Slashdot Mirror
MS Cites National Security to Justify Closed Source
guacamolefoo writes: "It was recently reported in eWeek that "A senior Microsoft Corp. executive told a federal court last week that sharing information with competitors could damage national security and even threaten the U.S. war effort in Afghanistan. He later acknowledged that some Microsoft code was so flawed it could not be safely disclosed."
(Emphasis added.) The follow up from Microsoft is even better: As a result of the flaws, Microsoft has asked the court to allow a "national security" carve-out from the requirement that any code or API's be made public. Microsoft has therefore taken the position that their code is so bad that it must kept secret to keep people from being killed by it. Windows - the Pinto of the 21st century."
War is always the best excuse. One of my favorite cartoons on this is Mark Fiore's, at http://markfiore.com/animation/excuse.html. :)
qslack.com
When in doubt, raise concerns about terrorism, or inappropriately use 9/11 as a crutch. The new coin of Washington (both east and west it seems).
Nothing will ever be the same again indeed.
"Uhh, the judge is acting pissed. Did you see the way she looked at us when she said 'Obey the court'?"
"Yeah, how can we BS her on this?"
"Uhh, maybe we can find a link to terrorism?"
"YEA! That's it! We can't comply, because of National Security"
Harmph....
www.eFax.com are spammers
Any fool knows that it is flawed to that magnitude. Only the fact that it was publically admitted by a M$ official is newsworthy.
Worrying isn't it?
If the code is so bad as to be dangerous, shouldn't the government make them recall the code and return a properly functioning version?
If a car was dangerous enough to possibly cause death, wouldn't the government require a recall? Wouldn't the media jump on them like rabid wolves like they did Firestone? Wouldn't people avoid the things like they did Firestone?
The Pinto was never as dangerous as M$ products.
So they think that just because they are Microsoft, they deserve to be treated differently? If they made crap software that is full of bugs, and it gets released to other companies who my possibly take advantage of those bugs, then it's their own fault. If a product is meant to be remotely secure, the software company should employ QA teams to *TRY* and break into it, at the VERY LEAST. Writing poor code is no excuse for avoiding your punishment, MS. Perhaps those using the buggy software should be informed of this, and given a grace period to switch to another system before MS is made to open their source.
Follow me
Well, at least I hope it doesn't. A comment like this from a Microsoft bigwig doesn't sound encouraging... Mid-air GPF anyone? *ouch*
From the story:
> The protocol, which is part of Message Queuing,
> contains a coding mistake that would threaten the
> security of enterprise systems using it if it were
> disclosed, Allchin said.
Then with all the billions and billions of dollars M$ has hanging out in the bank, why not hire someone and FIX THE PROBLEM. What's the problem with doing the things that make sense?!
Single best thing M$ could do to improve their product security is to adopt the 'patch often' mindset. Fix something, release a patch, everyone goes home happy.
The bi-annual (exaggeration) security patches they currently do ain't gonna do it.
The DOJ was pressuring MS to release it's APIs etc., in the interest of fair trade. Now MS claims that doing that would put national security at risk.
What's the solution for the DOJ (who holds the reigns now)?? Simple: force MS to adopt open standards and open code modules in the future. Given that the MS business model is based on leveraging its "secret" elements, this could force them to abandon nearly all of their anticompetitive practices.
-3Suns
~~~~
The Revolution will be Slashdotted
If Ford were to say that they couldn't disclose their new transmission design because if they did it might get people killed, surely they would have to either redesign it, recall it or face a HUGE class-action lawsuit.
:)
All we need is some documented evidence of a MS exploit resulting in injury or death.
Asikaa
Come in, twenty-seventy-seventy, your time is up.
(From a story posted here)
Peruvian Congressman David Villanueva Nuñez made exactly this argument:
To guarantee national security or the security of the State, it is indispensable to be able to rely on systems without elements which allow control from a distance or the undesired transmission of information to third parties. Systems with source code freely accessible to the public are required to allow their inspection by the State itself, by the citizens, and by a large number of independent experts throughout the world. Our proposal brings further security, since the knowledge of the source code will eliminate the growing number of programs with *spy code*.
In the same way, our proposal strengthens the security of the citizens, both in their role as legitimate owners of information managed by the state, and in their role as consumers. In this second case, by allowing the growth of a widespread availability of free software not containing *spy code* able to put at risk privacy and individual freedoms.
The flaw here is that for windows code to posess the powers they imply, it would need to be a state secret. Perhaps it should be illegal to distribute mission critical osc across us boundaries? Windows code a state secret? I think not, anyone can reverse compile machine code.
Micro$oft should realize that governments do not like security threats they are not able to evaluate themselves. The NSA, for example, cannot sit and tinker with windoze's security holes the way they can with OSC (open source code)...
-Sean
"We'll security is our top priority (http://slashdot.org/article.pl?sid=02/01/17/02592 34&mode=thread&tid=109) but until it improves, our source is a threat to national security"
I think that "National Security" here means "the NSA asked us to put xyz into our code, and they'd be unhappy if it had to be removed or became public".
Remember: Cryptanalysis has, and will, always come in fourth place after burglary, blackmail, and bribery.
Tarsnap: Online backups for the truly paranoid
Terrorism = File Sharing
someonce call the RIAA and tell them the great news!
There's no way, if Windows was open source, that people would be able to find the flaws for themselves and patch the code. After all, only a malicious hacker would want to look at Windows source code ;), and only a fool would try to step through that labyrinth that would make Daudalus green with envy...
BlackGriffen
If it happened in any other industry (auto, aviation, train, commerce, weaponry, etc) the Government would drop their product like a dead rat (and more probably force the manufacturer into a recall). Yet Microsoft is willing to use it as a defense?
Three things need to happen in order for people to start getting serious about software security and reliability:
1) A software system with 1 or more serious _known_ flaws must be used on a worldwide scale by a government agency or large company.
2) That software must then fail.
3) The failure must cause thousands of deaths or hundreds of billions of dollars in loss or damage.
The result will be like the 9/11 of software...when the world wakes up and realizes that we have become so dependent on software systems for our daily lives that we actually have to start caring whether or not they work correctly. We need to start taking an engineering approach to software and KNOW (not think) that it will operate as advertised.
I'm actually hoping that this will occur sooner than later. The later it happens, the more catastrophic the result will be and the less time we'll have to rectify the problem before it happens again.
Are Microsoft's product really so vital that national security would be impacted if their security were compromised? This sounds like the Y2K hoopla all over again. There are alternatives to any microsoft product. Even if a microsoft app were so compromised that Microsoft couldn't release a bug fix -- it would only take a week or two for any orginization to migrate to new software. Sure it would be expensive, but not a threat to national security.
There are 10 types of people in this world, those who can count in binary and those who can't.
> This explains why innocuous commands (like touch and finger) have easy-to-remember and provocative names, while the more dangerous ones (like ld and vi) are "secure" through their "obscure" names
And pray tell... how exactly is vi(1) dangerous? I'd call emacs a bigger violation though, but hey, I'm biased. Heck, every editor on a UNIX system should have a "secure" name then. That logic doesn't really fly.
Runs off, before it turns in yet another editor flamefest (which is not what I am intending).
Has anyone considered filing a suit due to being "hacked" ( know it's not the correct term, but it gets the message across) due to a hole in MS software.
Sure, the license makes all warranty void, but what about when they knowingly distributed insecure software.
This offers a perfect fact for your case.
Agreed... the most security on their Shared Source stuff is at the level of a non-disclosure agreement.
I think the judge will see through this ploy.
Washington
(NAPI)- John Ashcruft today warned that al-Qaida terrorists have infiltrated several "Learning Tree" facilities over the past few months and have obtained illicit "MCSE" certificates. "With the imtimate knowledge they now have, no one who runs the Windows Operating System is safe" quavered Professor M. Druel of the University of North Dakota at Hoople. "Given the flaws we were warned of, why didn't we listen to that guy back during the trail?" Linux users (and other users of the soon-to-be banned "open-source" software) spent the days chuckling.
Don't anthropomorphize computers, they don't like it.
At least that is the only explanation I can think of. Their systems are architecturally unsound and plagued by stupid design decisions, unstable interfaces and unsound implementation. It is quite obvious if you look at all the security, stability and usability (ever reinstalled Windoes?) problems they have. In addition they are still adding features like mad, thereby making the problem more serious all the time.
.NET and the motivations and real goals behind them.
My point is that they did not say anything new by admitting the problem. However by admiting it they also admit that they don't really care about security, as they certainly could have done significantly better! This casts a very bad light on other ventures like
So why are they admitting it anyway? In my opinion MS is scared to death that open APIs would also mean stable APIs (i.e. APIs that don't change all the time) and would enable others to make Windows compatible execution environments with relative ease. The sources are also important, because the API documentation MS would give (could?) away is not complete and correct enough. So while it takes a huge effort, competitiors would be able to really find out the complete API functionality and implement it in a way so that things that run on Windows would usually run on competing products without retesting or modifications.
As MS is not really having a good product, just an effective monopoly (by making cloning their API difficult), reasonable documentation of their APIs could kill them. At least that is what I think they believe.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted and ignored otherwise.
It's already been revealed that some attacker got into Microsoft's network. Also, CD's with Microsoft's source have been released for various reasons over time. I have no trouble believing that some "bad guys" already have the source code. So, how do the rest of us protect ourselves from these bad guys with the source code? And from the bad guys to come who don't have it yet... but will?
As noted in Secure Programming for Linux and Unix HOWTO, section 2.4.2, closing off source code doesn't actually halt attacks anyway. Here's the quote:
- David A. Wheeler (see my Secure Programming HOWTO)
If all this should have a reason, we would be the last to know.
Though I know the knee-jerk reaction is to scoff, M$'s statement does bring up an interesting issue. Given how porous M$ security is, just how much worse would/could it be if the source code were available? To be honest, and flame away if you must, I think that M$ does have an interesting practical point (not that I agree with how their applying it, but that doesn't make their point any less valid).
So the obvious question arises, is Linux/BSD (and any other software that has source available) more exposed to "serious" attacks. By "serious" I mean being launched by somebody who knew enough to be able to look at the source and find security flaws, vs a script kiddie who takes a virus toolkit and modifies the virus name and subject line. Theoretcially, it should be more vunerable than a picece of closed source software that was written with a similar level of "quality".
Again, I AM NOT DEFENDING OR SUPPORTING M$'S POSITION, only bringing up what I think is an interesting question.
- reverse gravity
- send the tightly-controlled, stable market into a state of chaos
- put thousands of people out of work (how could MS pay its employees if they gave their products away?)
- bring back Elvis (in the form of MP3s distributed by the masses who were previously restricted by MS DRM)
- cause the judge's personal computer to automatically download pornography every day
Didn't we see this in Ghostbusters?They may just confirm Judge Jackson's assertion that any sort of compromise short of a breakup will be insufficient. Here's hoping that Kollar-Kotelly's nose is as good as Jackson's.
Austria already has it.
Any U.S. University can apply for it now if they don't already have it.
Many of Microsoft's larger customers have it
I don't see why it would be difficult for any terrorist organization to get it. How can they legitimately argue that it may possible be keep it secret at this point? If it's a national security risk to make the code available, the damage can no longer be avoided.
Ryan Fenton
'When pressed for further details, Allchin said he did not want to offer specifics because Microsoft is trying to work on its reputation regarding security. "The fact that I even mentioned the Message Queuing thing bothers me," he said.'
I love that! 'It pains me to admit that our software is dangerously broken, because we're trying really, really hard to convince people that the reputation we have for foisting dangerously broken software on them is totally unfounded.'
I guess if there were trying to work on their actual security, rather than just the reputation, they might act a bit differently (like, by publishing their API's and then working with the security community to get them safe).
-Dan
I have written a truly remarkable operating system which this sig is too small to contain.
They have exported the Windows source code to countries such as Germany, Czechia, Slovakia, Isreal, Hungary, Japan, and even Singapore. Check the list yourself.
Maybe it's time for another trial.
Micro$oft has always made excuses of one sort or another, about a great many things. But, so far, few have been this ludicrous.
The first, was "it can only hurt the US economy if the debut of Windows 98 (was 98, wasn't it?) is delayed..."
And now, "releasing source code/API's would threaten nationally security".
Does anyone want to start taking bets what the next grand bullshit excuse will be? My wager is on "God commands thee to cleanse thy hard drive of this vile Linux". I just can't think of anything else that is on the level of the first two.
All security is through obscurity--even encryption. Think about that.
"Touch" makes empty files or changes their date. You're telling me that's easy to remember, while knowing that "rm", short for remove, removes file(s) is harder? "Chmod" changes a mode is harder to remember than "finger" giving you a user's name?
Got friends?
After supporting MS's statements that all source should be closed and hidden in order to maintain national security, the US government has agreed to hide all tall buildings. All tall buildings will now be covered with large black clothes. In order to maintain national security, anyone caught talking about these buildings will be arresting. Since terrorists will be unable to clearly see and hear about these buildings, they will no longer be able to attack them. Thank you and good night.
Outdoor digital photography, mostly in New Engl
Stupid job ads, weird spam, occasional insight at
Actually, its probably already in there, just impossible to find along with everything else.
"The United States has no right, no desire, and no intention to impose our form of government on anyone else." - Bush 05
Calling MS the Pinto of the 21st century is grossly unfair to Pintos. First, Pintos are a lot better than their reputation. The original 1600 pushrod motor is the same solid reliable block used in Cortinas (and most other English Fords) as well as having been raced for years in Formula Ford. The bottom end of that motor is used in Lotuses, as well as the Cosworth race engines (Formula Atlantic).
The 2 liter overhead cam motor in the Pinto is surprisingly good. When I raced a friends Capri with that motor, he said that he usually shifts between 7,000 and 8,000 RPM because it doesn't make any more power beyond that, but the motor will spin over 9,000 RPM without problems.
I've also seen Pintos win the SCCA racing class Improved Touring B, against cars like BMW 2002s.
They can name it something like 'Patch Lola Patch.'
I don't want knowledge. I want certainty. - Law, David Bowie
With all the money in M$ bank account, where are all the laywers? Shouldn't admitting gross negligence bring a class action lawsuit?
Those who can do. Those who can't sue.
Microsoft's view:
If the software has security flaws, then the code and APIs cannot be made public.
Open source view:
If the code and APIs are made public, then the software does not have security flaws.
So, Microsoft, we are finally in agreement, yes?
To-do List: Receive telemarketing call during a tornado warning. Check.
It's clear this strategy is the coding equivalent of "The Killing Joke":
"Here at M$ coders are only allowed to work on code a few lines at a time. The code is so fundementally flawed that if any single programmer sees an entire code block he immediately goes insane... well, the lucky ones do anyway..."
M$ - code so bad protecting people from it is job #1!
=tkk
Bill Gates - Creationist?!?
How exactly does this undo the damage that Microsoft has done to so many companies with it's corrupt business practices?
I'd prefer to see:
1) Microsoft to be required to licence Windows under uniform fixed court agreed terms to all hardware vendors, with no conditions allowed on what else they sell (e.g. bare PCs, Linux), or what else they do or don't load onto their PCs (office software, browsers, ISP links)
2) Certain file formats (office documents) to be deemed part of national commerce infrastructure, and put under control of some industry body rather than microsoft
"Microsoft has invested substantial time and resources in providing great interoperability between .Net and older technologies," Allchin said. "Sun's strategy of promoting '100 percent pure' Java applications discourages interoperability."
So, according to Microsoft, it is better to have one company provide (ie control) the degree of interoperability between systems than to have another company promote a single standard for the whole industry to use and share.
I can't imagine that line of thinking going over very well with military officials used to building redundancy into everything.
You might also paraphase the above statements as follows:
"Microsoft has choosen to ignore freely available and already established standards and instead has wasted substantial time and resources needlessly reinventing the wheel by developing our own internal standards (that we won't share and that we admit are not really very good) so that we can control the degree of interoperability between our proprietary new product, and our former (and soon to be former) competitor's technologies"
"Sun's strategy of creating and sharing a standard that encourages 100% interoperability between all systems discourages interoperability (but only in respect to our systems, because ours are made to be incompatible with the accepted standard that everyone else uses)."
Oh boy, can I please buy your systems for my Army?
My next sig will be ready soon, but friends can beat the rush!
Get a paper copy of this testimony. Make lots of photocopies. Highlight the "interesting" parts (such bad security that releasing it would be a national security risk, etc). Send to everybody in your local government you can find, demanding that they stop using MS products until their security problems are fixed. As alternatives, there is at least OSX, all the Linux distributions, and probably other things (the resurrection of BeOS?).
Given that MS is admitting in court that they are selling defective products, demand that your local government sue MS for fraud. Politicians don't keep up to date on every legal battle going on everywhere, but if you send them the relevant portions they at least can't claim they didn't know.
While you're at it, forward this onto the local newspaper and tv stations. "poor security" is a big boogyman these days.
Another thing; Send this onto the people at your company who make buying decisions, if MS is going to admit their products have the security of swiss cheese, does your company really want to expose itself to that kind of danger?
Karma: Food Fight (Mostly affected by Date Plate).
Your Honor, we at Microsoft believe that if we ever revealed the source code for MS Windows, more children would immediately start taking drugs. Husbands would start to beat their wives. Small animals would become uncontrollable, staining many expensive carpets. Certain food-groups would become more perishable. 2nd law of thermodynamics would be repealled. Finally, a giant hole would open up in space time, causing the end of the universe.
Your honor, it is a matter or national security, no international security, no galactic security, that we be allowed to continue our profitable monopoly.
Think she'll buy it?
=brian
Already happened:
USS Yorktown dead in water after divide by zero
The question that has to be asked here is this: do we really want to have our country so heavily dependent on an OS that is so apparently at risk of vunerabilities? Let's analyze the threat for a moment.
Let's say that this message queueing vulnerability that was spoken of in the article is a pretty substantial hole that could be a true threat to national security. What makes anybody think that because Microsoft refuses to talk about it hasn't already slipped out to all the wrong people. If some high level executive at Microsoft knows about it, you can guarantee that probably hundreds if not thousands of people within the orgnization know about the problem already. The more people that know about it, the better the odds that somebody nefarious will get a hold of that information.
If I were the intelligence service of some devious foreign power you can bet I'd have a few operatives working in Microsoft. I mean if you want to fight a war with the US, what would be better than an opening shot that can harm >90% of the computers in the country. So you have a few operatives finding what holes they can and slowly relay them back. Then you just sit and wait for the day when you need a real threat in your arsenal.
Imagine how nice it would be if you are some nefarious foreign power in tense negotiations with the US and you can walk in, and them a floppy disk and tell them to give in or else. I mean even if they find out what the vulnerability is, can they deploy a response to it fast enough that it matters? Nothing like the threat of having the electronic economy slagged to make you amicable to a bad deal.
I think that if Microsoft's the threat they seem to imply, the judge should order them to turn over the source code to the FBI to begin dissecting these problems. Do we really want to trust a private corporation with our national security? I don't think so...
This sig has been temporarily disconnected or is no longer in service
Mid-air GPF anyone?
Already happened (except it was a badly handled arithmetic overflow). European Space Agency satellite launch, Ariadne II, IIRC. The software was multiplying speed x time and adding it up to get distance traveled, or something like this, and because the II went faster than the I, eventually it overflowed. And the control system froze.
But I don't think this was Windows or any other commercial OS...
I've said this before in response to MS-FUD: When the government/economy/national security of an entire country hinges on the well-being of one company, that company might be just a little too big for everyone's own good.
Ok, I did not read the article, so if I'm wrong on some points, you know why.
I'm an Army contractor, and all of their critical systems are all Solaris based. Thus proving that the Air Force and Navy are just a little bit dumb. (sorry, had to jab that) Now, if any defense company said to the military that its product was so flawed that it couldn't give the gov the source code, it would be rejected and the company sued. Basically, if the gov hadn't whored themselves out to MS there would be much smackin' goin' on. This stance may just be enough to get sued just by these statements.
Vote monkeys into Congress. They are cheaper and more trustworthy.
I read the article. Several times. Perhaps I am just not very observant today, but what was the exact quote in which a Microsoft exec stated more or less that its code is so flawed that it could result in nat'l security compromises?
.Net and older technologies"
:)
I read the following quotes in the article:
"It is no exaggeration to say that the national security is also implicated by the efforts of hackers to break into computing networks,"
"Computers, including many running Windows operating systems, are used throughout the United States Department of Defense and by the armed forces of the United States in Afghanistan and elsewhere."
"Microsoft has invested substantial time and resources in providing great interoperability between
"Sun's strategy of promoting '100 percent pure' Java applications discourages interoperability."
(Ha! Whatever)
"The fact that I even mentioned the Message Queuing thing bothers me"
Perhaps Techweb is offering a creative interpretation for the purpose of getting hits?
Anyway, if anyone can find a source for such a quote, please let me and everyone else know as I could add it to my "Why Microsoft sucks" archive of data.
Computer Science is no more about computers than astronomy is about telescopes. --E. W. Dijkstra
Seems to me that either Allchin suffered some stroke or brain damage while in court, or this is all a big red herring.
...
You just don't get to Allchin's level and "accidentally" let slip something like a fundamental vulnerability in a protocol. M$ officials may make mistakes, but not like this. Not in a public forum. Not in front of a judge. Not where every news medium in the world will be covering the story.
My feeling is that this is all a distraction from something else. Every black hat on the planet is now probably checking out the Messaging protocol. My guess is that there's no smoking gun there. But maybe another protocol has problems.
Furthermore, it just doesn't make sense. An API exposes only what you want it to. It doesn't show you the vulnerabilities that exist "under the covers" unless they're titanically, apocalyptically stupid.
I'd like to know what it was that he's distracting us from
Eloi, Eloi, lema sabachtani?
www.fogbound.net
In this pleading, Microsoft themselves admit that their stuff is widely installed on Federal Interest Computers.
Microsoft's use of so-called operating system patches to disable user mail applications and replace them with the Outlook mail server application is unauthorized hacking of Federal Interest Computers, a Federal felony under US Code Title 18 Section 1030 (the COMPUTER FRAUD AND ABUSE STATUTE: see http://www.cpsr.org/cpsr/privacy/crime/fraud.act.t xt).
Microsoft's pervasive practice of using their upgrade/patch excuse for hacking Federal computers and replacing relatively secure software like Eudora with nightmares like Outlook (which is itself responsible for something like 80% of the viruses and worms on the net!)is a violation by my reading of the Act (but IANAL). I think that Paragraph (b)(1)(B) ought to be applied!
"My opinions are my own, and I've got *lots* of them!"
Doesn't the typical microsoft eula specify that the software is not to be used in life critical systems anyways?
--jeff++
ipv6 is my vpn
If we had the source code, we might find out the true function of the NSAKey function!
Ouch! The truth hurts!
I mentioned this very scenario in my comment to the DOJ regarding the proposed settlement. I proposed that the oversight committee (as long as no members were appointed by Microsoft) or the court be tasked with determining whether revealing APIs or protocols would constitute a legitimate security threat. It's probably not the best answer, but it beats the hell out of letting Microsoft decide.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
The only reason I can see someone from Microsoft saying this in a court of law is that they must be really, really desperate. Making wild claims about American national security and the war in Afghanistan is something that no one in the industry or the court is going to believe, and if they do many, many people are going to start to ask themselves if it isn't time that some form of government control and a change in Microsoft management is needed.
.Net initiative in the industry, this is desasterous. Most large companies that are dependant on Microsoft software will ask themselves if it is wise to take Microsoft seriously considering the statements made by Microsoft executives in court. Technical and business reviews are going to have a field day with this one ("If it is so insecure why are we using it?", "Can a company take them seriously when they come around trying to do business claiming Microsoft superiority?"). This will make a lot of press sites, and I seriously wonder if this won't be the thing that finally tips the balance against Microsoft in the eyes of the general population or at least the general business population. Although the general press is extremely ignorant about IT things (the BBC is a brilliant example of this) even they wil be able to put two and two together that something is very wrong with this company.
I cannot see this benefitting Microsoft in any way. There will of course be the usual pro microsoft sites such as ZDNet that will report this verbatim (with a straight face) but, for a company that is trying to garner support for "Trustworthy computing" and it's
I don't know what kind of an effect this will have on foreign governments, but this will not go down well with EU even though they are just as IT-ignorant as American politicians.
I know that if I had my own company and read through some of the statements that Microsoft have made in court I wouldn't be laughing like I am now.
Microsoft is resorting to desperation tactics... they know they've lost.
Actually, this is entirely consistent with MS's strategy all along: it has been arguing that it and its products are so profoundly important to the American economy and security that any remedy which interferes with its ability to act as it pleases should be struck down by the court. Otherwise, everyone will suffer at least as much as MS will.
It's the exact equivalent of a mob boss saying that he shouldn't be imprisoned for running a protection racket, because then he wouldn't be able to protect his customers. Moreover, he wouldn't be able to provide for his innocent wife and children (even though it's been shown he abuses them as well).
Microsoft isn't at all desperate; they're just so arrogant, and so blind to basic security principles, that they don't really see a problem with what they're saying.
In the wrong hands, sanity is a dangerous weapon.
Unsafe in any configuration
There was a reason why there were pictures of Seattle on those captured PCs that al-Qaeda were using.
It wasn't that they were trying to make bioweapons to use on us.
No, they got H1B visas and are coding in Redmond as we speak!
-
--- Will in Seattle - What are you doing to fight the War?
If you can do that, why can't /. ?
You may have a point. If one asks oneself what they really have to lose by disclosing all their APIs the answer might very well be that someone might find a disproportionate amount of properties, return values and methods that they recognise from elsewhere.
Let me get this straight. The product that Microsoft's monopoly rests upon, the monopoly that they illegally maintained and expanded, is so flawed that it threatens US national security. Did someone from Microsoft REALLY say this? If so, it is clear they have gone mad in Redmond. What do they expect the millions of companies and government agencies to do? Wait until Longhorn, or whatever is ready? And hope all the holes are fixed by then?
"Uhh, sorry Mr. President, the NSA can no longer monitor international communications. Our systems are just too vunerable to hacking to be used. Jim Allchin assured us that a comprehensive fix would be available within 18 months."
"In other news, the US Navy has ordered all AGEIS cruisers into port indefinatley. The AGEIS computer systems were deemed too risky for combat use. The Pentagon would not comment on reports the entire US fleet would require software overhauls before any offensive combat operations could be contemplated."
"World stock markets are today in freefall as most major international corporations raced to secure information systems based on Microsoft's Windows operating system. Some experts estimate that the expense of fixing or replacing mission critical software to provide an adequate level of security would dampen the World economy for a decade."
This goes so far beyond a computer industry issue. Its a staggering admission of guilt. What CIO would be caught dead installing an MS system unless they have absolutly no alternative?
There is also the legal issue. If someone has sustained an economic loss due to "flawed code", that they are using because MS illegally supressed competitive alternatives, then they have a really good case for compensation. And the hardest part, proving that MS illegally manipulated the market, is already done. And they have some tens of billions just sitting around, waiting for the right lawyer to just take away.
Umm.. I don't think the issue is so much with poor documentation where documentation exists, I think the issue is more with non-existing documentation.
If you are looking at the whole system from the point of documentation, of course everything looks great? That's like looking at the world though a great big filter.
Instead you will have to go the other way; check all DLL/EXEs for exports, and then see if those exports are documented. Some exports aren't even done by name, but only by ordinal, making them even harder to use.
I'm not a win32 guy either, so I can't give any concrete examples off hand, but I'm pretty sure this is partly where the issues lie.
You really cannot say the APIs are highly documented unless you have disassembled the code to see what it can really do, can you? Sure, there might be a hundred documented functions, but that is only impressive if there are only a hundred exports, and those exports are limited to the paramaters defined by the documentation.
Belief is the currency of delusion.
Actually, there is no one called Allchin at Microsoft. Allchin is a descriptive term for All Chin, Jabba the Hutt.
Even though he also works for George Lucas, All Chin has a long history of eating cute, squeaky animals for Microsoft, too. For example, in the December 12, 1994 edition of Computer Reseller News, page 269, column 1, fourth paragraph, he said that a software emulation patch for the Pentium floating point processor bug would not affect performance greatly. This was true, as long as customers didn't use it. If the program they were running used that part of the floating point processor, however, the processing would be far slower.
Now he's telling us that war is a good reason for us to let Microsoft do what it wants to do anyway. To Microsoft, we are all cute, squeaky animals.
I love the quote "Microsoft code was so flawed it could not be safely disclosed." That's an honest appraisal.
:-)ing their own fucking throats.
What the fuck are people doing with it then? That's like laying down in front of a bully and yelling "Kick Me?"
I'd hate to think that it really was a matter of National Security. Luckily, its not. Nobody with something that needs a serious, secure computing platform uses Windows.
Man, M$ are slash(dot
Now some people I know who were merely concerned before will install Linux on their servers for sure and try StarOffice on their desk top machines.
What will happen to the people at bug tracker then? They'll be made redundant since almost all these "Net" bugs are M$ bugs.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
He later acknowledged that some Microsoft code was so flawed it could not be safely disclosed.
Somehow, I think that if the US government forbade the use of any Microsoft applications within federal facilities, pending a code review by a neutral 3rd party to identify and fix potential security holes, you'd see Microsoft scramble to get their shyte in gear pretty damn quickly.
As somebody already stated in this thread, Peru has the right idea: open source allows people to public review code for potential security flaws, which is how most bugs are caught anyway -- a fresh pair of eyes takes a peek. Ultimately, there's no way that Microsoft can compete with this code development paradigm -- since there's so much Open Source code "out there", it might spread people's attention out a bit too thinly in places, but over time one would hope that Linux apps will only more secure / stable.
You only help the terrorists!
Just think of the children!
-- Will program for bandwidth
One is sort of chunky and ugly, and she won't let you see her naked, and you pretty much know already that you wouldn't really enjoy it if she did. The other has a slim, beautiful body, and when she takes off her clothes and parades it around, all the men ooh and ahh over it. That's the analogy I like to use. Maybe it isn't 100% correct, but that's the impression I get when you've got MS saying "No, no, you don't want to see our source code!" and meanwhile, you've got these open source softwares that are taking it all off, and saying "hey, baby, look at THESE!" Microsoft is NOT sexy. Linux, apache, and all of those wonderful open source projects ARE. But this is just how I see it. I mean, if I was to go on a date with a woman, and she proudly told me that she has an MCSA certification, I'd probably politely nod, but secretly be planning on my escape (maybe run away after telling her I had to use the restroom). On the other hand, if she told me that she had her own php based website, and that her text editor of choice was vim, then I'd be all weak-kneed and googly-eyed, and I'd want her to have my children. But again, that's just me. I don't know how it is for other people. I mean, I may not really UNDERSTAND beautiful women, but I sure like to look at them. So, I don't think there's any action required, as in "let's get rid of Microsoft." I think that it's really just a matter of educating the masses that there's an alternative, and it looks good naked. Or as you might say, it's a lot safer because the code can be (and is) made public without compromising national security.
I never thought I would ever say this :-)
But yeah, I've wasted enough time (and thus the company money) fighting these stupid outlook/IIS viri and we are not the only company in the world...
bash$
MS only take the flak for this because there are so many serious bugs in their software.
Any developer reading this knows that writing 100% bug-free code is hard, and often beyond economic viability. You get diminishing returns with your QA investment.
OTOH, any competent software developer will write code containing only a very few serious bugs, and some more that are just irritating but not of the "data lost" or "system compromised" sort of level.
Microsoft, the most powerful software development house in the world, is shipping disorganised crap because of good marketing, and now they are complaining that they should get cut some slack because what they're shipping is crap? Sorry, I have no sympathy. If we shipped stuff of that standard to our clients, they wouldn't pay us, end of story.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
.. and this is for the paranoid out there:
The reason he mentioned this flaw is because MS know of - or figure that there will now come to be - an exploit for said bug.
At which time they (MS) can turn around and start crying about how talking about security problems only make things worse, and "see what we mean? We only mentioned it existed, and see what happend! Surely you can picture the horrors of opening the APIs?"
We'll see.
Belief is the currency of delusion.
What is it good for?
Absolutely nothing, say it aga...uh, scratch that.
[Head shots of teenagers against a black background, speaking directly to the camera; somber lighting; penitent tone]
UNIDENTIFIED ACTOR: I helped murder families in Colombia.
UNIDENTIFIED ACTOR: I just wanted to play Minesweeper.
UNIDENTIFIED ACTOR: I helped kidnap people's dads.
UNIDENTIFIED ACTOR: I just wanted to listen to music with Windows Media Player.
UNIDENTIFIED ACTOR: I helped kids learn how to kill.
UNIDENTIFIED ACTOR: I was just browsing with IE6, you know.
UNIDENTIFIED ACTOR: I helped kill a policeman.
UNIDENTIFIED ACTOR: I was just having fun.
UNIDENTIFIED ACTOR: I helped a bomber get a fake passport.
UNIDENTIFIED ACTOR: Other kids do it.
UNIDENTIFIED ACTOR: I helped kill a judge.
UNIDENTIFIED ACTOR: I helped blow up buildings.
UNIDENTIFIED ACTOR: My computer, my OS.
UNIDENTIFIED ACTOR: It's not like I was hurting anybody else.
Anyone who loves or hates any language, platform, or manufacturer, doesn't know what they're talking about.
"In response to the mass laughter we've been hearing upon admitting this, we'd just like to point out that if you were to release the source to say, Linux, it would have serious security problems too."
Oh wait...
No sig for you.
I work for a defense contractor and have had to put up with this for years. I suppose MS can go this route if they really want to. They're already bloated enough; add government security procedures to the mix and they'll become every bit as agile and responsive as any other constituent of the Military-Industrial Complex.
Boy, that'd be a hoot.
And the brethren went away edified.
Does anyone know what happened with that proposal? Did the peruvian congressmen vote on it yet?
Liberty.
If all this should have a reason, we would be the last to know.
I don't have any "boys fighting out there", so, I use free software...
\m/
Except for those of us carrying nova bombs. Eeeyaaah! GPL'ed code! We're doomed!
Jabba is also shown eating ugly, gronchy-sounding froggish thingies, but I don't think that invalidates your thesis. (-:
Got time? Spend some of it coding or testing
I don't know if I really like him but I think we should vote for him next or someone who will just smash up MS into so many pieces....
National Security means MS security. I guess since they have so much money and control so much of the economy they could bring down a portion of the country.
Get your Unix fortune now!
For example, if any inconvenient fact looks like it might support Creationism, there are those who immediately impugn it as being `War on Science'. (-:
Of course the other side uses the same tactic as well. It's opportunism at its best. It takes a lot of integrity to resist using such tactics, especially when your opposition isn't reluctant to use them. I wish we could see more integrity in the world.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
It sounds to me like a lot of people on here are missing the point. The point isn't that Microsoft has sucky and bug prone software, the point is that Microsoft has pulled the wool over everyone's eyes again. Everyone on here immediately began laughing with glee and indignantly crying for the government to force MS to "recall" their software. Everyone is missing the point that MS will do anything to keep its advantage, which it believes lies in closed source code. Therefore, MS uses the national security copout, and wins again, all the while laughing at the nerds on slashdot who completely and utterly miss the point.
$45 per U Colocation Special
Since they won't elaborate on any of the possible bugs [which by their statments might lead to Armageddon], it seems everyone must simply comply and exempt such APIs as M$ deems fit.
I find it incredible that national security stems into Digital Rights Management (DRM). Can someone elaborate on how the two are even remotely connected? Also, are there any /. people using Message Queuing which might have some feedback on what this will do to their current plans?
Please tell me an alternative to slashdot. I want news, not opinions.
... and I need a couple of clones of Britney Spears to keep around the house. If I don't get them, the war effort in Afghanistan may be endangered.
Always keep a sapphire in your mind
A long time ago I had a sig line -
... I'll have grounds
__________
Microsoft - The Number One Manufacturer of 'Tools for Terrorism (tm)'.
__________
This was inspired by the then almost weekly anouncements about security problems with the design of and use of Active-X, macro-viruses, IIS, etc.
Now their lawyers have concurred.
Guess I was right all along !
- Mchummer
__________
More relative than this: the play's the thing
Wherein I'll catch the conscience of the king.
Hamlet. Act ii. Scene 2
__________
Melissa? A combination of knowing about a way too scriptable mail client, knowing that most folks don't have extensions showing (another great MSism, don't show people what they get from unknown, untrusted folks in the mail), even though most would probably click on a
MS Word & Excel virii? Way too scriptable applications. Also from a VB book. No source needed to write the virus.
Besides, the errors need to be fixed. Secuurity through obscurity hasn't really worked so far.
20 May 2002: There are currently 13 unpatched vulnerabilities in Microsoft's Internet Explorer. The lack of source code access provides no real defense.
See the latest issue of Bruce Schneier's Crypto-gram Newsletter
If the M$ Code is so dangerous, maybe we can get Surgeon General David Satcher, M.D., Ph.D.
to require warning labels on every box!
"Warning: This product may exhibit serious security flaws and compromise National Security and cause death of US Soldiers fiting terrorism in foreign countries."
yvaN eht nioJ
___
If you think big enough, you'll never have to do it.
The NSA, for example, cannot sit and tinker with windoze's security holes the way they can with OSC (open source code)...
If there really are nasty bugs in Microsoft Code running on millions of US civilian, government and military PCs, what's a quicker way of discovering them than resorting to the courts to open the code?
Hey, I know, employ Howard Scmidt!! I made the point at the time that he's probably in the Whitehouse advising on just this sort of stuff.
I'd guess your government already has a pretty good idea how brittle their national security really is...
"If you create user accounts, by default, they will have an account type of Administrator with no password." KB Q293834
BZZZT, sorry you're wrong... Don what do we have as a parting gift?
Let's think for a moment.. Microsoft Loves to be in control... they absolutly adore getting you to run scripts of theirs as admin.. So why does this become impossible for MS administrators? Granted, Windows Admins are lacking in general computer skills let alone standard IS and IT knowlege.. but what the hell is stopping MS from making their version of up2date? I have a cron job that every friday at 3:02am runs up2date as root and automatically says yes to everything except for kernel.
wow, I never have to think (like a MCSE) and my linux servers are all secure automagically... Granted if someone hacks redhat I'm toast.. but I'm betting that they wont get hacked.
so again... what exactly is stopping microsoft from publishing patches and fixes every hour? what exactly is stopping them from writing an automated updating system? (I know critical update service already exists.. it's MS's fault that it isn't on everything on the planet and running right now... Hell let's change the EULA again... failure to do so invalidates the licenses and calls the BSA dogs.... your soul becomes the property of Bill Gates... oh wait, that's already in there..
There is no excuse.. Microsoft can and should fix this stuff and get the patches in the wild ASAFP via an automated system.... how about a daily check to MS and if it get's back a 0 then everythings ok.. if it get's back a 1 then fire up and download and install...
Unfortunately... one problem with microsoft products... most updates require a reboot... something no sane admin will allow automated on a critical server.
Do not look at laser with remaining good eye.
Comment removed based on user account deletion
"Creationism" is supportable by any available evidence, as long as the audience isn't capable of critical thinking. "Creationism" is a conclusion in search of supporting facts. It's the Shrink-to-Fit method; reduce the facts to fit the theory, and then hold it together with copper rivets. It's not science. It's faith. In science, no facts are "inconvenient." In religion, there are many inconvenient facts.
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
Actually, Microsoft has ALOT of talented engineers that are quite capable of writing excellent code.
Unfortunately for Microsoft, the emphasis is on getting to market first (when you can't crush them otherwise with FUD or other methods). This accellerates the coding process and puts demands on quality, leading to shortcuts and an emphasis on new features over bug fixes.
It's all finally coming to roost at Microsoft. You can't put out crap all the time. More and more people I talk to are getting frustrated. Ask anyone who understands the software environment , the only reason anyone uses Microsoft is because of the availability of apps, not because it's stable or of high quality.
This is what's letting Linux and OSX in the door.
What's my Karma Mr. Burns? "Excellent"
I bet the next thing will be an MS fake architecture degree!
An A1 certifiable system's grotesque overkill for most things the government does. Something along a B1 certifiable system would do nicely- something that an MS system couldn't do right now (nor, probably ever, from the looks of things at this point...).
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
IF..and that's an if, Allchin was testifying accurately, then I'd say there's a real problem.
(1) If you have 'bugs' that he sites as 'national security' reasons for not disclosing API's, you FIX THE BUG. If he is testifying truthfully, has MS notified DOD and other agencies of this potential flaw?
(2) If accurate, it's the best case yet disclosed for open source in government.
(3) If he thinks not disclosing it on the stand protects national security, the idiot (IMHO), just told everyone where to look. Secondly, I'd guess more than just 2 people at MS know of the flaws. He thinks if he just doesn't say anything, it won't get out? I doubt that every MS employee has government security clearances and is provided with periodic lie dectector tests
(4) MS, if they knew about this and didn't disclose to DOD, etc, should be forced to bear the brunt financially for getting ALL government systems OFF MS software. If they've sold a single piece of software to a government agency such as DOD or NSA since knowing about it and not disclosing it should bear a HUGE legal impact. IMHO, that'd go as far as banning purchase of their software by any government agency where national security is impacted.
(5) If anyone is going to cite national security, it should be an agency deemed as such. If MS has these concerns, then it's THEIR responsibility to notify DOD, DOJ, NSA, etc. It's the responsibility of THOSE organizations to determine if such items impact national defense and, if so, make motions before the court to preclude disclosure of certain API's etc. MS, I would hope, has absolutely NO legal footing to use a 'national defense' posture in refusing to release API's. I certainly dont' remember the Constitution saying that the government AND MS are to provide for a common defense.
The ONLY 'one' (group) to come out smelling like a rose on this one.. the NSA. It seems the idea of a secure and hardened linux idea has been a very good move.
This makes me furious. and it's not about MS and the antitrust.
I think they're telling the truth and they mean well.
I only hope it convinces the rest of us to pull our heads out and realize what a monster we're dealing with.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
For example, the GDI calls aren't the same for Win95 and WinNT- API-wise, they're the same, but they don't DO the same things when called, merely similar things. Worse, if you try to PRINT the graphic you just did, the result will differ from printer to printer under NT but be surprisingly consistent for 95 for all printers. There's tons of others in that space.
The API's declaration is consistent, but what one version of Windows DOES with the parameters may differ slightly or radically from another, supposedly identical one.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
>The basic fact of religion is that God has
... 1st person evidence please.
>stated many times that He doesn't want to be
>easily found--hence, no fact should be hard to
>accept for anyone of a religious mind.
prove that "god" "said" this.
i'll accept *.wav's or *.mp3's or *.ogg's
... hi bingo
The question is can they legally do security work for MS on the taxpayers dime. I bet that the legal department ruled no. Open source is different because the general public has access to their work so a technique to secure Linux or BSD can be adopted in other operating systems and thus more closely fits the character of computer security work that is in the government's charter. NSA fix MS code? Only if MS pays for it, and richly. And even then, you run into the problem of undercutting private sector code shops so the NSA still gets whacked.
No, it isn't happening for well established legal reasons. The short version is we're not a bunch of communists.
Actually it's not workable. This has an obvious solution for MS, just don't fix the code and it stays secret. Why would they fix anything at that point?
My guess is that it's Netscape Communicator level bad, take it out back and shoot it bad. That's why they don't want to release it because they know their market position won't stand the gales of laughter from the wider programming community if it were made public.
the NSA has come out with a no kidding, no XP rule.
They will not allow anyone, classified or unclassified in the DOD to run XP.
They do not plan to either.
Believe me, its already making it "fun" to try to buy new PCs... i can't wait until 2004, when MS drops 2000 as a client OS, and then the bind we'll be in then, huh?
A weapon system that locks up because it doesn't have the right authentication key. How cool would that be!
fsck Microsoft. and Fsck the Air Force (where i work) - they are the stupid PHBs that didn't even concider anything else, didn 't look to anything else, and were too sheepish to try to find another solution that woudn't get us stuck in this way.
what boneheads. I'm working on a project that is in jeopardy because the system will only run on Windows NT 4.0, and we're having a hell of a time finding sources for NT 4.0 that are legal.
Pretty soon, we're going to just go illegal because we'll have no recourse.
we're so stupid...
guns kill people like spoons make Rosie O'Donnell fat.
My company agreed with me when I proposed converting virtually everything our employees see to Linux, but on one thing they stood firm: They really, really wanted this phone system.
..."
It's called Interactive Intelligence, and it effectively converts a PC with speakers into a phone. Its great ability is that you can listen in to telemarketing conversations (vital in our business, sadly), get reams of statistics about how our people are doing, and so on.
It has one flaw: It runs under Windows. You have to use a Windows client. It has a Windows server. And it integrates with Outlook, so everyone has to use Outlook for their email. For these reasons, I was knee-jerk against it, violently so. But I was overruled, and we bought it.
We've had it for about a year and a half, and about a week ago, it caught a perfectly ordinary Windows worm. It apparently arrived through an email, spread through our network, and bam! Bye bye phone system.
Our IT guy spent 72 sleepless hours cleaning up after it.
I laughed. Well, if anyone else tries putting their phone system on Windows, now I know what to tell them. "It's not that Windows is bad, I'm as open-minded as anyone, but it sure is one heck of a security risk
D
Microsoft's own license agreement says they are not liable for anything save defective media. As long as the software installs on your computer, you're on the hook.
And, before you say this is simply outrageous conduct, I fear it has to be that way. The viability of free software depends on the viability of near-identical clauses in the GPL, after all.
To take a non-MS-related example, let's say my copy of Final Cut Pro just crashed and I lost an hour's worth of work. If everyone who bought the product was able to sue over problems like this, Apple simply could not afford the contingent liability associated with selling software.
The technology simply doesn't exist to make today's increasingly complex programs 100% reliable. We can improve, yes, and we must. But our whole industry would collapse in lawsuits if companies were liable beyond the purchase price for packaged software problems.
Of course Microsoft software is particularly notorious for this, thanks to its over-complex way of dealing with simple problems. Because of that I simply don't buy or use Microsoft software to any significant extent. I don't rely on it for my business, so it doesn't matter that it's junk.
More people should do the same, and I hope this and similar stories will make people consider alternatives more seriously.
D
Leviticus 11 says hares chew cud, but do not have cloven hooves, and therefore are not kosher.
Hares, for the record, do not have cloven hooves, but also do not chew cud.
Like some other small herbivorous mammals they do produce a cud chewing like motion that may have fooled some Jews not quite so learned in the ways of science.
Inconvenient fact if you're a Christian.
In addition, Pi != 3;
Too busy staying alive... ~ R.A.
I used to accept the military using Windows for ease of training up system administrators to replace those killed in SCUD strikes or whatnot, and to draw on the large talent pool relative to UNIX...
BUT, if this assertion is even partially correct, then the military needs to look seriously at alternatives. If national security is even slightly at risk from opening window information(accounting for the greater ease of fixing problems more opennness would create) then there is something seriously wrong.
Iwould recommend Mandrake Linux to the US Military in light of this. Sure, its bloated to all hell especially in the non expert install mode. But its more secure and stable than windows, and critical bugs that could affect national security are found and fixed very quickly, and it allows the military to fix bugs itself if it wants to!
Some of you may prefer Slackware or debian or what have you, but to get the power of linux in a military ienvironment you need ease of retraining, Mandrake is the easiest so for the military it makes the most tactical sense.
Wow, that one is easy to handle (there are some harder ones out there -- I know, I've seen them!).
... And the people are not to eat the flesh of unclean animals.
Moses sluffed his Algebra and Zoology classes. So what? It is more than obvious that Moses screwed up from time to time. I imagine the conversation went something like this:
God:
Moses: No unclean animals. Got that. So what is the definition of an unclean animal?
God: Those that chew the cud and have cloven hooves.
Moses Chew cud, cloven hooves. Ok, continue.
God: Now, they must dress...
Later that day...
Moses: And you shall eat only clean animals, which are animals that chew the cud and have cloven hooves.
Belligerent kid at the back of the crowd: Is this going to be on the final?
Moses: Yes.
Kid in the third row: Can you give us some examples?
Moses: Cows, goats, oxen.
Geeky kid: How about the bunny?
Moses: No, the hare doesn't count. It doesn't have cloven hooves, see. Gotta have both.
Time flies like an arrow. Fruit flies like a banana.
http://www.geocrawler.com/lists/3/SourceForge/709
I saw this on the User-Mode Linux mailing list this morning. A clear case of an API that only Microsoft is supposed to have access to.
Oh yeah, the reboot is the real problem with this. God knows there is no chance that an update or patch (from MS, Redhat, whoever) will have it's own list of bugs. Or won't work with "Product x". Or will just plain fuckup.
Testing and rollback plans are for pansies and pinkos.
That includes anyone at Microsoft, and all those folks who Microsoft showed relevant parts of code or of the API-fundamentals to. And US-security is relying on the slim possibility, that everyone of those large number of people is honouring the NDAs and won't be swayed by any sum of money or geek-status to disclose such critical information.
This implies that Windows- (and thus US-) security relies on:
A) everyone who did see the code honouring the NDA
B) noone being able to reverse-engineer code/APIs
C) noone happening accidentally over one of the huge number of security flaws and telling the wrong people
To summarize, this "security" relies on the fact that noone tried very hard to breach it (or maybe it is already breached, and the russian, chinese and afghanistan (with their C64) spies are happily meeting in US-high-security outfits and plotting to bring the US-economy to a grinding halt by screwing up any US-corporation that relies on MS-software).
If MS-Software is really that flawed the government should demand they fix their software until they can safely present at least their APIs, before they may go on selling any software. Considering how much depends on the security of MS-software that doesn't sound unreasonable to me. To make sure that MS follows those orders they could hold that nice stash of 'em for ransom.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
Thomas Jefferson needed only to look at the pre-Roman Irish, Scots and Welsh in Britain (largely wiped out, while unarmed, in a single cold-blooded massacre by the soldiers of the Roman Church), or at the Ti-Ping movement in China (wiped out by the Manchu at the incitement of the Roman Church), or the the pre-Goan-Inquisition Saint Thomas Christians (wiped out by...?), or any one of a large number of other examples.
The problem was not priests, per se, but priests who thought that God wasn't good enough to sort out the leadership by Himself. They're as bad as Atheists who opine that Darwinism is too slow and take it upon themselves to hurry things along. Think Stalin, Hitler, Mao, Pol Pot, Amin...
And yes, it would be nice to see a little integrity about the place. Creationists generally don't call presumptions to evolution `War on Science' but something along the line of `running ahead of the facts'.
Got time? Spend some of it coding or testing
if you had source, would you be able to find instantly exploitable backdoors that would give you full root?
It doesn't seem to be too hard to find those backdoors _without_ source, considering that new exploits occur at a rate of about one a week.
Perhaps this Guy should have read this months (May 15, 2002) CRYPTO-GRAM by Bruce Schneier. The headline article is 'Secrecy, Security' and Obscurity' and covers the work of Auguste Kerckhoff, who in 1883, Yes 1883! demonstrated what has become know as Kerckhoffs' Principle, security by Obscurity is no security at all.
To quote Schneier: "Any system that tries to keep its algorithms secret for security reasons is quickly dismissed by the [cryptographic] community, and referred to as "snake oil" or even worse."
http://www.counterpane.com/crypto-gram.html
If their code does get "opened", what are the odds that someone will find a really dangerous hole and exploit it?
Very high. About the same odds that someone will find a really dangerous hole and exploit it if they do not release the source.
What's different is the odds of the code being corrected and the corrected code actually being installed.
A weapon system that locks up because it doesn't have the right authentication key. How cool would that be!
Maybe someone should design a system, based on Windows, which holds some bombs on a plane and then flys it over Microsoft's HQ/capital...
their ad saying that their servers stay up for days without attention.
That's an acomplishment???
I'd expect a RedHat Beta to do better than that.
I'd expect the kernel du'jour to do better than that.
I'd expect an automated FeeBSD-Current to do better than that.
And there's the parallel strategy of claiming that they are just another company and don't have a monopoly so they don't deserve any special attention from antitrust laws...
PHEM - party like it's 1997-2003!
Quite a few vacuum cleaners are devices which both blow and suck.
If MS-Software is really that flawed the government should demand they fix their software until they can safely present at least their APIs, before they may go on selling any software.
No, what the government should do is immediately switch to open source.
"Your software is THAT insecure? My god, we must stop using it IMMEDIATELY."
The Win32 API is not the kernel API, at least not for the NT derivatives. The Win32 API was written for something akin to "cross-kernel" portability (Win95/98 to NT to CE). It's a good idea and wasn't originally meant to obfuscate or hide the underlying APIs, but to provide a standard API across kernels.
It's very similar to the glibc API, which hides the underlying Linux system calls.
> I believe the "Creation Scientists" are generally using anything but science to butress their case, I do think that they provide an important service. They harp on problems within the current set of theories that are taught, theories which are presented in schools with little or no rebuttal.
Alas, the creationist is yet to be born who understands any theory of science well enough to point out problems in it. (For that matter, it's doubtful that one in 10,000 creationists even know what a "theory" is.)
FYI, many scientists make careers of debating the problems with their own theories. Creationists have never added anything to the debate. (They're fond of pointing out errors like Piltdown man, but they always forget to mention that the frauds and mistakes they like to point out were invariably discovered by scientists rather than by creationists.)
> For example, the systematic lack of transitional forms in the fossil record is one which calls into question the gradualistic evolution that was taught when I was in school...
Browse talk.origins sometime and you'll notice that the one thing creationists never let themselves be pinned down on is the definition of "transitional". They incessantly assert that no such things exist, but won't even define the term. Whenever someone cites an example the creationists just handwave it away with "that's not transitional".
> Can teenagers be hurt by being presented both the pros and cons of the various theories in a balanced way?
No, I don't suppose it would hurt. But creationists have never pointed out any pros or cons of biological theories -- neither in a balanced way nor otherwise. Also, I'm curious why you seem to think that gradeschoolers should get the full dosage of "outstanding problems in evolution". In physics, mathematics, computer science, and in areas of biology other than the theory of evolution, that is generally reserved for grad school. Why the special treatment for the theory of evolution? Other than the fact that it offends a lot of people's religious beliefs?
Sheesh, evil *and* a jerk. -- Jade
> God didn't change his mind about creating the earth. The Man that God created went off and became wicked, and God cried over them as a parent cries over the bad choices of a child. (Of course, most parents don't go kill their kids and start a new family when the first one doesn't go so well, but that is another problem to explain... I would be here all night!)
Give it your best shot. Be sure to tell us how many infants drowned in the flood.
There's no excusing the inexcusable.
Also explain why an omni*ent god applied a fix that didn't work: the ground was hardly dry before his champion of righteousness got drunk and showed his peepee, and of course the world is brim-full of wicked people right now. What did the flood accomplish?
Sheesh, evil *and* a jerk. -- Jade
> The core Truths of "Religion" never change. However, Man's understanding of them will always be limited, and the application of the core Truths will change according to environment.
IOW, "The core 'truths' of religion are in constant flux."
The key difference between science and religion is that science is guided by evidence and religion is guided by tradition + a dash of this week's social views.
Sheesh, evil *and* a jerk. -- Jade
Like that?
"If he thinks he can hide and run from the United States and our allies, he's sorely mistaken." Bush on bin Laden
Ok, then. If that's our standard of evidence, prove that, oh, the United States of America rebelled from Great Brittain. First person evidence only, please. ;)
Here's an interesting look at purposefully hidden files under windows. It's amazing if you look through it all. Your browser history doesn't go away, etc... Stuff like "show all files" and "find" have been purposefully written to ignore this stuff.
http://sillydog.org/mshidden.html
The only difficulty with `demonstrating' God is that most people try to `demonstrate' their mental model of Him instead. If you're looking for reproducible results, you're looking for a God who is in essence completely under your control, and what use would that be? OTOH, if you're looking for things than only make sense from a God-based worldview, start with a large polystratic fossil and work out from there. There are many other starting points, but that's a nice, clear, scientific, even geologic one for you.
Got time? Spend some of it coding or testing
Spot the deliberate mistake. It's worth noting that Marge is at this point trying to tell Homer that she's pregnant. For a detail analysis of Homer's prayer, I recommend this book (and read the reviews, too!).
Now have another look at polystratic fossils (there are many other examples, this is one of the nice simple ones). These fossils penetrate several rock layers, typically to the tune of `tens to hundreds of millions of years' worth of deposits. Some large trees strike vertically through tens of meters of rock, and there is no sign of reworking, no turbulence in the rock, such as there would have been if the tree had been somehow thrust down through the rock; and there are many examples which are much too frail (with extensive branching etc) to have survived any kind reworking.
Name the tree which will stay intact for hundreds of millions of years while it is buried. AFAIK, not even wandoo will survive more than a few hundred years of exposure, and that is incredibly hard wood (wandoo weighs about twice as much as jarrah, which is hard wood to start with). Now revise your answer to account for a complete lack of weathering, a common feature of these fossils.
Now, the requirement for supernatural intervention here is this: if the rock surrounding a polystratic fossil did not take hundreds of millions to put into place, but at most years (or more likely hours or minutes), and there are many polystratic fossils (there are) this is pretty direct evidence that most if not all rock formed very quickly.
Sorry if this sounds pedantic, but you seem to have let the point escape you in the previous post.
Now, evolution as a theory of how-we-got-here is simply impossible; there is no way to even approach the biological structuredness we see around us no matter how much time you allot to the purpose. However, this requires technical knowledge to illustrate and understand.
If polystratic fossils can so simply and clearly show that the millions of years postulated for evolutionary development are imaginary, it does not take a technical mind or a great deal of imagination to see that, with naturalism's only viable explanation dead, an alternative is required.
END-OF-POINT MARKER
Now, on a different but related topic, it happens that a lot of ancient records from all over this world mention an event ideally suited to emplacing polystratic fossils - and incidentally accounting well for many other features of geology such as the `Cambrian Explosion' - and this event does not require millions of years. Many accounts attribute weeks, months, a year or a few years' duration to it. Is it hard to figure out what I'm alluding to?
Got time? Spend some of it coding or testing
Excellent! I'm eagerly waiting to hear about a worldview which encompasses non-intrusive, non-weathered large-scale polystratism, but is not at least supernatural. (-:
Agree, an artificial God is utterly pointless, for by definition it has no more power or use than that bequeathed upon it by the hand of its creator. The basis for Christian, Muslim or other dieties is a separate question and should not be rolled into your statement as an implied assertion, when in reality it is a question which has apparently not been examined in enough detail to provide any conclusive or even substantial answers.
I reiterate, a God that you could completely understand (and so, in principle, control) is by definition a useless one.
Thankfully, we don't need to either have a description in hand, control, or even basic understanding of a putative creator in order to know that one is required in order to explain the existence of nature as we see it today.
Once you have escaped the trap of materialism, that is, once your reasoning can encompass naturalistic asymptotes, you can begin to look for more detailed explanations than `life as we know it required drastic supernatural intervention of some kind'. IMHO, such details are available to science.
Got time? Spend some of it coding or testing
Or not....
And so what happened? You seem to have either stopped questioning too early, or to have based your conclusion on the strength or weakness of some individual's position, rather than on the strength or weakness of the available evidence itself.
I started my thinking life as an evolutionist. I upset Mum badly one day (but she didn't show it then or ever) by mentioning some one-line wisdom I'd heard to her in a 'phone conversation: `a man needs religion like a fish needs a bicycle.' She started praying for me that day (and asked her church to as well), said nothing to me, and within two months I was studying the Bible, history and science with a variety of people and within six months was a committed Christian - although in such a completely different branch of Christianity to hers that I think Mum died not completely convinced that her prayers had been answered.
One advantage that I've had is in directly witnessing several supernatural events, through my association at the time with a `white' witch (the basic difference is in purpose, not in methods). One of those takes a while to describe, involved two other sober people, and was deeply shocking. Another was watching some books leap out of a book-case unaided (I checked the book-case and books (and wall) all over, inside and out, carefully, and made sure that there was no mechanical trickery here) and several meters across the room. Even without that advantage, you can turn to one of the very many events which were clearly supernatural, witnessed by many people, and well documented (Lloyds subsequently came back at $500 PA and extended coverage to Guyana).
I suspect that such events are not more prevalent today for several reasons, foremost among which are (1) any diety interested in wholehearted allegience would probably want it to depend on that nature of that diety, rather than on a `sugar-daddy' stream of miracles, and (2) there is apparently more than one source (direct or indirect) of supernatural effects, which opens the field more widely to fraud.
I'd presumed upon the millions-of-years thing myself, and polystratic fossils are one of the more graphic and convincing observations which overturned that presumption for me. Of course, sans millions of years, materialism doesn't even give the appearence of being in the running.
For example: the Yellowstone trees (so often cited as evidence of life over millions of years) combined with dendrochronology (also so often cited as proof of excessive amounts of time) are actually a fairly clear witness to the absence of those years, for the Yellowstone fossils are not only polystratic and bedded on different strata but also grew contemporaneously and show strong symptoms of having been emplaced by a mechanism essentially identical to that observed in Spirit Lake after the eruption.
There are many, many other good polystratic examples to
hand, including inclined trees, and also many half-hearted attempts to explain them away. One of the common `counterexamples' is a set of lycopods with root systems; an examination of the available samples indicates that these trees grew floating, or at least on an extremely spongey substrate, so it is reasonable to expect them to be disturbed and embedded complete with roots. Even ignoring this, it is still most unreasonable to expect even relatively short (1.2m, in the worst case) stumps to be fossilised upright and intact in an evolutionary scenario.
Yah, and the height of stupidity as well. Given the number of viewpoints in the world, simple arithmetic tells you that most or all of your (and my) opinions are globally wrong in some way. (-:
...and don't get me started on `contextually wrong'! (-:
If I was a Wemmick, I'd give you at least three stars for that statement. (-:
Food-for-thought time.
Mary and Jimmy are pseudonyms, but the story is true. If you had been Jimmy, would you have done the same?
Got time? Spend some of it coding or testing