back to article Russia to SAP, Apple: Hand over source code to prove you're not spies

Russia has asked SAP and Apple to hand over their products' source code so it can be tested for spyware. The nation's Ministry of Communications and Mass Media announced the request on Wednesday. The shrinkwrapped statement sees Communications minister Nikolai Nikiforov citing the revelations from rogue NSA contractor Edward …

  1. Anonymous Coward
    Anonymous Coward

    well, why not ...

    as long as the source code is examined and then either escrowed or destroyed, and as long as the governments in question give unlimited liability guarantees against all consequential losses for all time, what's the harm? ;-)

    1. Gordon 10 Silver badge
      Joke

      Re: well, why not ...

      And any remote vulnerabilities that the FSB discover against Apples and SAP's servers as a result of the code exam will remain unexploited I'm sure.

      Still what's good for the goose......

      Will be interesting to see the fall out from this over the long term - who will win between the spook owned politicians in the US and those owned by the corporates who are increasingly suffering as the NSA's pigeons come home to roost.

    2. Anonymous Coward
      Anonymous Coward

      Re: well, why not ...

      And in which country would you intend to litigate ? ;-)

  2. chekri

    Try adding in some punctuation - this is barely readable.

    1. Michael Wojcik Silver badge

      Try: adding (in) some .. punctuation! - this is barely(?) "readable".

      Well, I tried, but I don't think it helped.

  3. Anonymous Coward
    Anonymous Coward

    Didn't make a word of random insertion sense that part about foreign minsiter edward snowdon was total cotoneaster blooming in my garden nonsense another example of sloppy copy cut paste delete backspace passing the editorial aye aye captain quality journalism and editorial oversight is dead at take the register arnold here brampton here cuthbert here peanuts and monkeys I suspect

  4. Kraggy

    Your final question is wrong, it isn't what Snowden has wrought, but what the NSA has,.

  5. Silviu C.

    it's not enough

    They need to be able to prove that the software they're running was compiled from the source code they're auditing,

    1. Mark 85 Silver badge

      Re: it's not enough

      Shush.... that's being thought about by the Department of the Obvious... er... Does Russia have a Department of the Obvious?

      1. Anonymous Coward
        Anonymous Coward

        Re: it's not enough

        They can always build it themselves (using their own compilers) and distribute their own binaries. Making sure licenses are paid for, of course.

        But they'll have to go through that whole process every time Apple releases a patch or an upgrade.

        Come to think of it: in principle they should go through the whole source review process every time Apple releases a patch or upgrade anyway.

    2. frobnicate
      Childcatcher

      the software they're running was compiled from the source code

      If building and comparing binaries is beyond their capabilities, the West is safe.

  6. b0llchit
    Black Helicopters

    Hide and fear

    This is an "if you have nothing to hide, you have nothing to fear" approach.

    Although I am a bit unsympathetic to proprietary software, and not wanting to defend apple or sap in particular, the real problem is that one is asked to prove a negative. That leads to guilty unless proven innocent. Or, in other words, a pretext to (seemingly) random enforcement of whatever the ruling class feels like. Bad times are looming.

    1. Ted Treen
      Facepalm

      Re: Hide and fear

      And do the Russkis really believe that absence of evidence is the same as evidence of absence?

      If you find something, then it's there. If you don't find something, all that proves is that you ain't found something - not that something ain't there...

  7. jake Silver badge

    What good does the source do ...

    ... if you don't own the tool-chain? c.f. http://cm.bell-labs.com/who/ken/trust.html

    Politicians (and other management!) have zero clues about code.

  8. Anonymous Coward
    Anonymous Coward

    Not exactly new

    Huawei happily complies with UK government via HCSEC. so its not exactly limited to Russia

    1. Robert Helpmann?? Silver badge
      Childcatcher

      Re: Not exactly new

      A good point. So why is Russia OK with Microsoft products while China has banned at least some of them based on security concerns?

  9. bigtimehustler

    Completely pointless, endless patches that could introduce back doors and the issue of whether the code is what the binaries were compiled from all the time will make it impossible to achieve.

  10. Anonymous Coward
    Anonymous Coward

    Paranoia is the new normal

    These days it's necessary for everyone to be paranoid, even governments.

    NSA will probably ask Apple and SAP to give the russians backdoor free source code.

    1. kmac499

      Re: Paranoia is the new normal

      Nah Twas' always so..

      I remember Sinclair Spectrums being pulled for sale in Heathrow Duty Free, just in case those pesky Russkies bought one and built a better bomb with one..

      On the other hand around this time I do know of a company director who took 286\386 chips into the USSR in his luggage and swapped them for some very high-tech imaging kit that we no longer made in the UK but the Russians did..

      Considering the nature of the work his company did for the MoD if MI6 didn't tip him the nod to do it I would be very surprised..

  11. Alan Denman

    Russian Fools

    Nothing to see.

    Apple stuff is all about the US corporation monopoly.

    They want you roubles, not your country.

  12. hammarbtyp Silver badge

    In Russia, vulnerabilities find you!!

    Since Microsoft cannot find it's own vulnerabilities (or I would not have to reboot my machine virtually every Tuesday) , why does the Russian state think it will have anymore luck?

    That is unless any deliberate security changes have comments around them like

    /* Backdoor added by NSA. Ssssh don't tell anyone */

  13. JeffyPoooh Silver badge
    Pint

    SAP Source Code?

    It's printed on the back of the box, innit? Thusly:

    10: REM SAP

    20: GOSUB display_some_wee_boxes

    30: GOSUB frustrate_user

    40: GOSUB (RND(100))

    50: GOTO 20

    1. disgruntled yank Silver badge

      Re: SAP Source Code?

      I assume that review of SAP source code will be used a punishment for those who demonstrate against the government, disparage Putin, etc.

      1. Michael Wojcik Silver badge

        Re: SAP Source Code?

        Off to the gulag to desk-check, comrade!

        It's the IT version of A Day in the Life of Ivan Denisovitch.

  14. DougS Silver badge

    Good luck with that

    These are probably the two companies least likely to share their source code for a fishing expedition.

    I mean, sharing your source code with the country that's home to more hackers per capita than probably any other, and has a corrupt government where officials are easy to bribe...what could possibly go wrong?

    Apple at least isn't very successful in Russia anyway, so they have little to lose by ignoring this request. Not sure how much business SAP does there.

    1. solo

      Re: Good luck with that

      "..sharing your source code with the country that's home to more hackers per capita.."

      You mean hackers who can hack senators?

  15. Fenton

    SAP: Why bother looking that source code

    Just look at the license agreement.

    To get support from SAP you must have a permanent link setup with SAP. Without it, no online support, no patches, no upgrades, no serivices.

  16. Anonymous Coward
    Anonymous Coward

    Would you trust Russians with your source code? Nah, me neither...

    1. ShadowedOne

      I wouldn't trust the US with it either..

      1. Michael Wojcik Silver badge

        I don't trust myself with it. That's why I forget how it works at the end of each day.

  17. Sony Jim

    That is a fair request.

    There is ample reasoning behind doing this. More than just a little suspicion - so for Authorities not to view the source code at each version release would be irresponsible.

    Governments and select organisations (such as Electronic Frontier Foundation) should have access to source code to verify that it does not infringe on privacy and security. Governments are responsible for security and for protecting their citizens rights after-all.

    For Government departments, Emergency Services, Defence, and strategic industries they should be able to both validate the source code then recompile it themselves to create images for deployment.

    If a company does not provide access to source software, firmware or other code they should be prohibited from being used in critical areas and be either banned or have a large tax levied against the products (and related services) as both a disincentive and also as a contribution towards the funding of proper and more responsible alternatives.

  18. Sony Jim

    Governments and select organisations (such as Electronic Frontier Foundation) should have access to source code to verify that it does not infringe on privacy and security. Governments are responsible for security and for protecting their citizens after-all.

    For Governments and strategic industries they should be able to both validate the source code then recompile it themselves to create images for deployment to critical services.

    If a company does not provide access to software, firmware or other code they should be prohibited from being used in critical areas and have a large tax levied against the products (and related services) as both a disincentive and also as a contribution towards the funding of proper and more responsible alternatives

  19. Gannon (J.) Dick
    Pint

    Careful what you wish for Vlad

    I've seen some of that source code. It doesn't prove they are spies. Wow, in fact it does not even suggest they are sober.

    Sure, if you have a lot of time on your hands but, you know, government, Russia, it's a big place, lots to do etc.

  20. Robin Bradshaw

    Custom russian silicon

    I hope Russia does build its own CPU's but ill be most upset if they use 64 bit ARM, Id like to see a SETUN 2.0 because the world needs a ternary CPU :)

  21. Adam 1 Silver badge

    If only there was an operating system that could run on commodity hardware where the source code and complete build chain were open source....

    1. Nunya Biznas
      Holmes

      Re:

      Well now you are just talking crazy. Who would make software that is free to use, audit and modify by anyone?!? Sounds like communism!!!

      1. Michael Wojcik Silver badge

        Re: Re:

        Sounds like communism!!!

        Of course someone has put this clip on YouTube.

  22. heyrick Silver badge

    What hath Snowden wrought?

    Given some of the interesting ... "diagnostics" ... aids that have recently been found in iOS, I think the only involvement of Snowden was to lower our level of trust enough that we'd start to see that which was hidden all along. This, they brought upon themselves.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019