'Think Tank' Issues Microsoft-Funded Troll

dlur (among many others) writes: "According to this ZDNet article, a Washington think tank known as the Alexis de Tocqueville Institution is soon to release a study stating that Open Source Software allows terrorists an easy time hacking into our systems. It's little suprise that this group takes money from Microsoft." The Register's story is good too. All the whoring reports in the world won't make open source any less secure. This same institute backed destabilizing, unworkable '80s missile defense and thinks Alexis de Tocqueville would have wanted the V-22 Osprey deathplane. Also, see what their coin-operated policy dispenser spat out for internet privacy (eat what you're fed) and antitrust (advantage of Microsoft monopoly: "manufacturers of computer hardware need to provide only one driver"). We weren't going to run this, but there were a lot of submissions, so ...

Security through Obscurity isn't all bad...

[vkg]

After all, we're now pretty well aware that people are not looking through open source code looking for bugs and back doors: yes, flaws get discovered, but it's usually through the "exploit-patch-fix" cycle, rather than pre-emptive security work.

OpenBSD is, of course, not dead and a very notable exception.

Sometimes secrecy is useful in security: ask the NSA; yes, in theory, all of their algorithms would stand if they were placed in the open.

But they still keep them secret because it is one more obstacle for an intruder to have to overcome to compromise a system.

Of course, none of this matters because we're talking about M$, those nice folks asking to keep with Windows source secret because it has security flaws large enough to be considered economic and national security risks.

But, in theory, I think there are times when closes source might be the way to go.

One of their documents is self-contradictory.

[Chmarr]

The final sentence of Punishing Winners Hurts the Marketplace reads:

"We would be better off with more companies like Microsoft, not fewer."

However, how can we have more companies like Microsoft when that very article is condoning a monolopy? Yes, I acknowledge that they're probably talking about 'one monopoly in each market'. However, we all know that Microsoft is trying to take over as many markets as possible. How far away is Microsoft-branded Vegemite? :)

Stupid. Totally, absolutely stupid.

Re:Open Source Easier to Hack

[uberjon]

Uhhhh, because the source is open? Or does "open source" mean something else that I don't know about?

It means someone legit is more likely to find the hole and release a patch before some script kiddie gets the 0-day 'spoilt for it. Opensource software has a better track record for admitting security holes, and releasing patchs before a problem arises.

Re:Open Source Easier to Hack

[Oculus+Habent]

In fairness, there are people out there who end up in charge of systems that don't have the time, inclination, or experience to install patches, upgrades, updates, etc. The people who did the default install and left it at that.

These are the people that are potentially at risk. Sure, Microsoft's code has just as many (if not more) holes in it. But the holes aren't as well known.

In a perfect (or at least mostly-intelligent) world, the Open Source argument wouldn't exist, and we'd all have more time to devote to hangliding.

But then, communism is the "perfect world" - on paper anyway.

--
Don't scream at me, I can't hear you.

Why is anyone surprised by this?

[Random+Feature]

I mean, come on!

This is like being surprised that the Tolly Group gave a good report to a product.

When you pay for a review or analysis, you get exactly what you want. This is no different than the Mindcraft "study" that was biased.

When a reputable group/publication comes out with an unbiased study that says these same things then you should get upset. Until then, it's all smoke and mirrors, FUD and MUD.

Nothing to see here.

Re:Off-topic: missile defense

[Brian+Stretch]

No, SDI was one of many things that encouraged the Soviets to spend themselves into oblivion. At this point, it probably *is* possible, and with lunatics like the North Korean dictatorship able to shoot ICBMs (as of a few years ago), just for starters, missile defense is now a VERY good idea. If piss-poor third world nations think building ICBMs is worth the trouble, then we damn well better have a defense against them.

Unless we invade and force a regime change, which I'm not necessarily against. Worked for National Socialist Germany and Imperial Japan, and the bad guys aren't exactly an even match today.

It's not just for ICBMs either. Shorter range ballistic missiles, like the several hundred that China has pointed at Taiwan, could be defended against by ground-based interceptors. (Guess why China is all cranky about our pulling out of the ABM treaty with the Nation That No Longer Exists.)

Re:Off-topic: missile defense

[DNS-and-BIND]

In a remarkable tete-a-tete with a US journalist and former arms control official, Marshal Nikolai Ogarkov, First Deputy Defense Minister and Chief of the General Staff, interpreted the real meaning of SDI: "We cannot equal the quality of U.S. arms for a generation or two. Modern military power is based on technology, and technology is based on computers. In the US, small children play with computers.... Here, we don't even have computers in every office of the Defense Ministry. And for reasons you know well, we cannot make computers widely available in our society. We will never be able to catch up with you in modern arms until we have an economic revolution. And the question is whether we can have an economic revolution without a political revolution."

Read the last sentence over, and over, and over.

And what's "destabilizing" anyway?

[roystgnr]

Mutually Assured Destruction was "stable" only as far as retaliatory destruction was really assured. A limited missile defense system makes it impossible for your opponent to be sure that a first strike of theirs will destroy all of your missiles, and so makes MAD more stable, not less.

Re:Off-topic: missile defense

[LunaticLeo]

Disclaimer: I support a diverse set of missle defence systems. They are workable against a dozen lauches rather than several thousand. Defence against several thousand missile implausible in the extreme, and it only takes a few dozen multi-megaton bombs to end the world that I want to live in.

However, there in NO EVIDENCE that the Regan Administrations increase in defence spending, or much less their spending on missile defence systems. Please, take a look at the CIA fact books. The military spending by the Soviet Union DECREASED from the late 70s on.

Further, the time frame for this theory to be operative is between the first Regan budget for 1981 and Gorbachev(sp?) coming to power in 1984. Gorbi ended the cold war, and Gorbi ended the defacto Soviet Empire. The timing doesn't work, and the facts (from the above CIA factbooks) don't support that theory.

BTW, the increase in US military spending began with that submarine captain's Presidentcy (James Carter for those of you weak in US history). Carter started the Seawolf submarine program and the B2 Bomber program and many other wepon systems attributed to the Regan Administration.

I agree that the commentary that the Strategic Defense Initiative was destabilizing is LAME. However, what is being refered to is that in Game Theory if you have a defense against a mutually shared wepon with the power to mutually annihilate both combatants, you are more likely to feel you can use your wepon. A percieved protection by Star Wars Defense Shield, could fool stressed out people to "Go for it". But just think about what the US would be like if we did have 100% effectivity against Soviet missles, and the US successfully detonated a few dozen or hundreds of 10 megaton bombs on the Soviet Union. There was no victory scenario between the US and Soviet Union in a Nuclear exchange.

Re:Loudest

[mrsam]

What I do not understand is why there aren't any similar groups for the OpenSource / non-Darkside [ advocacy ]

I certainly hope there aren't any self-proclaimed Open Source/Free Software groups that pump out such logically-challenged, clue-free blather. I'd frankly be ashamed to see something on the same order, clue-wise, being used to promote the Open Source/Free Software philosophy.

Re:Loudest

[Ride-My-Rocket]

Honestly, I think the Linux community is better off without such a "darkside" group. The more effort that is spent on making actual progress, and NOT fighting the war of words that Microsoft so desperately wants to fight, the better off we'll be. Microsoft has been saying bad stuff about Linux for years -- they have endless supplies of cash to wage that war, and can neatly tie up the Linux community's resources that way.

I would say that any and all "intellectual" aid -- legal, political, research / reporting, etc. should be directed towards loosening or removing Microsoft's grip on public education and government markets. Right now, we have two major entities -- Peru and Taiwan -- that have taken the plunge and are attempting to eliminate their reliance on Microsoft products. We have the US government questioning for the first time how to better secure their networks. And in a time of relative national crisis, shouldn't security at all levels be of paramount concern?

MS has proven itself incapable of (or unwilling to?) improving the security of its code, despite its ubiquity. Open source can only get _more_ stable and secure as time passes, and users / white hats continue to help find bugs in the system. So why shouldn't we have people who are willing to evagenlize OpenSource do it, but to discredit MS by selling the idea behind using Linux et al?

But maybe that's just me........

Re:With open source, there is no one to bribe..

[Peyna]

Don't forget the additional security afforded by professionalism.

Care to explain that one to me? Professionalism is an appearance, and has nothing to do with actual security. I would liken professionalism with obscurity, because you can hide something better from people. Just because you made it hard or difficult doesn't mean it is impossible or secure. Look at the XBox hack. I'm sure they were pretty convinced that was secure.

Re:SDI worked just fine. B-)

[Ungrounded+Lightning]

It was sucessful because they didn't nuke us???

Precicely.

After the climax of WW II, when the world found out a nuke was more than "just a bigger bomb", the game changed.

Up until then it had been progressively bigger wars. Now it was "Let's see if we can avoid a war without surrendering."

So the West came up with the doctrine of "Mutual Assured Destruction" (MAD - i.e. You'd be mad to set off the first nuke. And US presidents had to put on a show of being just crazy enough to use them, or it wouldn't work.) But that's just a stalemate, no "progress" pushing your agenda.

So the East came up with the "Cold War" - with anti-West propaganda and brushfire wars in "domino" countries. (Salami slicing: Pick off the little guys one by one, then the middle-size guys, until the big guy is alone against the world. Cook the Frog: Never create a "Shelling Point" were the chip is knocked off the big guy's shoulder.)

So the West came up with the arms race: "We've got more money so we can outbuid you. You make a missile, we make an anti-missile-missile." (And Rocky and Bullwinkle satarize it with the anti-anti-[pause]-missile-missile-missile.)

And this went on for HALF A CENTURY. Before that it was a major war every generation, with all the "best" weapons in the arsenal in use. Now it was a declining series of "limited wars", with the biggest bombs very carefully NOT used.

Nukes really had made "total war" obsolete. Three war cycles came and went with no World War Three. And it all worked because expensive weapons were built with the intent that they NOT be used, because they'd be too devastating if they were.

There were abortive attempts to limit the proliferation and avoid "destabilizing" situations, in the form of an anti-missile ban and arms reduction treaties. But "stable" meant the Cold War continued to bleed both sides, and one side disarming too fast might mean the War to End All Humanity. Finally Regan abandoned such attempts and went flat-out for better armor, when the USSR couldn't afford to stay even. And the Soviet Union folded.

There was a LOT more to it than that. Like computers and networks for instance. (Restrict communication Soviet style and you slow progress. Have progress in computers and networking and you get communication you can't ban. Try to selectively free your people's communication and you discover that you can't suppress just some. Infrmation wants to be free because PEOPLE want to be free.)

But at the core, preventing nuclear war was done with weapons that worked by NOT being used; weapons that thus created their effects by MAYBE being able to work, so you couldn't risk them actually being used against you.

So, yes, SDI was successfull because they didn't nuke us. The US won the arms race but we ALL won the war.

Get real ...

Why get real when I can win with virtual weapons? B-)

Nuclear weapons are like smallpox...America is the only country to have ever used them against someone else ...

I see the public schools have neglected your education when it comes to germ warfare. For starters look at the history of the European dark ages - with diseased animal carcases being catapulted over fortress walls or dropped in wells and rivers during sieges.

... and now we live in media induced fear someone will [nuke or germ] us ...

Lived that way for over 50 years already - but with the spectre of a massive, simultaneous attack on everything that might be a target (which means essentially everything). One or two suitcase nukes or tactical-shells taking out one city or one dam? ONE plague released in a few spots, using most like non-engineered organisims, rather than a dozen lab-frankenbugs sprayed over a continent simultaneously? Chicken feed. The damage and death is vanishingly small compared to hurricanes and tornadoes, earthquakes, traffic accidents, clogged-arteries, and cancer.