Slash Boxes

SoylentNews is people

posted by cmn32480 on Thursday September 03 2015, @01:46AM   Printer-friendly
from the how-can-you-not-trust-the-NSA dept.

El Reg is reporting:

The NSA today revealed it has uploaded source code to GitHub to help IT admins lock down their networks of Linux machines.

The open-source software is called the System Integrity Management Platform (SIMP). It is designed to make sure networks comply with US Department of Defense security standards, but the spy agency says it can be adapted by admins to meet individual security needs as well.

"The open-source software method of transferring technology from the federal laboratory to the marketplace is extremely efficient," said Linda Burger, director of the NSA Technology Transfer Program.

"The open-source community can leverage the work that NSA has produced, and the government can benefit from that community's expertise and perspective. It's a win for everyone – and for the nation itself."

So, not only do they want your secrets, they want you to help them get them. Yes, it's open-source software and the source code can be examined, but the NSA skeptic in me thinks this sounds very dodgy.

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by q.kontinuum on Thursday September 03 2015, @10:39AM

    by q.kontinuum (532) on Thursday September 03 2015, @10:39AM (#231656) Journal

    the gp said nothing about a product, just pointed out that this is more of a configuration so "source code" makes it seem a little disingenuous even if accurate.

    Ok, maybe I got that wrong; I didn't look at the repository, and as far as I understood the gp, he just quoted from github that this NSA-thing comes with a puppet instance, which to me does not imply that there isn't any additional software with source code etc. The gp post sounds to me like by installing from the NSA submission, I will install a new puppet master in addition to the actual software, and to circumvent that I'd have to modify the scripts to e.g. use an existing puppet instance instead. To me this sounds exactly as open source was initially planned: The code does what the NSA needs, but can be adapted to other needs. Only the NSA doesn't provide a nice configuration front-end, but instead just publishes their code as-is and expects others to do any adaptation-work.

    What's with the "big companies feeding freeloaders"? That is a very slanted statement, quite presumptuous about the meaning of open source, and not even applicable here!

    Maybe I was projecting a little too much. The point is that with Canonical, Mozillla, J-Frog and others, there are lots of companies offering consumer grade products for free. I like that, I like to use them, and I don't want to slander anyone who does the same. But these are companies offering free products which happen to be open source, and they have some other kind of business-model to make money with it. Therefore it is OK to expect a working product, and to complain if it doesn't match the expectations - the companies business-modell builds on the product, so they will probably be happy to be informed of any shortcomings.

    But this is not how Open Source started, or how it grew strong, or what it was meant for. The idea is rather that any developer should publish his code per default, and whatever there is can be useful to other coders, even if it doesn't work. In such cases it can be discouraging to receive feedback that the code you wrote exclusively for your own purposes and published just because you are philosophically convinced this is the way code should be treated, that this code is crappy because it doesn't match someones expectations. It reflects an expectation that others should not only open the gates to make it easier for me to learn and help myself, but that people should actually mouth-feed me their stuff the way it benefits me. This is what I call a freeloader mentality.

    It's a bit like in linux support-forums: If I go into a Canonical-supoprted Ubuntu forum and ask my questions, I expect to be helped by those Canonical-employees, because even if I'm not paying, they want to promote their product, They have an interest in helping and I might have an expectation of receiving help.
    In non-commercial forums I expect there are people who like to discuss technical things and will probably be willing to provide guidance on a give-and-take base, but this requires I invest the time to read some man-pages to learn the basics first, I show respect and ask politely, and I try to think for myself to fill in the blanks in a proposed answer.

    Or maybe use soylentnews as an example: This is a community-driven website. If I'm not content, I can try to get involved to improve the situation, or make some nice proposal on how to improve. Even if I subscribe and pay, it is clearly understood that I just help to cover the operation expenses; no-one is employed here, it is still a community-site where every work that goes into it is a gift. Appropriately friendly I will try to make improvements suggestions. If on the other hand Amazon Prime stops working for me, I'd probably complain loud and clear,

    Registered IRC nick on qkontinuum
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2