back to article Russia to SAP, Apple: Hand over source code to prove you're not spies

Russia has asked SAP and Apple to hand over their products' source code so it can be tested for spyware. The nation's Ministry of Communications and Mass Media announced the request on Wednesday. The shrinkwrapped statement sees Communications minister Nikolai Nikiforov citing the revelations from rogue NSA contractor Edward …

Anonymous Coward
Anonymous Coward

well, why not ...

as long as the source code is examined and then either escrowed or destroyed, and as long as the governments in question give unlimited liability guarantees against all consequential losses for all time, what's the harm? ;-)

Gordon 10
Silver badge
Joke

Re: well, why not ...

And any remote vulnerabilities that the FSB discover against Apples and SAP's servers as a result of the code exam will remain unexploited I'm sure.

Still what's good for the goose......

Will be interesting to see the fall out from this over the long term - who will win between the spook owned politicians in the US and those owned by the corporates who are increasingly suffering as the NSA's pigeons come home to roost.

Anonymous Coward
Anonymous Coward

Re: well, why not ...

And in which country would you intend to litigate ? ;-)

chekri

Try adding in some punctuation - this is barely readable.

Michael Wojcik
Silver badge

Try: adding (in) some .. punctuation! - this is barely(?) "readable".

Well, I tried, but I don't think it helped.

Anonymous Coward
Anonymous Coward

Didn't make a word of random insertion sense that part about foreign minsiter edward snowdon was total cotoneaster blooming in my garden nonsense another example of sloppy copy cut paste delete backspace passing the editorial aye aye captain quality journalism and editorial oversight is dead at take the register arnold here brampton here cuthbert here peanuts and monkeys I suspect

Kraggy

Your final question is wrong, it isn't what Snowden has wrought, but what the NSA has,.

Silviu C.

it's not enough

They need to be able to prove that the software they're running was compiled from the source code they're auditing,

Mark 85
Silver badge

Re: it's not enough

Shush.... that's being thought about by the Department of the Obvious... er... Does Russia have a Department of the Obvious?

frobnicate
Childcatcher

the software they're running was compiled from the source code

If building and comparing binaries is beyond their capabilities, the West is safe.

Anonymous Coward
Anonymous Coward

Re: it's not enough

They can always build it themselves (using their own compilers) and distribute their own binaries. Making sure licenses are paid for, of course.

But they'll have to go through that whole process every time Apple releases a patch or an upgrade.

Come to think of it: in principle they should go through the whole source review process every time Apple releases a patch or upgrade anyway.

b0llchit
Black Helicopters

Hide and fear

This is an "if you have nothing to hide, you have nothing to fear" approach.

Although I am a bit unsympathetic to proprietary software, and not wanting to defend apple or sap in particular, the real problem is that one is asked to prove a negative. That leads to guilty unless proven innocent. Or, in other words, a pretext to (seemingly) random enforcement of whatever the ruling class feels like. Bad times are looming.

Ted Treen
Facepalm

Re: Hide and fear

And do the Russkis really believe that absence of evidence is the same as evidence of absence?

If you find something, then it's there. If you don't find something, all that proves is that you ain't found something - not that something ain't there...

jake
Silver badge

What good does the source do ...

... if you don't own the tool-chain? c.f. http://cm.bell-labs.com/who/ken/trust.html

Politicians (and other management!) have zero clues about code.

Anonymous Coward
Anonymous Coward

Not exactly new

Huawei happily complies with UK government via HCSEC. so its not exactly limited to Russia

Robert Helpmann??
Silver badge
Childcatcher

Re: Not exactly new

A good point. So why is Russia OK with Microsoft products while China has banned at least some of them based on security concerns?

bigtimehustler

Completely pointless, endless patches that could introduce back doors and the issue of whether the code is what the binaries were compiled from all the time will make it impossible to achieve.

Anonymous Coward
Anonymous Coward

Paranoia is the new normal

These days it's necessary for everyone to be paranoid, even governments.

NSA will probably ask Apple and SAP to give the russians backdoor free source code.

kmac499

Re: Paranoia is the new normal

Nah Twas' always so..

I remember Sinclair Spectrums being pulled for sale in Heathrow Duty Free, just in case those pesky Russkies bought one and built a better bomb with one..

On the other hand around this time I do know of a company director who took 286\386 chips into the USSR in his luggage and swapped them for some very high-tech imaging kit that we no longer made in the UK but the Russians did..

Considering the nature of the work his company did for the MoD if MI6 didn't tip him the nod to do it I would be very surprised..

Alan Denman

Russian Fools

Nothing to see.

Apple stuff is all about the US corporation monopoly.

They want you roubles, not your country.

hammarbtyp
Silver badge

In Russia, vulnerabilities find you!!

Since Microsoft cannot find it's own vulnerabilities (or I would not have to reboot my machine virtually every Tuesday) , why does the Russian state think it will have anymore luck?

That is unless any deliberate security changes have comments around them like

/* Backdoor added by NSA. Ssssh don't tell anyone */

JeffyPoooh
Silver badge
Pint

SAP Source Code?

It's printed on the back of the box, innit? Thusly:

10: REM SAP

20: GOSUB display_some_wee_boxes

30: GOSUB frustrate_user

40: GOSUB (RND(100))

50: GOTO 20

disgruntled yank
Silver badge

Re: SAP Source Code?

I assume that review of SAP source code will be used a punishment for those who demonstrate against the government, disparage Putin, etc.

Michael Wojcik
Silver badge

Re: SAP Source Code?

Off to the gulag to desk-check, comrade!

It's the IT version of A Day in the Life of Ivan Denisovitch.

DougS
Silver badge

Good luck with that

These are probably the two companies least likely to share their source code for a fishing expedition.

I mean, sharing your source code with the country that's home to more hackers per capita than probably any other, and has a corrupt government where officials are easy to bribe...what could possibly go wrong?

Apple at least isn't very successful in Russia anyway, so they have little to lose by ignoring this request. Not sure how much business SAP does there.

solo

Re: Good luck with that

"..sharing your source code with the country that's home to more hackers per capita.."

You mean hackers who can hack senators?

Fenton

SAP: Why bother looking that source code

Just look at the license agreement.

To get support from SAP you must have a permanent link setup with SAP. Without it, no online support, no patches, no upgrades, no serivices.

Anonymous Coward
Anonymous Coward

Would you trust Russians with your source code? Nah, me neither...

ShadowedOne

I wouldn't trust the US with it either..

Michael Wojcik
Silver badge

I don't trust myself with it. That's why I forget how it works at the end of each day.

Sony Jim

That is a fair request.

There is ample reasoning behind doing this. More than just a little suspicion - so for Authorities not to view the source code at each version release would be irresponsible.

Governments and select organisations (such as Electronic Frontier Foundation) should have access to source code to verify that it does not infringe on privacy and security. Governments are responsible for security and for protecting their citizens rights after-all.

For Government departments, Emergency Services, Defence, and strategic industries they should be able to both validate the source code then recompile it themselves to create images for deployment.

If a company does not provide access to source software, firmware or other code they should be prohibited from being used in critical areas and be either banned or have a large tax levied against the products (and related services) as both a disincentive and also as a contribution towards the funding of proper and more responsible alternatives.

Sony Jim

Governments and select organisations (such as Electronic Frontier Foundation) should have access to source code to verify that it does not infringe on privacy and security. Governments are responsible for security and for protecting their citizens after-all.

For Governments and strategic industries they should be able to both validate the source code then recompile it themselves to create images for deployment to critical services.

If a company does not provide access to software, firmware or other code they should be prohibited from being used in critical areas and have a large tax levied against the products (and related services) as both a disincentive and also as a contribution towards the funding of proper and more responsible alternatives

Gannon (J.) Dick
Pint

Careful what you wish for Vlad

I've seen some of that source code. It doesn't prove they are spies. Wow, in fact it does not even suggest they are sober.

Sure, if you have a lot of time on your hands but, you know, government, Russia, it's a big place, lots to do etc.

Robin Bradshaw

Custom russian silicon

I hope Russia does build its own CPU's but ill be most upset if they use 64 bit ARM, Id like to see a SETUN 2.0 because the world needs a ternary CPU :)

Adam 1
Silver badge

If only there was an operating system that could run on commodity hardware where the source code and complete build chain were open source....

Nunya Biznas
Holmes

Re:

Well now you are just talking crazy. Who would make software that is free to use, audit and modify by anyone?!? Sounds like communism!!!

Michael Wojcik
Silver badge

Re: Re:

Sounds like communism!!!

Of course someone has put this clip on YouTube.

heyrick
Silver badge

What hath Snowden wrought?

Given some of the interesting ... "diagnostics" ... aids that have recently been found in iOS, I think the only involvement of Snowden was to lower our level of trust enough that we'd start to see that which was hidden all along. This, they brought upon themselves.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018