I'm very concerned about bugdoors and very grateful to Snowden, but I don't remember a specific example of a software bugdoor that was disclosed there or identified as such as a result of his revelations. Do you have an example? I don't think the Dual-EC DRBG counts here.
This happened later than Snowden, but is an example of an unsettling revelation.
A bug has existed for many years in Apple devices, until a few years ago, when it has been discovered accidentally by some victims, which has forced Apple to fix it, after several CVEs where assigned to it and associated software bugs.
The bug consisted that some secret test registers, which allowed a complete bypass of all memory protection, were left accessible after production. Thus knowledgeable attackers could take control remotely of an iPhone, for many years, in a completely undetectable way, by sending an invisible message, which then exploited some bugs in Apple system libraries to gain privileged access to the secret test registers, which were then used for complete access to any hardware, including stored files, video camera and microphone.
This backdoor was discovered only because some victims became suspicious due to unexpectedly high Internet traffic originating from their iPhone, which was recorded by an external firewall.
This was discussed on HN after its discovery.
It is hard to believe that such a mistake like forgetting to disable the test registers after production could have happened and it also would have never been discovered for many years, without some Apple insider intentionally doing it.
Moreover, the unknown attackers who have exploited the backdoor for many years had complete knowledge about the secret test registers, which is likely to have been provided by an Apple insider, perhaps the same who has ensured that they remain accessible.
Hopefully, the backdoor has been created only by some lower-rank employee, and it was not created with the knowledge of the management, due to some request from a TLA. It is unknown whether the backdoor has been open in all Apple devices, or only in those sold in certain markets.
When the backdoor was discovered, it was used to spy on some Russians, so some US agency or one from Israel were among the possible exploiters of it (this was before the current war).
I've seen this take in another GitHub thread, but are there any stats confirming this? As far as I know a lot of Github stats are publicly available, and can be queried via Clickhouse.
There may be other problems but as someone who's somehow ended up integrating Git into a service twice in my career without even trying that hard to find a reason (it turns out it's weirdly handy in quite a few situations, god I wish it were implemented as a library and not a pile of Perl and shit, and yes I know about libgit2) and has looked into some of Git's and Gitlab's posts about their architectures over the years though the lens of having fought a few of the same beasts, an Azure migration was very obviously going to make things worse.
Thank you so much! Gumroad is exactly what I was looking for. I didn't even bother researching them after I saw that they weren't recommend by https://opensubscriptionplatforms.com but that was silly because it's almost exactly what I wanted. I'm more than happy to take the hit of not being able to export customers fully if it means not having to jump through weird loopholes to get money in my bank account at the end of the day!
The chilling effects it will have on free speech should not be discounted, though. Despite the patchy enforcement and relatively small fines, people will self-censor rather than risk saying anything "illegal".
