back to article Russia to SAP, Apple: Hand over source code to prove you're not spies

Russia has asked SAP and Apple to hand over their products' source code so it can be tested for spyware. The nation's Ministry of Communications and Mass Media announced the request on Wednesday. The shrinkwrapped statement sees Communications minister Nikolai Nikiforov citing the revelations from rogue NSA contractor Edward …

Anonymous Coward

well, why not ...

as long as the source code is examined and then either escrowed or destroyed, and as long as the governments in question give unlimited liability guarantees against all consequential losses for all time, what's the harm? ;-)

4
3
Joke

Re: well, why not ...

And any remote vulnerabilities that the FSB discover against Apples and SAP's servers as a result of the code exam will remain unexploited I'm sure.

Still what's good for the goose......

Will be interesting to see the fall out from this over the long term - who will win between the spook owned politicians in the US and those owned by the corporates who are increasingly suffering as the NSA's pigeons come home to roost.

9
0
Anonymous Coward

Re: well, why not ...

And in which country would you intend to litigate ? ;-)

1
0

Try adding in some punctuation - this is barely readable.

10
1

Try: adding (in) some .. punctuation! - this is barely(?) "readable".

Well, I tried, but I don't think it helped.

0
0
Anonymous Coward

Didn't make a word of random insertion sense that part about foreign minsiter edward snowdon was total cotoneaster blooming in my garden nonsense another example of sloppy copy cut paste delete backspace passing the editorial aye aye captain quality journalism and editorial oversight is dead at take the register arnold here brampton here cuthbert here peanuts and monkeys I suspect

22
4

Your final question is wrong, it isn't what Snowden has wrought, but what the NSA has,.

24
0

it's not enough

They need to be able to prove that the software they're running was compiled from the source code they're auditing,

10
0
Silver badge

Re: it's not enough

Shush.... that's being thought about by the Department of the Obvious... er... Does Russia have a Department of the Obvious?

0
0
Childcatcher

the software they're running was compiled from the source code

If building and comparing binaries is beyond their capabilities, the West is safe.

1
0
Anonymous Coward

Re: it's not enough

They can always build it themselves (using their own compilers) and distribute their own binaries. Making sure licenses are paid for, of course.

But they'll have to go through that whole process every time Apple releases a patch or an upgrade.

Come to think of it: in principle they should go through the whole source review process every time Apple releases a patch or upgrade anyway.

1
0
Black Helicopters

Hide and fear

This is an "if you have nothing to hide, you have nothing to fear" approach.

Although I am a bit unsympathetic to proprietary software, and not wanting to defend apple or sap in particular, the real problem is that one is asked to prove a negative. That leads to guilty unless proven innocent. Or, in other words, a pretext to (seemingly) random enforcement of whatever the ruling class feels like. Bad times are looming.

5
1
Facepalm

Re: Hide and fear

And do the Russkis really believe that absence of evidence is the same as evidence of absence?

If you find something, then it's there. If you don't find something, all that proves is that you ain't found something - not that something ain't there...

3
0
Silver badge

What good does the source do ...

... if you don't own the tool-chain? c.f. http://cm.bell-labs.com/who/ken/trust.html

Politicians (and other management!) have zero clues about code.

4
1
Anonymous Coward

Not exactly new

Huawei happily complies with UK government via HCSEC. so its not exactly limited to Russia

1
0
Silver badge
Childcatcher

Re: Not exactly new

A good point. So why is Russia OK with Microsoft products while China has banned at least some of them based on security concerns?

1
0

Completely pointless, endless patches that could introduce back doors and the issue of whether the code is what the binaries were compiled from all the time will make it impossible to achieve.

3
0
Anonymous Coward

Paranoia is the new normal

These days it's necessary for everyone to be paranoid, even governments.

NSA will probably ask Apple and SAP to give the russians backdoor free source code.

2
0
Silver badge

Re: Paranoia is the new normal

Nah Twas' always so..

I remember Sinclair Spectrums being pulled for sale in Heathrow Duty Free, just in case those pesky Russkies bought one and built a better bomb with one..

On the other hand around this time I do know of a company director who took 286\386 chips into the USSR in his luggage and swapped them for some very high-tech imaging kit that we no longer made in the UK but the Russians did..

Considering the nature of the work his company did for the MoD if MI6 didn't tip him the nod to do it I would be very surprised..

0
1

Russian Fools

Nothing to see.

Apple stuff is all about the US corporation monopoly.

They want you roubles, not your country.

0
0

In Russia, vulnerabilities find you!!

Since Microsoft cannot find it's own vulnerabilities (or I would not have to reboot my machine virtually every Tuesday) , why does the Russian state think it will have anymore luck?

That is unless any deliberate security changes have comments around them like

/* Backdoor added by NSA. Ssssh don't tell anyone */

4
0
Silver badge
Pint

SAP Source Code?

It's printed on the back of the box, innit? Thusly:

10: REM SAP

20: GOSUB display_some_wee_boxes

30: GOSUB frustrate_user

40: GOSUB (RND(100))

50: GOTO 20

9
1
Silver badge

Re: SAP Source Code?

I assume that review of SAP source code will be used a punishment for those who demonstrate against the government, disparage Putin, etc.

7
0

Re: SAP Source Code?

Off to the gulag to desk-check, comrade!

It's the IT version of A Day in the Life of Ivan Denisovitch.

0
0
Silver badge

Good luck with that

These are probably the two companies least likely to share their source code for a fishing expedition.

I mean, sharing your source code with the country that's home to more hackers per capita than probably any other, and has a corrupt government where officials are easy to bribe...what could possibly go wrong?

Apple at least isn't very successful in Russia anyway, so they have little to lose by ignoring this request. Not sure how much business SAP does there.

4
0

Re: Good luck with that

"..sharing your source code with the country that's home to more hackers per capita.."

You mean hackers who can hack senators?

0
0

SAP: Why bother looking that source code

Just look at the license agreement.

To get support from SAP you must have a permanent link setup with SAP. Without it, no online support, no patches, no upgrades, no serivices.

0
0
Anonymous Coward

Would you trust Russians with your source code? Nah, me neither...

1
0

I wouldn't trust the US with it either..

2
0

I don't trust myself with it. That's why I forget how it works at the end of each day.

0
0

That is a fair request.

There is ample reasoning behind doing this. More than just a little suspicion - so for Authorities not to view the source code at each version release would be irresponsible.

Governments and select organisations (such as Electronic Frontier Foundation) should have access to source code to verify that it does not infringe on privacy and security. Governments are responsible for security and for protecting their citizens rights after-all.

For Government departments, Emergency Services, Defence, and strategic industries they should be able to both validate the source code then recompile it themselves to create images for deployment.

If a company does not provide access to source software, firmware or other code they should be prohibited from being used in critical areas and be either banned or have a large tax levied against the products (and related services) as both a disincentive and also as a contribution towards the funding of proper and more responsible alternatives.

2
2

Governments and select organisations (such as Electronic Frontier Foundation) should have access to source code to verify that it does not infringe on privacy and security. Governments are responsible for security and for protecting their citizens after-all.

For Governments and strategic industries they should be able to both validate the source code then recompile it themselves to create images for deployment to critical services.

If a company does not provide access to software, firmware or other code they should be prohibited from being used in critical areas and have a large tax levied against the products (and related services) as both a disincentive and also as a contribution towards the funding of proper and more responsible alternatives

0
0
Pint

Careful what you wish for Vlad

I've seen some of that source code. It doesn't prove they are spies. Wow, in fact it does not even suggest they are sober.

Sure, if you have a lot of time on your hands but, you know, government, Russia, it's a big place, lots to do etc.

3
0

Custom russian silicon

I hope Russia does build its own CPU's but ill be most upset if they use 64 bit ARM, Id like to see a SETUN 2.0 because the world needs a ternary CPU :)

1
1
Silver badge

If only there was an operating system that could run on commodity hardware where the source code and complete build chain were open source....

1
0
Holmes

Re:

Well now you are just talking crazy. Who would make software that is free to use, audit and modify by anyone?!? Sounds like communism!!!

0
0

Re: Re:

Sounds like communism!!!

Of course someone has put this clip on YouTube.

0
0
Silver badge

What hath Snowden wrought?

Given some of the interesting ... "diagnostics" ... aids that have recently been found in iOS, I think the only involvement of Snowden was to lower our level of trust enough that we'd start to see that which was hidden all along. This, they brought upon themselves.

1
1

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017