'Think Tank' Issues Microsoft-Funded Troll

dlur (among many others) writes: "According to this ZDNet article, a Washington think tank known as the Alexis de Tocqueville Institution is soon to release a study stating that Open Source Software allows terrorists an easy time hacking into our systems. It's little suprise that this group takes money from Microsoft." The Register's story is good too. All the whoring reports in the world won't make open source any less secure. This same institute backed destabilizing, unworkable '80s missile defense and thinks Alexis de Tocqueville would have wanted the V-22 Osprey deathplane. Also, see what their coin-operated policy dispenser spat out for internet privacy (eat what you're fed) and antitrust (advantage of Microsoft monopoly: "manufacturers of computer hardware need to provide only one driver"). We weren't going to run this, but there were a lot of submissions, so ...

Open Source Easier to Hack

[Gerrioholic99]

It seems to me that when software is created by "hackers" and made by "hackers" that they would as a team know what to do to make the software as hackerfree as possible. By making a product open source, it is only sensible that it is then open to be studied by hackers and exploited by malicious hackers but at the same time, just as genius "white-hat" hackers can quickly repair these security flaws thus keeping the software secure. So, how then can it be possible to say that Open Source is more hacker prone than proprietary software? Beats me

Re:Open Source Easier to Hack

[yobbo]

Well, open source software is by far the easiest to hack, because the source code is actually available to you to hack with.

If you're talking about open source software being easier to crack, that's a whole different story...

Re:Open Source Easier to Hack

[uberjon]

Uhhhh, because the source is open? Or does "open source" mean something else that I don't know about?

It means someone legit is more likely to find the hole and release a patch before some script kiddie gets the 0-day 'spoilt for it. Opensource software has a better track record for admitting security holes, and releasing patchs before a problem arises.

Re:Open Source Easier to Hack

[Bastian]

Thankfully, a lot of the notorious hacker groups who are known for finding security holes (l0pht and cDc come to mind) are also known for publishing information about those security holes, not with the interest of telling script kiddies and black hat hackers how to get into the system, but for the purpose of calling attention to the holes so they are closed.

I'm not hacking expert, but I have a feeling that finding security holes by reading the source code of software isn't much easier than prodding at it until a hole is found.

With buffer overflows, for example, I'd imagine it's much easier to find the overflows by setting up a computer running whatever software you are trying to exploit and letting a program designed to keep trying to exploit overflows until it finds the overflow. If you can figure out where in memory that buffer is with some sort of debugger, the job is probably even easier.
There's also the good old OpenBSD poster child.

Re:Open Source Easier to Hack

[edrugtrader]

statements like this make me wish there was a +1 DUH! moderation.

Re:Open Source Easier to Hack

[Oculus+Habent]

In fairness, there are people out there who end up in charge of systems that don't have the time, inclination, or experience to install patches, upgrades, updates, etc. The people who did the default install and left it at that.

These are the people that are potentially at risk. Sure, Microsoft's code has just as many (if not more) holes in it. But the holes aren't as well known.

In a perfect (or at least mostly-intelligent) world, the Open Source argument wouldn't exist, and we'd all have more time to devote to hangliding.

But then, communism is the "perfect world" - on paper anyway.

--
Don't scream at me, I can't hear you.

Re:Open Source Easier to Hack

[bullett.net]

The Hidden Crack -- (1) The longer a cracker has between when he discovers a security flaw and when he acts on that flaw, the more devistating his attack is likely to be. (2) If his flaw is uncovered by someone else, his attack is, in part, thwarted. (3) The lilkihood of an un-exploited crack being detected, much less repaired, in a M$ product is near zero. They don't act until the problem is very obvious, thus the damage done. (4) The liklihood of an un-exploited crack in an Open Source product being detected and repaired is reasonably high. (5) Thus the liklihood of a significant flaw being discovered by a "terrorist", and lying dormant long enough for him to arrage to exploit it, is much higher for a M$ hidden system than for an Open system.

Re:Open Source Easier to Hack

[fire-eyes]

In fairness, there are people out there who end up in charge of systems that don't have the time, inclination, or experience to install patches, upgrades, updates, etc. The people who did the default install and left it at that.

These 'admins' are one of the biggest problems out there. It's my strong belief that doing just those things you listed are critical parts of being an admin. If you can't or won't do them (perfect world or not), DON'T ADMIN.

Re:Open Source Easier to Hack

[_Knots]

A while ago somebody ran (several) variable-trackers on the linux kernel source code and revealed many potential issues (Stanford checker. Search lkml for [CHECKER]). This was a very easy (comparatively) way of finding exploits without prodding the binary kernel.

Just a single datapoint to the contrary, I'm sure others have others.

Re:Open Source Easier to Hack

[Afrosheen]

It's hard to administer a network when you spend half the day rebooting. Who has time for patches? By the time you punch the clock at the end of the day you pray that the network will hold up until the next day.

Re:Open Source Easier to Hack

[Tony-A]

The Hidden Crack -- (1) The longer a cracker has between when he discovers a security flaw and when he acts on that flaw, the more devistating his attack is likely to be. (2) If his flaw is uncovered by someone else, his attack is, in part, thwarted. (3) The lilkihood of an un-exploited crack being detected, much less repaired, in a M$ product is near zero. They don't act until the problem is very obvious, thus the damage done. (4) The liklihood of an un-exploited crack in an Open Source product being detected and repaired is reasonably high. (5) Thus the liklihood of a significant flaw being discovered by a "terrorist", and lying dormant long enough for him to arrage to exploit it, is much higher for a M$ hidden system than for an Open system.

Further.
If I discover the tip of a crack in an Open Source product, with minimal personal risk, skill, and effort I can "score points" by helping to close it and its kindred. If I discover the tip of a crack in a Closed Source product, it's too much like opening a can of worms to attempt to do anything "constructive". I doubt that I'm the only one who feels this way.

Re:Open Source Easier to Hack

[Afrosheen]

Just joking/speculating. I imagine (and have heard from some friends) that this is how Microsoft networks are.

Nice to see no politics

[Squareball]

"This same institute backed destabilizing, unworkable '80s missile defense and thinks Alexis de Tocqueville would have wanted the V-22 Osprey deathplane."
Nice to see no politics being spouted here.

Re:Nice to see no politics

[EnderWiggnz]

what, like election results in florida that were not counted as per state law? those kinds of facts?

no comparison. we may be a little dirty, but you're up to yer eyes in your own filth.

Re:Nice to see no politics

[Pii]

As Jaycn points out, it's a great way to disenfranchise a segment of the population.

The rationale for this is that criminals would likely seek to elect those who would soften criminal penalties, or eliminate whole categories of criminal activity from the books.

It's a way to ensure that the best interests of criminals is not reflected during the course of elections. It is, after all, the interests of honest citizens that ought to represented by our leaders.

I suppose it's a noble idea, and frankly, I'd prefer that criminals not have a say in who makes the law, but the implementation, and the unintended consequences (if indeed they are unintended), may outweigh the benefits, particularly since there are so many "victimless crimes" in our society.

I think that if you're going to take away someone's right to self-determination, you ought to be able to show me a victim, and a tangible victim at that; someone that has been defrauded, robbed, raped, or killed.

The right to self-determination is part of America's foundation, one of the assertions that lended legitimacy to our struggle for Independance. Taking it away from people needlessly cheapens the ideal, and diminishes America as an idea.

Re:Nice to see no politics

[Thag]

what, like election results in florida that were not counted as per state law?

I take it you're not referring to the absentee ballots that Gore's team threw out?

Jon Acheson

Re:Nice to see no politics

[ncc74656]

I've wondered about it ever since all the fuss about how to count votes. Can anyone rationalize why convicted criminals shouldn't be allowed to vote (or why they should)?

It's bad enough that welfare recipients are allowed to vote (they'll vote for whoever keeps the goodies rolling in), but allowing convicted felons to vote would be even worse. We're not talking about speeders and jaywalkers here...we're talking about murderers, rapists, molesters, etc. Just as a welfare queen is more likely to vote for someone who'll maintain her in the style to which she has become accustomed, a felon is more likely to vote for some soft-on-crime wuss who probably wouldn't have put him away for 40-to-life to begin with. It's another way of granting the vote to people who have the least interest in the continued proper functioning of our society.

Re:Nice to see no politics

[arkanes]

the founding fathers would spit and die if they saw how many citizens were disenfranchised. Logically, anyone who can't vote (especially in states like Florida, where you are PERMANENTLY disenfranchised, not just while you're in jail) shouldn't have to pay taxes, be called up for national service, etc. No taxation without representation and all that.

Re:Nice to see no politics

[arkanes]

Oddly, I feel the same way about stuck up conservative rich people as you do about welfare queens. Nobody making more than 70k a year should be able to vote. Especially you. They should still have to pay taxes, though. Because god knows someone needs to, so we should make sure that the people who can't vote against are the ones bit in the ass.

(By the way, I'd be money that you're guilty of at least on felony. Most people are.)

Re:Nice to see no politics

[ncc74656]

Nobody making more than 70k a year should be able to vote. Especially you.

FWIW, I make somewhat less than that (not that what I make is any of your business or anyone else's). Thanks for playing, though. When's the last time you got a job from a poor person? (Wait a sec...you probably still live with your parents because you've been unable or unwilling to get or keep a job, so it doesn't make sense to ask you that question. At best, you're mooching off your shack-up girlfriend until she gets the good sense to drop you like a bad habit.)

BTW, we fought a little war a couple hundred years ago over, among other things, taxation without representation. Pray that your vision doesn't become reality, unless you want to see another little war pop up.

By the way, I'd be money that you're guilty of at least on felony. Most people are.

You keep telling yourself that...are you sure you're not engaged in a little projection? Not everybody lives your undoubtedly hedonistic lifestyle.

Re:Nice to see no politics

[ncc74656]

I wonder, if it could be demonstrated that expanding welfare would decrease crime and societal friction (and result in lower taxes because of reduced need for spending on law enforcement), would you allow your pocketbook to vote for expanding welfare?

Considering that all of the available evidence to date points to the opposite conclusion...no.

Hmm..

[FunkSoulBrother]

>i>from the insitute-and-prostitute-share-a-lot-of-letters dept.

They share even more letters if you spell institute correctly.

Re:Hmm..

[ImaLamer]

This whole subject is (Score:5 Crazy)

Now, from the people who brought you Sendmail

[Animats]

Open source would have a much better security record if Sendmail were killed off.

Re:Now, from the people who brought you Sendmail

[inflex]

Sendmail /DID/ have a bad record... but it barely rates a mention these days. Time to bring yourself into the current day rather than trying to suck the rotten marrow out of last century's carcass.

Re:Now, from the people who brought you Sendmail

[bafu]

Open source would have a much better security record if Sendmail were killed off.

No need. The neat thing about open source are the choices. I've used sendmail extensively in the past, but these days I'd use, say, postfix. Sure, sendmail's security record is much better than it was, but I'd prefer the performance benefits of a late-model MTA, as well as the security plusses. The point is, whether we are talking about SMTP, HTTP, IMAP, POP, FTP, or whatever, there are secure servers that work great and I can use whichever one of them I please. That's a far cry from some more proprietary environments I've experienced in the past. I also like not having to wonder what gotchas are hidden in a some privileged binary I'm running.

I think everyone's spam relay record would look better if folks'd turn off the MTA daemon on systems that don't need to accept mail, though...

Re:Now, from the people who brought you Sendmail

[ninewands]

Actually, sendmail is used to ... errrr ... SEND mail. My ISP does not relay, so I HAVE to run my own MTA because I don't connect to one of their IP blocks. I use exim at home rather than sendmail, but I administer about 100 Unix boxen at work that use sendmail for, among other things, remote security logging, availability monitoring (the hostwatcher e-mails my pager when a monitored host goes down), and just GOBS of other admin tasks. E-mail really IS the killer app of the internet.

All that being said, if all you need is a client sendmail mailserver, DO NOT generate your sendmail.cf from the nullclient.mc file distributed with sendmail. It WILL create an open relay. I can't get to the m4 file I created to do the trick right now, but I will be happy to provide it to any sendmail admin who wants it if they e-mail me at cwilkin3-AT-egr-DOT-uh-DOT-edu. The file generates a sendmail.cf equivalent to what nullclient.mc creates, but without the relay enabled.

Re:Now, from the people who brought you Sendmail

[Animats]

Offtopic=1, Troll=1, Insightful=1, Interesting=1, Total=4.

A bit controversial.

What grinds me about Sendmail is that it's still widely used, and it has two decades of buffer overflow related security holes. It's a testimony to the fact that string processing with the old C library is a Bad Idea.

Qmail seems to be the way to go today. Most bigger mail sites do use Qmail. But there are still distros going out the door with Sendmail enabled. That's the problem.

Sometimes you just have to accept that the architecture is no good and dump the thing, instead of trying to fix it.

To take this to the next level, Qmail, which has lots of processes, should be revised to work under NSA Secure Linux, with each process having minimal privileges. If this is done right, even if you corrupt the SMTP or POP modules (the sections that actually open sockets), you can't get any further.

Re:Now, from the people who brought you Sendmail

[bafu]

Actually, sendmail is used to ... errrr ... SEND mail.

Well, you don't have to have it listening on port 25 to send mail from your server. It only needs to listen to the port to receive mail. Of course, that assumes you aren't using something locally that won't queue it up with /usr/lib/sendmail for some reason. In that case you -could- just start it on localhost:25 (IIRC, not all versions of sendmail let you bind to particular IPs, tho)... I'd rather replace the thing that won't use /usr/lib/sendmail, but I'm kind of a lovable curmudgeonly bastard that way... ;-)

I use exim at home rather than sendmail, but I administer about 100 Unix boxen at work that use sendmail for, among other things, remote security logging, availability monitoring [...]

I hear ya. YMMV, but try stopping the daemon on one the machines and send a test notice. Unless there is something really odd about your setup, the outgoing mail will still work. We run ours that way w/o a problem. Of course, you might say , "Hey, all my machines are behind a firewall, so relaying isn't an issue". But one less [fairly big] process is one less process. ;-) It's always good to turn off ports you don't absolutely need.

OSes shipping with an open relay version of sendmail running as default were real pissers a few years back. Fortunately, that's largely been cleaned up.

Re:Now, from the people who brought you Sendmail

[ncc74656]

Sendmail /DID/ have a bad record... but it barely rates a mention these days. Time to bring yourself into the current day rather than trying to suck the rotten marrow out of last century's carcass.

Why bother giving sendmail another crack at making your system rootable when it's such a pain in the ass to set up in the first place? I'd rather install qmail and get on with life.

Re:Now, from the people who brought you Sendmail

[Ioldanach]

Qmail seems to be the way to go today. Most bigger mail sites do use Qmail. But there are still distros going out the door with Sendmail enabled. That's the problem.

Qmail is at the moment, as far as I can tell, the best MTA I can put on port 25. Unfortunately, it doesn't have the functionality I want. I can POP my mail from it but I can't IMAP it without other programs. At the moment, I run Qmail at home to receive mail, and Courier-IMAP (not the whole Courier package, just the Courier-IMAP one, which is stable). Qmail got wonderfully stable, but then the owner locked down the code to keep it that way. Now its not keeping up with the Joneses. Look at its webpage sometime and see all of the various add-ons that are practically a requirement in today's systems. Things like smtp-auth (authenticate to the smtp server before you can send mail not to the local host with it) that are practically a requirement for roaming users these days. (POP-b4-SMTP is less reliable than authenticating the current connection)

Personally, I'm watching the Courier MTA to see when I feel its stable and secure enough to use. It has the functionality I want across the board.

Loudest

[inflex]

What I do not understand is why there aren't any similar groups for the OpenSource / non-Darkside avocations.

If MS can fund groups such as these to spill forth what is obviously [then again, not much is obvious it seems to the 90% of the population] utter trash, surely we [ non-MS ] can do the same.

If this group spills out such toxic waste words as these, why does it gain so much attention in the general public?

Is there any reason why we cannot write an article stating "Microsoft Closed source enables Terrorists to easially render 90% of the information market paralized"... (after all, there is far more 'hard' evidence in the form of email-worms etc than there is behind what has been written in this article).

Re:Loudest

[quantaman]

Okay, you fork up the few million so we can buy our own "think tank" and make our own report:)

Re:Loudest

[ninewands]

What I do not understand is why there aren't any similar groups for the OpenSource / non-Darkside avocations.

You mean like This Article??

Just in case CRN gets slashdotted, an excerpt speaking on the subject of Linux in the federal government:

The software appears to be winning friends among military and intelligence agencies.

A study completed for the Pentagon by the Mitre last week identified 249 U.S. government uses of open-source computer systems and tools, with Linux running on several Air Force computers, along with systems run by the Marine Corps, the Naval Research Laboratory and others.

The report recommended further use of open-source computing systems, on the grounds that they were less vulnerable to cyberattacks and far cheaper.

'Nuff said. I think I would believe a federally-funded study by Mitre Corp. (a scientific research organization that, among other things, hosts the CVE database) before I would buy into a study by a think tank 1) that lacks Mitre's technical muscle and, 2) has a history of whoring for inter alia Microsoft, the tobacco industry, and various egregious polluters. Remember Mindcraft?

Re:Loudest

[br0ck]

Luckily Microsoft has their own internal group to generate bad press... the development group. Check out the article about the new IE gopher exploit. It was found by Oy, and they have more info.

Re:Loudest

[mrsam]

What I do not understand is why there aren't any similar groups for the OpenSource / non-Darkside [ advocacy ]

I certainly hope there aren't any self-proclaimed Open Source/Free Software groups that pump out such logically-challenged, clue-free blather. I'd frankly be ashamed to see something on the same order, clue-wise, being used to promote the Open Source/Free Software philosophy.

Re:Loudest

[Ride-My-Rocket]

Honestly, I think the Linux community is better off without such a "darkside" group. The more effort that is spent on making actual progress, and NOT fighting the war of words that Microsoft so desperately wants to fight, the better off we'll be. Microsoft has been saying bad stuff about Linux for years -- they have endless supplies of cash to wage that war, and can neatly tie up the Linux community's resources that way.

I would say that any and all "intellectual" aid -- legal, political, research / reporting, etc. should be directed towards loosening or removing Microsoft's grip on public education and government markets. Right now, we have two major entities -- Peru and Taiwan -- that have taken the plunge and are attempting to eliminate their reliance on Microsoft products. We have the US government questioning for the first time how to better secure their networks. And in a time of relative national crisis, shouldn't security at all levels be of paramount concern?

MS has proven itself incapable of (or unwilling to?) improving the security of its code, despite its ubiquity. Open source can only get _more_ stable and secure as time passes, and users / white hats continue to help find bugs in the system. So why shouldn't we have people who are willing to evagenlize OpenSource do it, but to discredit MS by selling the idea behind using Linux et al?

But maybe that's just me........

Re:Loudest

[MaxVlast]

You put up the first million, I promise the second.

Re:Loudest

[charvolant]

I certainly hope there aren't any self-proclaimed Open Source/Free Software groups that pump out such logically- challenged, clue-free blather.

Umm. Slashdot, anyone?

Re:Loudest

[sheldon]

If MS can fund groups such as these to spill forth what is obviously [then again, not much is obvious it seems to the 90% of the population] utter trash, surely we [ non-MS ] can do the same.

Already done.

In fact there are a great many other sources and books published making questionable unverified claims with regards to Open Source that one could easily classify as utter trash.

And they're running...

[coats]

Rapidsite/Apa/1.3.20 (Unix), FrontPage/4.0.4.3, mod_ssl/2.8.4, and OpenSSL/0.9.6 on an IRIX machine, according to NetCraft's "What's that site running?" at http://uptime.netcraft.com/up/graph

They're not running their touted monoculture on their own web servers!

Re:And they're running...

[SirSlud]

Surely if Linux proponants are called hypocrites for running Windows for gaming, etc, then we must be allowed to call them hypocrites for using open source software when their report clearly supports closed source?

Re:And they're running...

[Leto2]

Too bad you're not allowed to hack them, because that would only confirm their opinion...

Here's the solution....

[i_want_you_to_throw_]

I am a lone out post of open source in the military agency where I work. My solution, just show them the NSA funded SE Linux information.

Who are the green suiters going to trust? A bunch of paid "think tank" lackeys or the good ole spooks behind the triple fence?

So far NSA's advocacy has been used to let me get away with all kinds of open source implementation.

Of course, NSA has an agenda too I'm sure but that's between the military and NSA.

Re:Here's the solution....

So far NSA's advocacy has been used to let me get away with all kinds of open source implementation.

And don't imagine that the folks in Redmond don't realize that. They've had their lawyers trying to pressure the DoD to stop the project (the usu arguments we've seen them use w/other gov'ts... it shows favoritism, etc.).

Re:Here's the solution....

[Hard_Code]

"So far NSA's advocacy has been used to let me get away with all kinds of open source implementation."

Perfect comrade! Next, send me the list of usernames and passw^W^W^W I mean, send me some completely arbitrary pornographic images for no apparent reason. Also, good idea to post here...nobody will ever discover our s3kr3t plan, nobody takes these Slashdotters seriously! (also, we have successfully planted agent code-name "Tom Ridge" high in the executive branch) Muahahaha!

Off-topic: missile defense

[foobar104]

This same institute backed destabilizing, unworkable '80s missile defense....

You are aware, are you not, that the Reagan administration's emphasis on missile defense technology forced the Soviets to spend billions on research into their own missile defense systems? And that that level of unsustainable spending contributed directly to the collapse of the Soviet economy, and the eventual dissolution of the USSR as a political entity?

Just spreading around a little knowledge.

Re:Off-topic: missile defense

[VValdo]

I see, so you're saying the value of the destabilizing, unworkable '80s missile defense is that it's a great bluff that got Russia to try to build the same thing...hence Russia collapsed and we didn't.

Hmm. This leads to two questions and a note-- (1) why are we still pushing to build it, and (2) if it was a bluff, why did we actually spend any money on it at all, and (3) you're basically saying that a wasteful, bloated, expensive defense system that won't do anything was loaded with features, not bugs.

Next time, we should propose launching food into space, that'll really screw up them commies.
W

Re:Off-topic: missile defense

[Dyolf+Knip]

To be sure, that's a fine strategy if you can survive more stupidity than they can. Which, lucky for us, turned out to have been the case.

Re:Off-topic: missile defense

[Brian+Stretch]

No, SDI was one of many things that encouraged the Soviets to spend themselves into oblivion. At this point, it probably *is* possible, and with lunatics like the North Korean dictatorship able to shoot ICBMs (as of a few years ago), just for starters, missile defense is now a VERY good idea. If piss-poor third world nations think building ICBMs is worth the trouble, then we damn well better have a defense against them.

Unless we invade and force a regime change, which I'm not necessarily against. Worked for National Socialist Germany and Imperial Japan, and the bad guys aren't exactly an even match today.

It's not just for ICBMs either. Shorter range ballistic missiles, like the several hundred that China has pointed at Taiwan, could be defended against by ground-based interceptors. (Guess why China is all cranky about our pulling out of the ABM treaty with the Nation That No Longer Exists.)

Re:Off-topic: missile defense

[DNS-and-BIND]

In a remarkable tete-a-tete with a US journalist and former arms control official, Marshal Nikolai Ogarkov, First Deputy Defense Minister and Chief of the General Staff, interpreted the real meaning of SDI: "We cannot equal the quality of U.S. arms for a generation or two. Modern military power is based on technology, and technology is based on computers. In the US, small children play with computers.... Here, we don't even have computers in every office of the Defense Ministry. And for reasons you know well, we cannot make computers widely available in our society. We will never be able to catch up with you in modern arms until we have an economic revolution. And the question is whether we can have an economic revolution without a political revolution."

Read the last sentence over, and over, and over.

Re:Off-topic: missile defense

[Zeinfeld]

You are aware, are you not, that the Reagan administration's emphasis on missile defense technology forced the Soviets to spend billions on research into their own missile defense systems? And that that level of unsustainable spending contributed directly to the collapse of the Soviet economy, and the eventual dissolution of the USSR as a political entity?

A theory that was only advanced as a strategy after the fact. There is no reason to believe that we were being lied to in the 1980s when we were told that NATO believed that it could only hold off a USSR invasion of Western Europe for 4 days before being forced to resort to nuclear weapons. The generals who I discussed the strategy with in the 1980s believed that they were acting to defend against a real threat, not to break an already beaten enemy.

The theory is in any case bunk if you happen to look at Soviet economic history. To first order the Soviet economy never really recovered from the second world war. The economy was already stagnant when Breshniev took over. By the time start wars was proposed Gorbachev was already redirecting resources from the military economy to the civilian economy. The USSR never responded to star wars, therefore the theory that proposing star wars brought down the USSR is false.

As for anyone having disolving the USSR as a political objective, I don't think that was ever a US policy objective of any kind (with the exception of the Baltic states). Better to have all those missiles under control rather than have a Balkan situation with nuclear weapons.

Re:Off-topic: missile defense

[LunaticLeo]

Disclaimer: I support a diverse set of missle defence systems. They are workable against a dozen lauches rather than several thousand. Defence against several thousand missile implausible in the extreme, and it only takes a few dozen multi-megaton bombs to end the world that I want to live in.

However, there in NO EVIDENCE that the Regan Administrations increase in defence spending, or much less their spending on missile defence systems. Please, take a look at the CIA fact books. The military spending by the Soviet Union DECREASED from the late 70s on.

Further, the time frame for this theory to be operative is between the first Regan budget for 1981 and Gorbachev(sp?) coming to power in 1984. Gorbi ended the cold war, and Gorbi ended the defacto Soviet Empire. The timing doesn't work, and the facts (from the above CIA factbooks) don't support that theory.

BTW, the increase in US military spending began with that submarine captain's Presidentcy (James Carter for those of you weak in US history). Carter started the Seawolf submarine program and the B2 Bomber program and many other wepon systems attributed to the Regan Administration.

I agree that the commentary that the Strategic Defense Initiative was destabilizing is LAME. However, what is being refered to is that in Game Theory if you have a defense against a mutually shared wepon with the power to mutually annihilate both combatants, you are more likely to feel you can use your wepon. A percieved protection by Star Wars Defense Shield, could fool stressed out people to "Go for it". But just think about what the US would be like if we did have 100% effectivity against Soviet missles, and the US successfully detonated a few dozen or hundreds of 10 megaton bombs on the Soviet Union. There was no victory scenario between the US and Soviet Union in a Nuclear exchange.

Re:Off-topic: missile defense

[loopkin]

this is all what Perestroïka and Glasnost attempt were about: opening the system just enough to break from the "frozen age", instituted by Brezhnev and continued by Andropov and Tchernenko.

In fact, Khroutchev knew what would happen to USSR since the 60's, it was written in the rock. When he tried to develop agriculture and housing to provide food and housing to every sovietic, and failed (they had to buy wheat to the US...), they knew their system will die, because it wasn't economically efficient, and not only in the computer area. I've been there, and can tell u that not only communist "computers" are funny (ever seen the inside of a Russian spaceship a soyuz or whatever ?), but, moreover, their housing is a nightmare, falling apart and so.

Brezhnev and Company attempts were just to keep the dictature up for a bit more time, so that they keep their power a bit more time.
Gorbatshev was young, he knew it couldn't last for decades, so he HAD to change the system. (btw, China DID change it in the same way, using "Market Communism")

From the 70's on to the 80's, the main occupation of sovietic people was to look for food, and clothes and so, NOT to work. Imagine their lives, going every morning to their work for a few hours, with their bag "in case" they find something to buy - anything, clothes, food, shoes, whatever.

In all that disaster, all the stuff about Reagan's "Star Wars" is simply a joke. Karol Wotjyla and Lech Walesa did more for the end of the Soviet Empire than Ronald Reagan.

Re:Off-topic: missile defense

[Zeinfeld]

I believe Zienfeld is right. The USSR never invested any money in star wars or anti-star wars research and development other than to investigate aluminium starburst deploying decoys and false warhead decoys which would coonfuse the star wars software. Aside from a few successful tests they did not spend much to counter a non-existant threat.

We can calibrate the cost of that research sincthe UK faced a similar issue in the 70s when the USSR deployed an ABM system around Moscow. The system was not sufficient to stop an attack by the US since they only had 50 missiles by treaty. However it was sufficient to block the UK nuclear force (perhaps).

The Moscow criterion was a major issue in UK defense circles, the thepry being that you had to have the capability of decapitating the USSR command and control located in Moscow. So to respond to the ABM system Britain upgraded its nukes with Chavalene waheads which deploy mylar ballon decoys. None of the Pentagon tests to date show any evidence that the US has a system that would work against Chevalene. The decoy 'tests' done so far have all been rigged, the missile has been programmed to hit a specific target (the middle one, the one that is heated to a few thousand degrees above the decoys..).

The star wars theory is just FUD devised after the fact to try to claim that the US defeated the USSR rather than the Polish trade unionists, East German students, Chzech protestors etc. with the aid of Gorbachev, Yeltsin and the unintended effects of a botched coup led by the old guard.

Re:Off-topic: missile defense

[dbrutus]

Of course Reagan bleeding the Soviet Army dry in Afghanistan didn't have anything to do with them not having the resources or the aggressiveness to reinvade Poland. Reagan's reversal of the Brezhnev doctrine and pulling off specific instances of rollback didn't provide the groundwork for more reformist elements to fight against the hardliners. And Ronald Reagan wasn't hip deep in Poland funding and teaching Solidarity along with the Catholic Church.

Oh, Reagan's secret treaty with the Saudi's to bleed the Soviets dry of money by keeping oil prices low also had nothing to do with the USSR's collapse. Ronald Reagan is recognized by all the old Comecon block people as a major force in their fall. Why the revisionism?

Re:Off-topic: missile defense

[dbrutus]

Not to mention that stepping out of the ABM treaty means that they don't have to keep Aegis systems crippled so you can float a short range ABM system in anytime you want to. I'm guessing the Taiwanese *really* want Aegis at this point.

Re:Off-topic: missile defense

[dbrutus]

Like the class act he is, the Pope doesn't claim a thing. All the people he helped escape from the evil of communism seem to give him lots of props though. Ditto with Reagan who is very well liked by those he helped free.

Re:Off-topic: missile defense

[dbrutus]

Funny, they've been caught deploying ABM radars in violation of treaty and they sure are selling ABM systems like the SS-300. It must be that magical communist economics that means that these systems and others like them didn't cost anything to research, produce, and deploy.

Re:Off-topic: missile defense

[dbrutus]

Any tests of a developmental system start with very unrealistic tests and then as success demonstrates that component units work, the tests become more and more realistic. The idea that because an intermediate unit test of a large, complex system isn't completely realistic is a sign that the development program should be stopped is virtually pathological in its bias.

Re:Off-topic: missile defense

[dbrutus]

The world price of crude collapsed because all of a sudden the Saudi's were pumping like there was no tomorrow. Absolutely, purely coincidental like, the US started selling advanced air defense systems to the Saudis like AWACS planes.

On a serious note, it's pretty much an open secret that we hiked our security guarantees of the Saudis in exchange for them dropping the price of crude to the point where it bankrupted the USSR. This has relevance today because Russia is about to return the favor.

Re:Off-topic: missile defense

[loopkin]

the (off-)topic was Reagan's "Star Wars", not Reagan's action in a braoder way.

Afghanistan is another story, since the first mistake was made by USSR by sending Red Army there, and Reagan exploited it the same way USSR (and China) exploited VietNam war, but recent history proved that it was playing with fire in some aspects. It was however a good idea, because it forced USSR to face the eventuality that their dictature could have an end, since they were unable to maintain the Empire with the use of the Red Army. This paved the way for reformist to gain voice, of course, but, that changes nothing, the system was doomed to fail since the 60's, as it in the facts became a pure dictature, with no or very few link to communism, and an economy that was about to die because of that situation.

Then about keeping oil prices law.. let me laugh.. the two "shocks", in the 70's, made the petroleum prices fly high, and secret treaties didn't change that a lot. Moreover, i'm not very sure of that, but i think a great part of Russian petroleum was used inside the Soviet Empire, they exported only a bit, mostly to buy food.. but, to that aspect, it was already a failure of the system, since the 60's, as i noticed. And depriving the people from food only push them closer to their leaders, as Saddam's recent history proved again.
As a contrary, don't underestimate the role of the Pope. His clear position in Poland was extremely important. You don't need only money to fight, faith helps a lot, especially in such desperate situations, because it pushed the people away from their leaders, a thing that all the money funding Solidarnosc couldn't do.

Re:Slashdot==idiots

[DNS-and-BIND]

In a remarkable tete-a-tete with a US journalist and former arms control official, Marshal Nikolai Ogarkov, First Deputy Defense Minister and Chief of the General Staff, interpreted the real meaning of SDI: "We cannot equal the quality of U.S. arms for a generation or two. Modern military power is based on technology, and technology is based on computers. In the US, small children play with computers.... Here, we don't even have computers in every office of the Defense Ministry. And for reasons you know well, we cannot make computers widely available in our society. We will never be able to catch up with you in modern arms until we have an economic revolution. And the question is whether we can have an economic revolution without a political revolution."

Read that last sentence again - it's a thousand-pound gorilla.

Still no reply to the email I sent Ken

[NZheretic]

To: kenbrown@adti.net

Subject: "Opening the Open Source Debate"

Date: 31 May 2002 15:45:59 +1200

Some references you might wish to consider before publishing your article "Opening the Open Source Debate"

http://www.businesswire.com/cgi-bin/f_headline.cgi ?bw.053002/221502375

Bruce Schneier, one of the recognized leading expert on computer security on Kerckhoffs' Principle and Secrecy, Security, and Obscurity of software.

http://www.counterpane.com/crypto-gram-0205.html#1

Dr. Blaine Burnham, Director, Georgia Tech Information Security Center (GTISC) and previously with the National Security Agency (NSA), gives an keynote speech overview of current encryption and security technologies and outlines possible strategies for future defense.

http://technetcast.ddj.com/tnc_play_stream.html?st ream_id=411

Also you might wish to address the issue of Microsoft's disproportionately high number of open vulnerabilities in its Internet Explorer components. All of which where discovered without access to the source code.

http://jscript.dk/unpatched/

Richard Purcell, Microsoft's director of corporate privacy, has recently stated that any major improvement in regard to the security of it's products may be at least "5, 10 years, maybe".

http://www.businessweek.com/technology/content/may 2002/tc20020523_6029.htm

As for the issue of Trojan horse injection into open source code, it is far from being an open source only issue.

http://www.eeggs.com/

Or were all the "Easter Eggs" currently found in Microsoft's products officially authorized?

If you are looking for a methodology for providing a suitably secure and hardened solution, start with a real world example.

http://www.openbsd.org/security.html

I welcome any open debate.

Re:Still no reply to the email I sent Ken

[Jason+Earl]

Eventually Microsoft is going to learn that paying idiots to release studies that of this type isn't in their best interests. Microsoft had a much better case in the Mindcraft studies, and they still were handed their heads. A group proposing the closed source software is inherently more secure than open source software is going to get crucified. Computer pundits absolutely salivate over this sort of thing. Everyone and their dog is going to A) point out that Microsoft funds this group, and B) knock their arguments clear out of the park.

Today, however, we all get to laugh.

Security through Obscurity isn't all bad...

[vkg]

After all, we're now pretty well aware that people are not looking through open source code looking for bugs and back doors: yes, flaws get discovered, but it's usually through the "exploit-patch-fix" cycle, rather than pre-emptive security work.

OpenBSD is, of course, not dead and a very notable exception.

Sometimes secrecy is useful in security: ask the NSA; yes, in theory, all of their algorithms would stand if they were placed in the open.

But they still keep them secret because it is one more obstacle for an intruder to have to overcome to compromise a system.

Of course, none of this matters because we're talking about M$, those nice folks asking to keep with Windows source secret because it has security flaws large enough to be considered economic and national security risks.

But, in theory, I think there are times when closes source might be the way to go.

Re:Security through Obscurity isn't all bad...

[Moox]

Sometimes secrecy is useful in security: ask the NSA...

none of this matters because we're talking about M$, those nice folks asking to keep with Windows source secret because it has security flaws large enough to be considered economic and national security risks

Excuse me, but this comparison is completely wrong. The NSA is an organisation that is controlled (or at least should be) by the democratic government of the USA (e.g. you, if you live over there). If they deceide not to disclose some "algorythms" to the public, it is (or again, should be) in your interest and, they know what they don't disclose and why (that is, they know the "source code" of their algorythms).

A company (e.g. Microsoft) doesn't share any interests with you (probably) or me (for sure) or may yet have interests that are contrary to the user's interests. They deceide not to disclose their source to the people who pay for the software and tell them it would be for their security, but obviously the user can't know that, because she don't knows what is not disclosed and why.

Also, it is apparent that Microsoft is not really interested in the security of their customers because they create software that has flaws which are just too obvious to accidently oversee them.

Re:Security through Obscurity isn't all bad...

[tupps]

The NSA does disclose there systems. If I remember correctly the NSA had a helping hand in many of the publicly available crypto routines.

They also released Secure Linux

Also the NSA is also about *breaking* systems, which they thankfully don't release the source to.

Re:Security through Obscurity isn't all bad...

[ninewands]

But they still keep them secret because it is one more obstacle for an intruder to have to overcome to compromise a system.

Actually, the most advanced crypto algorithms the NSA has are kept secret because the NSA, itself, can't break them in any feasible timeframe, so they don't want the "bad guys" using them.

Re:Security through Obscurity isn't all bad...

[bluGill]

There is the If I tell how I know I'd have to kill you, but I have evidence that the NSA approves publicly avaiable encryption for some secure tasks.

Things like when a salemen tells you that he can't tell you who he is selling to, but the customer is in a Virginia town that starts with a L. And that you know.

BTW, there is also evidence that this encryption is used on links physically seperate from the internet, and they have intrustion detection on th wires (as best they can do). Goverment tends to be really paranoid about things that they belive would let a small country take over.

One of their documents is self-contradictory.

[Chmarr]

The final sentence of Punishing Winners Hurts the Marketplace reads:

"We would be better off with more companies like Microsoft, not fewer."

However, how can we have more companies like Microsoft when that very article is condoning a monolopy? Yes, I acknowledge that they're probably talking about 'one monopoly in each market'. However, we all know that Microsoft is trying to take over as many markets as possible. How far away is Microsoft-branded Vegemite? :)

Stupid. Totally, absolutely stupid.

Re:One of their documents is self-contradictory.

[Bastian]

where the HELL can they say this? Especially if we're talking about viruses and hackers, diversity should be fairly obviously more secure than monopoly.

Finding a way to exploit one OS lets you into every computer if there is only one OS.

Re:One of their documents is self-contradictory.

[quintessent]

Hehe. I once saw a picture in a computer magazine taken in Columbia, if I remember right. It was a manhole cover inscribed with the manufacturer's name: "Intel."

Re:One of their documents is self-contradictory.

[Rogerborg]

• "We would be better off with more companies like Microsoft, not fewer."

For "companies like" substitute "dollars from" and I think we get a more accurate statement of their position.

In fact, Open Source is SO insecure...

[dimator]

... that we run it on our OWN damn servers:

$ httptype www.adti.net
Rapidsite/Apa/1.3.20 (Unix) FrontPage/4.0.4.3 mod_ssl/2.8.4 OpenSSL/0.9.6


Who wants to place bets as to when Microsoft learns of this, and promptly switches their systems?

Re:In fact, Open Source is SO insecure...

[MavEtJu]

First the slashdot effect, then the `upgrade' to IIS. Life is going to be good for them :-)

Re:In fact, Open Source is SO insecure...

[tweakt]

.. that we run it on our OWN damn servers:

$ httptype www.adti.net
Rapidsite/Apa/1.3.20 (Unix) FrontPage/4.0.4.3 mod_ssl/2.8.4 OpenSSL/0.9.6

Who wants to place bets as to when Microsoft learns of this, and promptly switches their systems?

Two problems with your assesment:

1. (Unix == Open Source) is not true from every known value of Unix
2. www.atdi.net != Microsoft Corp. Its the Alex de-something-or-other Institute

Re:In fact, Open Source is SO insecure...

[tweakt]

For Example:

Rapidsite/Apa/1.3.20 could be some bastardized version of Apache which is closed source...

Though mod-ssl is open source.
As well as OpenSSL... (duh)..

Re:In fact, Open Source is SO insecure...

[Per+Wigren]

Please explain that bash forkbomb! I can't parse it...

Re:In fact, Open Source is SO insecure...

[frankie]

Rapidsite/Apa/1.3.20 could be some bastardized version of Apache

There's no "could be" about it. Remember folks, Google makes all computing simple.

Guilty As Charged?

[EXTomar]

The purpose of Open Source projects is to offer technology in an open and cheaper manner than traditional vendors. If what ADTI is implying that because of Open Source anyone, including terrorists, can use computers for free then I guess it is true.

What would be the contrary to this? Would the ADTI really have us believe that hacking with paid closed software is better than open? If Open Source projects can't expect or know the ultimate intent of the users of the software then why would any closed vendor would? It sounds like ADTI does! I guess they are brilliant. ;-)

Don't forget BIND!

[cscx]

And MySQL.
And OpenSSH.
And Tomcat.
And wu-ftpd.
And PHP.
And squid.
And mod_ssl.
...

You know, if we reduced it to just the kernel running on an isolated box locked in a secured meat locker, and you throw away the key.

But, qmail is better =)

Re: de Tocqueville has been institutionalized

[unitron]

As I said in an e-mail to Thomas Greene of The Register after reading his article on this earlier this evening.

"How cruelly ironic, that the man who celebrated the spirit of volunteerism
he found in communities all across the new nation he chronicled has his good
name usurped and sullied by the likes of these."

As for the Osprey, the most recent one to crash came down not too far (which is to say not far enough) from my backyard, so I checked out what they had to say about that, but to be fair, they wrote it 5 years ago, before anybody but the manufacturers had a chance to really test its airworthiness.

Man I am so sick of the FUD.

[Neck_of_the_Woods]

Hacker making software knowing more to stop hackers is such bullshit. Most hackers that use the term like that can't code their way out of a wet paper bag. Saying hackers would make better code is fine, but get a clue that when you use the term "Hacker" no matter how you mean it the mainstream media will always see it as "EVIL" period. No one but the people that profess that hacking is a cleaver way to solve a problem think that it means a way to solve a problem. So what is that 5% if your lucky? Hell they even get pissed when someone else says it if they are not "hackers".

For the love of Pete, everyone else hears hackers making software know how to protect you from the hackers, err sorry crackers, er wackers, black hat, grey hat, white hat, red hat, tinky winky hat...ahh hell you know the "bad hackers" are going to do it also and make us pay. BAh...Your going to code a back door I know it. To push the point they will point to the C compiler...eww but the was to prove a point right?!

Slashdot and the legions of ethical hackers need to learn that the word hacker will forever be seen in the eyes of 90% of the world as bad. Plus no one is going to believe that a bunch of people coding for free is going to not do something devious to make money, despite what you may really do. Those same 90% of the world that see hacking as a bad word also believe people don't work for free. I guess that guy that just loves to dig ditches because it is fun is shit out of luck, because really he is not scoping out anything to steal.

-4 anti-karma whore, I will enjoy the mod-down as you just can't help but to hate the truth.

seems to me...

[csguy314]

that every 'think tank' I hear about has some particular groups best interests in mind. And those groups are usually big corporations. I guess they're the only ones that can afford to fund these think tanks and pay for their expensive reports.
After all, thinking isn't free...

Why is it a lie?

[inerte]

Don't you think that if your software has a bug and you have its source released to the crowd, people that want to take advantage of this will do it?

It never crossed my mind that free software doesn't have any bugs at all. It's naive to think none will ever be able to crack your box, even if you run the latest versions and patches.

What I do understand, is that in free software your bugs are discovered and fixed faster than in proprietary, because there are (potentially) more developers and users.

Is it a lie? Hell no. It's manipulation of information? Perhaps. If you are an employe of any entity, be it the governament or a private company, and your boss asks you "With our source there for anyone to have a look, if they find a bug, can you swear that they won't crack us"?

I wouldn't answer yes. I can't answer yes, it's impossible. It's almost impossible to have a bug-free software, since almost all software development efforts always have a reason to add more features, or to make it more compatible with new products.

But, you can give good answers to this questions. Say, for example, that Linux has fewer bugs than Windows. Say that Apache, that runs most of the servers at the whole world, has caused LESS financial damage because of bugs than almost any IIS virus, worm, or whatever.

The manipulation of information comes from this side. When some people can't address the Linux problem logically, they appeal to your emotion. They cite terrorists because that's the great evil of the moment. They touch deep into your fears, and without few 1 + 1 proof.

So, attack with the same power. Say that while it's true that terrorists might have a chance to attack one server because they have found a bug, they won't spread the damages because system administrators can ,and a good one will, design or apply an already designed patch in hours. You don't have to wait for MS good will to serve your needs. Say that historically Linux has proved itself as a more secure option.

What will they do, change the past?

Re:In regards to the V-22

[bubbha]

I agree. I worked at the same plant during the late 80's and early 90's. One crash was due to the fact that a plug was not idiot proof and was plugged in upside down causing the controls to respond opposite to what they should. Another was caused by a test pilot pushing the aircraft beyond its limits.

A real problem was that some administrations wanted the project and others did not. This caused Boeing and Bell to have to produce a production version before it was really ready. Our pay "Tricky-Dick" Cheney was responsible for that.

I think if the government had decided to build the plane and accepted reasonable schedules, a lot of this misfortune could have been avoided.

If you had ever seen one operating up close, you'd probably be impressed. It's a friggin cool airplane!

You should have gone with your initial impression

[squarooticus]

[Apologies for this being slightly off-topic, but chrissy asked for it.]

You should have gone with your initial impression. Not running this, I mean. Could you please try to stuff more leftist tripe in your next article summary?

"destabilizing, unworkable '80s missile defense"? I'm sure most people didn't think anything like that laptop sitting on your desk was possible back in the early 1900's. The technology for reasonable missile defense may be in its infancy now, but that doesn't mean it always will be.

For those who argue missile defense is just another unnecessary aggressive move on the USA's part, I'd say that defensive weapons are the least threatening because they are the ones least likely to get us involved in foreign entanglements: it's hard to send a stationary anti-ballistic missile launcher into a land war in Asia.

And for those who argue it is unnecessary because terrorists will just ship a bomb over on a cargo freighter, I'd ask you if you keep your windows unlocked over vacation just because a thief is most likely to try the front door first. If we start covering our bases now, we won't be caught with our pants down when every rogue nation in the world has a long-range ballistic missile and a wacko with his finger on the button.

As for "deathplane"...I'm not even sure I should touch that one. I'll just say that deathplanes like it are the very reason east coasters aren't speaking German and west coasters Japanese. As a libertarian, I believe it's your right to avoid compulsory service in the military, but you should at least have the decency to respect those who fought and died for your freedom.

Drivers

[nakhla]

Well, they're right-on about the drivers. It's great knowing that 99% of the time I can plug in my hardware and it will work with no problem on Win2K. I wish I could say the same for Linux, Solaris, etc.

Re:Drivers

[Russ+Steffen]

And my experience is completly contrary. I have here a fairly basic PC. After installing Win2k it still requires 8 separate driver downloads (and 8 reboots) before it's fully functional. Even the motherboard chipset requires an updated driver to be stable. On the other had, after installing Red Hat 7.3, everything works - no downloads needed.

Re:Drivers

[shepd]

That's strange, I was about to say the same thing about Win2k!

With Win2k (and XP) you have to throw out much of your older, less supported hardware because if there isn't drivers in the O/S, and the company is out of business, your hardware is best used as a cheese grater.

Of course, running Linux, I've found all my older hardware supported -- right down to my 1993 MAD 16 Opti soundcard. Can you say the same about windows 2000?

When I want to set up a scanner in RedHat Linux, I simply run the sane daemon. Does windows 2000 come with all supported scanner software out of the box? What about digital cameras? RedHat works with them out of the box too.

I had to install special drivers to get my Lava Dual Serial port card working in Win2k that messed up the onboard serial ports. In Linux the card worked right away, and the "drivers" didn't mess up my other serial ports at all.

And, on another note, does windows 2000 support the latest graphics cards out of the box? I know when I plugged my Radeon card into my Linux box I had both 2D and 3D support working without downloading anyhting at all.

To finish off, how about printers? I can quickly and easily install most all printers on my Linux box without downloading any special drivers. Can you say the same about the latest WinPrinter for your Windows 2000 system?

I'd say not.

Re:Drivers

[nakhla]

Actually, I did this very thing last week! I took the drive out of a Gateway dual Pentium II Xeon box and slapped it into a Dell single Pentium III box, with completely different graphics cards, sound card, etc. It worked just fine! It took about 10 minutes for all of the drivers to finish installing, but other than that it worked like a charm.

Re:Drivers

[Pituritus+Ani]

If you mean 99% of the time you can plug in your PeeCee or consumer market, Wal-Mart hardware and have it work with no problem on Win2K, I'd agree with you. How many platforms, other than x86/Itanium, does Windows 2000 currently support? Linux has 68xxx, ARM, PPC, MIPS . . .

This "Tank" needs flushing

Who cares what a "Think Tank" says?

Why does this organization get any press anyway? What exactly is a think tank, and what credentials does it have? I mean, is this anything more than an organization dedicated to producing biased press releases?

The organization's mission statement is completely devoid of meaning.

"Since 1988, the Alexis de tocqueville Instition has studied the spread and perfection of democracy around the world. In this, we follow the principles of Tocqueville himself... At the root, perhaps, is a populist belief in the basic goodness, perfectability, and nobility of mankind and of the human community...Operationally, adTI strives to emulate what one scholar has termed Tocqueville's 'omnicurious style of journalism."

Say what? I mean, read the whole mission statement. It says absolutely nothing using a lot of jackoff big words. I don't get what any of it has to do w/de Tocqueville, a french author who reported on US culture a hundred fifty years ago.

The fact that MS is funding this-- WHO ARE THESE GUYS?! I mean, why would anyone even CARE or bother reporting their opinion?

Sometimes I think these organizations exist soley to have their representatives on talk shows and to have a semblance of a structure from which to spew their opinion.

SPAM THEM!!!

[inerte]

Yes, like geeks, we must use the tools we have.

From: 8axxx0r l33t
Subject: DESTROY PROPRIETARY SOFTWARE
Message:

First Post!

Heya! Did you know Bill Gates' ASCII code number is 666? That he is the root of all evil?

That there's an alternative to monopoly? And it's FREE (note: as in freedom AND as in beer).

ACT NOW and access Slashdot's webpage, news for normal people, stuff that matter. NO pop-ups, neither pop-unders, ROTFLMAO... Insightful and funny bewolfed comments from all over the world!

Thanks for your time,

l33t.

PS: This is not spam. I hate spams.

Re:SPAM THEM!!!

[foobar104]

And me without any mod points. +1, Funny. ;-)

Re:SPAM THEM!!!

[TC+(WC)]

:Heya! Did you know Bill Gates' ASCII code number is 666? That he is the root of all evil?

No, no, no... the root of all evil is 25.8069758011278803151884206051491

Get it? Square Root...

I thought it was funny :(

They think MSCE university degree:

[ftobin]

This is gold. Frickin' gold. Quoting the Register:

This could explain why a group purportedly devoted to the 'perfection of democracy' would, with a straight face, recommend the MCSE as a qualification for adult participation in a democratic economy superior to a university degree.

"Effective participation in the American political economy has always been substantially dependent upon an education that goes beyond basic verbal and mathematical skills," the author of this 'study' intones.

Nevertheless the author cheerfully reports that "87 per cent of Human Resource managers surveyed believed that MCSE's are equally or more successful than college graduates."

Oh, we have the highest opinion of HR PHB's

SIGFPE's Think Tank Now Open for Orders

[SIGFPE]

Just tell me what you want to believe and I'll write you a report demonstrating it. Want proof that Windows is the best OS? Pay me $1E6 and I'll write the report. Want to prove that PGP offers the best security? Just $5E5 for that one. Yes sir! Just send me your questions and pay me 6 dollar sums of money and I'll demonstrate it for you.

And that's not all! For an extra 25% I'll make a press release to a selection of the top 25 newspapers worldwide and for an extra 50% I'll submit the story to Slashdot.

Get your reports here! Get your reports here!

Re:SIGFPE's Think Tank Now Open for Orders

[Jeremi]

Just tell me what you want to believe and I'll write you a report demonstrating it. Want proof that Windows is the best OS? Pay me $1E6 and I'll write the report.

It seems we are witnessing the first complete implementation of the Electric Monk

Bruce Shneier said it best:

[evilpaul13]

"And don't forget Kerckhoff's assumption: If the strength of your new cryptosystem relies on the fact that the attacker does not know the algorithm's inner workings, you're sunk. If you believe that keeping the algorithm's insides secret improves the security of your cryptosystem more than letting the academic community analyze it, you're wrong. And if you think that someone won't disassemble your code and reverse-engineer your algorithm, you're naive. The best algorithms we have are ones that have been made public, have been attacked by the world's best cryptographers for years, and are still unbreakable."
--Bruce Scheier; Applied Cryptography (Second Edition); page 7

This seems to apply perfectly to this latest FUD about open source software.

secret source code?

[bigsexyjoe]

I don't know if this true but I read in a recent ask slashdot that microsoft will show its source code to anyone who can afford it. The source code could easily get stolen and could eventually wind up in terrorist hands. So it would be no better than open source.

Where's the Evidence?

[waldoj]

I'm sorry to be a party-pooper, but where's the evidence that they take money from Microsoft? The ZDNet article says nothing about that, and the talkback comments (at least the few dozen that I read) provide no evidence along those lines, either. The Register says that Richard Smith says that they take money from Microsoft, though they present no evidence along those lines. Smith's a cool guy and all, and he's got a good track record, but I'm going to need a little more than a second-hand non-credited reference to believe this.

I did a little poking around and a little Googling, but was unable to come up with any evidence on my own.

So, please, could somebody enlighten me?

-Waldo Jaquith

Re:Where's the Evidence?

[Col.+Klink+(retired)]

They claim that MCSE's are more useful than a college degree. If they AREN'T taking money from MicroSoft, then they're dumber than I thought.

Re:Where's the Evidence?

[interiot]

Check out their job application form. Applicants are asked to rate from 0 to 10 how interested they are in doing a list tasks. A few of them are:

• Make fund raising calls
• Put together a list of organizations interested in an issue
• Find organizations and individuals that might support a particular AdTI program

So they're a research-for-hire house, and they're going to send out a press-release that says Open Source is insecure. Now put yourself in a new-hire's shoes... Name a company that has deep pockets and might be interested in funding anti-OSS "research"...

Re:Where's the Evidence?

[donutello]

When you can't attack the logic, attack the person making the conclusion.

That, in a nutshell is the definition of FUD and FUD is what the article in the Register is.

Re:Where's the Evidence?

[dylan_-]

Top notch editors NEVER publish such quotes without getting the facts straight

I've heard this mentioned a few times, often accompanied by the phrase "journalistic integrity" and I have to wonder if Newpapers in the US are completely different to anything I've ever seen.

I've always thought journalists were the folks who made up quotes if they thought they could get away with it, asked you "would you agree with ?" and unless your answer was a straight "NO!" it ended up as a quote from you, rewrote stories 5 different ways with different slants to appeal to whatever newpaper they were selling it to (freelance), etc, etc.

I guess you guys have a wonderful press compared to the UK...

Re:Where's the Evidence?

[edremy]

They claim that MCSE's are more useful than a college degree

Umm, in a lot of cases they are. We've got MCSEs here that make a lot more than the college-degreed folks in other departments.

Hell, they make more than the PhD adjunct professors.

Now, you can claim that college degree usefulness is not measured in dollars, but what other measureable metric do you propose?

Re:Where's the Evidence?

[Rogerborg]

Good point, but isn't the picture on their contact page one of the installation splash screens from WinME? Just throw in a silver haired grandmother surfing the web with her smiling golden haired grandchild, and you're there.

Seriously though, that's a very good point. We cry wolf so often that we're beginning to see conspiracy theories everywhere. Or perhaps that's just the chemicals the government puts in the drinking water making me say that.

Re:Where's the Evidence?

[edremy]

The criteria asked for was "Usefulness". My wife has a dual degree in Religion and Linguistics. She's semi-fluent in Old English and can discuss the differences between various Buddhist philosophies easily.

Useful? Not in the job market. She could triple her earning potential overnight by getting an MCSE, or getting a contractors license for that matter. Those are certainly more *useful* than being able to read Beowulf in the original.

As a side note, virtually no CS grads can do calculus or even begin to understand it. Few majors in any field, even technical ones, can. (I'm speaking as one who has taught junior-senior level PChem courses at Virginia Tech.) Sure, they can do a textbook problem if you give them long enough, but they do not even begin to understand *why* Calc is important or how to apply it to problems that aren't straight out of a book.

Re:Where's the Evidence?

[sharkey]

We've got MCSEs here that...make more than the PhD adjunct professors.

Well, who would you want to pay more money to, someone who can beat Minesweeper on the Advanced level in under a minute, or someone who sits around trying to prove that no matter what time it is, 24 hours a day, you can find a Michael Caine or Gene Hackman movie playing on TV?

Re:Where's the Evidence?

[M-G]

Top notch editors...

Well, there's your problem...
Look at the rest of what chrisd put in the article: references to the same people supporting a missle defense system and the V-22 Osprey, which he refers to as "unworkable" and a "deathplane" respectively.

Open source helps terrorists?

[The+FooMiester]

Google search for al qaeda and microsoft

Google search for al qaeda and linux

Those search results speak for themselves on who helps terrorists.

You should not lable this "leftist" tripe

[bubbha]

There is nothing "leftist" about making a case for the fact that a missile defense system has a low probability of achieving its objectives. There are very strong arguments in favor of that position. There is also the issue that the Bush administration has had a fixation on missile defense. A case can be made that this fixation was partly responsible for a lack of focus on domestic security (see the Hart-Rudman domestic security report that was virtually ignored by the Bush administration.)

Finally, as an ex-Boeing Helicopters employee, ex-chairman of the North Dakota Libertarian Party, and U.S. Air Force veteran, I find your remarks about the author's decency out of line. Look, the ability to critique the government is one of the most important rights and responsibilities we have. And this right is steadly being eroded as we speak. As a Libertarian, you should be speaking out about that.

They Also Backed the Tobacco Companies

[elfdump]

This group also claimed, during Congressional probes into tobacco company fraud, that cigarettes and tobacco products were not harmful to your health. From this memo by a director of the World Health Organization:

"In addition to creating front groups and contributing funds to groups that have a mission broad enough to carry some of the tobacco industry's goals, the tobacco companies also use publications by allegedly independent think tanks, such as the Virginia-based Alexis De Tocqueville Institution. This group's 1994 report "Science, Economics, and Environmental Policy: A Critical Examination" criticizes the US Environmental Protection Agency's risk assessment methods in 4 areas: environmental tobacco smoke, radon, pesticides, and hazardous cleanup. It dismisses in its first chapter the agency's risk assessment of environmental tobacco smoke, using arguments similar to the tobacco industry's "junk science" arguments described by Ong and Glantz. "

It seems Microsoft is making some strange bedfellows.

Sources:
http://www.smokefreeforhealth.org/studies/YachBial ous.htm

ZDNet Post

Re:They Also Backed the Tobacco Companies

[Malcontent]

Well now they have written a report on the security of open source software. I welcome their input In fact I wish more organizations would chime in with their opinions about open source and security. For example the American Association of Massage Therapists probably knows just much about open source and security as a republican think tank. What do they think? Let's not forget the union of organic yam growers and the actors guild too. They know just as much about computer security as republican thinktanks.

Best defense against creaping facism

[f00zbll]

Think critically for yourself. Don't trust think tanks, because "they must be smart" to work at a think tank. The only thing you're gauranteed to get from a think tank is too much thinking and clouded talk about obvious things. Think about what kind of person works at a think tank and why they are there.

Anyone who has a life wouldn't waste their time in a think tank. Anyone worth their salt with the brains and skills will be at a research facility building stuff, not needlessly thinking about what they might like to consider inventing, if they weren't so busy thinking.

The break throughs in the last two centuries WERE NOT made by people in "think tanks". They were created by "men of action" as Count Rugan would say from the Princess Bride. Look at men like benjamin franklin, edison, and the WOZ. Think tanks are for lazy people who would rather leach off society than get their hands dirty.

The only thing the article reveals is how little news is news today from Zdnet.

ADT Institution very pro republican

[VS1]

that thinkthank is very pro-republican. very, very pro republican. Read more into the site, you'll see it, all the pro defense and pro bush comments. Or maybe i have selective sight(Not being sarcastic, i may actually only see what i want to)

My Rant on this topic...

[tweakt]

"The white paper, Opening the Open Source Debate, from the Alexis de
Tocqueville Institution (ADTI) will suggest that open source opens the
gates to hackers and terrorists."

My $0.02:

... First of all, there ARE NO GATES! All software contains bugs,
sometimes exploitable. .. closed source is NOT a "Gate" that blocks
hacking... yes, exactly: nimda, codeRed, klez, iloveyou, and just about
every other "virus" reported in the last two years... blah blah blah...
...shitty analogy...

See: Publications and Accomplishments
http://www.adti.net/pubsaccomps.h tml

They don't exactly seem to be experts in any field of computers,
networks, or security that I can tell. They did some reports for more
traditional defense related topics several years ago, but thats it. They
are however, very good at reporting on controversial issues, mainly
politcal in nature. Hmmm..

Here's a question. Of the total number of security problems reported
regarding closed vs. open source products, what percentage were
pre-emptive fixes reported by whitehats, v.s. those exploited and thus
forced to be officially reported?

My point is... a bug is a bug, but it's a hell of a lot better if it's
patched before it's ever exploited. So it's totally wrong to look purely
at # of reported security problems in product XYZ. I would expect an
open source product to have a significantly higher # of reported
problems. That's a good thing IMO, since that means there's less of them
lurking.

The bottom line: Everything has bugs. More eyes, less bugs. More secure.
Simple. Now would someone try and explain that to these anti-open-source
nitwits?

Oh, and may I point out: (already reported)
http://www.washingtonpost.com/wp-dyn/ar ticles/A600 50-2002May22.html
http://www.nsa.gov/selinux/

It seems like our .gov likes it just fine ;-)

-Mark Renouf

Re:You should have gone with your initial impressi

[Archie+Steel]

For those who argue missile defense is just another unnecessary aggressive move on the USA's part, I'd say that defensive weapons are the least threatening because they are the ones least likely to get us involved in foreign entanglements:

Okay, then develop your missile-shield technology and give it to every single damn country in the world - hey, it's defensive technology, isn't it? Then that wouldn't represent a security risk, but just make everyone safer, right?

The problem with missile defense is that it upsets the balance of power. Which means that, to compete, nuclear powers have to build more missiles, in the hope of reaching equilibrium again (hoping that a few might get through). Why is nuclear equilibrium important? Because mutually assured destruction is the best deterrent against the use of nuclear weapons. Who cares, if the U.S. has a missile shield, you say? Well, even if that missile shield was effective (which it is not guaranteed to be, despite the gigantic cost), there is this little thing called "the rest of the world"...

So, do you agree that the U.S. should share it's defensive, non-threatening missile defense technology with the rest of the world, then?

Re:You should have gone with your initial impressi

[squarooticus]

Absolutely! I agree! We should license it to other countries!

Kinda takes the wind out of your sails, doesn't it?

Funded by who?

[zangdesign]

Hey, can anyone provide any proof besides some guy's say-so that AdTI takes money from Microsoft?

I'm looking for hard evidence here, not just "it stands to reason", and "of course they do - they support Microsoft".

So Open Source is insecure....

[gmuslera]

Well, lets say we believe in them, so the day they publish their study we turn off all computers running any kind of open source software :)

Re:MCSE good for democracy?

[Dyolf+Knip]

I don't see why a Minesweeper Consultant Solitare Expert is needed for a good democracy

Gives you something to do while your elected representative is filibustering on C-SPAN.

Re:You should have gone with your initial impressi

[BrookHarty]

That license is GNU/MissleGuidance

Re:You should have gone with your initial impressi

[Arandir]

I think it would be awesome if every nation on earth had ABMs! I would definitely feel much safer.

On the other hand, I have to keep installing bigger locks on my door, because the thieves keep building bigger picks. Definitely an upset of power there.

Open Source Security

[hackus]

Complete Bonk.

Open Source is more secure as the problems are fixed faster than closed source, proprietary systems.

All software, closed and open have vulnerabilities.

However, you can't PROACTIVELY peer review and fix closed proprietary software continuously, unlike open source software.

Since you cannot proactively secure closed software, who in God's name would believe such a completely ludicrous report?

God help us ALL if anyone takes those sorts of arguments and so called "studies" seriously.

-Hack

Deathplane

[dmaxwell]

It isn't being called a deathplane because it's been used to drop napalm on villagers or something. It's notorious for killing test pilots. A couple of years ago it seemed like there was a story every month or two about an Osprey crash. Some background can be had here:

http://www.verticraft.com/v22_crashes.htm

doesn't fixing the holes count?!

[_randy_64]

Suppose they're right, and OpenSource is easier to hack. Doesn't fixing the bugs count? Would you rather wait for MS to admit the bug, fix the bug, release the fix, etc. or let all the open source crowd fix it in an hour?

(i submitted this story monday morning, and it was rejected....oh well ;-)

Why is anyone surprised by this?

[Random+Feature]

I mean, come on!

This is like being surprised that the Tolly Group gave a good report to a product.

When you pay for a review or analysis, you get exactly what you want. This is no different than the Mindcraft "study" that was biased.

When a reputable group/publication comes out with an unbiased study that says these same things then you should get upset. Until then, it's all smoke and mirrors, FUD and MUD.

Nothing to see here.

Re:Why is anyone surprised by this?

[M-G]

True, it is a total waste of resources to the rest of us, but MS has what, $30 billion in cash on had? What many minutes worth of interest on this did the study cost them?

Some inconveniant questions

[Veteran]

Suppose we ask ZDnet some inconvenient questions, and see how much they start squirming:

• Who is ZDnet's source on the story?
  
• Did the think tank leak the results of their own study?
  
• Did the information for this story come from Microsoft - who already knew the results before they were published because they bought and paid for them?
• What exactly qualifies the people at the think tank to have an opinion on computer security?
  
• Does the think tank have a history of expertise in the field of computer security?
  
• Are any of the people involved in the report even computer programmers?
  

This story just might wind up biting Microsoft in the ass; if the rest of the sharks in the press start smelling blood in the water.

An odd choice for Microsoft

[infonography]

"What is the most important for democracy is not that great fortunes should not exist, but that great fortunes should not remain in the same hands."

- Alexis de Tocqueville

Re:You should have gone with your initial impressi

[Brian+Stretch]

The problem with missile defense is that it upsets the balance of power.

You want to bring Balance to the Force?

Re:You should have gone with your initial impressi

[Jeremi]

And for those who argue it is unnecessary because terrorists will just ship a bomb over on a cargo freighter, I'd ask you if you keep your windows unlocked over vacation just because a thief is most likely to try the front door first.

If it was going to cost me three hundred billion dollars to lock my windows, I would do just that. Especially if I realized that any idiot would be able to trivially defeat the locked-windows 'system' directly as well (i.e. throw a rock, or a few dozen decoy missiles).

Re:You should have gone with your initial impressi

[Archie+Steel]

Not at all. I would actually support missile defense if it was a global effort to make sure that no one can use ICBMs.

Oh, and if it actually worked, instead of being just another corporate welfare check for the military industry.

Blatant research for hire

[interiot]

On their job application form, applicants are asked to rate from 0 to 10 how interested they are in doing a list of 16 jobs. Among them are:

• Make fund raising calls
• Put together a list of organizations interested in an issue
• Organize a mailing
• Find organizations and individuals that might support a particular AdTI program
• Do a fund-raising letter

SDI worked just fine. B-)

[Ungrounded+Lightning]

The missle shield was certanly destablizing, it never helped us in any treaty with another super power, not even as a negotiating gambit. [etc.]

Seems to me it worked perfectly.

The Soviet Union collapsed, ending half a century of Cold War. The surviving USSR government officials said the major factor was SDI. Not a single nuclear bomb exploded on or above the soil of the US, its possessions, or its allies (including all the signatories to the non-proliferation treaty). And it was so powerful we didn't even have to actually DEPLOY it!

Lets see your smart bomb or a START-XVI treaty beat THAT!

And what's "destabilizing" anyway?

[roystgnr]

Mutually Assured Destruction was "stable" only as far as retaliatory destruction was really assured. A limited missile defense system makes it impossible for your opponent to be sure that a first strike of theirs will destroy all of your missiles, and so makes MAD more stable, not less.

Re:You should have gone with your initial impressi

[chrisd]

Well, the deathplane comment was about the V-22 killing marines in it. I don't have an issue with maintaining a standing army. I do have one with force the V22 on the marines who themselves don't want the fatally flawed plane.

As far as wheether SDI was destabilizing, reagan administration membrs were pretty clear that was the point of the things, as was teh sr-71 soviet overflights, etc, so I don't see what your problem is. Also, if you think that SDI was or is workable, you don't understand what icbm missiles are. Or mirv warheads. If one warhead in a hundred get through from the kind of attack SDI and ABM are designed for, we're toast.

What's interesting to me is that you assume I'm a leftist when it comes to military matters, as I'm clearly not.

chrisd

Light'em if ya got'em

[ozric2k1]

These are the same people who say smoking is good for you.

"In addition to creating front groups and contributing funds to groups that have a mission broad enough to carry some of the tobacco industry's goals, THE TOBACCO COMPANIES ALSO USE PUBLICATIONS BY ALLEGEDLY INDEPENDENT THINK TANKS, SUCH AS THE VIRGINIA-BASED ALEXIS DE TOCQUEVILLE INSTITUTION. This group's 1994 report "Science, Economics, and Environmental Policy: A Critical Examination"35 criticizes the US Environmental Protection Agency's risk assessment methods in 4 areas: environmental tobacco smoke, radon, pesticides, and hazardous cleanup. It dismisses in its first chapter the agency's risk assessment of environmental tobacco smoke, using arguments similar to the tobacco industry's "junk science" arguments described by Ong and Glantz. "

The three biggest lies redux,
smoking is good for you, windoze is secure, the check is in the mail

Comment removed

[account_deleted]

Comment removed based on user account deletion

Here's my take

[Henry+V+.009]

This is more than just script kiddies. Open source is good against script kiddies. That may simply be its low radar profile more than anything, but it could be the open source community finding bugs as well.

But when people are interested in more than general vandalism, it becomes a different story. If I need to hack something that is open source, I check out the source, and look for buffer overruns and what not. It's hard for the very popular stuff, but for most programs, a bug is easy to find. And even for the more popular stuff, there are always holes to be found if you expend enough effort looking.

For very popular closed source programs, the first thing to try is the online community. Someone somewhere has something. For companies like Microsoft with poor security reputations, and lots of people trying to hack them, there is actually a lot.

But if you have to figure out a bug yourself, it's time for buffer overflow testing, reverse engineering with a hex editor, and what not.

So which is harder?

I'd say hacking into popular open source programs is the hardest. However, hacking into unpopular open source programs is the easiest. There is a range of security considerations, and it is always possible for evil people to find your vulnerabilities if they have enough resources.

Re:Here's my take

[Henry+V+.009]

Oh yeah. Now the real place to do it is in the compiler. You can use a compiler to put a hole in every single program. It could be an actual backdoor, but it could also be done as a buffer overflow or something even more esoteric.

Now, with gcc, you'd have to be very, very, tricky. But it could be done. Look at all the bugs that they introduced with the 3.0 series.

And for something compiled on a closed source compiler. Well, you never know what that thing could be doing.

And if you aren't interested in being that tricky, yeah, simply submit a bug "fix" that doesn't do exactly what you say it does. They might catch you, but if you are tricky, they might not.

hotmail

[ChrisGuest]

i seem to recall the 9/11 dudes communicating with hotmail accounts on windows machines.

wasn't this a tragedy that closed source could have prevented?

With open source, there is no one to bribe..

[ssweens]

This is one key point I haven't seen brought up yet. In open-source projects, the weaknesses and strengths are well-known and allows for well educated implementation decisions - less risk. With closed-source operations, the weaknesses of the software are known by less people which makes those weaknesses a bit stronger because of the "security by obscurity", but there lies the greatest weakness - the additional security is dependent on people. The people that implement it, develop it, maintain it. The people that are 1) not employed by government (likely a greater security risk) 2) building the software for money (possibly more willing to accept a bribe). Depending on the knowledge known by the person bribed, the exploit could extremely deadly and unpredictable the consequences - more risk.

Re:With open source, there is no one to bribe..

[Peyna]

Don't forget the additional security afforded by professionalism.

Care to explain that one to me? Professionalism is an appearance, and has nothing to do with actual security. I would liken professionalism with obscurity, because you can hide something better from people. Just because you made it hard or difficult doesn't mean it is impossible or secure. Look at the XBox hack. I'm sure they were pretty convinced that was secure.

Re:With open source, there is no one to bribe..

[ninewands]

Professionalism is an appearance ...

I must respectfully disagree. Professionalism is an ATTITUDE, not an appearance.

I would liken professionalism with obscurity, because you can hide something better from people.

I consider myself a professional, but I NEVER wear a tie (jacket, maybe), and I go to work 2-3 days (sometimes 4) without shaving. My boss is cool with it so ... no problems. I have little to hide because I spend the time to research a problem and fix the CAUSE, not the symptoms, of the problem.

You want a definition for "professional"? A professional does what he/she does FOR MONEY, and treats their job responsibilities accordingly. I do NOT do what I do because I enjoy it (although I REALLY do enjoy my work) ... I do it because I am good at it and because I get paid enough to live reasonably comfoprtably for doing it.

Since the last sentence means I receive a fairly significant check on the first of each month, I protect my job by making sure my employer receives their money's worth.

THAT is professionalism.

Six Degrees of Kevin Bacon

[Fastball]

How far away is Microsoft-branded Vegemite?

Well let's see. Bill Gates started Microsoft with Paul Allen who owns the Portland Trail Blazers. Rasheed Wallace is a power forward for the Trail Blazers. Wallace played basketball at the University of North Carolina where Michael Jordan won a national championship his junior year before taking on the NBA himself. Jordan starred in Space Jam with Bill Murray who had an uncredited cameo in "She's Having a Baby" starring...Kevin Bacon.

Re:Six Degrees of Kevin Bacon

[MrResistor]

OK, but what's degree of seperation between Vegemite and Kevin Bacon?

Makes me sick

[Sean+Clifford]

This just makes me sick. I've read Alexis de Toqueville's Democracy in America several times, it's one of my favorite books. He considered unchecked capitalism a serious threat to participatory democracy. How vile for an organization to sully his name with drivel like this report.

Microsoft Windows : the choice of terrorists!

[bani]

The operating system of choice for terrorists worldwide appears to be Microsoft Windows .

All the captured computers from the taliban and terrorist cells are using Microsoft Windows

So using the same "logic" as the e Alexis de Tocqueville Institution, Microsoft Windows is directly responsible for the events of 9/11.

Re:Editorial comment

[chrisd]

Well, I'd agree is slashdot was analogous to the front section of the paper instead of the opinion section.

The reason I said that we weren't going to run this story was a sort of explanation as to why you are seeing a week old story. The demand in the submission queue was there early, but we did think it was a blatant troll. In the end we decided to run it because the /. readership wanted it so badly.

I don't think it is censorship to not post every link submitted to us. We do get 400+ a day, and before you bring up an ope nsubmission queue, pleae note that has been addressed.

chrisd

Typo...

[chrisd]

I meant the first sentence to read: Well, I'd agree if slashdot was analogous to the front section of the paper instead of the opinion section.

Re:"Not going to post this..."

[chrisd]

Well, we thought it was a pretty hard core troll, for one. Also, I can't d/l the actual report yet, which was my initial reason for not linking to it. Also, I'm just speaking for me, the other authors may have deleted it for other reasons.

I personally don't like posting microsoft stories much, and this one kind of qualified as that too. I mean, that's part of what slashdot is about, so I do post them, but I don't like to post the exchange bug of the week, or the outrageous steve ballmer comment of the month, whatever.

So maybe that clears things up.

chrisd

Alexis de Tocqueville Institution ?

[jabber]

Looks more like the Tomás de Torquemada Institution, if you ask me.

Things that make you go "d'oh"

[coyote-san]

Hey Homer, the NSA doesn't release its own crypto because it believes in security through obscurity.

It doesn't release them because the other guys could use the same crypto. And this violates the NSA charter because either 1) they know how to crack the code, but others could figure that out also and thus they've failed to protect US interests, or 2) they don't know how to crack the code, so they've aided others to work against US interests.

Either way, they'll going to catch a lot of heat if they provide information, much less if they remain silent (modulo their responsibilities). That's a no-brainer.

Re:Things that make you go "d'oh"

[sheldon]

Weird. This is the very same reason Microsoft doesn't release it's code as well.

That is... it's not because of security through obscurity, but they just don't want others using their code.

So just do it ...

[crovira]

Actions speak louder than words.

Create a worm or virus which tells people that they're helpless because of M$.

Have one of those popping up lound and clear on twenty million screens and the word on closed source wil become loud and heard.

Closed source is pointless.

Re:"V-22 Osprey deathplane"

[goates]

I'll bet that ballistics testing is part of the test program. It is for the F-22. They took an airframe and shot it with everything they could to see how it would react.

The V-22 engines are also cross linked so that if one engine fails, the other will drive both rotors/propellers. Most military hardware is tested and designed to survive in combat. All of the armies helicopters are designed to fly without oil or hydraulic pressure for at least a short distance.

"If it ain't broke don't mess with it."
So why aren't we using horses and sailing ships? It's called technological advancement. I'll bet you didn't post that comment on an Apple IIe.

Local Vs Remote & The smaller window of exposu

[NZheretic]

I have read a lot of Gene's work. But I am not sure of the particular presentation you are talking about. Here is Gene Spafford home page, could you tell me which particular presentation you are refering to?

I wonder if he took into account the difference between remotely exploitable and locally explotable vulnerability?

I also wonder if he took into consideration the Window of Exposure between the discovery of the vulnerability and the release of the patch?

See Closing the Window of Exposure by Bruce Schneier , the security section of David Wheeler's "Why Open Source Software / Free Software (OSS/FS)? Look at the Numbers! and also again visit the disproportionately high number of open vulnerabilities in its Internet Explorer.

Chewbacca Defense

[Robber+Baron]

It sounds to me like the Alexis de Tocqueville Institution is using the Chewbacca Defense!

Your .sig

[dimator]

I have NO IDEA where to start parsing your sig, but I know thats the last time I run a strange piece of bash again. My uptime, shattered!

Re:Your .sig

[Tony-A]

I send you this sig to have your advice.

There's ALWAYS a way.

From a MS "Engineer" standpoint

[tshak]

I'm no MCSD, MCSE, or MCDBA (yet!), but I'm very involved in the MS developer community - in particular the .NET community. I go to the Redmond campus at least once a month and know quite a few people that work there. What's interesting is most "MS Tech Geeks" aren't generally anti-OSS and many actually have experience with Linux and other OS's. Sure, there's also a large group that's feeds off of MS dogma but the rest aren't really all that bad. There really are a lot of smart people that either work for MS or primarily work with MS technology that get quite frustrated atMS's marketing FUD. We're all educated (in theory) enough to make our own decisions based on the MERIT OF THE TECHNOLOGY. We don't need restrictive licenses, stupid marketing FUD, or silly gimicks like 100 page color brochures sent to our houses every day. Marketing and PR types can make the image of a company, however, they generally break the image of a company in the eyes of techies which employ simple FUD avoidance algorithms.

I have certain critiques about OSS, moreso GPL's based licenses and less so BSD based licenses, but I'm not about to agree to this "OSS will increase terrorism" BS. Come on MS (et all), STOP TREATING US LIKE IDIOTS!

A good analogy

[Gordonjcp]

Since a lot of people tend not to be terribly clueful about computers and the reasoning behind free software, I find that clear, simple analogies are good.

You can compare the software to a car. With closed source, you have a car with the bonnet welded shut. It's hard to steal the car, because it's hard to get under the bonnet to hotwire it. Only the manufacturer can get in.

However, it's probably a better idea not to weld the bonnet shut. If you can get the bonnet open then you can fit a car alarm and immobiliser.

Uhh slashdot?

[smoondog]

Slashdot is like a giant op-ed piece ...

-Sean

FUD

[donutello]

Fear. Uncertainty. Doubt.

I'll probably be modded down by the editors for saying this but that is exactly what this article is.

It doesn't argue against the actual conclusion or the logic used (granted that's kinda hard to do for a study that hasn't been released yet). Instead, there are the baseless allegations about the motivations (no evidence that they actually took money from Microsoft) and completely irrelevant links to other studies which have nothing to do with the subject at hand.

always on

[dalinian]

A problem is that nowadays pretty much all computer owners are admins. With always on connections like DSL, everybody's at risk.

And since good security is pretty hard to understand and implement properly because it involves so many issues, most people really don't even have time for it. I personally have shut down all the services in my system, and I believe that's what 90% of all home users should do. I wonder why no distro I've seen offers to do this when installing. It would help eliminate a lot of problems.

[Very OT] Re:Your .sig

[metallidrone]

If I had to guess without consulting documentation, I'd say:
:(){ #define function ':' which takes no arguments
:|:& # call ':' and pipe its output into
# another running copy of itself, running
# this in the background
}; #end of function
: #call our function

More readably: function destroy () { destroy | destroy & }; destroy

Note that each call to : will recursively expand into no fewer than two calls, both which again invoke two new copies, so it expands very quickly. Since you probably have no shell restrictions by default, it did the same thing a fork bomb would: fill your process table instantly and consume all your memory and processor time.

If you use bash (or probably any bash-like shell), you may have ulimit available. With ulimit's -u switch, you can set how many processes you may start and probably avoid the situation you described. I believe there are similar ways to achieve this in the kernel (probably by recompiling), but I'm not familiar enough to tell you how.

As a general rule, don't run suspicious code (e.g., code found in .sigs on slashdot :) that has &'s in it. That function would be easier to stop (using Ctrl-Z or Ctrl-C) if it didn't use & (which disconnects the keyboard from the program's stdin/stdout).

I hope this post has been informative enough to outweigh its off-topic nature.

Wired Article sez...

[Flamester]

Did MS Pay for Open-Source Scare?

Quote:

A Microsoft spokesman confirmed that Microsoft provides funding to the Alexis de Tocqueville Institution.

"We support a diverse array of public policy organizations with which we share a common interest or public policy agenda such as the de Tocqueville Institution," the spokesman wrote in an e-mail.

Someone should tell the NSA!

[Rogerborg]

Because they have the source for their Security Enhanced Linux available for download. We'd better tell them that security through obscurity is much more efficient, eh? ;-)

Re:Someone should tell the NSA!

[Rogerborg]

• sto is more efficient, no doubt, less bugs found, less bugs to fix ;-)

Sorry, you're right, "efficient" is far too fuzzy a criteria. If we're being specific, I actually meant "patriotic", which is now synonymous for "good". ;-)

Re:SDI worked just fine. B-)

[Ungrounded+Lightning]

It was sucessful because they didn't nuke us???

Precicely.

After the climax of WW II, when the world found out a nuke was more than "just a bigger bomb", the game changed.

Up until then it had been progressively bigger wars. Now it was "Let's see if we can avoid a war without surrendering."

So the West came up with the doctrine of "Mutual Assured Destruction" (MAD - i.e. You'd be mad to set off the first nuke. And US presidents had to put on a show of being just crazy enough to use them, or it wouldn't work.) But that's just a stalemate, no "progress" pushing your agenda.

So the East came up with the "Cold War" - with anti-West propaganda and brushfire wars in "domino" countries. (Salami slicing: Pick off the little guys one by one, then the middle-size guys, until the big guy is alone against the world. Cook the Frog: Never create a "Shelling Point" were the chip is knocked off the big guy's shoulder.)

So the West came up with the arms race: "We've got more money so we can outbuid you. You make a missile, we make an anti-missile-missile." (And Rocky and Bullwinkle satarize it with the anti-anti-[pause]-missile-missile-missile.)

And this went on for HALF A CENTURY. Before that it was a major war every generation, with all the "best" weapons in the arsenal in use. Now it was a declining series of "limited wars", with the biggest bombs very carefully NOT used.

Nukes really had made "total war" obsolete. Three war cycles came and went with no World War Three. And it all worked because expensive weapons were built with the intent that they NOT be used, because they'd be too devastating if they were.

There were abortive attempts to limit the proliferation and avoid "destabilizing" situations, in the form of an anti-missile ban and arms reduction treaties. But "stable" meant the Cold War continued to bleed both sides, and one side disarming too fast might mean the War to End All Humanity. Finally Regan abandoned such attempts and went flat-out for better armor, when the USSR couldn't afford to stay even. And the Soviet Union folded.

There was a LOT more to it than that. Like computers and networks for instance. (Restrict communication Soviet style and you slow progress. Have progress in computers and networking and you get communication you can't ban. Try to selectively free your people's communication and you discover that you can't suppress just some. Infrmation wants to be free because PEOPLE want to be free.)

But at the core, preventing nuclear war was done with weapons that worked by NOT being used; weapons that thus created their effects by MAYBE being able to work, so you couldn't risk them actually being used against you.

So, yes, SDI was successfull because they didn't nuke us. The US won the arms race but we ALL won the war.

Get real ...

Why get real when I can win with virtual weapons? B-)

Nuclear weapons are like smallpox...America is the only country to have ever used them against someone else ...

I see the public schools have neglected your education when it comes to germ warfare. For starters look at the history of the European dark ages - with diseased animal carcases being catapulted over fortress walls or dropped in wells and rivers during sieges.

... and now we live in media induced fear someone will [nuke or germ] us ...

Lived that way for over 50 years already - but with the spectre of a massive, simultaneous attack on everything that might be a target (which means essentially everything). One or two suitcase nukes or tactical-shells taking out one city or one dam? ONE plague released in a few spots, using most like non-engineered organisims, rather than a dozen lab-frankenbugs sprayed over a continent simultaneously? Chicken feed. The damage and death is vanishingly small compared to hurricanes and tornadoes, earthquakes, traffic accidents, clogged-arteries, and cancer.

Here's the Evidence

[Col.+Klink+(retired)]

"A Microsoft spokesman confirmed that Microsoft provides funding to the Alexis de Tocqueville Institution."

Our systems aren't the target

[Sven+Tuerpe]

Besides the question what sort of software is more secure, what about the terrorists? It has often been stated that they might try to attack the Internet or computers in general or certain computers in particular. But are the Internet and computers really an attractive target for terrorists? What are terrorist trying to achieve, actually, how do they think about it, why do they still prefer suicide bombing over high-tech attacks? I don't have answers, but those constructing a connection between terrorism and the open/closed source issue do not have them either. They don't even ask the right question.

The truth might turn out to be that terrorist just aren't interested in attacks nobody except a few geeks would notice or understand.

um, no

[cascadingstylesheet]

These are the same people who say smoking is good for you.

Er, no. That is not what your quote says.

This group's 1994 report "Science, Economics, and Environmental Policy: A Critical Examination"35 criticizes the US Environmental Protection Agency's risk assessment methods in 4 areas: environmental tobacco smoke, radon, pesticides, and hazardous cleanup.

Criticizing risk assessment methods is not the same as saying "smoking is good for you".

Standard disclaimers: I don't smoke, and I prefer open source software, when I can use it. But I detest mindless arguments.

Re:You should have gone with your initial impressi

[Archie+Steel]

Let's just say that spending billions and billions on a faulty system designed to ward against manufactured (and highly improbable) threats while upsetting the nuclear balance just so that some money can be injected into the pentagon system seems like a rather stupid thing to do.

The truth is, before 9/11 the missile defense project was going nowhere. Since then, as America has abandoned rational thinking in matters of defense, it has come back with a vengeance, even though it wouldn't have prevented that awful tragedy, nor will it protect against similar attacks (more probable than missile attacks by a couple order of magnitudes) in the future.

It's quite funny to read about those things in the american media: the U.S. won't spend billions on changing energy consumption habits in order to face a threat (global warming) that - even though it's not 100% proven - has been recognized by its own government as real. But it's more than ready to spend those billions on a missile defense system that has yet to prove to be effective against a threat that most military analysts regard as highly improbable at best!

Actually, Bush and co. don't care if the missile defense system is effective or not, because it is not designed to be used - they know no country in its right mind (even schizoidal North Korea) would attack the U.S. with nuclear missile, there's just too much to lose. And yet lots of intelligent, educated people just gobble it up, it seems...ah, such is the power of propaganda.

Microsoft advocasy

[magi]

You might want to take a look at their technology pages, especially the Anti-trust & Internet Regulation Program and Intellectual Property Program sections.

Many of the headlines are quite revealing about their intentions. Many are about the importance of MCSE:

• Inc. 500 Shops Value Certification Most (MCSE vs college degrees)
  
• Familiarity Breeds Respect
  "Recruiters tend to hire MCSEs just as often, if not more so, than those with a four-year college degree."
  
• Technology Trends: Program Provides Information For New Age
  
  "Eighty-seven percent of human resource managers surveyed believed that MCSE's are equally or more successful than college students."
  
• The Impact of Technology Training Programs Case Study: MCSE Training
  

And then there are numerous anti-trust criticism articles:

• Break up Microsoft? Rest of world pooh-poohs the notion
  
• Press Release: Japan, Switzerland, and the EU do NOT insist on breakup of Microsoft, unlike the U.S.
  
• Fine Microsoft, use funds for new competition (anti-breakup)
  
• Fine Microsoft and use funds to catalize new competition (anti-breakup)
  
• Break-up Remedy for Microsoft Not Supported by Key Democrats
  
• Technology and The Congressional Black Caucus (Microsoft anti-trust)
  
• Breaking Windows Over Antitrust Dogma
  
• Pause the Microsoft Case and Examine U.S. Anti-trust Policy
  
• Punishing Winners Hurts the Marketplace
  
• Suit Threatens U.S. Computer Dominance
  
• Taking a Byte Out of Microsoft
  

Etc. Also lots of articles about the precious intellectual property rights, although not specifically in relation to Microsloth.

Re:Microsoft advocasy

[medcalf]

Punishing Winners Hurts the Marketplace

So MS has a study with the same name as the AdTI's study, and on the same topic? Hmmm....

Re:Thank You

[sheldon]

It was flamebait...

You're not supposed to question Linux, it's unpatriotic!

I'm Shocked, Just Shocked!

[DesScorp]

What? There are institutions in Washington D.C. that put forward only a certain viewpoint? Jesus, why are people surprised at this? And before I hear any swill about them all being tools of conservatives and business, there are liberal leaning think tanks as well (the Brookings Institution, the Center for Science and the Public Interest, etc). There are good institutes and bad on both sides. Some are nothing more than paid hacks, but some of the best minds in the world work for these institutes. For every De Toquville institute, you're going to have a Public Citizen type organization to oppose it.

slightly OT: fave A. deT. quote

[alumshubby]

"The American republic will endure until the day Congress discovers that it can bribe the public with the public's money."

Re:You should have gone with your initial impressi

[Archie+Steel]

I agree with you in part (even though your lack of manners, however typical of trolls, is a sure sign that I shouldn't bother answering to your post). To be sure, the hijacking a plane - even an old-fashioned one where the primary goal is to hold hostages or simply escape a country - is probably going to become a thing of the past. As you correctly state, passengers are no longer going to risk ending up in a building. I myself have taken the plane a couple of times since 9/11, and was ready to spring into action if something happened - hey, if you're going to die anyway, might as well try to do something about it! However, that does not rule out every possible use of planes (even smaller ones) against facilities. Nor does it rule out truck bombs, dirty bombs (with radioactive material), bioterrorism (especially if it's domestic, as was the case with anthrax...hey, remember anthrax? It used to be news until they found out it probably came from a U.S. Army lab...)

The point is, low-tech terrorist attacks are much more likely to happen again than some third world nation lobbing nuclear missiles at the U.S. Realistically, the chance of such a nuclear attack is very slim to none - and there's no guarantee a missile defence system would work to ward off such an attack anyway. All in all, it seems an awful lot of money to deal with a highly improbable threat...

Re:C'mon people, that was supposed to be funny.

[NoMoreNicksLeft]

Well, I tried to troll for imaginary karma (not pretend karma, but rather the sign you get when sqrooting negatives numbers) but have never been successful. Personally, I would love to see a "Incomprehensible, i1" up there, but lately I've starting losing faith in the prospect.

Re:Are you an expert?

[Archie+Steel]

It's not about estimates, it's about understanding geopolitics and reading something else than Newsweek once in a while...Do you even understand the principle of strategic nuclear weapons? It doesn't matter if North Korea has nuclear missiles, because they CAN'T USE THEM AGAINST THE U.S. If they did, they would be completely vaporized. Now, North Koreans may be brainwashed, but their leader is actually an intelligent and reasonable (if cruel, despotic and tyrannical) man. He knows that's a no-win situation, and nothing suggest that he's particularly keen on losing all the privileges that come with the job having his country eradicated. The threat of "rogue nations" using nuclear weapons against the U.S. is just a lure designed by the military industry to keep those govt. dollars pouring in while the rest of the economy teeters on the brink of recession. Get a damn clue!

Intentional?

[Rupert]

hacking is a cleaver way to solve a problem

I like problems that can be solved by hacking with a cleaver.

They've done this before...

[Da+Schmiz]

Keep in mind that Microsoft has bought studies before:

• from Gartner
• from DH Brown

(I had tried to post this yesterday, but for some reason none of the CGIs at slashdot were working. Probably some uber-1337 preteen h4x0r thought that DoSing slashdot would help him reach puberty...)

"we weren't going to run this" ... sure

[scrytch]

We weren't going to run this, but there were a lot of submissions, so ...

... being the media whores we are, got in as many trolling jabs as we could when we posted it.

Why subscribe indeed?

Redefining "news"

[Mulletproof]

Why does Slashdot even make the claim any more? I'm notice less and less factually based news here. It's a soapbox and a spotlight where people can stand up and rant under the guise of news. You just can't take this site seriously anymore. I mean really... "I just won't talk about the subject, I'll tell you my politcial and social-economic views all the while I clue you in as to why i became an evil genius in the first place, not to mention why you're a moron for thinking otherwise"

"Latest IE Hole Lets Gopher Root You" -Good article. Concise, to the point and leaving the rants to the users forums. Unless it's an editorial, that's the way it ought to be. Time for a slogan change: Rants for nerds. Opinions that have no bearing on real life whatsoever. And if you come on a good day, maybe some stuff that might matter.

News: 1a : a report of recent events b : previously unknown information 2a : material reported in a newspaper or news periodical or on a newscast b : matter that is newsworthy

Editorial : a newspaper or magazine article that gives the opinions of the editors or publishers; also : an expression of opinion that resembles such an article.

Rant 1: to talk in a noisy, excited, or declamatory manner 2: to scold vehemently.

Re:Redefining "news"

[jamie]

We generally figure, as long as you can tell the opinionated rants from the factual news, you can make up your own mind.

I've yet to hear a good reason why a niche news site like ours, where you know where we're coming from, has to pretend to be objective.

Agreed! Remember the Scud attacks?

[Thag]

Ballistic missile defense is absolutely needed, we're already far beyond the "was SDI a good idea?" phase.

Remember, the US has already been attacked with ballistic missiles (the Scud attacks during the Gulf war). Our defenses didn't do all that well.

We have the ability to create defenses that will work. The kinetic energy interceptors developed by SDI worked. The software to run them worked.

Lastly, if you think 9-11 was bad, imagine an ICBM attack on Manhatten. Even with conventional high-explosive warheads, it would be devastating. And our nuclear arsenal might not be a deterrant, because we would almost certainly not return a non-WMD attack with a nuclear one (pesky ethics).

Jon Acheson

Re:The right trousers, but the wrong hat ...

[Neck_of_the_Woods]

ahhahaha, point taken. I stand corrected.

Re:Thank You

[sharkey]

There needs to be some sort of an IQ test before people are allowed to moderate.: )

There is. You have to be able to type "slashdot.org" into your browser. It's an IQ test, just not an IQ test for high intelligence.

Stop believing what you read in the press.

[Thag]

Acutally, no, time and time again bullshit arguments were rolled out against SDI and given tons of press.

"Put mirrors on the outside of the missiles." Despite the fact that SDI was developing kinetic interceptors, not lasers. Not that mirrors will stop a laser, mind you.

"Spin the missiles." And watch them rip themselves to shreds: ICBMs are actually fairly fragile. They're not built to spin like that. It's like spinning a volleyball to protect it from a rifle bullet.

"Launch dummy warheads." When the enemy can already barely afford the missiles to launch real warheads, they're supposed to buy three times as many so they can launch dummies? Right. And inflatable dummies CAN be detected (particle beams make good mass detectors, and inflatable dummies don't fly properly within the atmosphere). Dummies the same weight as the real warheads only reduce the number of warheads you can launch. It's like sending out a bomber full of fake bombs. Nobody would do that.

"Launch more missiles." Firstly, this is an inherent admission that the system works against the number of missiles you have now. Secondly, can you afford to BUY more missiles? And how many years will it delay your plans to attack? Do your missiles cost more than the additional defenses to shoot them down?

"Make new missiles that can avoid the countermeasures." If you have to replace your missile fleet to overcome the defense, the defense obviously worked. You can try again next generation, but missile defense won't be sitting still either.

"We don't need missile defense." We have already been attacked by ballistic missiles (the Scuds in the Gulf war). The need IS proven.

When these arguments were inevitably shown to be flawed, there was never any press, though. Sad, really.

Jon Acheson

Re:Stop believing what you read in the press.

[LunaticLeo]

No SDI plan has ever been proposed that would satisfy my critereon: less than 10 warheads get thru. Any more than a dozen, and there wouldn't be a USA to bother with. We are talking 10+ megaton warheads. No piddling 14 kiloton crap that hit Hiroshima.

Further, your characterization of the opposition to SDI is what is truely flawed. Lauching more missles is a viable counter to SDI. Missles are the cheap parts, warheads are the expensive part of a Nuclear wepon. Further, lasars and particle beams were definitely the most talked about SDI wepons. Specifically, mini-nuclear explosions creating focused X-ray beams. The kenetic wepons "smart-pebbles" are more plausible but have tons of drawbacks.

Don't act so high and mighty when you are clearly just an ignorant of the fact that people of differing view points might be inteligent, informed, and well intentioned, yet still disagree with you.

Re:Stop believing what you read in the press.

[Thag]

No SDI plan has ever been proposed that would satisfy my critereon: less than 10 warheads get thru. Any more than a dozen, and there wouldn't be a USA to bother with. We are talking 10+ megaton warheads. No piddling 14 kiloton crap that hit Hiroshima.

Your argument is, if I can't have a 100% impervious shield, why bother with defense? That makes no sense. It's certainly not the standard applied to any other type of defense. And in the worst case (now unlikely) where 200+ nukes are fired and 10 get through, 10 is still a lot better than the alternative.

Further, your characterization of the opposition to SDI is what is truely flawed. Lauching more missles is a viable counter to SDI. Missles are the cheap parts, warheads are the expensive part of a Nuclear wepon. Further, lasars and particle beams were definitely the most talked about SDI wepons. Specifically, mini-nuclear explosions creating focused X-ray beams. The kenetic wepons "smart-pebbles" are more plausible but have tons of drawbacks.

You haven't even done your basic research. I have. Unlike Joe Loser Journalist from Newsweek, I was reading the official public releases from the SDI program that were published on microfiche through NTIS. And no, laser beams and particle beams were NOT part of the first generation SDI project. SDI was strictly using off the shelf technology to build kinetic energy interceptors, the "smart rocks" that were later called "brilliant pebbles." While the official releases talked about the possibility of using directed energy weapons in a future second generation defense system (for the space of maybe one paragraph), they were not a part of the first-generation SDI system in any way. Go find a library with NTIS archives and read the official SDI papers for yourself.

Lasers and particle beams and nuke-pumped x-ray lasers were/are pie in the sky technology, decades away from being feasible at the time, and they might not have panned out at all. SDI was intended to field a working missile defense system RIGHT AWAY. The only people talking about lasers were idiot journalists who didn't do their research, or did their research by talking to idiot college professors. And Christ, there were a lot of them. I heard so-called "experts" claim that the whole project came out of an idea Reagan had at a dinner party! (Note: DOD has been actively and steadily pursuing anti-ballistic missile technology since the fifties.)

Then, when SDI announced that "hey, the interceptors we've been working on are doing pretty well," the idiots in the press reported it as "guess they gave up on those lasers." (See the Newsweek cover story "SDI Changes Its Course.")

Research into directed energy weapons was ongoing at the same time, of course, and had been before SDI in projects like Red River, but directed energy weapons were NOT a part of the first-generation SDI system.

Don't act so high and mighty when you are clearly just an ignorant of the fact that people of differing view points might be inteligent, informed, and well intentioned, yet still disagree with you.

If I'm acting high and mighty, it's because I bothered to actually do the basic research and learn the basic facts, and the vast majority of talking heads out there did not. And neither have you. It pisses me off. PS, learn to spell.

Jon Acheson

Re:Stop believing what you read in the press.

[LunaticLeo]

Your argument is, if I can't have a 100% impervious shield, why bother with defense?

Basicallly, yes. There are times when less than five nines (99.999%) security means no security at all. Defense against the Soviet Nuclear Arsenal is one of those.

To repeat myself, I do believe missle defense is a good investment. However, missle defense and SDI as proposed by the Regan Administration are different things.

If I'm acting high and mighty, it's because I bothered to actually do the basic research and learn the basic facts, and the vast majority of talking heads out there did not. And neither have you.

How old are you?

The information I am working on is from the Regan Administration, not the refried-beans regugitated by the Bush Jr. Administration. Specifically, my education in this area goes back to a presentation at the MIT Club of Washington DC by some Air Force General involved in the developement of SDI part I in 1987.

Re:Stop believing what you read in the press.

[Thag]

There are times when less than five nines (99.999%) security means no security at all. Defense against the Soviet Nuclear Arsenal is one of those.

Then I guess we disagree. As I see it, having a defense that is 99% effective (which, allowing for human error, is as good as you can ever hope for in the real world) is much better and safer than not having the defense. Specifically, it is much better in situations that fall short of an all-out attack. Think of the scenario where a single rogue missile gets launched by one side (through malfunction, error, insanity, whatever). The other side, possessing a defense, has much better options (shoot it down) than they would otherwise (retaliate or just take it).

The information I am working on is from the Regan Administration, not the refried-beans regugitated by the Bush Jr. Administration. Specifically, my education in this area goes back to a presentation at the MIT Club of Washington DC by some Air Force General involved in the developement of SDI part I in 1987.

Again, my info came directly from the SDI program via NTIS, published (and read by me) at about the same time as your club meeting. Please check my sources.

Jon Acheson

Re:Stop believing what you read in the press.

[LunaticLeo]

Then I guess we disagree. As I see it, having a defense that is 99% effective (which, allowing for human error, is as good as you can ever hope for in the real world) is much better and safer than not having the defense. Specifically, it is much better in situations that fall short of an all-out attack. Think of the scenario where a single rogue missile gets launched by one side (through malfunction, error, insanity, whatever). The other side, possessing a defense, has much better options (shoot it down) than they would otherwise (retaliate or just take it).

We really don't disagree then. However, Ronald Regans own estimates (sorry don't have the source for this in my head) were %85 effectivity, primarily focused on protecting Military infrastructure (to ensure retaliation and maintain MAD). Against China and less capable militaries, missle defense is quite reasonable. And in my mind , missle defense research is a moral imperative.

BTW, in my last posting where I asked "How old are you?", it was not meant to be a put down. I realized what it would sound like after I posted. I was really trying to get to the Regan vs. Bush Jr. versions of SDI; which are substantially different.

As to speling, don't be fooled into the simplistic equation that there is a correlation between speling and intelligence. I believe there is a greater correlation between people who nit-pick speling and simple mindedness (not you of course:). Remeber Kwalitee is Gob won.

Re:Stop believing what you read in the press.

[Thag]

And in my mind , missle defense research is a moral imperative.

We certainly do agree there. I would much rather save lives on our side than threaten to kill millions of civilians on the other side.

BTW, in my last posting where I asked "How old are you?", it was not meant to be a put down. I realized what it would sound like after I posted. I was really trying to get to the Regan vs. Bush Jr. versions of SDI; which are substantially different.

I kind of thought that was what you meant, but I wasn't sure, so I didn't respond. I guess I should have given you the benefit of the doubt. I'm 34, btw.

As to speling, don't be fooled into the simplistic equation that there is a correlation between speling and intelligence. I believe there is a greater correlation between people who nit-pick speling and simple mindedness (not you of course:). Remeber Kwalitee is Gob won.

"Correct speling is essential!" : )

The thing about bad spelling is that it implies that either the writer can't spell, or can't be bothered to proofread what they wrote. It really does matter, especially when making a first impression.

Thanks for responding so politely, btw. It's a pleasure finding someone who takes the high road. I have to apologize, some of my own tone was pretty harsh. Sorry.

Jon Acheson

Dunno about that Frenchman, but the V-22 rocks

[SysKoll]

It's a real shame that this gun-for-hire PR agency adorned itself with the glorious name of Alexis de Tocqueville, who couldn't stand double standards and intellectual dishonesty.

That said, just because despicable people breath does not mean you should not. Whatever these PR whores say, the V-22 is a great concept. Think of it: a plane taking off like a helicopter. It has all the advantages of a regular plane, especially the speed (much faster than a chopper), and it can land vertically.

Of course, it's quite some drain on the ol' budget. I remember a joke in 1989 that "22" in the name refered to the number of billions it had cost so much... I shudder at the thought of the total Osprey program cost nowadays. This thing has been in design and debug forever.

The reassuring thing is that the cause of the most recent crash was pretty mundane: a hydraulic line rubbing against a part each time the Osprey changed phase (pivoting its planes) and finally breaking. It's not like the design is fundamentally wrong.

I know little about the military deployment of the V-22, but I do know one thing: The V-22 is an ideal machine for all the small regional airlines who dream of having a turboprop plane land a handfull of commuters and businessmen in the heart of congested downtowns that are only serviced by ruinous choppers right now.

So, after all these years, we can hope that a civilian version will emerge, all paid by the Pentagone, and that the Japanese and European markets will order hundreds of V-22. Take off in downtown Paris, land in the London City? Heck, I know people who would gladly pay a fortune to avoid the torturous commuting La Defense-Orly-Heathrow-London. Not to mention the stinking tube or the bad-tempered taxi drivers. The market is huge.

Of course, Libertarians object that giving tax money to a private company (Boeing) for building a civilian plane is immoral. But it would not be the first time: The very successful 707 was developed as a military project.

So don't call the V-22 a bad name, chances are you'll ride it someday in 2010 when your customers want you to debug their Apache 6.1 config...

-- SysKoll

Who Knew

[cscx]

The same day I post this they find a buffer overflow in BIND 9...

Re:One

[MrResistor]

I suppose you could

Seems kinda self-condradictory though

Re:Argumentum ad hominem

[Chris+Johnson]

Careful. The error you're risking has to do with value neutrality. It's sort of like... suppose you're painting a big backdrop to look like the sky. You're looking into two vendors for buying the paint. One sells blue paint, one sells yellow paint.

Surprise surprise, one says 'the sky is blue' and the other says 'the sky is yellow', for rather understandable reasons: they want to sell their paint. They each have an equal right to claim what they want, as far as that goes, subject to government limitations on what you're allowed to sell as 'sky-colored backdrop paint'. They contradict each other completely, in doing so.

Nothing about this situation implies that the sky is actually green (that being a compromise between the two claims).

Nothing about the Think Tank Troll situation implies that closed-source software is more secure than OSS, free inquiry or not- and the fact that they're preparing to say so, at length, does not make it any more true than 'the sky is yellow', and it does not mean the truth is somewhere in the middle, like 'the sky is green'.

And... want to take bets that Microsoft didn't pay for this report? You could get very interesting odds, because it is enormously probable that it is a corporate 'sock puppet' and nothing more, so the odds that Microsoft outright commissioned a report to say this and this and that are overwhelming. What odds do you figure?

Re: V-22

[SEAL]

The other poster responded to you well, and I'll second it. As someone who had the opportunity to fly on an Osprey, I can say that the utility it provides is *very* useful to the military, especially the Marine Corps.

Has its deployment been delayed? Sure. Have there been mistakes both from the engineering side and political side? Of course. Is it the only aircraft to ever deal with these issues? Hell no. If you want to look at a scandal, try the A-12 project. If you want to look at crashes of test flights, consider the B-2.

The Osprey got more press because it is a more "open" project, since it lacks the stealth characteristics of the B-2 which are mostly classified. Furthermore, the major crash that was reported happened to be with an Osprey that was carrying not just the pilot, but 19 Marines.

But look at the chopper the Osprey will replace. Crashes happen all the time, not just to newly designed aircraft. As the CH-46 ages, it will become more and more accident prone.

Also consider that 3 Marine officers were found to have falsified maintenance reports on Ospreys that were under their command. Failure to maintain any plane could cause problems.

So, frankly, for you to call the Osprey a "fatally flawed" plane, is plain FUD. Aircraft crash - that's a fact of life. The goal of engineers is to build them to a standard that minimizes accidents due to mechanical failure. Designs can be improved and corrected if there are problems (although the history of Osprey crashes suggests other factors were responsible).

Before the B-2 was in production use, the naysayers were claiming the same type of thing as you are about the Osprey. Yet now we have a functional aircraft which proved itself to be very capable in many bombing runs. Keeping the old planes is not an option indefinitely: you must stay ahead of the technology curve to maintain an effective military.

SEAL

You didn't just say that...

[Mulletproof]

No one to bribe? These people work for peanuts (or free) in their spare time. I know it's a labor of love, but open source is ripe for bribery.

Rules of civilization

[Ungrounded+Lightning]

But what if we hadn't spent six trillion dollars [or whatever] on nukes ...

Well, the way things were going, about 1965 or so the USSR might well have blown us to hell with a half-billion rubles worth of nukes, then duked it out with Red China about 1980 over who would run the remains of the world.

... creating nuke-pollution timebombs ... experimenting on our own population and spreading cancer from fallout ...

Maybe we could have [done lots of good stuff with the money instead].

The USSR didn't mind polluting a large chunk of their own territory to make plutonium. Chernobyl was just the LAST and worst spill (that we know of). And vaporizing one operating power reactor is a really close approximation to one all-out nuclear war's fallout. But there were plenty of others. (Like the chemical reaction that boiled a major fraction of a Soviet waste dump. The highways through a big chunk of Siberia are still "no stopping zones" due to that one.)

Three Mile Island, on the other hand, was just a little bit of radioactive steam. The atmospheric tests and the military reactor oopsies in the US were larger, but a drop in the bucket compared to either of the USSR incidents above.

Yes the Hanford experiment was cold-blooded genocide. So tell me about it. My wife is one of the "marginal population" they experimented on while she was still in the womb - born in the reservation downwind of the deliberate release. And she has the birth defects, thyroid disease, and occasional propaganda mail about how minor it was (which somehow keeps showing up with updated mailing addresses) to prove it. Seems that experiment was STILL GOING ON, with the victims' health being monitored, at least through the fall of the USSR.

But that sort of expenditure and NAZI-style human experimentation is why it was so important to get the cold war STOPPED. Another win for SDI.

After all, after you've got enough to destroy the world three times over, isn't the rest a bit of a waste?

"Overkill" is misunderstood, and is NOT what you are apparently assuming. Consider this:

One bomb of X kilotons, successfully exploded over a target, kills 1/N of your enemy's population. So you need N such bombs to kill all of 'em, right?

Wrong, for two reasons:

1 That 1/N assumes a "good" target - like the concentrated population and infrastructure of an industrial city. After your first 5 or so bombs blow up all the big industrial centers, your next 100 or so have to go after the little industrial centers. It takes maybe K*N to get 'em all. "Overkill" of K.

2 But these things are going in on bombers (that are being shot at) and missiles (that may fail, and may also be shot at - the USSR did deploy anti-missiles despite the treaties, and were actually allowed one by the treaties). If you don't want to shoot first you fired your missiles (and gave "GO" to your planes and subs) AFTER they shot at 'em - maybe after the bombs landed, maybe yours are in flight while theirs are going BANG. So only one in J gets through. To hit them all you need at least J*K "overkill". Actually you need more - because bomb loss is a statistical process. If you only sent J*K*N bombs some targets would get hit twice and some missed. So you need "overkill" beyond J*K to be sure you level everything you intended to level.

So "overkill" doesn't mean "kill 'em I*J*K times". "overkill" means "bomb each target I*J times, throwing I*J*K times as much stuff as you'd need if they were all just like the easiest one and everything worked perfectly, and PRAY that every target gets hit at least once." If I*J*K happens to be larger than 2 * (World Population / Soviet Population), that does NOT mean you have enough bombs to kill everybody in the world twice.

We've threatened to use nukes at least half a dozen times in the last half century (including the Berlin blockade), we've shown we can't abide by the rules of the rest of civilization, and _you_ feel secure?

YO! DUDE! During the wind-down of WW II into the Cold War we announced that we'd defend West Germany (including West Berlin) by whatever means necessary. We made treaties that REQUIRE us to use nukes to defend certain allies, not just ourselves, from certain kinds of attack. We've announced a policy of responding to government-launced nuclear, chemical, or biological attacks, on our allies and on signatories of the non-proliferation agreement, with nuclear retaliation. (You don't need to develop your own bombs - you can use ours.) And we announced that we would treat siting nuclear missiles in the Americas aimed at the US as an act of war.

Those ARE the "rules of civilization". We wrote 'em. Rent a clue!

("We" includes the rest of the winners of WW II. And the surviving losers as well.)

"As I walk through the Valley of the Shadow of Death I will fear no evil. For I am the MEANEST son-of-a-bitch in the Valley!" If you TRY to kill me, your whole country will glow for centuries, with nothing left alive but cocroaches and algae. And everybody who might try a classic nuclear, chemical, or biological first-strike KNOWS it. THAT's why I sleep peacefully at night.