Microsoft Battles Free Software at Pentagon

Spirit of Ishmael writes "The May 22 Washington Post is running a story under the headline Microsoft Fights Free Software at Pentagon. According to the story: 'Microsoft Corp. is aggressively lobbying the Pentagon to squelch its growing use of freely distributed computer software and switch to proprietary systems such as those sold by the software giant, according to officials familiar with the campaign.'"

Nothing like drumming up business for yourself

[ObviousGuy]

Mitre may have a reason they want to encourage Linux in the gov't.

Re:Nothing like drumming up business for yourself

[MrResistor]

Mitre has been tight with the government since just about the dawn of time. They were one of the origionators of what became the internet. At this point, I doubt Mitre has much difficulty getting contracts, especially from the DoD, since they have such a long-standing relationship. I think it is significant, however, that Mitre is pushing Linux. That, even more so than IBM's efforts, tells me that Linux has made it to the big time.

Re:Nothing like drumming up business for yourself

[Cowculator]

As someone who has worked for MITRE, I know there's a reason that it "has been tight with the government since just about the dawn of time:" That's the company's purpose. It's a private company whose mission is to provide independent contracting for the government, so it has all the benefits of being able to do cool scientific research for DoD, DoE, the military, etc. with all the benefits of not actually being a government agency.

What this means is that a large number of its employees have advanced degrees - especially Ph.Ds - in scientific fields, so they have probably done their share of academic research in various *nices. They're used to it, and it's definitely pervasive throughout the company - plenty of Linux machines as well as Solaris and others - because they know they can use it for research and they don't have to worry about government licensing and other paperwork when buying their own equipment. They're free to push these systems all they want because they know they work and they have plenty of freedoms that a normal government agency might not have.

Whose software?

[Bonker]

Quoth the article:

Jonathan Shapiro, who teaches computer science at Johns Hopkins University, said: "There is data that when the customer can inspect the code the vendor is more responsive. . . . Microsoft is in a very weak position to make this argument. Whose software is the largest, most consistent source of security flaws? It's Microsoft."

As ye sew, so shall ye reap, I guess.

This article was so full of typical Microsoft FUD, but it hit one or two points very clearly:

The Gub'ment is savin' your tax dollers by usin' that open source Linux thingy!

Re:Whose software?

[milo_Gwalthny]

Can you 'prove' security? I thought this was one of those stopping problem things: unprovable.

But, then, I am a little out of date.

What are their selling points?

[teslatug]

You have this software that you pay nothing for and that thousands of people around the world find bugs in, but you should BUY ours because we obscure our bugs and only we know how this software works...???

Re:What are their selling points?

[RealisticWeb.com]

The selling point they are trying to use is simple American economics. I should say to begin with that I don't agree with MSFT's argument, but I do understand it. They are looking at open source as "free beer" and saying that is against the american way, and undermines the free market economy that we have so carefully built up. This was indicated by the article when they say MSFT is "in a long-running company assault on the open-source movement, which company officials have called "a cancer" and un-American". Of course that is not thier only argument, but in this case it seems to be the only one that actually is strait forward. The rest are the typical FUD, like the statement "some free-licensing regimes are antithetical to the government's stated policy that moneymaking applications should develop from government-funded research". Sure. I can't argue with that, that SOME free-licensing "regimes" are, but so are SOME proprietary software empires. Let's just pray that the people making the final decidions in the DOD are smart enough to listen to MSFT's admition that they are a threat to national security.

Re:What are their selling points?

[wirefarm]

"But if this Linux thing is so good, then why is it FREE? Can you answer me that?? Thought not. Microsoft must be better because it costs more."

Of course I'm being sarcastic, but how far is that from some people's thinking?

Government managers pride themselves on how much they spend and how many people they command, not on how much they save. Keep in mind that they cannot turn a profit or even show a savings - that's suicide - much more so than having your project fail spectacularly.

Bureaucracies often need to be able to quantify their logic (to avoid actual thought?) - so perhaps Linux should just cost more up front? That would make it a lot easier to go over budget later...

Of course it doesn't help that there is no recognized equivalent to the MCSE program - how do you then justify who you hire? Slashdot karma? I know there is the Red Hat program, but does that really carry much weight in government hiring?

Cheers,
Jim in Tokyo

Re:What are their selling points?

[DarkZero]

He said that THEY are saying it; it was not his opinion. And in that context, he's right. Microsoft has claimed in the past that open source software is harmful to the economy because it is not paid for.

Re:What are their selling points?

[AnotherBlackHat]

Government managers pride themselves on how much they spend and how many people they command, not on how much they save. Keep in mind that they cannot turn a profit or even show a savings - that's suicide - much more so than having your project fail spectacularly.

Bureaucracies often need to be able to quantify their logic (to avoid actual thought?) - so perhaps Linux should just cost more up front? That would make it a lot easier to go over budget later...

Nah - what you need is to sell the idea of a support team being cheaper than the propietary software. That way the empire builder manger types can justify enlarging their kindom of employees, and still claim to be saving money.

"Yes I hired more support staff, but I would have spent even more if I hadn't used Linux..."

-- This is not a .sig.

Re:What are their selling points?

[(H)elix1]

"But if this Linux thing is so good, then why is it FREE? Can you answer me that?? Thought not. Microsoft must be better because it costs more."

Of course I'm being sarcastic, but how far is that from some people's thinking?

The comercial distros for things like HP-UX, the large IBM boxes/mainframes are not free. GPL, perhaps... but not free as in beer.

Re:What are their selling points?

[electroniceric]

some free-licensing regimes are antithetical to the government's stated policy that moneymaking applications should develop from government-funded research

That particular piece of FUD was troubling to me, as it means that Microsoft thinks that the political climate is safe for them to say that publicly funded work should not be released to the public domain, but rather should be used to enrich a particular set of people (i.e., them).

It troubles me that people think they can make that claim in public, because it says to me that people are really buying this crap that in order to provide jobs for the middle class, you've got to mollify every little whim of the captains of industry. I don't think it's wise for government to alienate industry entirely, but it does need to make sure industry knows who's ultimately in charge. Time for some balance.

any lawyers in the house?

[jnana]

John Stenbit, an assistant secretary of defense and the Defense Department's chief information officer, said Microsoft has said using free software with commercial software might violate the intellectual-property rights of companies such as Microsoft. Stenbit said the issue is legally "murky."

Can any lawyers tell us how in the hell this might even be remotely plausible? Is it possible that there might be *anything* to such a claim that using both free and non-free commercial software might violate the IP rights of the commercial vendor? This sounds like good old MS FUD, but usually there is some tiny scrap of reality at the base of their sand castle. I can't believe this might be true, but IANAL.

Missed the word BANNED

[bstadil]

I think you missed the word Banned.

I am not aware that BK is trying to make your intake of Whoppers conditional of not eating Big Macs anymore.

"Murky"?

[Scooby+Snacks]

John Stenbit, an assistant secretary of defense and the Defense Department's chief information officer, said Microsoft has said using free software with commercial software might violate the intellectual-property rights of companies such as Microsoft. Stenbit said the issue is legally "murky."

How in blazes is anything "murky"? Is there anything that I, as a third party, can do that would undermine Disney Enterprises, Inc's copyright on one of their movies? Likewise, are their any rights that I can take away from Microsoft Corporation as a user of their software? Someone needs to put down the crackpipe, methinks.

The only way I can think of that using Free Software would "violate [Microsoft's] intellectual property rights" would be if their EULA or contract with their customer prohibited it. But that's not even a matter of intellectual property rights[1], that would be contract law (in the case of an actual contract, or if we assume that EULAs are, in fact, legally binding).

Now, I understand why Microsoft is trying to muddy the waters, but why in the world is the DoD playing along?

[1]Remember, the all-encompassing phrase "intellectual property" covers three nebulously-related yet disparate parts of the law: trademarks, copyrights, and patents. It does not refer to contracts, in the common usage of the term.

Re:"Murky"?

[Malcontent]

"Now, I understand why Microsoft is trying to muddy the waters, but why in the world is the DoD playing along? "

Spoken like a man who was never in the military. As a veteran let me assure you that the DOD is playing along because they are profoundly stupid people. MS said something and they believed it. They are not used to questioning authority in the first place.

National Insecurity?

[ThesQuid]

Good grief, was it not less than two days ago that Microsoft claimed they could never release the APIs for Windows out of fear for the damage it would do to National Security? I would like to think that the cryptanalysts at the Dept of Defense would be fully versed in the fallacy of Security through Obscurity, and would make their voices heard.

Re:National Insecurity?

[Henry+V+.009]

You make so much sense! The DoD has obviously ditched NSA testing for free beer software. "Security, Shemurity, at least it doesn't cost anything! I'm installing sendmail on the President's laptop."

Re:National Insecurity?

[Jah-Wren+Ryel]

To that end, the Defense Department is now prohibited from purchasing any software that has not undergone security testing by the NSA. Stenbit said he is unaware of any open-source software that has been tested.

Hello! The NSA has their own freaking linux distribution. I don't think you can get more undergone than that.

Re:National Insecurity?

[darkonc]

what I find more interesting about that paragraph is this:

To that end, the Defense Department is now prohibited from purchasing any software that has not undergone security testing by the NSA.

Note that he said "tested". He did not say 'had passed testing by the NSA'. This means that MS software might be tested by the NSA, found to be a cyber-terrorist's wet dream and because it had miserably failed testing by the NSA would be purchasable by the Pentagon.

(you might consider that absurd until you've seen some of the submissions made to the courts by Microsoft's lawyers)

Re:National Insecurity?

[Pope]

You can install sendmail on SNES?!

Re:National Insecurity?

[gnovos]

Good grief, was it not less than two days ago that Microsoft claimed they could never release the APIs for Windows out of fear for the damage it would do to National Security?

One has to wonder how selling the Pentagon software with SEVERE, KNOWN FLAWS that threaten NATIONAL SECURITY is *not* treason... What ecaxtly could a spy sell to the U.S. that is worse than that?

Re:National Insecurity?

[Tony-A]

It really gets to be fun if you have spies doing the BSA audits.

Re:So what?

[Disevidence]

While Microsoft can lobby all they want, they are -

1. Outright lying
2. Spreading FUD

But whats new?

None of that, the real news is that the government is weighing up the options of open-source and closed source, and its a great time for people to lobby the representatives about this sorta thing.

Besides, i would of though an article about which type of software is running the defense software would be interesting.

what amazes me is...

[happyclam]

The company also complained that the Pentagon is funding research on making free software more secure, which in effect subsidizes Microsoft's open-source competitors, Stenbit said.

Microsoft's push is a new front in a long-running company assault on the open-source movement, which company officials have called "a cancer" and un-American

What has me truly amazed is that Microsoft is now fighting against the world. Think about it... most companies battle their competitors. Microsoft has become so big and rich that they no longer have any individual competitors. The "competition" consists of people who do good things, often for free. God forbid the government give money to people who do good things.

And, of course open source is un-American! In the sense that "American" implies elitist, exclusive, arrogant, and imperialistic.

Re:So what?

[Frater+219]

And in other news, Burger King is "aggressively lobbying" me to switch to eating Whoppers instead of Big Macs. What is the story here?

Nothing at all, of course! It is perfectly normal and acceptable for companies, especially in a troubled economy, to pare back and focus on their core competencies. The Post article is irresponsibly making a fuss over Microsoft leveraging two of its well-demonstrated core competencies: lying to the government and subverting democracy. These essential skills are central to Microsoft's operation, and it's an abuse of free speech to present them as something dangerous -- worse, it might panic the consumers!

Unquestionably, it is "idiotic and inflammatory", as you point out, for the newspaper of record in our nation's capital to report on these perfectly normal goings-on. The matter of which development efforts are funded by our tax monies has no bearing whatsoever on the public interest. It may be safely left up to our trusted government agencies and their staunch allies in large corporations and special interest groups.

After all, what would we commoners have to tell them? They're the experts, and should be left to run the military and the government without any bother from us civilians. And under our sacred and inviolable system of government, power vests in the State, its Employees, and its Contractors -- not in the unwashed masses. For a so-called "newspaper" to "inform" us about the government's activities is nothing short of treason.

Doesn't the government?

[wbav]

Go with the lowest bidder?

How does M$ expect to beat free?

Re:What do you expect?

[Metrol]

Free software is their competition. Next thing you know people like Alan Cox might speak to them about the benifits of open source. My god, how evil!

If Lockheed and Boeing were in the midst of competing for a contract, one would not be suggesting the other be BANNED through legislation. Sure, the competition would be rough. Thing is, they would be competing on the merits of the product they were bidding on.

What is happening here is (to keep the metaphor a rolling) is Boeing is making the claim that Lockheed is making inferior products, and giving all the secrets to unfriendly nations. That to even consider doing business with Lockheed is equivalent to being an unAmerican communist. You're not for communism are you?

Despite what you make think, it is not a usual occurance to have one competitor try to get legislation passed to ban another. You require a special kind of arrogance to go that far.

Actually..

[neuroticia]

I think the best reason to encourage Linux in the gov't is Microsoft's attempt to justify closed-source Yeahhh.. The software is so insecure that the source code must be kept top-secret, but it should absolutely be used in the government. I wonder if everyone in the government has to have a Passport account, too?

And hey--isn't MS currently at court for being over-eager? Going after the gov't after that just seems like a little kid who's just gotten a spanking going right back to the cookie jar.

-Sara

Re:Actually..

[AJWM]

Microsoft's attempt to justify closed-source ... so insecure that [it] must be kept top-secret

Hmm, would that be the same closed source that apparently (although MSFT later denied it) leaked out to some foreign crackers that had infiltrated Microsoft's internal network for a couple of months last year?

Oh, wait, that was before the four weeks of "security related" bug fixing last February. Okay, everything's fine now. Just a small leak, really.

Re:Actually..

[Danse]

Not even the source code. They said that they couldn't reveal certain APIs and protocols even. That's fucking sad.

Will the US follow Peru's lead?

[Nate+Enderle]

Not too long ago, slashdot posted this article concerning the campaign in Peru to switch the government to free software. It had a point by point by point analysis of Microsofts FUD. I hope that somebody in the US government takes the time to think through the issue, rather then just giving in to corporate pressure. What would be even better would be to see one of our own senators or high appointed officials show that they understand the issue as well as Peruvian Congressman David Villanueva Nuñez. One can hope.

Re:This gives new meaning to "software wars"

[Gorobei]

Yes, opposition doesn't prevent a firm from being a monopoly. Consider the railroads in the 1800s: they were opposed by many (mostly those that needed to ship goods,) but they were still monopolistic because users didn't have a real choice of transportation vendors. The railroads used similar tactics to those of Microsoft today (incompatible hardware/protocols, discriminatory pricing, and exclusive partnership agreements.) In addition to strong-arming their customer base, the railroads also hired private "security firms" to hassle their competitors and detractors, spent large sums of money to lobby congress.

A vigorous opposition doesn't mean you are not a monopoly, but it does mean that your days may be numbered.

The Navy Loves Windows NT!

[toupsie]

The US Navy "Smart Ship" Yorktown was outfitted completely with Windows NT to run the ship's systems. Because of a Divide By Zero bug, the Aegis missile cruiser became dead in the water in 1997 and had to be towed back to dock. Windows NT had frozen the propulsion systems.

At least with an open source system, they could have patched the code and moved on. But with the closed source Windows NT system, the USS Yorktown had to be towed into harbor and let the boys from Redmond check under the hood.

Thank God it was peacetime..

Re:The Navy Loves Windows NT!

[T.E.D.]

I know a little about that, since I used to work for the competitor to the contractor that developed that software.

The fact of the matter is that the Navy, like any other large beuracracy, has all sorts of mutually-antagonistic factions that love or hate various systems more for internal political reasons than for their inherent value.

My old group (the Marine Systems division of Lockheed Martin - great bunch of guys and gals...) developed and maintained the engine control systems for all of the Navy's guided-missile destroyers. This class of ship has been around for a while, so it was originally developed using technologies that are incredibly outdated by today's standards. The sensible thing to do with such a system is to slowily modernize things, with an eye towards longevity and maintainability.

You first have to realise that Naval systems have to be way more reliable than your average PC. The open ocean is not kind to electronics, and warfare certainly isn't. The shock and vibration requirements are unreal (like 100G's). The sailors might all die, but the engines would be just fine. I guess the ship would be puttering around in a big circle in the open ocean. :-)

Also, you must realise that it is considered a disgrace for a captain to have his ship towed back to port. Thus naval engine control systems have to be very reliable, or captains are very unhappy with you. It was not unheard of for our engineers to get woken up in the middle of the night and flown to a diabled destroyer via heliocopter to fix a bug, rather than have it towed in. So a "tow-in" bug is even worse than it sounds to an uniformed civilian. Nasty things happen that a peon like me doesn't really want to think about. :-(

For that reason, the natural and sensible route is to update these systems using Naval-standard COTS hardware (HP/UX based), and to develop all new software in Ada (the only language designed for use in "life-critical" applications), using accepted (and time-consuming) software development processes.

However, there was an R&D branch of the Navy that was investigating use of all sorts of new unproven technologies. In this case, they were using C++, expert systems, common 'PC's, and lassise-faire development processes. Experimenting is what R&D folks should be doing, so that's all good. But these technologies are notoriously bug-ridden, compared to what we were using in the actual fleet. We didn't bid on the R&D stuff, (I'm not sure why), so it went to a competitor of ours who I won't name. (But who's initials are CAE :-) ).

Now of course the commander who has the R&D folks under his command wants to see his stuff used, as that will validate his R&D group, and of course give him a good reason for an increase in funding. So he fights hard to get us thrown off of all future contracts, and our competitors on. But the other Naval oganizations have a lot invested in our stuff, and the captains are understandably leery of massive changes. It probably didn't hurt us any that our competitor was a Canadian company too. So its a big hard political battle, with us mostly winning. I'd like to think this was a victory of reliability and proven techniques over fashion and flash, but I'm not that naieve.

However, apparently they did manage to get the R&D system put on one ship as a test case. Probably it had something to do with CAE having a better position in Crusiers than us. Imagine the captain's displeasure, and our secret delight, when that system failed in the middle of the ocean and the ship had to be towed back. :-)

The moral of the story is that you can probably get something thrown together with whatever's considered "cool" today and that might make it an easier sell, but if you *need* reliablity, you use Unix and Ada, and good software development processes.

(disclaimer: I currently work for a competitor to CAE in a different market.)

Re:The Navy Loves Windows NT!

[T.E.D.]

Why in the fuck was the navy using Windows NT, when they could have been using Solaris or Linux or even fucking HP-UX?

See my reply to the parent of this post for the answer to this question. The exectutive summary is that it was a political, not technical decision. If it was technical, they would have been following their own policies, which would mean it would have been migrated (rather than developed from scratch) to HP/UX boxes using Ada (HP/UX was their standard OS at the time, and Ada their standard language), which together would have provided orders of magnitude more reliability.

Re:The Navy Loves Windows NT!

[T.E.D.]

Do you have any evidence that Ada increases software reliability? I've used Ada for about 5 years and I haven't seen any significant difference in reliability between Ada applications and those written in other languages such as C++.

Actually Rational (the compiler and process folks) did an exhaustive study on this. Their findings were that they had about 2x the productivity in Ada than they did in C, and 1/4th the bugs. You can read the findings yourself
(Note: before you post replies with possible reasons why their results were wrong, read the study. Just about every flaw imagineable was looked into.)

Its very tough to do such studies, so there isn't a lot of other studies around for comparison. I'm aware of a couple of other informal ones with CS students, (which were interesting, but I wouldn't bet my project on) and that's about it. Rational just happened to have the data available and the expertise to study it. But even the infomal studies I've seen give Ada the nod for reliability. The only thing that seems to come close is Java.

This makes sense when you consider that Ada is the only language that was designed from the start for use in "life-critical" applications.

Most of the Ada vendors have gone out of business so I guess Ada would be a great open source project. You aren't going to get any technical support for the compiler so you might as well have the source.

Most compiler vendors in general have gone out of business, so that really doesn't mean much. What is significant is that there are 4 (perhaps more I don't know about) Ada compiler vendors currently supporting Windows, which is more than can be said for C++ and Java.

As for Ada being a great OpenSource project you are right, but not for the reason you think. I guess you didn't realise that the Gnu Ada compiler not only exists, but is now in the official gcc baseline.

However, I've always had great support from my proprietary compiler vendors too. I'd love to see someone try to get the level of vendor support I recieve from GreenHills and Aonix from Microsoft for VC++.

ACT is actually one of the very few Free Software commercial success stories, so you are quite likely to hear about them if you ever attend an RMS talk. I've seen no less than 3 transcripts where he mentioned them or their Gnu Ada compiler in reference to a question about commercial Free Software.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Howitzering themselves in the foot...

[gdyas]

If any of you follow the link provided and read the article, you'll find that the DoD is giving MS's advice exactly the (lack of) credence it's due. So before you piss yourself about supposed Bush Administration / MS collusion, just read it.

Huzzah, and thank God the good folks at the DoD are relying on solid data to make good decisions about the software used to protect the nation, and Damn MSFT for looking for growth opportunities in degrading national security by harrying them for needless proprietary expenditures & vague allusions to "legal problems".

Corporate competition is one thing, but I don't think I can say it any simpler than Keep the Fuck off our Gov't with your FUD. When it comes to the DoD, there's more at stake than your option portfolios.

MS vs National Security

[Alien54]

Wasn't there an article the other day citing

"a senior Microsoft Corp. executive [who] told a federal court last week that sharing information with competitors could damage national security and even threaten the U.S. war effort in Afghanistan. He later acknowledged that some Microsoft code was so flawed it could not be safely disclosed."

Which would be a national security threat?

And they wonder why the Pentagon is Doubtful?

It certainly doiesn't sound like something worthy of milspec regulations.

An error in the article

[fava]

A Quote.

The theory is that by putting source code in the public domain, programmers worldwide can improve software by sharing one another's work.

One thing that the GPL is NOT is public domain.

Public domain means that the copyright holders relinquish any claim that they might have.

Public domain is for those who think that the BDS licence is not free enough.

Free as in speech -- not beer

[darkonc]

It's quite possible to purchase 'free' software. The difference between free software and proprietary software (like MS Windows) is that having 'purchased' the software, you are free to modify and redistribute (even resell) it, yourself.

People will often 'purchase' free software because they wish to support the work of those who are supporting it, or because they wish to access support or other special packages that the seller makes available with a purchase.

Some companies purchase 'free' software because it makes the accounting department happier.

Extremely Secure Linux? A Great Software Project.

[gdyas]

From the article:

Among the most high-profile efforts is research funded by the National Security Agency to develop a more secure version of the open-source Linux operating system, which competes with Microsoft's Windows.

IANAProgrammer, but I think that if the good people working on the kernel would like to contribute in a huge, meaningful way to Linux AND to national security they could put their heads together and bang out an iron-clad version of Linux, contributing to the above project and developing a superior, open-source solution that could achieve three primary goals, all very desireable.

• Promote Linux as the premier OS for security. It's already good - make it damn near perfect.
  
• Provide our nation's defense infrastructure with an open-source secure OS. The DoD is a BIG customer - keep them happy.
  
• Less importantly, shame the fuck out of MSFT. Prove these dicks wrong while they're still patching IE security holes twice a month.
  

Re:How to spot bias

[Amazing+Quantum+Man]

Denning was one of the main professors pushing Clipper.

Am I the only one just a wee bit unnerved...

[JeremyYoung]

By Microsoft lobbying hard to keep the department of defense using MS software, from a socio-political point of view? I mean, what better way to lobby congress or the judicial system to protect Microsoft from the law than to ensure Windows is used in critical national security functions? In fact, what better way to control government period than to ensure they use your software for their classified, even critically secret operations?

Re:Am I the only one just a wee bit unnerved...

[peddrenth]

Or the soundbytes:

"Microsoft, a convicted monopolist, today asked the government to ban purchases of rival software"

"Microsoft, producer of the world's buggiest and most insecure software, today criticized the NSA for developing a secure operating system which the NSA gave away free for others to improve upon"

"Microsoft, having recently declared that publishing its source code would bring to light serious and fundamental security flaws that are a threat to national security, today criticized software vendors who discover and fix security holes by publishing their source code."

"Microsoft, having recently declared that its code is a threat to national security, asked the government to use even more insecure software for their critical infrastructure"

Government funds competition - MS objects.

[AnotherBlackHat]

The company also complained that the Pentagon is funding research on making free software more secure, which in effect subsidizes Microsoft's open-source competitors, Stenbit said.

And when they pay for software, the government isn't subsidizing the producer?

The government funded research on security is available to everyone - Microsoft included.
When they fund research on faster planes, only a few companies gain the benefit.
They aren't likely to stop doing either.

-- this is not a .sig

No, no, and again, no

[Jerf]

Nothing a user of Microsoft software can do, developer or otherwise, can possibly obligate Microsoft in the slightest. It's impossible. As impossible as trying to come up with a scenario where I somehow create a legal obligation for you based on the posting you just created.

I can make a derivative work with your posting and try to Open Content it, but all the means is that I had no right to Open Content your post in the first place. Nothing I do can aquire those rights by fiat. Nothing I do can obligate you without your consent.

This line from Microsoft angers me, because it goes beyond FUD, beyond number juggling, beyond threats, beyond monopolistic manipulation. It's not FUD, it's another three-letter word you may be familiar with: L I E . It's a flat-out lie. And they know it.

Under GPL NSA must release source code?

[scubacuda]

According to the article,

Among the most high-profile efforts is research funded by the National Security Agency to develop a more secure version of the open-source Linux operating system, which competes with Microsoft's Windows.

My question is, under the GPL, will they have to tell us what modifications they made?

From GPL:

The GPL does not require you to release your modified version. You are free to make modifications and use them privately, without ever releasing them. This applies to organizations (including companies), too; an organization can make a modified version and use it internally without ever releasing it outside the organization.

But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the users, under the GPL.

Thus, the GPL gives permission to release the modified program in certain ways, and not in other ways; but the decision of whether to release it is up to you.

What could the NSA do to compel them to show us what modifications they made?

Re:Under GPL NSA must release source code?

[ProfMoriarty]

What could the NSA do to compel them to show us what modifications they made?

Uhmmm ... you already answered your own question ... partially.

You are free to make modifications and use them privately, without ever releasing them.

and ...

But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the users, under the GPL.

So ... no release to the public, no need to mention what was secured.

Re:Under GPL NSA must release source code?

[Animats]

NSA does release the source code for Security-Enhanced Linux. Click on the above link for the project page and download.

SELinux is not well understood. NSA has built a version of Linux with a mandatory security module. The idea is to allow people to experiment with a system that enforces mandatory security (which can be tough to live with) and to develop apps that can work within that model.

If you want to move things along, download SELinux and make some application work within a mandatory security model.

Steve Ballmer, unplugged.

[mrsam]

Little news tidbits like these ones actually explain why there's been a steady trickle of those bizarre, off the wall, statements and comments, from Ballmer, Gates, and other senior Microsoft officers. You know -- the comments like open source being some demonic spawn of Vladimir Il'ich Lenin; or Richard Stallman invading your corporate vaults and stealing your company secrets, etc... etc... etc...

I do believe that Open Source software, and Linux specifically, are taking a bigger, and bigger chunk out of Microsoft's revenues. Not much, in fact it's rather piddly; but it's still noticeable. And it's growing. Although few people on /. can actually put a monetary amount on how much it actually is, if there's anybody in the world who has a pretty good idea how much revenue Microsoft is losing because of Linux, it must be Gates, Ballmer, and the rest of Microsoft's upper echelon.

And I think they're getting scared.

That may be a bit self-serving or presumptious, and with 40 billion in the bank they clearly don't have much to worry about. Still, I think they have to have at least a mild case of indigestion.

There's nothing in this story that really should surprise anyway. So the feds, and the spooks, are using Linux, sometimes in a quite visible, and mission-critical way. So? That's nothing earth-shattering. And that's precisely what's giving Ballmer and Co the problem. Linux has traction. Not just the feds. Linux has traction in big corporate America. SIAC - the folks who run the networks for the stock exchanges, have cut over some mission-critical functionality over to Linux. Look at the classifieds ads in New York City, from big financial firms. There's a small trickle of open job reqs for hackers with Linux experience.

Gates, Ballmer, and Co, are seeing this as well as the next guy, and they just don't know what to do about it. That's what's scaring them. It's one thing when you have a well-defined opponent to do battle with. But how do you define the opponent here? Microsoft can't clearly define who their opponent here is. There's no single company to purchase, spread FUD about, or drag into court over some frivolous intellectual issue, in order to bleed them with legal fees.

So, all you can do is to try to FUD your way against Linux in general. But each time you'll try to go with a generic FUD campaign, your arguments can be easily shut down with a single, specific, counterexample of Linux's success in a mission-critical role. There's enough case history out there now to be able to point to, as a counterargument to FUD.

Microsoft is clearly struggling, trying to figure out a focused, targeted, anti-Linux campaign, and failing each time. Notice how they no longer claim that Linux isn't ready for mission-critical roles. That didn't work. Now they're claiming that using Linux puts your intellectual property in jeopardy. That can't last much longer. They still can't come up with a specific example, and only talk about in generalities; furthermore with Sun and HP putting Linux APIs into their respectives *nixes, the notion that Sun and HP have intentionally put their intellectual property in jeopardy is a bit difficult to swallow.

So, I don't think the intellectual property FUD has much more left in it, and it will slowly disappear over time. So, what's the next FUD attack? I don't know. Neither does Ballmer, or Gates. And that's what's scaring them.

Re:Steve Ballmer, unplugged.

[Alsee]

While reading your post, something just clicked...

Microsoft has moved into the console market. Well, I think Linux should do the same. Start stealing away Microsofts marketshare with an opensource gaming console - the LBox.

It would be a huge hit. Buy an LBox, download the games for free! :)

-

Re:Steve Ballmer, unplugged.

[Permission+Denied]

if there's anybody in the world who has a pretty good idea how much revenue Microsoft is losing because of Linux, it must be Gates, Ballmer, and the rest of Microsoft's upper echelon.

And I think they're getting scared.

Microsoft is scared. But they're not scared that they're losing money to Linux.

In the section where I work, it's become common practice not to buy any software that does come with source. That includes database apps written specifically for what we do and marketted to a small niche, utility programs and development tools. The software doesn't have to be "Free" or Open Source - it can come with an NDA, but it must come with source code. Why, you ask? My management now understands the power of having source code. If there's a bug, we fix it. If we need a feature, we add it. We're less dependent on third parties to complete our jobs.

NB the ridicule against MS when they claimed that keeping their source code secret was a matter of security. The mainstream press (and perhaps mainstream America) is starting to understand what we techies mean by "security through obscurity." A few years ago, MS could get away with a move like this and most people wouldn't have given it much notice.

Look at the moves toward open standards, which MS is grudgingly accepting. Things like XML, documented networking protocols, standardized programming languages. People have always demanded interoperability, but they now understand that interoperability comes through open standards.

MS has $40 in the bank, and yet they're still making dumb moves against Linux - moves like that "national security" announcement a few days ago. These moves show that they're scared - they're making dumb moves which may hurt their image and their bottom line in the end, and in the business world, those dumb moves which hurt your bottom line are the dumbest dumb moves. But what are they scared of? Are they afraid that $40 billion will become $39 billion? Would you risk attacking Linux/Free software/Open Source so vehemently at the threat of losing one fortieth of your company's stockpile?

Microsoft is not afraid of losing money to Linux. They're afraid of an idea. When people demand source code in order to reduce vendor lock-in, fix bugs and add features, when the public recognizes the crap which MS is claiming as security, when business starts demanding open standards - when these things happen, that's a problem for MS. The MS executives are not foolish - they realize a few hundred million dollars is not such a huge problem for them at the moment. However, what could be a huge problem for them is the death of their business model. That's what they're afraid of.

Re:Steve Ballmer, unplugged.

[JordanH]

• In the section where I work, it's become common practice not to buy any software that does come with source. That includes database apps written specifically for what we do and marketted to a small niche, utility programs and development tools. The software doesn't have to be "Free" or Open Source - it can come with an NDA, but it must come with source code. Why, you ask? My management now understands the power of having source code. If there's a bug, we fix it. If we need a feature, we add it. We're less dependent on third parties to complete our jobs.

When I worked in SCADA (Supervisory Control And Data Acquisition) a few years back, it was more typical than not to get source to the system. Many contracts required it.

Why? Because these systems were specified and expected to serve for 20 or more years. Without source, you can't expect it to be supported that long.

Also, the customers really liked the flexibility to hire just anybody to fix problems.

SAP provides source (is it just ABAP code or do customers typically get all the source to SAP when they buy it?) for the same kinds of reasons, I believe.

I have no experience in this area, but Mainframe customers often get complete OS source too, I believe. I've known several OpenVMS customers who had source licenses, also.

Not many Windows customers get source, from what I've heard. I think that source distribution was far more common 20 years ago and it's only been in the era of shrinkwrap software that it's diminished. Maybe it's a good idea whose time has returned!

Re:Steve Ballmer, unplugged.

[regen]

SIAC - the folks who run the networks for the stock exchanges, have cut over some mission-critical functionality over to Linux.

As one of the people who developed the ARTmail network at SIAC (The application running on linux), I can tell you that it is not mission critical.

The mission critical application run on MVS, Solaris, HP/UX, Tru64, and a few other obscure comerical unices but not Linux. Most of the mission critical apps actually run on MVS.

Re:Steve Ballmer, unplugged.

[jonathanjo]

Microsoft has moved into the console market. Well, I think Linux should do the same. Start stealing away Microsofts marketshare with an opensource gaming console - the LBox.

Hey, buddy, that's the G/Box to you!

Re:Extremely Secure Linux? A Great Software Projec

[Gaccm]

Promote Linux as the premier OS for security. It's already good - make it damn near perfect.

Linux isn't engineered, developers' scrath their itches, if lots of people care about really high end security, it will get done, otherwise it wont.

Provide our nation's defense infrastructure with an open-source secure OS. The DoD is a BIG customer - keep them happy.

While the more linux users the better, no developers care about specific countries or how big a user might be.

Less importantly, shame the fuck out of MSFT. Prove these dicks wrong while they're still patching IE security holes twice a month.

There have been more events than you can shake a stick at where MS screwed themselves over, Linux just needs to be good in order to make MS look like a fool.

Also I should advise you that 1) the NSA has their own version of linux is has extra security stuff, and two, don't forget about *BSD. OpenBSD hasn't had a remote root exploit in 4 years or something.

God bless the NSA

[Tokerat]

There are many posts here about the NSA and testing software for security, and a few arguments about their Security-Enhanced Linux project. From the NSA's Security-Enhanced Linux FAQ:

Why was Linux chosen as the base platform?

Linux was chosen as the platform for the work because of its growing success and open development environment. Linux provides an excellent opportunity to demonstrate that this functionality can be successful in a mainstream operating system and, at the same time, contribute to the security of a widely used system. A Linux platform also offers an excellent opportunity for this work to receive the widest possible review and perhaps provide the foundation for additional security research by others.

For once I'm rather relieved that Big Brother is watching...and realizing the point, and even helping the cause. Go USA.

Re:Tax $$

[scotch]

Have you been in a US post office lately? Last one I went into was plastered with Windows XP posters, and there were even some demo disks at one point.

The fact that MS can lobby the pentagon (the *pentagon* for crissakes) speaks volumes about how much corporations run this country. The pentagon should tell MS to fuck off - if they want to whine about it, they can make an appeal to congress or some such. The military is supposed to be insulated to some extent from this kind of crap.

If I were running the pentagon, I'd kick those slick backstabbers out on their asses -- "we'll call you if we have any questions".

Re:Dumb Windows v. Intelligent Linux Users

[dangermouse]

Tell me again why it's bad for "anyone" to be able to use a computer?

Because then you, personally, are not so special? Do we list that under "cost" or "benefit"?

I generally support the use of Linux over Windows myself, so I know there are reasons to do so without bringing your misguided elitism into it.

Re:last paragraph

[Animats]

That was with the old process, where NSA did their own evaluations. The new evaluation scheme is under the thumb of software vendors, with testing performed by private testing services paid by the software vendor.

Microsoft is trying to get Windows 2000 approved under the new scheme, but hasn't succeeded yet.

Whoa - no offense!

[wirefarm]

RHCE is one of the better programs out there - LPI, I'm not so familiar with. (But I've heard good things about it.)

What I was saying is that the MCSE program has way better brand recognition than anything Linux has to offer. Everybody's heard of it and frankly, outside of slashdot, it's rarely something to be ridiculed for.

My point was, there's a lot of people out there who are really qualified in Linux who are not certified in any manner. (Are RMS, Linus Torvalds and Alan Cox certified?)

Plus, making MCSEs into dogfood would be cruel. No dog deserves that...

Cheers,
Jim in Tokyo

Re:Extremely Secure Linux? A Great Software Projec

[Alsee]

aren't contributing to any one nation's national security, but all takers equally.

I hear Al-queda is finally fed up with security leaks from their use of Microsoft software and are switching over to 100% open-source.

-

Studies and loopholes

[Selanit]

A couple of things spring to mind. First:

"I've never seen a systematic study that showed open source to be more secure," said Dorothy Denning, a professor of computer science at Georgetown University who specializes in information warfare.

My first reaction to this was "Suuure." But then it occurred to me that the word "systematic" is key. Have there been any systematic studies of security in open- vs. closed-source programs? I mean academic quality research -- with control groups, a clearly defined method for testing the security, with the results published in a peer-reviewed journal.

Stenbit said the debate is academic and that what matters is how secure a given piece of software is. To that end, the Defense Department is now prohibited from purchasing any software that has not undergone security testing by the NSA. Stenbit said he is unaware of any open-source software that has been tested.

Emphasis added.

So, the DoD can't purchase any untested software, hey? Well great! They can have all the open source stuff they want, no purchase necessary. Obviously the regulation is in place to keep the government from using untested software, but I'll bet it was written with the assumption that you can't legally use software you haven't paid for. Open source distribution schemes don't require payment, which opens up a loophole. I wonder, could that be why open source systems have come to play a "critical role" at the DoD, as the article mentioned?

Re:National Security

[Kanon]

"Ever watch Battleship Potempkin? How come you can't get that on Kazaa?"

Because it doesn't have Kirsten Dunst's nipples showing through a wet shirt silly.

Re:Dumb Windows v. Intelligent Linux Users

[chazzf]

What kind of user do you get out of a Microsoft environment (hint:DUMB) compared to the kind of user you get form a Linux environment (hint:Skilled).

That's exactly the kind of crap that will keep Linux from achieving widespread popularity. Too many *nix people assume that anyone who uses MS (or learned on it) is some clueless troll.

I run Windows 98 SE as my primary operating system. Why? Because I play a lot of games, including a lot of wonderful old DOS games that can barely be made to run on a Windows box, let alone *nix. I use MS Word, IMHO a very good word processing program. Outlook has been burned off my machine, and I have email on a friend's Linux box. I have an old 486 with Linux on it serving as a router/firewall.

I can hear it now: why don't you have a Linux partition with Open Office? I used to. But really, consider the absurdity of it. Why would I run two different operating systems when one, and one alone, meets all my needs? What possible justification, other than Microsoft is evil, is there?

Disclaimer: I am a fan of Open Source/Free Software/Linux/GNU/et al. I admire everything they stand for. I admire their technical superiority to MS. However, they do not meet my needs. Nor do they meet the needs of John Q. Public. Until that time, this sort of thing should be expected. And countered.

Ugh, end rant.

~Chazzf

Real people ridicule MCSEs

[Anarchofascist]

What I was saying is that the MCSE program has way better brand recognition than anything Linux has to offer. Everybody's heard of it and frankly, outside of slashdot, it's rarely something to be ridiculed for.

I've been writing software in PHP for an employment agency for the last year. I have had to work closely with our employment consultants to see how they work, what they think is important to know about candidates, vacancies and companies. None of them read /.

When our IT staff hear about someone with an MCSE their immediate reaction is "Get to the back of the queue with all the others."

MCSE may have incredible brand recognition, but that works against it being useful to employers. Everyone knows about it, it's marketed as the must-have qualification, so a candidate spends the money, spends some time, and as long as they have a certain IQ level, an MCSE comes out of the 'certification' slot on the Microsoft machine. Result - millions of MCSEs.

The first thing employers care about is work experience. They can call your last employer and ask how good you were. In 30 seconds they can make a decision. The second most important facto they consider is your real tertiary qualifications.

Last and least are the one-day courses, the part-time courses, and the MCSEs.

Re:Real people ridicule MCSEs

[bryan1945]

I concur- I work in one of the big 6 consulting firms, and HR often comes to our team (networking, telecomm) to help interview potential hires. You wouldn't believe the attitudes of the people that come in and say "I have an MCSE!" and just glow about it. Of course, nearly zip in real experience. (Best story: older guy comes in to one of our job fairs, just got his MCSE but no experience in computers ever, and when I told him that he didn't fit any of our openings, he asked if we needed a janitor! I really felt bad for that guy, though) Now, people who come in and detail their experience and maybe throw in the MCSE at the end, they are the people that you want.

Programming vs. Cooking

[juliao]

From the article:

The company also complained that the Pentagon is funding research on making free software more secure, which in effect subsidizes Microsoft's open-source competitors, Stenbit said.

This is wrong and ridiculous. Take a real world comparison:

Publishing cooking books and sharing cooking tips effectively enables people to cook their own meals and enjoy meals cooked by friends, undermining the Commercial Restaurant Industry and subsidizing the Restaurant industry's competitors.

Should the cooking book editors pay money to restaurants, for "damages"? Great idea, no?

Re:Programming vs. Cooking

[Peyna]

The great thing about source code is that compiling is hella lot easier than mixing ingredients and baking/frying/whatever. Sometimes you can even get pre-compiled binaries. Let me see a cookbook do that =]

More specifically Linux should move into the Xbox

[gotan]

Imagine buying that nice chunk of Hardware for $199 and being able to actually do something useful with it ... and the best part is, that MS is losing money on every sale. And that project is actually underway.

That only leaves to figure out what to use it for. The thing has an ethernet port, the gameports can probably be used as USB-ports given the right adapters, and there's Video/Audio out ...

Re:This gives new meaning to "software wars"

[netsharc]

Who's Jar Jar Binks in this parallel? Oh right, uncoordinated movement and incomprehensible speech, he's Steve Ballmer!

Re:Security Risk

[morgajel]

you actually make a good point- I woulnd't be suprised if EVERY branch of every government started looking for an alternative to MS right now.

MS basically told the government "hey, you know that stuff we sold ya? it's CRAP! we pocketed the money! We ripped of you AND your country, and most of the world for that matter! but, we don't want to hurt your feelings, so we're gonna focus on fixing it, 'security is our top priority'....not really, we're just gonna 'start from scratch,' with the same old code and sell it to you for twice the price! muahahaha....wait, where are you going? nonono, open source is bad, remember!? Bad USA!....doh!!"

as my dad is fond of saying, "they just stepped on their own dick."

Losing battle....desperation

[leereyno]

When I read about stories like this the impression I get is that Microsoft is desperate and is fighting a war they cannot win.

The best way to respond to Microsoft when they are in this position is to ignore them. By that I mean don't communicate with them. Refuse to take their phone calls, ignore email messages, throw faxes into the circular file, assuming of course that you have the power and authority to do so. This will have the effect of demoralizing the Microsoft employees tasked with preventing you from using non-MS products. This in turn will inhibit their ability to do this to others as well. At the end of the day anything that causes a Microsoftie to do a bad job is a good thing.

Lee

Unamerican?

[dacarr]

The Washington Post article says that M$ is calling open source unamerican.

When did they employ the remains of Joe McCarthy for its marketing department?

You're right - mostly

[DG]

I don't think Microsoft is losing much actual money to Linux and Open Source just yet - but they can see the writing on the wall.

I was at the very first Perl conference a few years ago, when ESR presented CatB for the first (?) time. At that point, I wasn't really into the whole Free Software/Open Source thing; I just really liked Perl and was there to learn more about it.

Sitting there, listening to ESR, it hit me like a bolt of lightning; one of those ultra-rare flashes of "Eureka!" Commercial software, as embodied by Microsoft, was dead in the water. Open Source and the Internet had created - actually, had *evolved* - a new design method that would eventually supplant all commercial software development with mathematical certainty.

It's like when you're playing solitaire, and you get to the point in the game where you've won, and all the other moves are just the playing out of the algorithm.

Mind you, the time involved with the "playing out of the algorithm" as far as software development is concerned will still take years, but unless there is a dramatic change in the conditions under which software is developed and distributed, the Open Source/Free Software juggernaut is mathematically unstoppable.

Microsoft is the woolly mammoth eying the ice sheet creeping steadily southwards.

The people who run Microsoft, while they may be supremely arrogant, are not stupid. It may have taken them a little while to actually _believe_ that they were vulerable, but they seem to understand it now, and they have gotten religion in a big way.

They understand that they cannot possibly compete with Open Source on the merits - they lose on price (free vs $$) they lose on quality (given enough eyeballs, all bugs are shallow) and increasingly, they lose on response time as well (not even Microsoft can hope to employ as many developers as work on Open Source projects)

They can't even fall on the old Microsoft technique of last resort - buy the competitor's company - because Open Source is by definition decentralized. It cannot be killed, it can only be outcompeted.

(That's not to say Open Source as it exists today is perfect - it most definately has flaws. But as the ice sheet grinds southwards, these flaws tend to be (slowly) rectified. The number of niches where Microsoft can "beat" Open Source grows smaller every day.)

They only have themselves to blame for this. Microsoft has been the ultimate predator, culling the herd of lesser methods and companies, and in doing so, has forced the evolution of an even tougher force than itself.

What we're seeing now is a desparate attempt by Microsoft to try and change the conditions that allow the Open Source development method to work so well, because that it their only chance at mounting anything like a successful defence. Too bad that they made so many enemies on the way to the top; they are finding few allies.

I have to admit that it's nice to watch all the panic. Turnabout IS fair play.

DG

Re:Freedom Of Information Act

[HunterWare]

Actually the programs are not the important thing, the data generated by them is. Just because a document is written in Abiword, it is not public domain. Neither is any set of calculations done with Octave automatically GPL'd. Most importantly all data stored on a Samba file server is not therefore Public Domain or GPL.

All of these are perfectly good uses for open source. In Addition, these programs (and an underlying Open Source OS) all also provide the benefit of being easily audited for security (and fixed). All upsides here...

Re:What do you expect?

[eam]

A modern jet plan has fewer parts than windows.

"un-American"

[macdaddy]

Excuse me, but when has it ever been "un-American" to make some bigger, better, faster, and cheaper?