPUX, and a few related Unices because they are the only ones that meet the NSA's standards for security. I imagine that the NSA realizes that if Linux were to be an option, they could actually save some money (which, instead of being spent elsewhere in the gov't could be spent at NSA...).
Re:...as far as I could throw 'em. (Score:1)
In light of September 11, this shouldn't need any further detail.
Re:...as far as I could throw 'em. (Score:1)
From the Yak department... (Score:1)
Already Running a NSA Enhanced OS...Windows! (Score:4, Interesting)
Anything put out, funded, etc by the NSA or any other agency should be considered suspect until PROVEN otherwise...and before anyone here says "but it's open source"...keep in mind there have been numerous instances of serious bugs, weaknesses, etc found many years after various open source programs were released.
Bottom line: Just because a particular program is open source, does NOT automatically mean that particular program can truly be trusted.
Read the source... (Score:4, Insightful)
Bottom line: Just because a particular program is open source, does NOT automatically mean that particular program can truly be trusted.
The NSA has published several research papers on on SE Linux as well as the OSes leading up to it (Flask, DTOS, DTMach) and it is hard to find malice in what they suggest should be how OSes should be improved security-wise.
If you are so suspicious of SE Linux then don't install it or even better use the benefits of Open Source and actually read through source to see if the code matches what they claim in their research papers. Heck, diff the major source files against a stock distro and see what has changed and why. Open Source is of no benefit if people treat it like closed source and want everything handed to them on a platter.
Re:Read the source... (Score:1)
There lies the trick. They put hypnotic comments in their code so that everybody reading it will instantly and unknowingly become an NSA agent. And, what's worse, without pay.
Re:Already Running a NSA Enhanced OS...Windows! (Score:3, Insightful)
I mean, of all the companies contributing crypto and security work, who do you know you can -absolutely- trust?
I would think the NSA has the most to gain if this worked well (less work for them defending the information of this country), and the most to loose of they were cought doing a conspiricy (in open source plain sight no less).
Double check any submission that claims to enhance security? sure, sounds healthy to me, however singling out the NSA will only make out state of security worse.
Neither can you trust the NSA (Score:2, Troll)
ps: no, I'm not happy about the NSA approved keys in windows either, allthough these are not usable to enter a system.
The reason people trust open-source (Score:2)
Re:Already Running a NSA Enhanced OS...Windows! (Score:2)
And this is better than binary-only distros (whether from Micros~1 or the FreeBSD and Linux communities) how?
If you're interested in securing a system, anything put out by anyone (yourself included) should be considered suspect until proven otherwise.
NSA's involvement in SELinux is IMHO a red herring.
And I think their track record is pretty good. I remember thinking for years that they weakened DES by h4x0ring the S-boxes and not telling anyone why, when it turns out there were strengthening it against an attack known at the time only to them.
Remember - they have two missions. One, gathering intelligence from the assets other countries. Two, securing of American assets from the intelligence-gathering operations of other countries.
I believe that SELinux is part of the second mission, not the first.
Re:Already Running a NSA Enhanced OS...Windows! (Score:2)
Well, as mentioned on their site they hope these patches will find their way into the 2.5 kernel. As such it would go the way other patches go too: code will be cleaned, modified, looked over, streamlined, whatever. In the process there will be individuals outside the NSA gaining deep insight into the inner workings of (parts) of this code, they would blow the whistle if anything is fishy, and it stands to hope, that the NSA knows better, than to gain a reputation as mischievous backdoor inserters. Also there are quite a few papers presented by them, and many of the ideas will find their ways into a secure Linux Distribution, be it the actual patches or not.
Revised Bottom line: in a high profile project like this suspicious stuff will surface sooner or later, and the NSA knows this.
Re:Already Running a NSA Enhanced OS...Windows! (Score:1)
in a sense, this is true. However, i know that if my code can be read by the public, i'm not going to publish a bunch of hacked up, half assed code and attach my name to it. i'm going to make sure it's as solid as can be so someone out there might email me saying, 'damn fine job, sir'.
think of it as quality control by programmers of the world.
Re:Already Running a NSA Enhanced OS...Windows! (Score:2)
Question - How many security options do we have? (Score:1)
I am a Linux user for many years, and I have to admit that I do not put much emphasis on the security matter.
In light of the NSA's seLinux, I want know if there are OTHER secure (and/or ultra-secure) version of Linux distros out there?
Is there a portal somewhere dedicated to give users a taste of what is available out there?
Any comments will be very much appreciated.
Thank you.
Re:Question - How many security options do we have (Score:3, Interesting)
These are the ones I know about:
Trustix Secure Linux [trustix.net]
Engarde Linux [engardelinux.org]
Immunix [immunix.org] (seem to ship a secured Red Hat)
Kaladix Linux [kaladix.org]
Can't say if they are any good, I'm afraid. I'm too happy running Debian!
-- shaka
Reconsideration... (Score:1)
Would you rather have the NSA, or some 1337 punk h4x0r break into your system?
I've got nothing to hide from the NSA; and while in PRINCIPAL I still intensely dislike the whole thing, security wise this may be a wiser option.
It may well leave the back door open to the NSA - but nobody else. If it can keep out "other" intruders better than any other distro... would you use it despite the ramifications of having the NSA being able to waltz right in?
But then, there is always the possibility of the backdoor being found, or leaking; but in that situation a patch would be released immediately (its already prepared...
Oh well. Random thoughts.
It's not about Crypto - It's about access control! (Score:1, Informative)
They are trying to move toward a structure of access controls, to limit the scope of exploits. I think this is a worthwhile effort, and their approach (ie., explaining that this is -a- way of doing this vs. -the- way of doing this) is laudable.
I am hoping that security like this goes into 2.5 (Score:4, Interesting)
Linux already has security at the group and user level. But that is not good enough security for the real world.
What security like this does is allow you very fine control over everything that a user or process is allowed to do or to access, right down to system calls.
So, your web server is running and only has read access to it's config files, and write access to its logs and can only call the system calls that it needs to do it's job.
Let's say that there is a buffer overflow in the web server and someone tried to exploit it. Geeze, they can't start a shell, because they don't have any access to a shell, the web server didn't need that access. So, even though there is a buffer overflow, they can't get a shell from it.
Let's say that somehow they got a shell from this activity, all that the shell would have access to would be the web server content, config files, and log files and they could execute cgi scripts. And nothing else. And the cgi scripts would be locked down even tighter than the web server was. They couldn't even see anything that wasn't web related.
The really nice thing about this level of security is that the concept of an all powerful root becomes almost meaningless. Any user can be granted specific rights to run certain programs.
This means that administrators for each subsystem can have the rights they need to do their job.
Where we do need encryption is a good directory service for Linux servers that would allow this level of security access controls at the enterprise level across 10's, 100's or even 10,000's of servers.
Imagine being able to add a new person to a single database and instantly give them the rights that they need to do their job across a network that spans the globe.
Or is that just me? *L*
Re:I am hoping that security like this goes into 2 (Score:3, Informative)
With this new kernel interface you'll be able to set your system up to taste, with configurations running all the way from basic Unix security like we have now to the exotic super-security system flavor of the week.
If you read the FAQ.. (Score:4, Insightful)
As the NSA have released the source code for these changes I hardly see any reason why one should not run such a kernel. I may hesitate to run a binary from these guys, but if these changes get incorporated into the mainstream kernel I'll still run Linux.
On another point, maybe it is worthwhile seeing what is required to get an increased security classification for Linux; the FAQ raises some interesting issues in the form of documentation and auditing. Maybe the first could be performed under the auspices of the LDP (Linux Documentation Project) and some of the other secure Linux distributors would be interested in coordinating the latter.
If Linux was approved as a secure OS, then takeup by goverments would be much more enthusiastic, and as civil service employment would require at least Linux desktop knowledge, that would lead to a need for it to be taught in schools, which is where hopefully the next generation fo kids won't grow up to by Windows lusers. [bit like a reverse of the fear leads to anger...to the Dark Side argument, isn't it?
NSA backdoors ? (Score:1, Troll)
I wonder if they have installed some hard
to find backdoors so that they can get into
the "secure" systems
Remember the mysterious NSA_KEY they found in the
Windows code ?
Re:NSA backdoors ? (Score:1)
What you're basically positing is that the NSA programmers are so superhumanly clever and cunning, with such godlike mastery of the craft, that they have deliberately devised such tricks and back doors with FULL CONFIDENCE that not one non-government open-source coder will ever, ever spot them -- until it's too late and those back doors are being exploited.
This suffers from the same flaws as hundreds of conspiracy theories about the spook agencies: it credits the government agency involved with fiendish cleverness and foresight beyond all imagination. Do you see any signs that *any* portion of the federal government, the CIA and FBI included, have that kind of genius? Are they really that competent? Look at the record.
It's like a guest speaker for my journalism course once remarked: he didn't believe in government conspiracies because most of those people aren't capable of running a conspiracy!
This is not encryption (Score:2)
This is the text of the abstract of the NSA project. You can find it here http://www.nsa.gov/selinux/policy_abstract.html
The security architecture of the system is general enough to support many security policy abstractions. The access controls in the implemention currently support a combination of two, type enforcement and role-based access control. This combination was chosen because togther they provide powerful tools to construct useful security policies. The specific policy that is enforced by the kernel is dictated by security policy configuration files which include type enforcement and role-based access control components.
The type enforcement component defines an extensible set of domains and types. Each process has an associated domain, and each object has an associated type. The configuration files specify how domains are allowed to access types and to interact with other domains. They specify what types (when applied to programs) can be used to enter each domain and the allowable transitions between domains. They also specify automatic transitions between domains when programs of certain types are executed. Such transitions ensure that system processes and certain programs are placed into their own separate domains automatically when executed.
The role-based access control component defines an extensible set of roles. Each process has an associated role. This ensures that system processes and those used for system administration can be separated from those of ordinary users. The configuration files specify the set of domains that may be entered by each role. Each user role has an initial domain that is associated with the user's login shell. As users execute programs, transitions to other domains may, according to the policy configuration, automatically occur to support changes in privilege.
Paranoia (Score:1)
Seems they need it ! (Score:2, Interesting)
Enguard Linux (Score:1)
Two can keep a secret if one is dead (Score:3, Interesting)
Secure encryption is a matter of national security. It's a matter of an American company being able to keep its secrets secure from foreign competition (amongst other things). It's about AMD being able to make a new innovation, for instance, without having to worry about Hitachi "coincidentally" and suddenly patenting that same innovation before AMD gets to the patent office.
If you're going to have to rely on such a program for the validity of the economy (et al), there is no logical reason to shoot yourself in the foot by installing back doors in all such software. That secret back door cannot stay a secret forever. All it requires is one act of treason for that "secret" back door to be just about anything but (possibly even public domain).
Yes, I know the FBI wants escrow encryption, but even then that's only giving the Feds the ability to get to the keys to decrypt it (with a court order), not some magic key of their own. Because again, that magic key is one act of treason away from the public domain.
And here comes the flame...
It disturbs me how many posts on here all say the same thing: "It says 'NSA,' so therefore it must be bad." And yet, surprisingly enough, nobody has yet to find any such super secret NSA log-in account in the open source code. This gut reaction reminds me too much of the people who were saying as early as the evening of September 11th that it was all an ATF plot. Can't you people think differently for once, especially when there's no logical reason not to? I pity you for not being able to change gears every once in a while. If Congress passed a resolution delcaring the sky was blue, where would that leave you?
Blind distrust of the government is just as bad as blind trust, if not moreso. At least with blind trust it demonstrates the ability to trust something, and you can go out of the house every once in a while without putting your aluminum foil suit on...
Re:Two can keep a secret if one is dead (Score:2)
Hah! The foil does nothing!
Just one question (Score:1)
Simple (Score:1, Informative)
Our National Security (Score:2, Informative)
Yes, the NSA has acted to help Americans protect our secrets before. Why? Because it helps our country for banks, companies, and people to be able to do their work without fear of their private data being stolen. For those of us who follow encryption, recall that NSA helped IBM optimize DES against differential cryptanalysis, long before differential cryptanalysis was a public technique (yes, they also limited keylength, but presumably that was to set things up so that they could break in, but only in emergencies with a *lot* of effort -- it still takes 24-odd hours for modern specially designed machines to break DES, do you think the NSA could have done better in the late 70s?).
Even when they were trying to foist Clipper off on us, the people over at NSA always acknowledged that helping Americans (and the global economy) maintain secure systems is a good thing. As lots of people have pointed out, SeLinux is about access controls, not encryption. The NSA has every reason to help develop secure products so that large groups of Internet servers are not easily hacked, and no reason to install a backdoor which anybody could discover (and, if unethical, exploit) simply by perusing the source code.
That said, if you're qualified, feel free to browse the code -- being careful is good, but being paranoid and reflexively hostile to people who devote their lives to public service is bad.
now with new anti-terrorosm features (Score:1)
Eliminating web server break-ins (Score:2)
What to do with it?
1) come up with a mandatory security policy that makes sense in a web server environment, and
2) modify Apache to live within that security policy. At that point, you have a secure web server that stays secure even if the web server has holes. That's what this is all about.
Mandatory security actually works; it's just hard to live with. It means things like "administrator programs can't read lower-level data." That prevents them from becoming contaminated with viruses, but it's a pain to live with.
The key to all this is that the amount of trusted software becomes much smaller. Everything that ever runs as "root" under UNIX is trusted. In a mandatory security environment, only a few programs have strong privileges. Typically, these are dumb little programs that do one job (like installing user accounts or copying files for backup) and nothing else. You never trust something big like EMACS.
Wow. (Score:3, Insightful)
SElinux has NOTHING to do with any of those...
IT's about intenral access controls for applications so they only have access to the resources they need to get the job done.
So, in the future, say, a large, huge server can run *securely* where differnet internal users are safer from each other.
What a marketing tool! (Score:1)
The future of Windows in the U.S Gov't (Score:2)
I'm surprised no one mentioned this: does this mean that the U.S. goverment is going to do as some Slashdotters have suggested? They have, after all, found Microsoft guilty of breaking certain anti-trust laws. Perhaps this is the first move in divesting the government from being a customer of a convicted corporation.
Before Linux is ready for the U.S. government's sensitive information, time for a security overhaul. What better group to give that job to than the NSA? And they will play by the book and release the source, as they of all groups know the value of security through obscurity (none.) They might even get a few tips from Linux kernel hax0rs on possible 'sploits they disregarded, as they also know where the know-how (and the willingness to help out) is.
Now that one U.S. government agency will have a certified secure OS that they were able to review and alter the source code of, which doesn't have any backdoors and has true modular security (none of which can be said of closed-source Windows, where there is not six but one degree of separation and a bug in a minor support
Re:How many (Score:2, Funny)
Re:How many (Score:4, Interesting)
As has been said before ad nauseum, if there's a backdoor, it will be trivial to spot because it's open source. Distrust of the government only works if you're logical about it.
Re:How many (Score:1)
A name for you to look up: Eratosthenes
Besides, I'm failing to see how sailing off into the unknown and looking at a text file are analogous. One involves hidden dangers and doubts about food supplies, while the other involves a text editor.
"It is very possible to hide backdoors in code that are almost impossible to find, even in Open Source code. Read this article by Ken Thompson:"
Already read it. There is an infinity of difference (literally) between "impossible" and "almost impossible."
Re:How many (Score:1)
Given the paranoid, cynical, untrusting nature of most Linux folk when it comes to the government I'm sure thousands of eyeballs will be poring over that code looking for anything suspicious. And I'm sure the NSA knows this as well and realizes that this is NOT the time to do something really stupid, in open source, that any persistent hacker with an editor can find.
It's not like a backdoor is especially difficult to locate when you can see all the code. Your only hope is obfuscation; the NSA changes aren't large enough for such a tactic to work. You don't have to check the whole kernel, mind you, just what's modified after the patches. Not a hard thing to do. Divvy up the work among 50 people and even without a search algorithm to reduce the text involve the search becomes trivial.
Max
Re:So who is using it? (Score:1, Funny)
Re:So who is using it? (Score:1)
Re:In times like these... (Score:1, Offtopic)
You have valid misgivings, but keep in mind that the NSA is not one homogenous organization (indeed, no organization of any size is completely homogenous). Calls for crypto backdoors are simply backlash from the tragedy. They cannot possibly reflect the desires of the entire NSA.
Re:In times like these... (Score:2, Insightful)
Re:In times like these... (Score:2, Interesting)
Re:In times like these... (Score:1)
Re:In times like these... (Score:4, Funny)
True enough. We can always ask why they put in the constant b4ckd00r and set it to binlLadenhasnoSkI11z.
Re:In times like these... (Score:2)
Re:In times like these... (Score:2)
Re:In times like these... (Score:1)
Re:In times like these... (Score:1)
No, you probably will find it. The NSA's set of patches, etc don't make a whole distro, only bits and pieces of one. You still need GCC, which is made outside the triple fence, in order to compile it. If you're truly paranoid about an act which could compromise your system, you compile GCC from a different compiler, so that any chance of a Thompson'esque back door is minimal. One of the beautiful things about an open and decentralized standard, such as C, is that you can use someone else's work in order to verify that there are no backdoors in your product. Thompson was able to put in such a backdoor because he controlled both the login program and the compiler. Such a thing is not possible today
Re:Since it is open source... (Score:1)
> channel?
Or maybe internal NSA research (top secret of course) has discovered
an algorithm that will break this secure kernel they are foisting on
the public now. Who knows how advanced their cryptology is nowadays? Their researchers are not allowed to publish.
Now they are releasing this ``back-doored'' kernel into the world and experimenting
if civilian computer scientists would discover the flaw.
Heck, its even a good way for the NSA to know how far advanced their research
is vis-a-vis the rest of the world.
-- a paranoid freak
Re:Since it is open source... (Score:1)
Re:Since it is open source... (Score:2)
Re:Since it is open source... (Score:1)
But still, it doesn't fit with their public stance on "just for us" security.
Re:Since it is open source... (Score:1)
Amazing that all these ppl are saying shame on them for creating another tool for terrorists. But I very well doubt that the terrorists computers would even be connected to the internet let alone need to be secured by linux.
By the way, I see no mention of any encryption with this distribution so the only use for this distro would be to keep other ppl's prying eyes out of the system.
If I was a citizen of the US I would write to my local representative and commend the NSA on this project and put it in the spotlight. (which equals more funding for the project etc)
Re:Just the standard question.... (Score:4, Informative)
Normally this might be cause for concern, but it has the strength of being open source, so the patches can be scrutinised by the OS community and if there's something dodgy about it, you can bet your hard disk that word would get out.
And if you're worried about the government slipping you dodgy binaries... compile from source!
lazy installation of secure os = !security (Score:2)
Re:lazy installation of secure os = !security (Score:2)
It's not an entire Linux distribution in the Red Hat sense. What's so hard about configure; make; make install?
Re:Just the standard question.... (Score:5, Interesting)
This is not some new scheme to control the population... No doubt the people working on this are just geeks, whom are much like many of us here on slashdot.
I think we should applicate and WELCOME the fact that the government is spending our tax dollars on something that makes our community better. I personally would like to see a lot MORE involvement from the government on community (free speech/Open Source) projects. The government (not just U.S., but many of the governments world wide) has a lot of really talented people. People like this could do a lot of good for the community. (Although yes I admit, they could also do a lot of harm.)
I think this is a good step in the right direction and I hope to see a lot more of this in the future.
(And no, I do not work for the government.
Re:Just the standard question.... (Score:1)
Yeah, and this has nothing to do with encryption. They use steganography. I found the phrase "Help us! We've been captured by the NSA!" embedded in one of the header files. Story here [goats.com].
Re:Just the standard question.... (Score:1)
Only the completely wigged "I need to wear an aluminum foil hat to keep out the mind control rays" sorts of folks would assert with complete conviction that the product MUST have a backdoor because it was written by the NSA, despite the fact that the entire thing is OPEN SOURCE.
Jesus H. Christ. Paranoia is good, folks, but only if it's RATIONAL. The NSA aren't *stupid*; there's no return on putting a backdoor into open source that'll invariably be discovered by some bored hacker with a text editor.
As the original poster said, it's nice to see a gov't intelligence agency actually working FOR us for a change, spending tax dollars in a sensible fashion.
Max
Re:Just the standard question.... (Score:2)
SELinux implements a more robust access control mechanism in Linux. This is similar to TrustedSolaris/AIX/BSD/HPUX. It has nothing to do with encryption.
You honestly couldn't tell that was a joke? (Score:1)
I really don't want to troll, but am I mistaken or is that addressed to me? I mean, I posted a link to a comic strip. Do I need to bracket it in rows of smiley faces? Meet me halfway, here.
Once someone says "it has nothing to do with encryption" aren't all future messages to the same effect redundant? Just because other people keep going on about encryption doesn't mean you have to keep upmoderating anybody who repeats that.
On a more serious note, if they really are just like us geeks on slashdot, why do they work at the NSA? Are geeks who work at the NSA happy with their jobs? I wouldn't want to solicit anything classified (since I post with my e-mail address :)) but do we know who at the NSA arranged this? It's a nice piece of work and I'm wondering how friendly an environment the NSA really is for people who want to do open source work. Is this the brainchild of one particular linux-friendly higher-up or are we going to see a lot of open source stuff coming out of the NSA?
Re:You honestly couldn't tell that was a joke? (Score:2)
Disclaimer: I don't work for NSA. I am, however, a geek.
Let's see here. Largest concentration of computing power on the face of the earth. Home of some of the top mathematicians on earth. The chance to work on solving problems that nobody else even knows about (e.g. strengthening DES against differential cryptanalysis many years ago).
The pay probably sucks compared to private sector, and no doubt there's more than even the large amount of red tape that comes with a "normal" dot-gov career, but the fringe benefits - all the computing power you can play with, the chance to work with - or to develop - revolutionary technologies, probably more than makes up for the bad parts.
And all you really have to be able to do (well, apart from play with all the cool toys) is keep your mouth shut when you're not at the office. (And as geeks, most of us are introverted enough that keeping our mouths shut isn't a problem for us :)
For a potential applicant, most of this is known in advance. It's not like you wake up one morning, figure "Hey, I need to make next month's rent, I wonder if NSA is hiring".
So all in all, while it's not a career for everyone, I'd imagine that those who work there manage to find both personal and professional fulfillment there, and as a result, do enjoy their jobs.
Re:Just the standard question.... (Score:1)
Re:Dont' help out the terrorists! (Score:1)
They'd love for terrorists to use this. Its probably got a seive built right into it!
"Security Enhanced" maybe - but when you've got the key, the size of the door matters not... no?
Here's a quarter... (Score:2, Insightful)
What offends *me* is your ignorance, gross generalizations, and knee-jerk reactions. By your logic I assume we should also outlaw writing. After all, they did find a letter with instructions for the terrorists. It's antiquated, hand-written messages like that that are the *real* danger to this country. Only through illiteracy can we be truly safe.
As for me, I'm off to bed. No, really. I have to get some sleep before I go to work tomorrow.
Jeez... I really hope this was just a sarcastic post that went over my head b/c I was sleepy... "Communist open source tools"? Yeah, it's gotta be a joke. No one could say that with a straight face and mean it.
Re:Let me get this straight... (Score:3, Flamebait)
> What offends me (not to mention the 6000+ innocent dead and their grieving families) most
> about this story is, the terrorists made use of these kinds of communist open source tools to
> plan, communicate, and carry out their attack.
And they used "Microsoft Flight Simulator" for training.
It really offends me that millions of people are still using Microsoft products after this tragedy.
Re:Let me get this straight... (Score:2)
Re:Is the NSA a problem? (Score:2, Interesting)
I won't, they sure as hell won't either...
This distro's sole purpose is to gain the NSA a foothold in the Linux market; where their software will be incorporated into other distro's.
In the grand scheme of things, they're gaining a foothold in the operating system area...
FUD alert: Security OK, but what about the cost? (Score:1)
I'm sorry this is off-topic, but this sort of FUD has to be countered.
The couple of dozen Linux boxes that I directly administrate don't require administration. They just run without any tweaking or attention at all. I get to focus on the software that I want them to run. And they hang around 10-13 load, all the time, said load generated by hundreds of absolutely reliable processes.
I'm not going to comment on your inflamatory filesystem diatribe. I'll just say that Reiser has never let me down.