TravisNave wrote:
dgorsman wrote:
... Not to mention, by accepting user contributions its possible to "contribute" carefully constructed back doors for later exploitation.
This has been my argument since the very beginning. An "open-source" OS built and supported by hackers will never see the light of day in my enterprise. In my experience, all those squeaky wheels asking for more Linux support have always been the anti-establishment types... or the anti-Microsoft bashing genre. It's a black hat mentality that doesn't translate well in the real world as it did in your high school bedroom.
Gentlemen, Please, please, please do not spread FUD!
TravisNave - if you are adamant about no FOSS software in your enterprise, or by extension performing mission-critical operations for your enterprise - then you will need to unplug all your routers, backup devices, NAS boxes, phones, and eliminate all inter-organization email and unplug from the Web. What do you think runs all that infrastructure you depend on daily? Windows for Workgroups?????
Installling a 'secret' back door in an OS is for all practical purposes, impossible. Before Jobs final departure from Apple, he _could_ have put one into OSX, and his staffers would have done it, but it would not have remained undiscovered for any substantial length of time. Microsoft??? Balmer by himself would not have the internal clout or personal charisma to make it so, MS would have run it through a committee, and if if those hundreds of people successfully implemented it and kep it secret, the security community, both black and white hat, would quickly ferret it out. And, with the MS Shared Source program, customers in that program would have been able to identify a deliberate back door by reading the source. You can't keep a secret when the source is public. Although, you can if all your user's see are .exe and .dll files..... But too many people are poking at it everyday, from NSA to Kapersky.
Installing a backdoor in a FOSS os, such as Linux or any of the BSDs, is literally impossible. There are far too many eyes looking at the code for anything on that order to occur. Or do you think 30,000 people across the planet in dozens of nations can keep a conspiracy of that magnitude secret????
It does not seem a though you have any idea of how FOSS works, especially in the cases of a major OS like GNU/Linux. Sure - anyone, hacker, high-schooler, or PhD, can submit a patch, but that patch does not get committed and included in the OS source code blindly. It's tested and reviewed - by experts with the OS. Unlike private enterprise, where the bosses son-in-law can be a corporate VP the day he gets out of junior college, major FOSS projects are a meritocracy. A contributor has to prove his chops by developing clean, competent, reliable code to the best of his ability. If he has the ability, he can eventually become a maintainer - whether his daddy was the governor of michigan or a migrant farm worker in texas. Merit matters, nothing else. Bugs happen, sure, and some haoppen that impact security, but intentional???? not possible. Deliberately implementing an OS flaw of that nature would be discovered, and the submitter would be kicked out with high dudgeon, and spend the remainder of his existence being doxed by 4chan..
All that aside, as has been mentioned before, Adesk has already taken substantial steps towards an OS-neutral CAD platform with the separation of Core and interface. Personally, I hope they do not try a linux version -- the Windows version is bad enough, and the OSX even worse. Trying a *Nix iteration could only dilute the effort put into fixing and maintaining what they've already got. Leave that OS to Graebert and Bricsys -- people hungry enough to do it right. After all, (no offense Dieter) Adesk can't even put out a functional help system for their current CAD application.
