Former Microsoftie Suspects Microsoft

Some of us never examine the code we use on our computers, but the fact that the code may legally be examined with FLOSS (Free/Libre Open Source Software) is one of dozens of reasons to use FLOSS. Not only can we be masters of our fate with FLOSS we can be more sure that others are not taking that role for themselves.

“These days Bowden said he is sticking with open source software that allows him to examine the underlying code itself and has also abandoned owning a mobile phone for the last two years.
Bowden’s not some pinko hippie. After a spell at Goldman Sachs he became a director of the Foundation for Information Policy think-tank before being lured to Redmond to oversee the privacy controls on its software in Europe. But since leaving he has been scathing about his former employer.”

see 'I don't trust Microsoft' after NSA disclosures says former privacy chief.

If M$’s insiders suspect M$ is in collusion with NSA, imagine what outsiders suspect. Imagine what the world thinks of doing business with any USAian company.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology and tagged , , , , , . Bookmark the permalink.

17 Responses to Former Microsoftie Suspects Microsoft

  1. bw wrote, ” I don’t think that you can just change Linux OS code and overwrite the executable and have it just keep running either.”

    That’s one of the first things I noticed about GNU/Linux. Except for the kernel and its built-in drivers (not loadable kernel modules), you can tweak them and restart them and they work. There is even a way to patch a running kernel now, but I haven’t needed to do that. I have tweaked the configuration of an Ethernet driver, reloaded its driver module and carried on, while my SSH connection was running on that Ethernet port… Scary, but it worked. tweak ... rmmod xyz;modprobe xyz

  2. bw wrote, “why would anyone want to examine someone else’s code anyway?”

    That’s pretty easy. It’s a good way to understand some undocumented feature/message. What was the computer “thinking” when it did thus and so?

    bw also wrote, “Thus Windows has extensive APIs for various ways to add value to it via applications or OS extensions or even OS support products like backup or repair utilities. Maybe even malware.”

    That’s exactly how waves of malware nearly drove that other OS from the Internet back in 200x.

  3. oiaohm says:

    bw rollcage taught me examples are not good enough. You need full blown test cases to know if a API is operating correctly. There are a lot of bugs in the Windows ABI.

    Really what version bw. 4.1 LibreOffice + is lot cleaner than going inside binutils. Yes you will also find me helping people out at reactos to get there cross compliers working. Binutils has too many platform #if macros for sanity.

    Dr Loser yes I can provide many counter examples from work I have directly done and is recorded on-line. This is the funny part about you TMR people you never found the fact I had done stuff.

  4. oiaohm says:

    Dr Loser there is a interesting point. Do I need to be able to read code to find defects. The answer is no you don’t.

    If you dig out an old open source program source you will find it will no longer built with more modern compliers in most cases. Static program analysis is added to gcc and llvm compliers to detect more and more defects over the years.

    The fact open source code get rebuilt by newer compliers over time in fact increases the odds of defects being found. This is different to a closed source binary that was only ever built with 1 complier in lots of cases. Yes this is also the case why cross platform building should be mandatory so code gets exposed to most number of compliers checks.

    Dr Loser claiming that no one inspected code is a little grandstanding. With me it is documented I have when I was trying to make a game called rollcage work in wine. Ok I was constantly patching the wrong places due to the complexity of the fault I was chasing. Why was I have so much trouble debugging wine and getting it wrong so often. I was failing to see that rollcage it self had gone off the rails. One flag in direct x send it program down a code path that should not run so was passing invalid direct x calls. Yes it was close to valid direct x calls some of them read as correct by MSDN but on real windows they never worked.

    This really showed me how nasty a bit of closed source that cannot be inspected is.

    Dr Loser how do you know on a closed source program that there are not alternative code paths that can be turned on by setting a variable somewhere.

    Yes the you shall not disassemble is not a tolerable clause. Even disassembling finding the flaw is insanely hard.

    Rollcage was particularly evil that it malfunctioned in Microsoft Software Reference version of Direct X. Wine Direct X at the time had been built following what Microsoft Reference implementation did. Turns out no Direct X supporting video card has ever implemented equal to the Microsoft software reference implementation and using it breaks lots of applications.

  5. bw says:

    Do you have a counter-example of anybody who does “examine the code?”

    I think that you have to go back to basics, i.e. why would anyone want to examine someone else’s code anyway? Maybe proprietary software suppliers might be looking for copyright violations, but most people would simply be using the existing code to fathom out ways to do things that they do not know how to do.

    In the Windows world that job is done with the billions of lines of sample code that are supplied by Microsoft and others who want to sell a product that can be incorporated into other products via APIs that the supplier makes available for luring those other product developers into supporting the enabling product.

    Thus Windows has extensive APIs for various ways to add value to it via applications or OS extensions or even OS support products like backup or repair utilities. Maybe even malware.

    Various applications have their own extension APIs such as hooks in WordPerfect or MS Office that allow a customer program to automate some office procedure to control how things are done in some company.

    You don’t need to “examine the code” in some running product application, there are far more direct and easy to understand examples available for everyone.

  6. bw says:

    At least with Linux, I open a text file, make whatever changes I want, hit save then continue on sans rebooting.

    MIrabile dictu! But aren’t you leaving out some critical steps? I don’t think that you can just change Linux OS code and overwrite the executable and have it just keep running either. I bet you haven’t actually tried to do that. I bet you will never actually try to do that. I bet you are untrained and not even capable of trying to do that.

    I sort of doubt that the kingfish FSFer himself could do that. I’ve looked at some of the famous GNU code and it is a pretty unsophisticated mass of C stuff. No elegance at all. I bet he couldn’t find his way through something like Libre Office if his pants were on fire.

    He didn’t get much training either, just fooling around on his own back in the day when loada and stora were the basic instructions that he had to work with and writing things to an ASR-33 were all the I/O he had to cope with.

  7. dougman says:

    Well lets see, can you ‘examine the code’ in Windows?

    Per the latest EULA from M$, one may not “reverse engineer, decompile, or disassemble the software”

    At least with Linux, I open a text file, make whatever changes I want, hit save then continue on sans rebooting.

    Try that with Windows.

  8. Dr Loser says:

    Some of us, Robert?

    Do you have a counter-example of anybody who does “examine the code?”

    To be fair, it doesn’t have to be you. It might be oiaohm or DougMan or RAM or absolutely any other of your “contributors.”

    Sad though it is to inject a touch of realism into your collective fantasies, there’s not a single one of you who have done any such thing, is there?

    You do a fine job of running a blog that advertises Gnu/Linux.

    What’s the purpose of the other idiots if they can’t even be bothered to “examine the code?”

  9. dougman says:

    Oh I know how trolls operate. I just point and laugh at their cynicism, as it is just SOOO obvious.

    If Microsoft cannot be trusted to deliver quality code, how can companies protect themselves?

    Hire a Linux GURU, replace the entire software stack, boot the IT idiot if he does not cooperate and enjoy saving a butt load of money.

    If a small startup can run Linux and score big like Instagram did, then so can you and your business.

    http://www.internetnews.com/blog/skerner/instagrams-billion-sale-powered-by-ubuntu-linux.html

  10. dougman says:

    Troll, malware is written for everything.

    The majority is written for Windows as it is easy to take advantage of and if you overlay sensible business considerations onto the criminal decision making process, it’s clear that Windows malware will get you more ROI. Speak your BS somewhere else.

    Malware writers are seeking the maximum payout, which leads to the following attacks:

    – Fake Anti-virus. Pay us now, or we delete your files!
    – Hijacking accounting PC’s in business and transferring the dough to mules. Business banking accounts are not covered by FDIC, so it takes court action to recover funds, if any.
    – Breaking into and pwning servers that have not been upgraded, then subsequently making off with all the customer CC cards and details.

    Regarding malware, Krebs does a good job keeping up with the recent stuff: http://krebsonsecurity.com/

  11. lpbbear says:

    “BW is upset he did not sell enough Windows 8 licenses in September”

    Nah, as you can see below he is just working as hard as he can to change and redirect the subject. His usual loser shill crap.

  12. bw says:

    never saw malware
    That is like fishing in a bathtub. You never see fish either. People who write malware write it for the popular OS. That is well-known. No fun in sitting around waiting for some schmoe using Linux to stumble onto the scene. Even if you found any, there is not much to steal. For a real payday, you have to find a prosperous target, eh?

    Not that I do any of that, of course, just thinking the way the hacker would.

    Coverity is an arguable source of software quality, I think. We ran all our stuff through it and there was always a lot of argument about what was considered a defect. It isn’t that effective.

    Anyway, it has nothing to do with malware. As long as the malware coder follows good practices, nothing embedded will show up.

    On a side note, I see where you ignored a sort of damning observation of your cite:

    “As projects surpass one million lines of code, there’s a direct correlation between size and quality for proprietary projects, and an inverse correlation for open source projects. Proprietary code analyzed had an average defect density of .98 for projects between 500,000 – 1,000,000 lines of code. For projects with more than one million lines of code, defect density decreased to .66, which suggests that proprietary projects generally experience an increase in software quality as they exceed that size. Open source projects with between 500,000 – 1,000,000 lines of code, however, had an average defect density of .44, while that same figure increased to .75 for open source projects with more than one million lines of code, marking a decline in software quality as projects get larger. This discrepancy can be attributed to differing dynamics within open source and proprietary development teams, as well as the point at which these teams implement formalized development testing processes.”

    Which says that big FLOSS projects are likely to be buggy due to their non-use of best industry practices. Hard to have a stand-up scrum meeting when the coders are scattered from hell to breakfast.

  13. dougman says:

    BW is upset he did not sell enough Windows 8 licenses in September.

    BOOOHOOO

  14. bw wrote, ” You are as helpless in the face of a malware creator as any Microsoft Windows user. More so most likely because there is next to no effort being made to protect Linux users at all.”

    Pompous. I have run hundreds of PCs and servers with GNU/Linux in schools with undisciplined students using them and never saw malware. With that other OS, the mean time to failure was a few months with a firewall up and an anti-virus scanner. I have often run GNU/Linux clients on a LAN with neither of those. I often did have a firewall and scanner on the router. I was in one school where a professional Microsoftie did install everything but Ghost was very busy restoring machines that ran flawlessly with GNU/Linux guided by my incompetent self.

    There is a recent article on The Register which describes Coverity’s study of Linux. There is plenty of effort put into protecting users. Linus scathes anyone who jeopardizes the end-product.

    Coverity: “Defect density (defects per 1,000 lines of software code) is a commonly used measurement for software quality. Coverity’s analysis found an average defect density of .69 for open source software projects that leverage the Coverity Scan service, and an average defect density of .68 for proprietary code developed by Coverity enterprise customers. Both have better quality as compared to the accepted industry standard defect density for good quality software of 1.0. This marks the second, consecutive year that both open source code and proprietary code scanned by Coverity have achieved defect density below 1.0.”

    “The 2012 Coverity Scan Open Source Report details the analysis of the Scan services’s most active open source projects, totaling over 68 million lines of open source software code. In addition, the report details the results of over 380 million lines of proprietary software code from a sample of anonymous Coverity users.

    Why Linux remains a benchmark for quality. “

    So, there is no significant difference between what Linux invests in securing code compared to the best corporations. Further, because the code in Linux is open source, a lot more eyes get to work on it. That’s something that M$ and others can’t do without NDA…

  15. lpbbear says:

    bLOwHARD spewed more crap: “Bologna You and everyone else here is woefully short of the talents needed to do any such thing.”

    He never made the claim that he could personally do it. He simply said that because of the open nature of Linux and FOSS that it CAN be done.

    bLOwHARD tries desperately to redirect the subject:
    “You are as helpless in the face of a malware creator as any Microsoft Windows user. More so most likely because there is next to no effort being made to protect Linux users at all.”

    Pog clearly was not speaking about malware in his post and neither was the former privacy chief of Microsoft. I thought you claimed to be the resident genius here?

    Guess not.

  16. bw says:

    we can be more sure that others are not taking that role for themselves

    Bologna You and everyone else here is woefully short of the talents needed to do any such thing. You are as helpless in the face of a malware creator as any Microsoft Windows user. More so most likely because there is next to no effort being made to protect Linux users at all.

    Properly managed and intelligently secured servers are pretty much impossible to breach whether they be IBM, Windows, Unix, or Linux. Sloppy server management is not restricted to any particular product line. Doubtless there are far more sloppy Windows sites since there are so many more Windows sites, but that is just serendipity.

  17. dougman says:

    All the config files in Linux is text files, nothing is hidden. M$ HIDES everything.

Leave a Reply