Slashdot Mirror
'Think Tank' Issues Microsoft-Funded Troll
dlur (among many others) writes: "According to this ZDNet article, a Washington think tank known as the Alexis de Tocqueville Institution is soon to release a study stating that Open Source Software allows terrorists an easy time hacking into our systems. It's little suprise that this group takes money from Microsoft."
The Register's story
is good too.
All the whoring reports in the world won't make open source any less secure. This same institute backed destabilizing, unworkable '80s missile defense
and thinks Alexis de Tocqueville would have wanted the
V-22 Osprey deathplane.
Also, see what their coin-operated policy dispenser spat out for
internet privacy
(eat what you're fed) and
antitrust
(advantage of Microsoft monopoly: "manufacturers of computer hardware need to provide only one
driver").
We weren't going to run this, but there were a lot of submissions, so ...
I am a lone out post of open source in the military agency where I work. My solution, just show them the NSA funded SE Linux information.
Who are the green suiters going to trust? A bunch of paid "think tank" lackeys or the good ole spooks behind the triple fence?
So far NSA's advocacy has been used to let me get away with all kinds of open source implementation.
Of course, NSA has an agenda too I'm sure but that's between the military and NSA.
Subject: "Opening the Open Source Debate"
Date: 31 May 2002 15:45:59 +1200
Some references you might wish to consider before publishing your article "Opening the Open Source Debate"
http://www.businesswire.com/cgi-bin/f_headline.cgi ?bw.053002/221502375
Bruce Schneier, one of the recognized leading expert on computer security on Kerckhoffs' Principle and Secrecy, Security, and Obscurity of software.
http://www.counterpane.com/crypto-gram-0205.html#1
Dr. Blaine Burnham, Director, Georgia Tech Information Security Center (GTISC) and previously with the National Security Agency (NSA), gives an keynote speech overview of current encryption and security technologies and outlines possible strategies for future defense.
http://technetcast.ddj.com/tnc_play_stream.html?st ream_id=411
Also you might wish to address the issue of Microsoft's disproportionately high number of open vulnerabilities in its Internet Explorer components. All of which where discovered without access to the source code.
http://jscript.dk/unpatched/
Richard Purcell, Microsoft's director of corporate privacy, has recently stated that any major improvement in regard to the security of it's products may be at least "5, 10 years, maybe".
http://www.businessweek.com/technology/content/may 2002/tc20020523_6029.htm
As for the issue of Trojan horse injection into open source code, it is far from being an open source only issue.
http://www.eeggs.com/
Or were all the "Easter Eggs" currently found in Microsoft's products officially authorized?
If you are looking for a methodology for providing a suitably secure and hardened solution, start with a real world example.
http://www.openbsd.org/security.html
I welcome any open debate.
"And don't forget Kerckhoff's assumption: If the strength of your new cryptosystem relies on the fact that the attacker does not know the algorithm's inner workings, you're sunk. If you believe that keeping the algorithm's insides secret improves the security of your cryptosystem more than letting the academic community analyze it, you're wrong. And if you think that someone won't disassemble your code and reverse-engineer your algorithm, you're naive. The best algorithms we have are ones that have been made public, have been attacked by the world's best cryptographers for years, and are still unbreakable."
--Bruce Scheier; Applied Cryptography (Second Edition); page 7
This seems to apply perfectly to this latest FUD about open source software.
"A Microsoft spokesman confirmed that Microsoft provides funding to the Alexis de Tocqueville Institution."
-- Don't Tase me, bro!