'Think Tank' Issues Microsoft-Funded Troll

dlur (among many others) writes: "According to this ZDNet article, a Washington think tank known as the Alexis de Tocqueville Institution is soon to release a study stating that Open Source Software allows terrorists an easy time hacking into our systems. It's little suprise that this group takes money from Microsoft." The Register's story is good too. All the whoring reports in the world won't make open source any less secure. This same institute backed destabilizing, unworkable '80s missile defense and thinks Alexis de Tocqueville would have wanted the V-22 Osprey deathplane. Also, see what their coin-operated policy dispenser spat out for internet privacy (eat what you're fed) and antitrust (advantage of Microsoft monopoly: "manufacturers of computer hardware need to provide only one driver"). We weren't going to run this, but there were a lot of submissions, so ...

Hmm..

[FunkSoulBrother]

>i>from the insitute-and-prostitute-share-a-lot-of-letters dept.

They share even more letters if you spell institute correctly.

Now, from the people who brought you Sendmail

[Animats]

Open source would have a much better security record if Sendmail were killed off.

Re:Now, from the people who brought you Sendmail

[ninewands]

Actually, sendmail is used to ... errrr ... SEND mail. My ISP does not relay, so I HAVE to run my own MTA because I don't connect to one of their IP blocks. I use exim at home rather than sendmail, but I administer about 100 Unix boxen at work that use sendmail for, among other things, remote security logging, availability monitoring (the hostwatcher e-mails my pager when a monitored host goes down), and just GOBS of other admin tasks. E-mail really IS the killer app of the internet.

All that being said, if all you need is a client sendmail mailserver, DO NOT generate your sendmail.cf from the nullclient.mc file distributed with sendmail. It WILL create an open relay. I can't get to the m4 file I created to do the trick right now, but I will be happy to provide it to any sendmail admin who wants it if they e-mail me at cwilkin3-AT-egr-DOT-uh-DOT-edu. The file generates a sendmail.cf equivalent to what nullclient.mc creates, but without the relay enabled.

Loudest

[inflex]

What I do not understand is why there aren't any similar groups for the OpenSource / non-Darkside avocations.

If MS can fund groups such as these to spill forth what is obviously [then again, not much is obvious it seems to the 90% of the population] utter trash, surely we [ non-MS ] can do the same.

If this group spills out such toxic waste words as these, why does it gain so much attention in the general public?

Is there any reason why we cannot write an article stating "Microsoft Closed source enables Terrorists to easially render 90% of the information market paralized"... (after all, there is far more 'hard' evidence in the form of email-worms etc than there is behind what has been written in this article).

Re:Loudest

[ninewands]

What I do not understand is why there aren't any similar groups for the OpenSource / non-Darkside avocations.

You mean like This Article??

Just in case CRN gets slashdotted, an excerpt speaking on the subject of Linux in the federal government:

The software appears to be winning friends among military and intelligence agencies.

A study completed for the Pentagon by the Mitre last week identified 249 U.S. government uses of open-source computer systems and tools, with Linux running on several Air Force computers, along with systems run by the Marine Corps, the Naval Research Laboratory and others.

The report recommended further use of open-source computing systems, on the grounds that they were less vulnerable to cyberattacks and far cheaper.

'Nuff said. I think I would believe a federally-funded study by Mitre Corp. (a scientific research organization that, among other things, hosts the CVE database) before I would buy into a study by a think tank 1) that lacks Mitre's technical muscle and, 2) has a history of whoring for inter alia Microsoft, the tobacco industry, and various egregious polluters. Remember Mindcraft?

Re:Loudest

[mrsam]

What I do not understand is why there aren't any similar groups for the OpenSource / non-Darkside [ advocacy ]

I certainly hope there aren't any self-proclaimed Open Source/Free Software groups that pump out such logically-challenged, clue-free blather. I'd frankly be ashamed to see something on the same order, clue-wise, being used to promote the Open Source/Free Software philosophy.

Re:Loudest

[Ride-My-Rocket]

Honestly, I think the Linux community is better off without such a "darkside" group. The more effort that is spent on making actual progress, and NOT fighting the war of words that Microsoft so desperately wants to fight, the better off we'll be. Microsoft has been saying bad stuff about Linux for years -- they have endless supplies of cash to wage that war, and can neatly tie up the Linux community's resources that way.

I would say that any and all "intellectual" aid -- legal, political, research / reporting, etc. should be directed towards loosening or removing Microsoft's grip on public education and government markets. Right now, we have two major entities -- Peru and Taiwan -- that have taken the plunge and are attempting to eliminate their reliance on Microsoft products. We have the US government questioning for the first time how to better secure their networks. And in a time of relative national crisis, shouldn't security at all levels be of paramount concern?

MS has proven itself incapable of (or unwilling to?) improving the security of its code, despite its ubiquity. Open source can only get _more_ stable and secure as time passes, and users / white hats continue to help find bugs in the system. So why shouldn't we have people who are willing to evagenlize OpenSource do it, but to discredit MS by selling the idea behind using Linux et al?

But maybe that's just me........

Re:Loudest

[charvolant]

I certainly hope there aren't any self-proclaimed Open Source/Free Software groups that pump out such logically- challenged, clue-free blather.

Umm. Slashdot, anyone?

And they're running...

[coats]

Rapidsite/Apa/1.3.20 (Unix), FrontPage/4.0.4.3, mod_ssl/2.8.4, and OpenSSL/0.9.6 on an IRIX machine, according to NetCraft's "What's that site running?" at http://uptime.netcraft.com/up/graph

They're not running their touted monoculture on their own web servers!

Here's the solution....

[i_want_you_to_throw_]

I am a lone out post of open source in the military agency where I work. My solution, just show them the NSA funded SE Linux information.

Who are the green suiters going to trust? A bunch of paid "think tank" lackeys or the good ole spooks behind the triple fence?

So far NSA's advocacy has been used to let me get away with all kinds of open source implementation.

Of course, NSA has an agenda too I'm sure but that's between the military and NSA.

Re:Here's the solution....

[Hard_Code]

"So far NSA's advocacy has been used to let me get away with all kinds of open source implementation."

Perfect comrade! Next, send me the list of usernames and passw^W^W^W I mean, send me some completely arbitrary pornographic images for no apparent reason. Also, good idea to post here...nobody will ever discover our s3kr3t plan, nobody takes these Slashdotters seriously! (also, we have successfully planted agent code-name "Tom Ridge" high in the executive branch) Muahahaha!

Re:Slashdot==idiots

[DNS-and-BIND]

In a remarkable tete-a-tete with a US journalist and former arms control official, Marshal Nikolai Ogarkov, First Deputy Defense Minister and Chief of the General Staff, interpreted the real meaning of SDI: "We cannot equal the quality of U.S. arms for a generation or two. Modern military power is based on technology, and technology is based on computers. In the US, small children play with computers.... Here, we don't even have computers in every office of the Defense Ministry. And for reasons you know well, we cannot make computers widely available in our society. We will never be able to catch up with you in modern arms until we have an economic revolution. And the question is whether we can have an economic revolution without a political revolution."

Read that last sentence again - it's a thousand-pound gorilla.

Still no reply to the email I sent Ken

[NZheretic]

To: kenbrown@adti.net

Subject: "Opening the Open Source Debate"

Date: 31 May 2002 15:45:59 +1200

Some references you might wish to consider before publishing your article "Opening the Open Source Debate"

http://www.businesswire.com/cgi-bin/f_headline.cgi ?bw.053002/221502375

Bruce Schneier, one of the recognized leading expert on computer security on Kerckhoffs' Principle and Secrecy, Security, and Obscurity of software.

http://www.counterpane.com/crypto-gram-0205.html#1

Dr. Blaine Burnham, Director, Georgia Tech Information Security Center (GTISC) and previously with the National Security Agency (NSA), gives an keynote speech overview of current encryption and security technologies and outlines possible strategies for future defense.

http://technetcast.ddj.com/tnc_play_stream.html?st ream_id=411

Also you might wish to address the issue of Microsoft's disproportionately high number of open vulnerabilities in its Internet Explorer components. All of which where discovered without access to the source code.

http://jscript.dk/unpatched/

Richard Purcell, Microsoft's director of corporate privacy, has recently stated that any major improvement in regard to the security of it's products may be at least "5, 10 years, maybe".

http://www.businessweek.com/technology/content/may 2002/tc20020523_6029.htm

As for the issue of Trojan horse injection into open source code, it is far from being an open source only issue.

http://www.eeggs.com/

Or were all the "Easter Eggs" currently found in Microsoft's products officially authorized?

If you are looking for a methodology for providing a suitably secure and hardened solution, start with a real world example.

http://www.openbsd.org/security.html

I welcome any open debate.

Security through Obscurity isn't all bad...

[vkg]

After all, we're now pretty well aware that people are not looking through open source code looking for bugs and back doors: yes, flaws get discovered, but it's usually through the "exploit-patch-fix" cycle, rather than pre-emptive security work.

OpenBSD is, of course, not dead and a very notable exception.

Sometimes secrecy is useful in security: ask the NSA; yes, in theory, all of their algorithms would stand if they were placed in the open.

But they still keep them secret because it is one more obstacle for an intruder to have to overcome to compromise a system.

Of course, none of this matters because we're talking about M$, those nice folks asking to keep with Windows source secret because it has security flaws large enough to be considered economic and national security risks.

But, in theory, I think there are times when closes source might be the way to go.

Re:Security through Obscurity isn't all bad...

[tupps]

The NSA does disclose there systems. If I remember correctly the NSA had a helping hand in many of the publicly available crypto routines.

They also released Secure Linux

Also the NSA is also about *breaking* systems, which they thankfully don't release the source to.

One of their documents is self-contradictory.

[Chmarr]

The final sentence of Punishing Winners Hurts the Marketplace reads:

"We would be better off with more companies like Microsoft, not fewer."

However, how can we have more companies like Microsoft when that very article is condoning a monolopy? Yes, I acknowledge that they're probably talking about 'one monopoly in each market'. However, we all know that Microsoft is trying to take over as many markets as possible. How far away is Microsoft-branded Vegemite? :)

Stupid. Totally, absolutely stupid.

In fact, Open Source is SO insecure...

[dimator]

... that we run it on our OWN damn servers:

$ httptype www.adti.net
Rapidsite/Apa/1.3.20 (Unix) FrontPage/4.0.4.3 mod_ssl/2.8.4 OpenSSL/0.9.6


Who wants to place bets as to when Microsoft learns of this, and promptly switches their systems?

Re:In fact, Open Source is SO insecure...

[tweakt]

For Example:

Rapidsite/Apa/1.3.20 could be some bastardized version of Apache which is closed source...

Though mod-ssl is open source.
As well as OpenSSL... (duh)..

Don't forget BIND!

[cscx]

And MySQL.
And OpenSSH.
And Tomcat.
And wu-ftpd.
And PHP.
And squid.
And mod_ssl.
...

You know, if we reduced it to just the kernel running on an isolated box locked in a secured meat locker, and you throw away the key.

But, qmail is better =)

Re:Open Source Easier to Hack

[yobbo]

Well, open source software is by far the easiest to hack, because the source code is actually available to you to hack with.

If you're talking about open source software being easier to crack, that's a whole different story...

Re:Open Source Easier to Hack

[uberjon]

Uhhhh, because the source is open? Or does "open source" mean something else that I don't know about?

It means someone legit is more likely to find the hole and release a patch before some script kiddie gets the 0-day 'spoilt for it. Opensource software has a better track record for admitting security holes, and releasing patchs before a problem arises.

SPAM THEM!!!

[inerte]

Yes, like geeks, we must use the tools we have.

From: 8axxx0r l33t
Subject: DESTROY PROPRIETARY SOFTWARE
Message:

First Post!

Heya! Did you know Bill Gates' ASCII code number is 666? That he is the root of all evil?

That there's an alternative to monopoly? And it's FREE (note: as in freedom AND as in beer).

ACT NOW and access Slashdot's webpage, news for normal people, stuff that matter. NO pop-ups, neither pop-unders, ROTFLMAO... Insightful and funny bewolfed comments from all over the world!

Thanks for your time,

l33t.

PS: This is not spam. I hate spams.

Bruce Shneier said it best:

[evilpaul13]

"And don't forget Kerckhoff's assumption: If the strength of your new cryptosystem relies on the fact that the attacker does not know the algorithm's inner workings, you're sunk. If you believe that keeping the algorithm's insides secret improves the security of your cryptosystem more than letting the academic community analyze it, you're wrong. And if you think that someone won't disassemble your code and reverse-engineer your algorithm, you're naive. The best algorithms we have are ones that have been made public, have been attacked by the world's best cryptographers for years, and are still unbreakable."
--Bruce Scheier; Applied Cryptography (Second Edition); page 7

This seems to apply perfectly to this latest FUD about open source software.

Re:Open Source Easier to Hack

[Bastian]

Thankfully, a lot of the notorious hacker groups who are known for finding security holes (l0pht and cDc come to mind) are also known for publishing information about those security holes, not with the interest of telling script kiddies and black hat hackers how to get into the system, but for the purpose of calling attention to the holes so they are closed.

I'm not hacking expert, but I have a feeling that finding security holes by reading the source code of software isn't much easier than prodding at it until a hole is found.

With buffer overflows, for example, I'd imagine it's much easier to find the overflows by setting up a computer running whatever software you are trying to exploit and letting a program designed to keep trying to exploit overflows until it finds the overflow. If you can figure out where in memory that buffer is with some sort of debugger, the job is probably even easier.
There's also the good old OpenBSD poster child.

Re:Off-topic: missile defense

[VValdo]

I see, so you're saying the value of the destabilizing, unworkable '80s missile defense is that it's a great bluff that got Russia to try to build the same thing...hence Russia collapsed and we didn't.

Hmm. This leads to two questions and a note-- (1) why are we still pushing to build it, and (2) if it was a bluff, why did we actually spend any money on it at all, and (3) you're basically saying that a wasteful, bloated, expensive defense system that won't do anything was loaded with features, not bugs.

Next time, we should propose launching food into space, that'll really screw up them commies.
W

Where's the Evidence?

[waldoj]

I'm sorry to be a party-pooper, but where's the evidence that they take money from Microsoft? The ZDNet article says nothing about that, and the talkback comments (at least the few dozen that I read) provide no evidence along those lines, either. The Register says that Richard Smith says that they take money from Microsoft, though they present no evidence along those lines. Smith's a cool guy and all, and he's got a good track record, but I'm going to need a little more than a second-hand non-credited reference to believe this.

I did a little poking around and a little Googling, but was unable to come up with any evidence on my own.

So, please, could somebody enlighten me?

-Waldo Jaquith

Re:Where's the Evidence?

[Col.+Klink+(retired)]

They claim that MCSE's are more useful than a college degree. If they AREN'T taking money from MicroSoft, then they're dumber than I thought.

Re:Where's the Evidence?

[interiot]

Check out their job application form. Applicants are asked to rate from 0 to 10 how interested they are in doing a list tasks. A few of them are:

• Make fund raising calls
• Put together a list of organizations interested in an issue
• Find organizations and individuals that might support a particular AdTI program

So they're a research-for-hire house, and they're going to send out a press-release that says Open Source is insecure. Now put yourself in a new-hire's shoes... Name a company that has deep pockets and might be interested in funding anti-OSS "research"...

Open source helps terrorists?

[The+FooMiester]

Google search for al qaeda and microsoft

Google search for al qaeda and linux

Those search results speak for themselves on who helps terrorists.

They Also Backed the Tobacco Companies

[elfdump]

This group also claimed, during Congressional probes into tobacco company fraud, that cigarettes and tobacco products were not harmful to your health. From this memo by a director of the World Health Organization:

"In addition to creating front groups and contributing funds to groups that have a mission broad enough to carry some of the tobacco industry's goals, the tobacco companies also use publications by allegedly independent think tanks, such as the Virginia-based Alexis De Tocqueville Institution. This group's 1994 report "Science, Economics, and Environmental Policy: A Critical Examination" criticizes the US Environmental Protection Agency's risk assessment methods in 4 areas: environmental tobacco smoke, radon, pesticides, and hazardous cleanup. It dismisses in its first chapter the agency's risk assessment of environmental tobacco smoke, using arguments similar to the tobacco industry's "junk science" arguments described by Ong and Glantz. "

It seems Microsoft is making some strange bedfellows.

Sources:
http://www.smokefreeforhealth.org/studies/YachBial ous.htm

ZDNet Post

My Rant on this topic...

[tweakt]

"The white paper, Opening the Open Source Debate, from the Alexis de
Tocqueville Institution (ADTI) will suggest that open source opens the
gates to hackers and terrorists."

My $0.02:

... First of all, there ARE NO GATES! All software contains bugs,
sometimes exploitable. .. closed source is NOT a "Gate" that blocks
hacking... yes, exactly: nimda, codeRed, klez, iloveyou, and just about
every other "virus" reported in the last two years... blah blah blah...
...shitty analogy...

See: Publications and Accomplishments
http://www.adti.net/pubsaccomps.h tml

They don't exactly seem to be experts in any field of computers,
networks, or security that I can tell. They did some reports for more
traditional defense related topics several years ago, but thats it. They
are however, very good at reporting on controversial issues, mainly
politcal in nature. Hmmm..

Here's a question. Of the total number of security problems reported
regarding closed vs. open source products, what percentage were
pre-emptive fixes reported by whitehats, v.s. those exploited and thus
forced to be officially reported?

My point is... a bug is a bug, but it's a hell of a lot better if it's
patched before it's ever exploited. So it's totally wrong to look purely
at # of reported security problems in product XYZ. I would expect an
open source product to have a significantly higher # of reported
problems. That's a good thing IMO, since that means there's less of them
lurking.

The bottom line: Everything has bugs. More eyes, less bugs. More secure.
Simple. Now would someone try and explain that to these anti-open-source
nitwits?

Oh, and may I point out: (already reported)
http://www.washingtonpost.com/wp-dyn/ar ticles/A600 50-2002May22.html
http://www.nsa.gov/selinux/

It seems like our .gov likes it just fine ;-)

-Mark Renouf

Re:Open Source Easier to Hack

[Oculus+Habent]

In fairness, there are people out there who end up in charge of systems that don't have the time, inclination, or experience to install patches, upgrades, updates, etc. The people who did the default install and left it at that.

These are the people that are potentially at risk. Sure, Microsoft's code has just as many (if not more) holes in it. But the holes aren't as well known.

In a perfect (or at least mostly-intelligent) world, the Open Source argument wouldn't exist, and we'd all have more time to devote to hangliding.

But then, communism is the "perfect world" - on paper anyway.

--
Don't scream at me, I can't hear you.

Why is anyone surprised by this?

[Random+Feature]

I mean, come on!

This is like being surprised that the Tolly Group gave a good report to a product.

When you pay for a review or analysis, you get exactly what you want. This is no different than the Mindcraft "study" that was biased.

When a reputable group/publication comes out with an unbiased study that says these same things then you should get upset. Until then, it's all smoke and mirrors, FUD and MUD.

Nothing to see here.

Re:Off-topic: missile defense

[Brian+Stretch]

No, SDI was one of many things that encouraged the Soviets to spend themselves into oblivion. At this point, it probably *is* possible, and with lunatics like the North Korean dictatorship able to shoot ICBMs (as of a few years ago), just for starters, missile defense is now a VERY good idea. If piss-poor third world nations think building ICBMs is worth the trouble, then we damn well better have a defense against them.

Unless we invade and force a regime change, which I'm not necessarily against. Worked for National Socialist Germany and Imperial Japan, and the bad guys aren't exactly an even match today.

It's not just for ICBMs either. Shorter range ballistic missiles, like the several hundred that China has pointed at Taiwan, could be defended against by ground-based interceptors. (Guess why China is all cranky about our pulling out of the ABM treaty with the Nation That No Longer Exists.)

Some inconveniant questions

[Veteran]

Suppose we ask ZDnet some inconvenient questions, and see how much they start squirming:

• Who is ZDnet's source on the story?
  
• Did the think tank leak the results of their own study?
  
• Did the information for this story come from Microsoft - who already knew the results before they were published because they bought and paid for them?
• What exactly qualifies the people at the think tank to have an opinion on computer security?
  
• Does the think tank have a history of expertise in the field of computer security?
  
• Are any of the people involved in the report even computer programmers?
  

This story just might wind up biting Microsoft in the ass; if the rest of the sharks in the press start smelling blood in the water.

Re:Off-topic: missile defense

[DNS-and-BIND]

In a remarkable tete-a-tete with a US journalist and former arms control official, Marshal Nikolai Ogarkov, First Deputy Defense Minister and Chief of the General Staff, interpreted the real meaning of SDI: "We cannot equal the quality of U.S. arms for a generation or two. Modern military power is based on technology, and technology is based on computers. In the US, small children play with computers.... Here, we don't even have computers in every office of the Defense Ministry. And for reasons you know well, we cannot make computers widely available in our society. We will never be able to catch up with you in modern arms until we have an economic revolution. And the question is whether we can have an economic revolution without a political revolution."

Read the last sentence over, and over, and over.

SDI worked just fine. B-)

[Ungrounded+Lightning]

The missle shield was certanly destablizing, it never helped us in any treaty with another super power, not even as a negotiating gambit. [etc.]

Seems to me it worked perfectly.

The Soviet Union collapsed, ending half a century of Cold War. The surviving USSR government officials said the major factor was SDI. Not a single nuclear bomb exploded on or above the soil of the US, its possessions, or its allies (including all the signatories to the non-proliferation treaty). And it was so powerful we didn't even have to actually DEPLOY it!

Lets see your smart bomb or a START-XVI treaty beat THAT!

And what's "destabilizing" anyway?

[roystgnr]

Mutually Assured Destruction was "stable" only as far as retaliatory destruction was really assured. A limited missile defense system makes it impossible for your opponent to be sure that a first strike of theirs will destroy all of your missiles, and so makes MAD more stable, not less.

Re:Off-topic: missile defense

[Zeinfeld]

You are aware, are you not, that the Reagan administration's emphasis on missile defense technology forced the Soviets to spend billions on research into their own missile defense systems? And that that level of unsustainable spending contributed directly to the collapse of the Soviet economy, and the eventual dissolution of the USSR as a political entity?

A theory that was only advanced as a strategy after the fact. There is no reason to believe that we were being lied to in the 1980s when we were told that NATO believed that it could only hold off a USSR invasion of Western Europe for 4 days before being forced to resort to nuclear weapons. The generals who I discussed the strategy with in the 1980s believed that they were acting to defend against a real threat, not to break an already beaten enemy.

The theory is in any case bunk if you happen to look at Soviet economic history. To first order the Soviet economy never really recovered from the second world war. The economy was already stagnant when Breshniev took over. By the time start wars was proposed Gorbachev was already redirecting resources from the military economy to the civilian economy. The USSR never responded to star wars, therefore the theory that proposing star wars brought down the USSR is false.

As for anyone having disolving the USSR as a political objective, I don't think that was ever a US policy objective of any kind (with the exception of the Baltic states). Better to have all those missiles under control rather than have a Balkan situation with nuclear weapons.

Light'em if ya got'em

[ozric2k1]

These are the same people who say smoking is good for you.

"In addition to creating front groups and contributing funds to groups that have a mission broad enough to carry some of the tobacco industry's goals, THE TOBACCO COMPANIES ALSO USE PUBLICATIONS BY ALLEGEDLY INDEPENDENT THINK TANKS, SUCH AS THE VIRGINIA-BASED ALEXIS DE TOCQUEVILLE INSTITUTION. This group's 1994 report "Science, Economics, and Environmental Policy: A Critical Examination"35 criticizes the US Environmental Protection Agency's risk assessment methods in 4 areas: environmental tobacco smoke, radon, pesticides, and hazardous cleanup. It dismisses in its first chapter the agency's risk assessment of environmental tobacco smoke, using arguments similar to the tobacco industry's "junk science" arguments described by Ong and Glantz. "

The three biggest lies redux,
smoking is good for you, windoze is secure, the check is in the mail

Here's my take

[Henry+V+.009]

This is more than just script kiddies. Open source is good against script kiddies. That may simply be its low radar profile more than anything, but it could be the open source community finding bugs as well.

But when people are interested in more than general vandalism, it becomes a different story. If I need to hack something that is open source, I check out the source, and look for buffer overruns and what not. It's hard for the very popular stuff, but for most programs, a bug is easy to find. And even for the more popular stuff, there are always holes to be found if you expend enough effort looking.

For very popular closed source programs, the first thing to try is the online community. Someone somewhere has something. For companies like Microsoft with poor security reputations, and lots of people trying to hack them, there is actually a lot.

But if you have to figure out a bug yourself, it's time for buffer overflow testing, reverse engineering with a hex editor, and what not.

So which is harder?

I'd say hacking into popular open source programs is the hardest. However, hacking into unpopular open source programs is the easiest. There is a range of security considerations, and it is always possible for evil people to find your vulnerabilities if they have enough resources.

Re:Off-topic: missile defense

[LunaticLeo]

Disclaimer: I support a diverse set of missle defence systems. They are workable against a dozen lauches rather than several thousand. Defence against several thousand missile implausible in the extreme, and it only takes a few dozen multi-megaton bombs to end the world that I want to live in.

However, there in NO EVIDENCE that the Regan Administrations increase in defence spending, or much less their spending on missile defence systems. Please, take a look at the CIA fact books. The military spending by the Soviet Union DECREASED from the late 70s on.

Further, the time frame for this theory to be operative is between the first Regan budget for 1981 and Gorbachev(sp?) coming to power in 1984. Gorbi ended the cold war, and Gorbi ended the defacto Soviet Empire. The timing doesn't work, and the facts (from the above CIA factbooks) don't support that theory.

BTW, the increase in US military spending began with that submarine captain's Presidentcy (James Carter for those of you weak in US history). Carter started the Seawolf submarine program and the B2 Bomber program and many other wepon systems attributed to the Regan Administration.

I agree that the commentary that the Strategic Defense Initiative was destabilizing is LAME. However, what is being refered to is that in Game Theory if you have a defense against a mutually shared wepon with the power to mutually annihilate both combatants, you are more likely to feel you can use your wepon. A percieved protection by Star Wars Defense Shield, could fool stressed out people to "Go for it". But just think about what the US would be like if we did have 100% effectivity against Soviet missles, and the US successfully detonated a few dozen or hundreds of 10 megaton bombs on the Soviet Union. There was no victory scenario between the US and Soviet Union in a Nuclear exchange.

Six Degrees of Kevin Bacon

[Fastball]

How far away is Microsoft-branded Vegemite?

Well let's see. Bill Gates started Microsoft with Paul Allen who owns the Portland Trail Blazers. Rasheed Wallace is a power forward for the Trail Blazers. Wallace played basketball at the University of North Carolina where Michael Jordan won a national championship his junior year before taking on the NBA himself. Jordan starred in Space Jam with Bill Murray who had an uncredited cameo in "She's Having a Baby" starring...Kevin Bacon.

Makes me sick

[Sean+Clifford]

This just makes me sick. I've read Alexis de Toqueville's Democracy in America several times, it's one of my favorite books. He considered unchecked capitalism a serious threat to participatory democracy. How vile for an organization to sully his name with drivel like this report.

Re:"Not going to post this..."

[chrisd]

Well, we thought it was a pretty hard core troll, for one. Also, I can't d/l the actual report yet, which was my initial reason for not linking to it. Also, I'm just speaking for me, the other authors may have deleted it for other reasons.

I personally don't like posting microsoft stories much, and this one kind of qualified as that too. I mean, that's part of what slashdot is about, so I do post them, but I don't like to post the exchange bug of the week, or the outrageous steve ballmer comment of the month, whatever.

So maybe that clears things up.

chrisd

Re:With open source, there is no one to bribe..

[Peyna]

Don't forget the additional security afforded by professionalism.

Care to explain that one to me? Professionalism is an appearance, and has nothing to do with actual security. I would liken professionalism with obscurity, because you can hide something better from people. Just because you made it hard or difficult doesn't mean it is impossible or secure. Look at the XBox hack. I'm sure they were pretty convinced that was secure.

From a MS "Engineer" standpoint

[tshak]

I'm no MCSD, MCSE, or MCDBA (yet!), but I'm very involved in the MS developer community - in particular the .NET community. I go to the Redmond campus at least once a month and know quite a few people that work there. What's interesting is most "MS Tech Geeks" aren't generally anti-OSS and many actually have experience with Linux and other OS's. Sure, there's also a large group that's feeds off of MS dogma but the rest aren't really all that bad. There really are a lot of smart people that either work for MS or primarily work with MS technology that get quite frustrated atMS's marketing FUD. We're all educated (in theory) enough to make our own decisions based on the MERIT OF THE TECHNOLOGY. We don't need restrictive licenses, stupid marketing FUD, or silly gimicks like 100 page color brochures sent to our houses every day. Marketing and PR types can make the image of a company, however, they generally break the image of a company in the eyes of techies which employ simple FUD avoidance algorithms.

I have certain critiques about OSS, moreso GPL's based licenses and less so BSD based licenses, but I'm not about to agree to this "OSS will increase terrorism" BS. Come on MS (et all), STOP TREATING US LIKE IDIOTS!

Re:SDI worked just fine. B-)

[Ungrounded+Lightning]

It was sucessful because they didn't nuke us???

Precicely.

After the climax of WW II, when the world found out a nuke was more than "just a bigger bomb", the game changed.

Up until then it had been progressively bigger wars. Now it was "Let's see if we can avoid a war without surrendering."

So the West came up with the doctrine of "Mutual Assured Destruction" (MAD - i.e. You'd be mad to set off the first nuke. And US presidents had to put on a show of being just crazy enough to use them, or it wouldn't work.) But that's just a stalemate, no "progress" pushing your agenda.

So the East came up with the "Cold War" - with anti-West propaganda and brushfire wars in "domino" countries. (Salami slicing: Pick off the little guys one by one, then the middle-size guys, until the big guy is alone against the world. Cook the Frog: Never create a "Shelling Point" were the chip is knocked off the big guy's shoulder.)

So the West came up with the arms race: "We've got more money so we can outbuid you. You make a missile, we make an anti-missile-missile." (And Rocky and Bullwinkle satarize it with the anti-anti-[pause]-missile-missile-missile.)

And this went on for HALF A CENTURY. Before that it was a major war every generation, with all the "best" weapons in the arsenal in use. Now it was a declining series of "limited wars", with the biggest bombs very carefully NOT used.

Nukes really had made "total war" obsolete. Three war cycles came and went with no World War Three. And it all worked because expensive weapons were built with the intent that they NOT be used, because they'd be too devastating if they were.

There were abortive attempts to limit the proliferation and avoid "destabilizing" situations, in the form of an anti-missile ban and arms reduction treaties. But "stable" meant the Cold War continued to bleed both sides, and one side disarming too fast might mean the War to End All Humanity. Finally Regan abandoned such attempts and went flat-out for better armor, when the USSR couldn't afford to stay even. And the Soviet Union folded.

There was a LOT more to it than that. Like computers and networks for instance. (Restrict communication Soviet style and you slow progress. Have progress in computers and networking and you get communication you can't ban. Try to selectively free your people's communication and you discover that you can't suppress just some. Infrmation wants to be free because PEOPLE want to be free.)

But at the core, preventing nuclear war was done with weapons that worked by NOT being used; weapons that thus created their effects by MAYBE being able to work, so you couldn't risk them actually being used against you.

So, yes, SDI was successfull because they didn't nuke us. The US won the arms race but we ALL won the war.

Get real ...

Why get real when I can win with virtual weapons? B-)

Nuclear weapons are like smallpox...America is the only country to have ever used them against someone else ...

I see the public schools have neglected your education when it comes to germ warfare. For starters look at the history of the European dark ages - with diseased animal carcases being catapulted over fortress walls or dropped in wells and rivers during sieges.

... and now we live in media induced fear someone will [nuke or germ] us ...

Lived that way for over 50 years already - but with the spectre of a massive, simultaneous attack on everything that might be a target (which means essentially everything). One or two suitcase nukes or tactical-shells taking out one city or one dam? ONE plague released in a few spots, using most like non-engineered organisims, rather than a dozen lab-frankenbugs sprayed over a continent simultaneously? Chicken feed. The damage and death is vanishingly small compared to hurricanes and tornadoes, earthquakes, traffic accidents, clogged-arteries, and cancer.

Here's the Evidence

[Col.+Klink+(retired)]

"A Microsoft spokesman confirmed that Microsoft provides funding to the Alexis de Tocqueville Institution."

Microsoft advocasy

[magi]

You might want to take a look at their technology pages, especially the Anti-trust & Internet Regulation Program and Intellectual Property Program sections.

Many of the headlines are quite revealing about their intentions. Many are about the importance of MCSE:

• Inc. 500 Shops Value Certification Most (MCSE vs college degrees)
  
• Familiarity Breeds Respect
  "Recruiters tend to hire MCSEs just as often, if not more so, than those with a four-year college degree."
  
• Technology Trends: Program Provides Information For New Age
  
  "Eighty-seven percent of human resource managers surveyed believed that MCSE's are equally or more successful than college students."
  
• The Impact of Technology Training Programs Case Study: MCSE Training
  

And then there are numerous anti-trust criticism articles:

• Break up Microsoft? Rest of world pooh-poohs the notion
  
• Press Release: Japan, Switzerland, and the EU do NOT insist on breakup of Microsoft, unlike the U.S.
  
• Fine Microsoft, use funds for new competition (anti-breakup)
  
• Fine Microsoft and use funds to catalize new competition (anti-breakup)
  
• Break-up Remedy for Microsoft Not Supported by Key Democrats
  
• Technology and The Congressional Black Caucus (Microsoft anti-trust)
  
• Breaking Windows Over Antitrust Dogma
  
• Pause the Microsoft Case and Examine U.S. Anti-trust Policy
  
• Punishing Winners Hurts the Marketplace
  
• Suit Threatens U.S. Computer Dominance
  
• Taking a Byte Out of Microsoft
  

Etc. Also lots of articles about the precious intellectual property rights, although not specifically in relation to Microsloth.