'Think Tank' Issues Microsoft-Funded Troll

dlur (among many others) writes: "According to this ZDNet article, a Washington think tank known as the Alexis de Tocqueville Institution is soon to release a study stating that Open Source Software allows terrorists an easy time hacking into our systems. It's little suprise that this group takes money from Microsoft." The Register's story is good too. All the whoring reports in the world won't make open source any less secure. This same institute backed destabilizing, unworkable '80s missile defense and thinks Alexis de Tocqueville would have wanted the V-22 Osprey deathplane. Also, see what their coin-operated policy dispenser spat out for internet privacy (eat what you're fed) and antitrust (advantage of Microsoft monopoly: "manufacturers of computer hardware need to provide only one driver"). We weren't going to run this, but there were a lot of submissions, so ...

Hmm..

[FunkSoulBrother]

>i>from the insitute-and-prostitute-share-a-lot-of-letters dept.

They share even more letters if you spell institute correctly.

Loudest

[inflex]

What I do not understand is why there aren't any similar groups for the OpenSource / non-Darkside avocations.

If MS can fund groups such as these to spill forth what is obviously [then again, not much is obvious it seems to the 90% of the population] utter trash, surely we [ non-MS ] can do the same.

If this group spills out such toxic waste words as these, why does it gain so much attention in the general public?

Is there any reason why we cannot write an article stating "Microsoft Closed source enables Terrorists to easially render 90% of the information market paralized"... (after all, there is far more 'hard' evidence in the form of email-worms etc than there is behind what has been written in this article).

Re:Loudest

[ninewands]

What I do not understand is why there aren't any similar groups for the OpenSource / non-Darkside avocations.

You mean like This Article??

Just in case CRN gets slashdotted, an excerpt speaking on the subject of Linux in the federal government:

The software appears to be winning friends among military and intelligence agencies.

A study completed for the Pentagon by the Mitre last week identified 249 U.S. government uses of open-source computer systems and tools, with Linux running on several Air Force computers, along with systems run by the Marine Corps, the Naval Research Laboratory and others.

The report recommended further use of open-source computing systems, on the grounds that they were less vulnerable to cyberattacks and far cheaper.

'Nuff said. I think I would believe a federally-funded study by Mitre Corp. (a scientific research organization that, among other things, hosts the CVE database) before I would buy into a study by a think tank 1) that lacks Mitre's technical muscle and, 2) has a history of whoring for inter alia Microsoft, the tobacco industry, and various egregious polluters. Remember Mindcraft?

Re:Loudest

[mrsam]

What I do not understand is why there aren't any similar groups for the OpenSource / non-Darkside [ advocacy ]

I certainly hope there aren't any self-proclaimed Open Source/Free Software groups that pump out such logically-challenged, clue-free blather. I'd frankly be ashamed to see something on the same order, clue-wise, being used to promote the Open Source/Free Software philosophy.

Re:Loudest

[Ride-My-Rocket]

Honestly, I think the Linux community is better off without such a "darkside" group. The more effort that is spent on making actual progress, and NOT fighting the war of words that Microsoft so desperately wants to fight, the better off we'll be. Microsoft has been saying bad stuff about Linux for years -- they have endless supplies of cash to wage that war, and can neatly tie up the Linux community's resources that way.

I would say that any and all "intellectual" aid -- legal, political, research / reporting, etc. should be directed towards loosening or removing Microsoft's grip on public education and government markets. Right now, we have two major entities -- Peru and Taiwan -- that have taken the plunge and are attempting to eliminate their reliance on Microsoft products. We have the US government questioning for the first time how to better secure their networks. And in a time of relative national crisis, shouldn't security at all levels be of paramount concern?

MS has proven itself incapable of (or unwilling to?) improving the security of its code, despite its ubiquity. Open source can only get _more_ stable and secure as time passes, and users / white hats continue to help find bugs in the system. So why shouldn't we have people who are willing to evagenlize OpenSource do it, but to discredit MS by selling the idea behind using Linux et al?

But maybe that's just me........

And they're running...

[coats]

Rapidsite/Apa/1.3.20 (Unix), FrontPage/4.0.4.3, mod_ssl/2.8.4, and OpenSSL/0.9.6 on an IRIX machine, according to NetCraft's "What's that site running?" at http://uptime.netcraft.com/up/graph

They're not running their touted monoculture on their own web servers!

Here's the solution....

[i_want_you_to_throw_]

I am a lone out post of open source in the military agency where I work. My solution, just show them the NSA funded SE Linux information.

Who are the green suiters going to trust? A bunch of paid "think tank" lackeys or the good ole spooks behind the triple fence?

So far NSA's advocacy has been used to let me get away with all kinds of open source implementation.

Of course, NSA has an agenda too I'm sure but that's between the military and NSA.

Re:Here's the solution....

[Hard_Code]

"So far NSA's advocacy has been used to let me get away with all kinds of open source implementation."

Perfect comrade! Next, send me the list of usernames and passw^W^W^W I mean, send me some completely arbitrary pornographic images for no apparent reason. Also, good idea to post here...nobody will ever discover our s3kr3t plan, nobody takes these Slashdotters seriously! (also, we have successfully planted agent code-name "Tom Ridge" high in the executive branch) Muahahaha!

Still no reply to the email I sent Ken

[NZheretic]

To: kenbrown@adti.net

Subject: "Opening the Open Source Debate"

Date: 31 May 2002 15:45:59 +1200

Some references you might wish to consider before publishing your article "Opening the Open Source Debate"

http://www.businesswire.com/cgi-bin/f_headline.cgi ?bw.053002/221502375

Bruce Schneier, one of the recognized leading expert on computer security on Kerckhoffs' Principle and Secrecy, Security, and Obscurity of software.

http://www.counterpane.com/crypto-gram-0205.html#1

Dr. Blaine Burnham, Director, Georgia Tech Information Security Center (GTISC) and previously with the National Security Agency (NSA), gives an keynote speech overview of current encryption and security technologies and outlines possible strategies for future defense.

http://technetcast.ddj.com/tnc_play_stream.html?st ream_id=411

Also you might wish to address the issue of Microsoft's disproportionately high number of open vulnerabilities in its Internet Explorer components. All of which where discovered without access to the source code.

http://jscript.dk/unpatched/

Richard Purcell, Microsoft's director of corporate privacy, has recently stated that any major improvement in regard to the security of it's products may be at least "5, 10 years, maybe".

http://www.businessweek.com/technology/content/may 2002/tc20020523_6029.htm

As for the issue of Trojan horse injection into open source code, it is far from being an open source only issue.

http://www.eeggs.com/

Or were all the "Easter Eggs" currently found in Microsoft's products officially authorized?

If you are looking for a methodology for providing a suitably secure and hardened solution, start with a real world example.

http://www.openbsd.org/security.html

I welcome any open debate.

One of their documents is self-contradictory.

[Chmarr]

The final sentence of Punishing Winners Hurts the Marketplace reads:

"We would be better off with more companies like Microsoft, not fewer."

However, how can we have more companies like Microsoft when that very article is condoning a monolopy? Yes, I acknowledge that they're probably talking about 'one monopoly in each market'. However, we all know that Microsoft is trying to take over as many markets as possible. How far away is Microsoft-branded Vegemite? :)

Stupid. Totally, absolutely stupid.

In fact, Open Source is SO insecure...

[dimator]

... that we run it on our OWN damn servers:

$ httptype www.adti.net
Rapidsite/Apa/1.3.20 (Unix) FrontPage/4.0.4.3 mod_ssl/2.8.4 OpenSSL/0.9.6


Who wants to place bets as to when Microsoft learns of this, and promptly switches their systems?

Re:Open Source Easier to Hack

[yobbo]

Well, open source software is by far the easiest to hack, because the source code is actually available to you to hack with.

If you're talking about open source software being easier to crack, that's a whole different story...

SPAM THEM!!!

[inerte]

Yes, like geeks, we must use the tools we have.

From: 8axxx0r l33t
Subject: DESTROY PROPRIETARY SOFTWARE
Message:

First Post!

Heya! Did you know Bill Gates' ASCII code number is 666? That he is the root of all evil?

That there's an alternative to monopoly? And it's FREE (note: as in freedom AND as in beer).

ACT NOW and access Slashdot's webpage, news for normal people, stuff that matter. NO pop-ups, neither pop-unders, ROTFLMAO... Insightful and funny bewolfed comments from all over the world!

Thanks for your time,

l33t.

PS: This is not spam. I hate spams.

Bruce Shneier said it best:

[evilpaul13]

"And don't forget Kerckhoff's assumption: If the strength of your new cryptosystem relies on the fact that the attacker does not know the algorithm's inner workings, you're sunk. If you believe that keeping the algorithm's insides secret improves the security of your cryptosystem more than letting the academic community analyze it, you're wrong. And if you think that someone won't disassemble your code and reverse-engineer your algorithm, you're naive. The best algorithms we have are ones that have been made public, have been attacked by the world's best cryptographers for years, and are still unbreakable."
--Bruce Scheier; Applied Cryptography (Second Edition); page 7

This seems to apply perfectly to this latest FUD about open source software.

Where's the Evidence?

[waldoj]

I'm sorry to be a party-pooper, but where's the evidence that they take money from Microsoft? The ZDNet article says nothing about that, and the talkback comments (at least the few dozen that I read) provide no evidence along those lines, either. The Register says that Richard Smith says that they take money from Microsoft, though they present no evidence along those lines. Smith's a cool guy and all, and he's got a good track record, but I'm going to need a little more than a second-hand non-credited reference to believe this.

I did a little poking around and a little Googling, but was unable to come up with any evidence on my own.

So, please, could somebody enlighten me?

-Waldo Jaquith

Re:Where's the Evidence?

[Col.+Klink+(retired)]

They claim that MCSE's are more useful than a college degree. If they AREN'T taking money from MicroSoft, then they're dumber than I thought.

They Also Backed the Tobacco Companies

[elfdump]

This group also claimed, during Congressional probes into tobacco company fraud, that cigarettes and tobacco products were not harmful to your health. From this memo by a director of the World Health Organization:

"In addition to creating front groups and contributing funds to groups that have a mission broad enough to carry some of the tobacco industry's goals, the tobacco companies also use publications by allegedly independent think tanks, such as the Virginia-based Alexis De Tocqueville Institution. This group's 1994 report "Science, Economics, and Environmental Policy: A Critical Examination" criticizes the US Environmental Protection Agency's risk assessment methods in 4 areas: environmental tobacco smoke, radon, pesticides, and hazardous cleanup. It dismisses in its first chapter the agency's risk assessment of environmental tobacco smoke, using arguments similar to the tobacco industry's "junk science" arguments described by Ong and Glantz. "

It seems Microsoft is making some strange bedfellows.

Sources:
http://www.smokefreeforhealth.org/studies/YachBial ous.htm

ZDNet Post

Re:Off-topic: missile defense

[DNS-and-BIND]

In a remarkable tete-a-tete with a US journalist and former arms control official, Marshal Nikolai Ogarkov, First Deputy Defense Minister and Chief of the General Staff, interpreted the real meaning of SDI: "We cannot equal the quality of U.S. arms for a generation or two. Modern military power is based on technology, and technology is based on computers. In the US, small children play with computers.... Here, we don't even have computers in every office of the Defense Ministry. And for reasons you know well, we cannot make computers widely available in our society. We will never be able to catch up with you in modern arms until we have an economic revolution. And the question is whether we can have an economic revolution without a political revolution."

Read the last sentence over, and over, and over.

Re:Off-topic: missile defense

[LunaticLeo]

Disclaimer: I support a diverse set of missle defence systems. They are workable against a dozen lauches rather than several thousand. Defence against several thousand missile implausible in the extreme, and it only takes a few dozen multi-megaton bombs to end the world that I want to live in.

However, there in NO EVIDENCE that the Regan Administrations increase in defence spending, or much less their spending on missile defence systems. Please, take a look at the CIA fact books. The military spending by the Soviet Union DECREASED from the late 70s on.

Further, the time frame for this theory to be operative is between the first Regan budget for 1981 and Gorbachev(sp?) coming to power in 1984. Gorbi ended the cold war, and Gorbi ended the defacto Soviet Empire. The timing doesn't work, and the facts (from the above CIA factbooks) don't support that theory.

BTW, the increase in US military spending began with that submarine captain's Presidentcy (James Carter for those of you weak in US history). Carter started the Seawolf submarine program and the B2 Bomber program and many other wepon systems attributed to the Regan Administration.

I agree that the commentary that the Strategic Defense Initiative was destabilizing is LAME. However, what is being refered to is that in Game Theory if you have a defense against a mutually shared wepon with the power to mutually annihilate both combatants, you are more likely to feel you can use your wepon. A percieved protection by Star Wars Defense Shield, could fool stressed out people to "Go for it". But just think about what the US would be like if we did have 100% effectivity against Soviet missles, and the US successfully detonated a few dozen or hundreds of 10 megaton bombs on the Soviet Union. There was no victory scenario between the US and Soviet Union in a Nuclear exchange.

Makes me sick

[Sean+Clifford]

This just makes me sick. I've read Alexis de Toqueville's Democracy in America several times, it's one of my favorite books. He considered unchecked capitalism a serious threat to participatory democracy. How vile for an organization to sully his name with drivel like this report.

Here's the Evidence

[Col.+Klink+(retired)]

"A Microsoft spokesman confirmed that Microsoft provides funding to the Alexis de Tocqueville Institution."