I have to laugh at computer programming illiterate people throwing around terms and concepts today regarding things such as Open Source Software and Crypto.
These dummies think Open Source means not hacked.
It’s very easy to hack Open Source software, VERY EASY.
The reason is, most of the guys and girls looking at the source have a tiny bit of knowledge in computer programming compared to the guys that hacked the open source project.
Example, every program uses a computer language; they are usually ‘high level’, meaning they use ‘commands’ to do certain processes.
The bottom-line is, all a computer can understand is binary, or on and off switches, usually read by computers today in 8 bit bytes of 1 or 0. So you have 8 columns of 1 or 0, or 256 possible combinations or 2^8 power.
Higher level languages have to use interpreters to get the program to a low level language of 1 and 0’s that the computer can understand.
Now inside a program written in a language like C+ for example, you have a ton of code referring to commands, and every time you refer to a command the program does what that language was programmed to do with that command.
Often inside programs you refer to other files in the ‘core’ package, which are snippets of code to do something occasionally.
So the main ‘core’ is the larger code, and that performs ‘routines’ based upon ‘commands’ understood by the language the code was written in and the ‘core’ refers often to other programs that support the code, and it may refer to so-called ‘libraries’, of programs that are ‘utilities’ to do basic computer processing related function.
So an ‘open source’ project has a lot of computer code within it that may be ‘vulnerable’ to ‘exploits’. While the ‘core’ may be analyzed by many, most of the sub routines and utilities and even the language it is written in is not usually checked, so it is easy to refer to something outside the ‘core’ and that is how you ‘hack’ an ‘open source’ software project.
A hack in an open source project is like a good magic trick, it’s sleight of hand, you distract the public into looking at the ‘open code’ and then you use utilities most never check to possible hide the actual hack. And a lot of smart people can look at a ‘hack’ and not see it.
In Crypto you hear crypt-idiots all the time saying oh it’s secure it’s ‘open source’.
An argument can be made, it’s actually way easier to develop hacks for something usually in programming if you can see the code, and that is the whole idea of open source, the creator allows the public to view the core or source and the language it was written in.
Open Source is often ‘free’ or ‘general use’ software and many people often work on ‘open source’ projects for free. The alternative to ‘open source’ software is proprietary or compiled software, the Microsoft OS is compiled.
According to software industry ‘urban legend’ is what most people don’t understand about Microsoft is that for years they had a hacked operating system from 1981 until they had finally had all their own code in windows, according to the software industry ‘urban legend’ is that Windows 98 was the first MS OS that had none of the original compiled assembly code that Microsoft started using from the old Qdos OS from the 1970’s.
Qdos was pre-IBMpc days, and when IBM entered the PC industry they went to DRI owner Kildall the creator of CP/M to buy or license it for the first IBM PC and didn’t get it, there are multiple versions of why Kildall of DRI didn’t agree to license it to IBM.
Some of the ‘urban legend’ is that Qdos which used Assembly compared to PL/M used in CP/M had some compiled assembly code developed by a special team of Assembly guys that told Paterson public creator of Qdos that their code could never be ‘sold’.
So the ‘urban legend’ goes that IBM hired Microsoft and Bill Gates to get the rights to use a CP/M type of OS and that was Qdos owned technically by SCP, and that Paterson who created QDos and worked for SCP agreed to create MSDos from Qdos. Thus, Gates had a license right to QDos masquerading as MSDos and he was free to only LICENSE iit to whom he wanted. Microsoft kept licensing rights to MSDos never ‘selling’ QDos/MSDos to IBM.
Now the urban legend says a cabal or group of old head assembly coders helped Paterson create some of the low level handshakes in the OS and they did it with a condition that the code could never be ‘sold’ to anyone. As an employee of SCP, the code was not ‘sold’ to SCP but developed and could be used for SCP products.
So the urban legend is Paterson didn’t violate the agreement that QDos had with the guys that created the low level handshakes inside QDos that Paterson was not able to create himself. Again this is all computer software URBAN LEGEND.
Paterson worked for SCP so QDos was able to be put onto SCP products and then SCP technically gave Microsoft and Gates only license rights and didn’t sell it. Microsoft gets the license for almost nothing from SCP and then hires Paterson to adapt QDos to be MSDos. Then Microsoft could in turn only lease license rights to IBM or any company they chose, thus SCP, Paterson and Gates or Microsoft all could be said to not have violated the original DO NOT SELL THIS agreement Paterson had with the real low level cabal that helped him create QDos. AGAIN this is software industry URBAN LEGEND and not recorded that I know of in any public record over it.
Thus due to the original DO NOT SELL THIS agreement Paterson, SCP and later Microsoft had to maintain, none of them violated any DO NOT SELL PROVISION that code inside QDos may have had.
This LICENSE but DO NOT SELL clause all the parties had allowed the PC Clone revolution to start, since IBM Pc had no exclusive rights to MSDos which was really QDos, and the whole clone industry came to be, since Microsoft had the right to license QDos/MSDos to IBM or any other hardware company they wanted.
The ‘urban legend’ in the software industry, is that MS Dos and early Windows OS all had pieces of compiled Qdos OS in it, and it was suspected there was a back door in it from the Assembly team that gave a vital piece of QDos to Paterson who in turn gave it to MSDos and Gates. Publicly Paterson is the sole creator of QDos and he has even sued people trying to say QDos was copied from CP/M. CP/M was written in PL/M and while both CP/M and QDos share some basic computer commands, the codes are very different. The issue in the ‘urban legend’ is, was the low level assembly calls made in QDos entirely created by Paterson, or were there ‘others’. I have even heard versions of the ‘others’ being ‘aliens’, that’s how far this ‘urban legend’ has grown to even include ‘alien intervention’ in the story. LOL
Again, this is a ‘story’ or software industry ‘urban legend’ you hear with old-heads, geeks from the 1960’s and 1970’s capable of writing complex low level handshakes in assembly into early OS such as QDos, that higher level programmers could not do themselves.
The ‘urban legend’ is supported with a legal case Microsoft had to settle over QDos with SCP in 1986, where a public 900K range settlement was agreed to when the jury was still deliberating over who had the real rights to QDos/MSDos. Accofding to ‘urban legend’ in the software industry, that another secret settlement is said to have also had other programmers involved who may not have all agreed to the settlement, and there is no public record of any private settlement in a second rights claim that may have had other alleged developers of low level code originally in QDos that the ‘urban legend’ says remained in all Microsoft OS until around Windows 98.
Some of the ‘urban legend’ is there is an old-head geek walking around still with an UNCASHED ONE MILLION BUCK RANGE CHECK drawn on a personal account of Bill Gates to him, but he refused the settlement and never cashed the check.
So SCP got the 900K public check from Microsoft in the public settlement over MSDos, since SCP was the company that Paterson technically worked for when he created QDos for SCP, and allegedly some private deals were made with similar sized checks in a secret settlement to a handful of assembly coders that helped Paterson create QDOS.
AGAIN this is an old software industry URBAN LEGEND and all you can find is the public settlement of 925K to SCP in late 1986, and SCP is understood to have been the employer of Paterson who created QDos. The ‘urban legend’ is, did Paterson really develop it all by himself due to the complex nature of the assembly code in QDos low level handshakes. The other issue is was the SCP case the only rights case that Microsoft settled, was there another group involved in a private settlement.
Microsoft went public in early 1986 and the SCP case was settled in late 1986. The only question is, if the ‘urban legend’ is true, were other programmers paid off too as part of the QDos settlement? If some old geek one day releases his ONE MILLION BUCK UNCASHED BILL GATES CHECK, then an ‘urban legend’ may become HISTORICAL FACT.
I’m not saying the ‘urban legend’ is true, I’m merely retelling the various stories I’ve heard over the decades about Bill Gates, Tim Paterson, QDos and CP/M.
Now the ‘alien version’ is very funny, an ‘alien’ who enjoys ‘playing with humanity’ is said to have revealed to a human that he was the entity that ‘channeled’ the code of QDos to Paterson to create the modern technological age.
So maybe Gates had to stroke a 1 MILLION BUCK CHECK to an alien and he couldn’t cash it since he doesn’t have a valid ID to go to the bank. LOL
Now today, you have Windows 8 being suspected of having an NSA backdoor in it, and some governments have issued warnings to not use Windows 8.
It’s very easy to ‘back door’ compiled software, and talented low level programming geniuses often hide back doors in their creations, it’s known as the GOD COMPLEX that many low level programmers have as to their ‘creations’. They insert a secret command their creation knows only their creator knows.
At a recent conference the father of Linus Torvalds who created the quasi open source OS known as Linux stated that he asked his son if the NSA had tried to get him to back door Linux, he said NO while nodding his head YES, meaning to his father, “Yeah Dad the NSA did try and I can’t discuss it.”
At the same time the IBM PC clone industry was forming, the NSA was trying to control the future of PC’s with strict new rules stating that all academic encryption papers from US Academic Institutions had to go to spook central the NSA if they involved any encryption since all data encryption was considered a NATIONAL SECURITY ISSUE. Computers were not ‘new’, they had existed for decades, what was new was the PC and how the public would now have access to personal computers (PC’s) and the NSA wanted control of all encryption and they attempted it with rules aimed at US Academic circles in the early 1980’s.
This is historical fact.
Now in the 1980’s the concept of ECC (Elliptic Curve Cryptography) was created, two parties lay claim to its invention, Lenstra and Koblitz/Miller. Today Koblitz is very active in ECC. His 2008 paper praising how secure ECC is was released days before the famous Satoshi Nakamoto paper on Bitcoin was released. In the 2008 Koblitz paper Neal Koblitz is highly praising the NSA as well. NIST ia US Government Agency pushed ECC as well and the Wiki Leaks documents shows a 10 Million payment to NIST by the NSA to push a certain ECC crypto version which is now considered back doored, in that the SEED KEYS used to do P and Q PRNG gneration have special relationships that are only understood by the NSA since they created the keys.
So today we have major leaks about how NSA has backdoors in the crypto that is supposed to secure the worlds banking transactions and communications.
Certicom (Blackberry) in Canada uses ECC and many recent papers of Koblitz are co-authored with Menezes of Certicom. The WikiLeaks documents show various ECC versions of crypto are cooked by seed keys the NSA gave to NIST to release.
Bitcoin uses specially Koblitz Curve ECC in its signature crypto. Certicom uses ECC and a major player in Certicom who is Menezes co-authors most of the new papers of Koblitz.
Koblitz recently joined Etherum as an advisor, it’s another new crypto currency idea like Bitcoin.
So modern crypto moves through a bunch of companies and people with strong NSA ties and WikiLeaks revealed that at least some of the crypto seed keys in ECC are cooked. The relationships these numbers have is understood by the NSA and that allows a so-called ‘backdoor’.
So while you can look all day at ‘open source’ code for bitcoin and you see calls to sub routines in the core package and then you view those programs, you start to see how bitcoin an open source project is using ECC and once you know how recent wikileaks documents show many versions of ECC are corrupt, you would be foolish to think all the NSA/NIST/KOBLITZ seed keys are not cooked.
In my opinion, the NSA is not allowing release of any seed keys now that they can’t crack. That’s my OPINION based upon almost 40 years of programming and creating multiple software and internet companies over five decades now.
Can you hack OPEN SOURCE CODE?
HELL YEAH and the NSA has done it.