Slashdot Mirror
'Think Tank' Issues Microsoft-Funded Troll
dlur (among many others) writes: "According to this ZDNet article, a Washington think tank known as the Alexis de Tocqueville Institution is soon to release a study stating that Open Source Software allows terrorists an easy time hacking into our systems. It's little suprise that this group takes money from Microsoft."
The Register's story
is good too.
All the whoring reports in the world won't make open source any less secure. This same institute backed destabilizing, unworkable '80s missile defense
and thinks Alexis de Tocqueville would have wanted the
V-22 Osprey deathplane.
Also, see what their coin-operated policy dispenser spat out for
internet privacy
(eat what you're fed) and
antitrust
(advantage of Microsoft monopoly: "manufacturers of computer hardware need to provide only one
driver").
We weren't going to run this, but there were a lot of submissions, so ...
Sendmail /DID/ have a bad record... but it barely rates a mention these days. Time to bring yourself into the current day rather than trying to suck the rotten marrow out of last century's carcass.
After all, we're now pretty well aware that people are not looking through open source code looking for bugs and back doors: yes, flaws get discovered, but it's usually through the "exploit-patch-fix" cycle, rather than pre-emptive security work.
OpenBSD is, of course, not dead and a very notable exception.
Sometimes secrecy is useful in security: ask the NSA; yes, in theory, all of their algorithms would stand if they were placed in the open.
But they still keep them secret because it is one more obstacle for an intruder to have to overcome to compromise a system.
Of course, none of this matters because we're talking about M$, those nice folks asking to keep with Windows source secret because it has security flaws large enough to be considered economic and national security risks.
But, in theory, I think there are times when closes source might be the way to go.
Hexayurt - open source refugee shelter,
However, how can we have more companies like Microsoft when that very article is condoning a monolopy? Yes, I acknowledge that they're probably talking about 'one monopoly in each market'. However, we all know that Microsoft is trying to take over as many markets as possible. How far away is Microsoft-branded Vegemite? :)
Stupid. Totally, absolutely stupid.
that every 'think tank' I hear about has some particular groups best interests in mind. And those groups are usually big corporations. I guess they're the only ones that can afford to fund these think tanks and pay for their expensive reports.
After all, thinking isn't free...
This is left as an exercise for the reader.
Ummm... and since when is IRIX open source?
Don't you think that if your software has a bug and you have its source released to the crowd, people that want to take advantage of this will do it?
,and a good one will, design or apply an already designed patch in hours. You don't have to wait for MS good will to serve your needs. Say that historically Linux has proved itself as a more secure option.
It never crossed my mind that free software doesn't have any bugs at all. It's naive to think none will ever be able to crack your box, even if you run the latest versions and patches.
What I do understand, is that in free software your bugs are discovered and fixed faster than in proprietary, because there are (potentially) more developers and users.
Is it a lie? Hell no. It's manipulation of information? Perhaps. If you are an employe of any entity, be it the governament or a private company, and your boss asks you "With our source there for anyone to have a look, if they find a bug, can you swear that they won't crack us"?
I wouldn't answer yes. I can't answer yes, it's impossible. It's almost impossible to have a bug-free software, since almost all software development efforts always have a reason to add more features, or to make it more compatible with new products.
But, you can give good answers to this questions. Say, for example, that Linux has fewer bugs than Windows. Say that Apache, that runs most of the servers at the whole world, has caused LESS financial damage because of bugs than almost any IIS virus, worm, or whatever.
The manipulation of information comes from this side. When some people can't address the Linux problem logically, they appeal to your emotion. They cite terrorists because that's the great evil of the moment. They touch deep into your fears, and without few 1 + 1 proof.
So, attack with the same power. Say that while it's true that terrorists might have a chance to attack one server because they have found a bug, they won't spread the damages because system administrators can
What will they do, change the past?
Buy a Nintendo DS Lite
Dick Laurent is dead.
He put OpenSSL in bold, idiot.
Open source would have a much better security record if Sendmail were killed off.
No need. The neat thing about open source are the choices. I've used sendmail extensively in the past, but these days I'd use, say, postfix. Sure, sendmail's security record is much better than it was, but I'd prefer the performance benefits of a late-model MTA, as well as the security plusses. The point is, whether we are talking about SMTP, HTTP, IMAP, POP, FTP, or whatever, there are secure servers that work great and I can use whichever one of them I please. That's a far cry from some more proprietary environments I've experienced in the past. I also like not having to wonder what gotchas are hidden in a some privileged binary I'm running.
I think everyone's spam relay record would look better if folks'd turn off the MTA daemon on systems that don't need to accept mail, though...
Uh...since whenis IRIX Windows, which they say is the preferred monoculture? Oh, and OpenSSL is certainly Open Source. Note the emphasis in case you missed it.
7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
There is nothing "leftist" about making a case for the fact that a missile defense system has a low probability of achieving its objectives. There are very strong arguments in favor of that position. There is also the issue that the Bush administration has had a fixation on missile defense. A case can be made that this fixation was partly responsible for a lack of focus on domestic security (see the Hart-Rudman domestic security report that was virtually ignored by the Bush administration.)
Finally, as an ex-Boeing Helicopters employee, ex-chairman of the North Dakota Libertarian Party, and U.S. Air Force veteran, I find your remarks about the author's decency out of line. Look, the ability to critique the government is one of the most important rights and responsibilities we have. And this right is steadly being eroded as we speak. As a Libertarian, you should be speaking out about that.
I want to be alone with the sandwich
Anyone who has a life wouldn't waste their time in a think tank. Anyone worth their salt with the brains and skills will be at a research facility building stuff, not needlessly thinking about what they might like to consider inventing, if they weren't so busy thinking.
The break throughs in the last two centuries WERE NOT made by people in "think tanks". They were created by "men of action" as Count Rugan would say from the Princess Bride. Look at men like benjamin franklin, edison, and the WOZ. Think tanks are for lazy people who would rather leach off society than get their hands dirty.
The only thing the article reveals is how little news is news today from Zdnet.
Well, lets say we believe in them, so the day they publish their study we turn off all computers running any kind of open source software :)
In fairness, there are people out there who end up in charge of systems that don't have the time, inclination, or experience to install patches, upgrades, updates, etc. The people who did the default install and left it at that.
These are the people that are potentially at risk. Sure, Microsoft's code has just as many (if not more) holes in it. But the holes aren't as well known.
In a perfect (or at least mostly-intelligent) world, the Open Source argument wouldn't exist, and we'd all have more time to devote to hangliding.
But then, communism is the "perfect world" - on paper anyway.
--
Don't scream at me, I can't hear you.
That what was all this school was for... to teach us how to solve our own problems. -- janeowit
I mean, come on!
This is like being surprised that the Tolly Group gave a good report to a product.
When you pay for a review or analysis, you get exactly what you want. This is no different than the Mindcraft "study" that was biased.
When a reputable group/publication comes out with an unbiased study that says these same things then you should get upset. Until then, it's all smoke and mirrors, FUD and MUD.
Nothing to see here.
I don't have a solution, but I certainly admire the problem.
No, SDI was one of many things that encouraged the Soviets to spend themselves into oblivion. At this point, it probably *is* possible, and with lunatics like the North Korean dictatorship able to shoot ICBMs (as of a few years ago), just for starters, missile defense is now a VERY good idea. If piss-poor third world nations think building ICBMs is worth the trouble, then we damn well better have a defense against them.
Unless we invade and force a regime change, which I'm not necessarily against. Worked for National Socialist Germany and Imperial Japan, and the bad guys aren't exactly an even match today.
It's not just for ICBMs either. Shorter range ballistic missiles, like the several hundred that China has pointed at Taiwan, could be defended against by ground-based interceptors. (Guess why China is all cranky about our pulling out of the ABM treaty with the Nation That No Longer Exists.)
Read the last sentence over, and over, and over.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
Mutually Assured Destruction was "stable" only as far as retaliatory destruction was really assured. A limited missile defense system makes it impossible for your opponent to be sure that a first strike of theirs will destroy all of your missiles, and so makes MAD more stable, not less.
The Hidden Crack -- (1) The longer a cracker has between when he discovers a security flaw and when he acts on that flaw, the more devistating his attack is likely to be. (2) If his flaw is uncovered by someone else, his attack is, in part, thwarted. (3) The lilkihood of an un-exploited crack being detected, much less repaired, in a M$ product is near zero. They don't act until the problem is very obvious, thus the damage done. (4) The liklihood of an un-exploited crack in an Open Source product being detected and repaired is reasonably high. (5) Thus the liklihood of a significant flaw being discovered by a "terrorist", and lying dormant long enough for him to arrage to exploit it, is much higher for a M$ hidden system than for an Open system.
Disclaimer: I support a diverse set of missle defence systems. They are workable against a dozen lauches rather than several thousand. Defence against several thousand missile implausible in the extreme, and it only takes a few dozen multi-megaton bombs to end the world that I want to live in.
However, there in NO EVIDENCE that the Regan Administrations increase in defence spending, or much less their spending on missile defence systems. Please, take a look at the CIA fact books. The military spending by the Soviet Union DECREASED from the late 70s on.
Further, the time frame for this theory to be operative is between the first Regan budget for 1981 and Gorbachev(sp?) coming to power in 1984. Gorbi ended the cold war, and Gorbi ended the defacto Soviet Empire. The timing doesn't work, and the facts (from the above CIA factbooks) don't support that theory.
BTW, the increase in US military spending began with that submarine captain's Presidentcy (James Carter for those of you weak in US history). Carter started the Seawolf submarine program and the B2 Bomber program and many other wepon systems attributed to the Regan Administration.
I agree that the commentary that the Strategic Defense Initiative was destabilizing is LAME. However, what is being refered to is that in Game Theory if you have a defense against a mutually shared wepon with the power to mutually annihilate both combatants, you are more likely to feel you can use your wepon. A percieved protection by Star Wars Defense Shield, could fool stressed out people to "Go for it". But just think about what the US would be like if we did have 100% effectivity against Soviet missles, and the US successfully detonated a few dozen or hundreds of 10 megaton bombs on the Soviet Union. There was no victory scenario between the US and Soviet Union in a Nuclear exchange.
-- I am not a fanatic, I am a true believer.
What I do not understand is why there aren't any similar groups for the OpenSource / non-Darkside [ advocacy ]
I certainly hope there aren't any self-proclaimed Open Source/Free Software groups that pump out such logically-challenged, clue-free blather. I'd frankly be ashamed to see something on the same order, clue-wise, being used to promote the Open Source/Free Software philosophy.
Notice how the slashdot claim that they take money is encapsulated into quotes? It's a clever trick often used by reporters that are either lazy or want to slant the news.
The scheme goes something like this: find someone stupid enough to be quoted saying something that otherwise might land you in front of a judge. Then, you simply state, "But your honor, I was simply reporting what the dumbass said and he did, in fact, say that."
Of course you get the message across to the readership and can avoid doing any heavy lifting or going on uncomfortable fact-finding missions...
Top notch editors NEVER publish such quotes without getting the facts straight, even the ones that don't create liability situations. Moreover, these editors have a responsibility to follow up because of the chance that there's a juicier story in exactly such details.
Moral: Be wary of these tactics.
Honestly, I think the Linux community is better off without such a "darkside" group. The more effort that is spent on making actual progress, and NOT fighting the war of words that Microsoft so desperately wants to fight, the better off we'll be. Microsoft has been saying bad stuff about Linux for years -- they have endless supplies of cash to wage that war, and can neatly tie up the Linux community's resources that way.
I would say that any and all "intellectual" aid -- legal, political, research / reporting, etc. should be directed towards loosening or removing Microsoft's grip on public education and government markets. Right now, we have two major entities -- Peru and Taiwan -- that have taken the plunge and are attempting to eliminate their reliance on Microsoft products. We have the US government questioning for the first time how to better secure their networks. And in a time of relative national crisis, shouldn't security at all levels be of paramount concern?
MS has proven itself incapable of (or unwilling to?) improving the security of its code, despite its ubiquity. Open source can only get _more_ stable and secure as time passes, and users / white hats continue to help find bugs in the system. So why shouldn't we have people who are willing to evagenlize OpenSource do it, but to discredit MS by selling the idea behind using Linux et al?
But maybe that's just me........
Don't forget the additional security afforded by professionalism.
Care to explain that one to me? Professionalism is an appearance, and has nothing to do with actual security. I would liken professionalism with obscurity, because you can hide something better from people. Just because you made it hard or difficult doesn't mean it is impossible or secure. Look at the XBox hack. I'm sure they were pretty convinced that was secure.
What?
I'll bet that ballistics testing is part of the test program. It is for the F-22. They took an airframe and shot it with everything they could to see how it would react.
The V-22 engines are also cross linked so that if one engine fails, the other will drive both rotors/propellers. Most military hardware is tested and designed to survive in combat. All of the armies helicopters are designed to fly without oil or hydraulic pressure for at least a short distance.
"If it ain't broke don't mess with it."
So why aren't we using horses and sailing ships? It's called technological advancement. I'll bet you didn't post that comment on an Apple IIe.
It was sucessful because they didn't nuke us???
...
...
... and now we live in media induced fear someone will [nuke or germ] us ...
Precicely.
After the climax of WW II, when the world found out a nuke was more than "just a bigger bomb", the game changed.
Up until then it had been progressively bigger wars. Now it was "Let's see if we can avoid a war without surrendering."
So the West came up with the doctrine of "Mutual Assured Destruction" (MAD - i.e. You'd be mad to set off the first nuke. And US presidents had to put on a show of being just crazy enough to use them, or it wouldn't work.) But that's just a stalemate, no "progress" pushing your agenda.
So the East came up with the "Cold War" - with anti-West propaganda and brushfire wars in "domino" countries. (Salami slicing: Pick off the little guys one by one, then the middle-size guys, until the big guy is alone against the world. Cook the Frog: Never create a "Shelling Point" were the chip is knocked off the big guy's shoulder.)
So the West came up with the arms race: "We've got more money so we can outbuid you. You make a missile, we make an anti-missile-missile." (And Rocky and Bullwinkle satarize it with the anti-anti-[pause]-missile-missile-missile.)
And this went on for HALF A CENTURY. Before that it was a major war every generation, with all the "best" weapons in the arsenal in use. Now it was a declining series of "limited wars", with the biggest bombs very carefully NOT used.
Nukes really had made "total war" obsolete. Three war cycles came and went with no World War Three. And it all worked because expensive weapons were built with the intent that they NOT be used, because they'd be too devastating if they were.
There were abortive attempts to limit the proliferation and avoid "destabilizing" situations, in the form of an anti-missile ban and arms reduction treaties. But "stable" meant the Cold War continued to bleed both sides, and one side disarming too fast might mean the War to End All Humanity. Finally Regan abandoned such attempts and went flat-out for better armor, when the USSR couldn't afford to stay even. And the Soviet Union folded.
There was a LOT more to it than that. Like computers and networks for instance. (Restrict communication Soviet style and you slow progress. Have progress in computers and networking and you get communication you can't ban. Try to selectively free your people's communication and you discover that you can't suppress just some. Infrmation wants to be free because PEOPLE want to be free.)
But at the core, preventing nuclear war was done with weapons that worked by NOT being used; weapons that thus created their effects by MAYBE being able to work, so you couldn't risk them actually being used against you.
So, yes, SDI was successfull because they didn't nuke us. The US won the arms race but we ALL won the war.
Get real
Why get real when I can win with virtual weapons? B-)
Nuclear weapons are like smallpox...America is the only country to have ever used them against someone else
I see the public schools have neglected your education when it comes to germ warfare. For starters look at the history of the European dark ages - with diseased animal carcases being catapulted over fortress walls or dropped in wells and rivers during sieges.
Lived that way for over 50 years already - but with the spectre of a massive, simultaneous attack on everything that might be a target (which means essentially everything). One or two suitcase nukes or tactical-shells taking out one city or one dam? ONE plague released in a few spots, using most like non-engineered organisims, rather than a dozen lab-frankenbugs sprayed over a continent simultaneously? Chicken feed. The damage and death is vanishingly small compared to hurricanes and tornadoes, earthquakes, traffic accidents, clogged-arteries, and cancer.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
How come it is so popular as a firewall OS? In fact, every single purpose built firewall machine I've seen is running Linux?
These are the same people who say smoking is good for you.
Er, no. That is not what your quote says.
Criticizing risk assessment methods is not the same as saying "smoking is good for you".
Standard disclaimers: I don't smoke, and I prefer open source software, when I can use it. But I detest mindless arguments.
What? There are institutions in Washington D.C. that put forward only a certain viewpoint? Jesus, why are people surprised at this? And before I hear any swill about them all being tools of conservatives and business, there are liberal leaning think tanks as well (the Brookings Institution, the Center for Science and the Public Interest, etc). There are good institutes and bad on both sides. Some are nothing more than paid hacks, but some of the best minds in the world work for these institutes. For every De Toquville institute, you're going to have a Public Citizen type organization to oppose it.
Life is hard, and the world is cruel