Microsoft opens up government spyware retail stores

That Microsoft Windows is a major supplier of NSA spyware, is commenly known and proven since 1997.

However, as business for Microsoft is not doing so well, Microsoft has announced at the Munich Security Conference last week that they are going to open up "Windows Transparency Centers" all over the world, which will only serve customers that either are governments or governmental organization, or large companies that work for governments.

The reason why Microsoft is setting these centers up, according to Microsoft, is to provide access to the Windows source code to these customers.

Now what does Microsoft mean by that?

Do they mean that they will set up a safe room in which government agents can come to check out the Windows source code, or do they mean that they will sell services to governmental agencies and large corporations to integrate custom spyware and backdoor access into the Windows source code?

Well... that is not known. Certain is though that this is a serious kneefall from Microsoft. If they go through such great lengths to "sell" Microsoft Windows to governments outside of the US, imagine how desperate they really are, and how this can be used for the benefit of mankind.

BTW, in Germany, the CCC is an official government consultant when it comes to software and security...

...and all our lives are a lie and we are all controlled by secret society Illuminati masterminds.

Maybe next you can enlighten us about how Linux is the second coming of Jesus in the form of holy software, here to save us all from the sin of closed source code.

Is that going to be the new thing, posting non-related troll crap in every news thread about Microsoft? This isn't about linux, my friend, this is about Microsoft's announcement at the Munich Security Convention.

Hmm interesting... So are sys-admins that work for government institutions now going to be able to compile their own windows or just look at the code and still be forced to use official MS binaries ?

Also I don't quite understand what showing the source-code to presumingly a few dozen people is supposed to accomplish besides a political misinformation stunt. The Ms Windows source must contain a gazillion lines of code, it would probably take several lifetimes for a few outsiders to audit it.

The reason why open-source is considered to be safer and more trustworthy is because e_v_e_r_y_b_o_d_y can audit it & the threat that if a software starts to introduce malicious features it will get forked and most of the users will change to the non-malicious fork abandoning unethical developers. I can see none of those benefits here

or will there be the possibility to fork windows ?

From a user prospective: giving governments the ability to find security holes, but not the users, is putting users at a even greater disadvantage, because governments are going to start hording exploits, (more secret exploits = less IT-sec) and serve nothing other than a cyber-war arms-race.

The only non-evil motivation that I can come up with is that MS is aiming at a cyber-MAD (Mutually Assured Destruction). Which seems to be very risky business because their is no guaranty that an arms race will produce equally matched opponents that don't dare to attack each other. Especially since China is going all Linux.

An other interpretation could be that MS has given up on Consumers and hence sees no need to gain their trust.

Gosh I wish i could go back in time when computers were a source of fun for enthusiasts and not an instrument of political power. Greed and the lust for power ruins everything. Makes me wish for brain analyzing technology to bare certain people from positions of power. Something along the lines of not letting perverts be teachers.

These "Transparency Centers" will only open their doors beginning of next year (Jan 1, 2015). Microsoft first has a rather annoying legal problem to solve, a really big problem.

The way I understood it, the European Cybercops for instance would get access to the source code. I don't know what I think of the whole thing yet. Could be that Microsoft thinks it can escape some pretty nasty problems by throwing a bone in the ring and letting the dogs fight over it, while saving the meat for itself. Fact is though that Microsoft in that case has felt compelled to throw that bone, and that's a major mistake according to Sun Tzu, however you interpret it. If they want to look weak where they are strong, they have overlooked a pretty important piece of intelligence, and if they don't, they are playing a pretty risky and obvious game that shows that the skirmishes that have taken place until now have been taking a big toll on Microsoft and that they really are in retreat, and all of that amidst a complete change of strategy... I think it might get interesting soon. Maybe Microsoft has just set a time clock for the self-destruct of their Windows objective.

We will open an international Transparency Center in Brussels, which will offer government customers an increased ability to review our source code. The Brussels center will build upon on our long-standing program that provides government customers with the ability to review our source code, reassure themselves of its integrity and confirm there are no back doors. 

I think this is a step forward. Microsoft is trying to step forward and prove that they aren't working with the NSA, as many allegations claim.

They're opening their source to a few government customers, that's a lot, considering that windows is closed source. and that they can't release the entire source, or windows would stop making money all together. Because no one uses microsoft support. 

If they were doing this to sell Spyware to the government then I don't think they would announce it in public like this.

I think, the new CEO of microsoft is just trying a different approach.

Quote source

This isn't a news article. This is another windows slander post.

Quote source

You really have to, don't you... I'm not really going to respond to your gratuitous allegation because you'll just delete the thread anyway and this is a valid subject for discussion, and if you can leave your abrasive comments behind, you're invited to discuss the subject.

Anyway, moving on...

My source was the Munich Security Convention and what I wrote was inspired by professional hands-on experience. As to your pro-Microsoft-biased journalistic source, what Microsoft said on the subject was more than that, and the venue they announced it at was indicative, and the European Commission has always been refused access to the source code, so that Microsoft has a long-standing program that provides government customers with the ability to review source code, is just not true. Microsoft has also said they would provide access to the source code, that is something different than providing the ability to review the code, as stated in the article. The hearing where Microsoft refused review of the source code to the European government was publicly broadcast, and the announcement by Microsoft at the convention was recorded, and is accessible to everyone. The article you linked to source to, is not congruent with the original material. People that are interested, can immediately watch the original material.

Microsoft also said that it would only be from Jan 1, 2015 on, if they just wanted to provide transparency, why not immediately, the problem is now, not in 2015.

Microsoft also said that they would provide access to governmental organizations, not just Microsoft customers, which is another thing the article you linked to was wrong on.

You really have to, don't you... I'm not really going to respond to your gratuitous allegation because you'll just delete the thread anyway and this is a valid subject for discussion, and if you can leave your abrasive comments behind, you're invited to discuss the subject.

I actually didnt mean to put that in, I originally thought so, but I reworked my entire post because I saw that you were opening it for more discussion, and I apologize that I left it in by mistake. As you can tell from the rest of my post, I was not accusing you, or being harsh in any way. It has been edited out. Also, Don't start about other threads, because I had nothing to do with it.

pro-Microsoft-biased journalistic source

As opposed to your non-microsoft biased not source?

Microsoft has also said they would provide access to the source code, that is something different than providing the ability to review the code, as stated in the article

If someone has access to the code. Pretty sure that means that they can review it. If I had access to a code. I could look at it. That's what access means.

The hearing where Microsoft refused review of the source code to the European government was publicly broadcast

Was this before or after the new CEO? If it's before, then you can't include that in an argument, because things have changed. If it were after, it does look a bit shady. But microsoft could be doing it on a region wide basis, or trying it at home first, to see how it goes. Why would the first people they release their code to be in a different region? 

Jan 1, 2015 on, if they just wanted to provide transparency, why not immediately, the problem is now, not in 2015.

I agree with this. This shows that they could be doing something with the code before it's released. Or maybe there will be another update to windows that they want to put out beforehand? I don't really know.

Microsoft also said that they would provide access to governmental organizations, not just Microsoft customers, which is another thing the article you linked to was wrong on.

Government customers. Government organizations are also customers.

Maybe Microsoft has just set a time clock for the self-destruct of their Windows objective.

Well if that's the case, they might as well open-source it

Is nobody addressing the elephant in the room ?

Clean Source code doesn't mean clean binary

so.... transparency is bad?

how does it not? if the binary is compiled from the source....

dat dirty dirty compiler.

i suppose, that's possible, but it'd be hard to fit such things into the compiler, as I understand it

yeah ok a dirty compiler is one way,

but you can have it much simpler: MS shows a clean source and adds the male-ware just before compiling. Because they just promised a review of the source, it says nowhere that they will allow compiling one's own binaries.

I didn't say that Microsoft was going to sell malware services to governments, but you have to admit that it's the obvious thing to think if they open up such a shop, not only in Brussels, but also in other centers of political power. I just wanted to get the discussion started on this.

Governments customers... a lot of EU countries are not that Windows-minded. Half of Europe was behind the Iron Curtain up until 1990, and many governments that do use Windows on PC's have the same thing going on as everywhere else in the world, namely that a lot of them are still running XP, and with XP being EoL, and everything that is going on, there isn't that much probability that they will migrate to 7. So the problem for Microsoft is right now, they should provide full disclosure right now to convince these government clients to migrate to 7 instead of linux. By delaying it until next year, they are sabotaging their own business.

What I do think is that Nadella has something to do with this, in that I think that he's set a 6 month or so deadline in Microsoft to clean up the kernel and source code and to figure it out basically, so that they can provide transparency on their source, because I think that Microsoft over the years has become so complacent that they really can't provide credible transparency, even internally, right now.

I do agree that Nadella stands for positive change, or at least the hope of positive change, and I really think that the shareholders are also tired of the old ways. Signs of this are: 1. the release of the RT SDK, 2. an early patch day with 4 major security fixes released today, 3. the release of a new cloud product for businesses, called PowerBI, whereby Microsoft offers a service that might be very useful to smaller businesses that don't have the means to process big data themselves. However, here again, there is the obvious caveat for data mining by Microsoft. In that respect, PowerBI is quite a dangerous tool. But for neutral data that has no intrinsic value to anyone else but the company that uses the service, it's actually quite a likable proposition. Microsoft should have named it differently though, PowerBI is obviously not a name invented by the marketing department at Microsoft, and that is also a good thing, but that doesn't make the name any better. It's also a hint at IBM, and I don't think they will be too pleased with that, 4. I have friends that work at Microsoft, and they seem pretty happy with Nadella, they were having a really bad time at Microsoft in the last couple of years, and now they seem rather positive again.

I wonder if this is just a "Honeymoon" period, or if things are actually going to change for the better, though. But with Bill Gates actively coming back, who knows.

I'm very interested in the future of Microsoft now. I think they finally realized that they've fucked up a bit.

Companies large and small are moving to linux based systems, and they know that. hopefully this will push them to not be completely evil.

I'm also interested (Sorry to bring up a semi-unrelated topic) On how Bill will work with Microsoft now that Steve jobs is gone. Jobs was a big, personal rival to him. So his change of work-flow, or ethics, could be interesting, as well.

I think that Bill Gates now is not the same anymore as before 2000. What I believe he brings to the table now is life experience, and that can be very valuable.

I also think that it's a fact that Gates really cares about Microsoft, because why would he step down as pres of the board and take on a part-time job as internal consultant, when he's holding less than 4.5 % of shares right now and will have no shares left in 2018. The obvious answer is because of the tax benefit on the sale of the rest of those shares, but I don't really believe that he would continue to link his name to Microsoft if he didn't care at this point.

The fact that Steve Jobs is dead, will probably if anything lead to the recognition of internal rivalry instead of external. Microsoft has become an institution, they are in dire need of a refresh.

But in the end, Xen is now already making virtualization apps for Android to run iOS apps on Android devices. The entire operating systems conundrum has taken so long to settle, that other solutions based on the linux kernel have become available, and if there is one technology that I really think is going to take over the software universe, it's virtualization. And I think nobody realizes that better than Nadella. It wouldn't surprise me at all to see Microsoft contributing to the linux kernel and building upon the linux kernel for it's own operating systems.

If I were Nadella right now, I would invite the FSF, the Linux Foundation, Apple, AMD, IBM, etc... to the Microsoft headquarters, and have a chat about a unified kernel and a unified compiler, that would in terms of core functionality be entirely GPL licensed and FLOSS, but with opt-in proprietary plugins, both on the kernel level, like the current situation with the linux kernel, and the compiler level, which is not the case with GCC and LLVM/Clang, because GCC refuses proprietary plugins and LLVM/Clang doesn't offer the option to leave them out. A unified FLOSS kernel would solve a lot of problems. It would also make virtualization a lot easier, and with a unified compiler, it would make software development a lot easier and less expensive. It is going to come anyway, how huge of a benefit would it be for Nadella and Gates to be the people that actually make it happen. Microsoft would then again be the company that brought the next phase in computing to the masses.

From which source? How do you verify that the binary is actually the product of the source you audited?

There are exactly 3 answers to the 2nd question:

1. You trust whomever gave you the binary
2. You build it yourself
3. The binary must be reproducible (requires access to the source)

Trusting Microsoft is, simply put, insane. They have a NSA backdoor in Windows since 95 or so, they were the first ones cooperating with NSA's prism program by far and generally do untrustworthy stuff every day.

Building it yourself is impossible as long as Windows is closed source proprietary software. Even if some people have access to _a_ source code it doesn't matter because everyone had to build it themselves, unless option 3.

If the binary is reproducible with a source code given to an auditor (and you trust the auditor) you can be sure that your binary and the source code they audited are the same. There are 2 problems with this regarding Windows.

1. Apparently the binary is NOT reproducible
2. (assuming it was) there has not been one single auditor I would trust because they all somehow tied to some state or profit organization and the contracts were not open (which means they might not be allowed to even say that they found a backdoor)

one FOSS to rule them all, and in the darkness bind them (through  virtualization)