[NTLUG:Discuss] Hidden Malware in offshore products raisesconcerns

Tom Adelstein adelste at netscape.net
Sat Sep 13 15:18:47 CDT 2003 

Tom Tumelty <tumelty4 at yahoo.com> wrote:

>Steve, I am not going to respond to your comments because  : 1) it would take too much of my time which i can spend elsewhere being productive. 2) you have to many open ended arguements with to many variables therefore they are not worth discussing IMHO.
> 
> If you are a british citizen and you feel this way, then why do you choose to be in the United States?  
> 
>The economy and the outsourcing of tech work to other countries are  major issues for the American Technical Worker, and both events concurrently are very severe. I believe there will be implications to this outsourcing trend which we have yet to experience and learn how to deal with.
> 
> 
>Tom
> 
>
>
>Steve <steve at cyberianhamster.com> wrote:
>On Fri, 2003-09-12 at 20:21, Tom Adelstein wrote:
>> I don't think that's the point at all.
>
>> I wish more people understood the issues. They don't and won't.
>
>> The Chinese understand it and that's why they compile everything themselves and have their own official Linux. 
>
>Since the Chinese government understands the issues, what is the U.S.
>official Linux distro and what makes it (and other domestic distros)
>more secure wrt malware than the non-official, foreign distros? Please
>tell us so we can tell our Suse and Mandrake friends why Lindows is the
>superior linux distribution if you're concerned about malware. 
>
>What does compiling something yourself have to do with the risks of
>offshore programming? If a domestic programmer gives you customized,
>complex code with something malicious in it, and you don't have a
>process to check the code or don't want to, just compiling it yourself
>isn't going to diminish your risk profile.
>
>
>> Americans have little to no understanding of the risks and perils associated with people doing software offshore.
>
>How are these risks and perils radically different from using domestic
>programmers? Is there some consolation for being cracked by a domestic
>programmer instead of a foreign one? "Well, at least he wasn't Indian." 
>
>The Computerworld article spends a lot of time discussing security
>issues and responses that apply to using ANY programmers of complex,
>critical application. That's what I mean by "I'm not sure what the point
>is." And the article mostly ends with this thought:
>
>********
>"Oracle Corp. Chief Security Officer Mary Ann Davidson said the
>globalization of software development dictates global development
>processes. "The assumption is that everybody physically located outside
>the U.S. is more of a risk." But that assumption is incorrect, Davidson
>said, citing the many documented and publicized security lapses from
>trusted U.S. employees in both the public and private sector. Still, at
>the end of the day, with current tools, it's difficult to find hidden
>malware, she said.
>********
>
>Never mind that the security problems arising from poor programming and
>setup far outweigh that of malware. I'm sure that Interbase customers
>were comforted when they found out that the backdoor to their database
>that existed for years was from a domestic company. Of course, this
>wasn't malware. This was for "to help the customer" by letting them get
>into my db with the hard-to-guess userid and password of "politically"
>and "correct".
>
>
>> At OSSI, we can't even bring a non-citizen anywhere near a project. 
>
>So the Chinese guy who just became an American citizen is going to be
>way ahead of that guy in India wrt your peace of mind. And this
>differentiation, by itself, will change how OSSI views the risk profile
>of its actions?
>
>If the person is creating customized code for you, it is there for you
>to see, just as it is with a domestic programmer. An organization that
>means to do you harm can easily infiltrate an organization through a
>domestic programmer. No process for proofing your code and a dubious
>trust position with respect to your programmers, regardless of their
>nationality, is going to be the achilles heel from a security
>standpoint. 
>
>Steve
>

I have even a better one for you, Steve.

Go back to the UK. Take your smart mouth with you.

Next, watch the US stop exporting jobs and watch them bring them all back here.

Economically, it makes no sense for the US to engage in foreign trade. We run trade deficits. We can easily self contain our economy, lower the cost of living and provide for our own needs.

A backlash is coming as certain as the one that got us here which came in the 1960's. Traditionally, the US has been an isolationist society. We stepped in it when we came to the rescue of the Brits in WWII. Previously, our discussions of England were about how many times you butt heads invaded us, burned our homes and capitals and took our money. 

I know the common logic in England goes something like "we populated these countires, built their infrastructure and they hade us." You didn't do that here - maybe in Canada, New Zealand and Australia, not here. We owe you nothing.

Now, the EU wants to stop us from using the names of European Cheeses. The French desecrate the graves of Americans that died to free them. You want someone's job. Even dumb Americans eventually wake up.

I can tell you this and it's for absolute certain. IT workers will become activists and get our jobs back. It's in the planning stages now and it's going to make the union boycotts of the past look tame. 

So go back to England. Because idiots like you have drug my country down and I won't be polite about it. Remember the chants of "England for the English"? Great idea.

Oh, and BTW, Linus lives in the US. MIT did more for Linux than anyone.

You do with your software what you want, we'll do what we want.

And don't pretend you understand what it means to be am American because you don't and can't.

And anyone else who doesn't like it here, go somewhere else. If you don't like not having a job, start doing something about it and quit whining like whimps.

Steve, thank you.







-- 
Tom Adelstein


__________________________________________________________________
McAfee VirusScan Online from the Netscape Network.
Comprehensive protection for your entire computer. Get your free trial today!
http://channels.netscape.com/ns/computing/mcafee/index.jsp?promo=393397

Get AOL Instant Messenger 5.1 free of charge.  Download Now!
http://aim.aol.com/aimnew/Aim/register.adp?promo=380455

More information about the Discuss mailing list