Slashdot Mirror
ADTI Whitepaper Released
"Another security concern is that the primary distribution channel for GPL open source is the Internet. As opposed to proprietary vendors, open source is freely downloaded. However, software in the public domain could contain a critical problem, a backdoor or worse, a dangerous virus."
Reverse engineering "harbors very close to IP infringement because and has staggering economic implications." [sic]
"On a lighter note, while many open source enthusiasts are proponents for copyleft, they insist on trademark protection for their ideas."
"If a software application representing 5000 hours uses GPL code that reflects only 100 hours, is the GPL fair in its argument that the entire product is GPL? This point is of considerable concern to software companies that value their secrets, design and architecture strategies. Proponents of the GPL argue that each party in the exchange is benefiting equally, but without a means to properly make this evaluation, this position at best is over-assuming."
"The federal government's information systems requirements intersect countless sensitive operations. The limitless potential for holes and back doors in an open source product would require unyielding scrutiny by staff that decided to use it. For example, if the Federal Aviation Agency were to develop an application (derived from open source) which controlled 747 flight patterns, a number of issues easily become national security questions such as: Would it be prudent for the FAA to use software that thousands of unknown programmers have intimate knowledge of for something this critical? Could the FAA take the chance that these unknown programmers have not shared the source code accidentally with the wrong parties? Would the FAA's decision to use software in the public domain invite computer 'hackers' more readily than proprietary products?"
This is way too exciting for me.
Wow, these guys have figured out the PERFECT career:
they get paid to troll!
Man, I gotta hook myself up with a gig like this...
The Free desktop that Just Works
and will send it to anyone who asks. rayp@unixnotwindowsnetworking.net.
Cypherpunks: Civil Liberty Through Complex Mathematics. Those who live by the sword die by the arrow.
Macroshaft is the dinosaur and open source represents all the furry little mammals waiting for the meteor to strike. I'm hoping for the meteor to come sooner rather than later. Dinosaur eggs suck.
What those who want activist courts fear is rule by the people.
Im going to get shot down big time on this... but dont they have a point. There are just things where the GPL is just not a good idea for. SUre its fine for the Office Suite they use but it does have some security issues.
You cna mod me down now.
"All I can tell the "lesser of two evils" folks is that if they keep voting for evil, they'll keep getting evil."-Lp.org
here is my mirror of the "old" report, safely out of the reach of the DMCIA...
A valid concern.
But is it more or less risky in comparison to using closed source software?
Minor Kernel Version Releases for Nerds. FUD that matters.
The masses are the crack whores of religion.
I can't be the only one saddened to see the name of Alexis de Toqueville besmirched by being associated with a think tank for hire.
His insights into America of the early 19th century were profound.
Meanwhile, the points of this paper, besides being wide of the mark in assessing the truth, are not even particularly original - other fear mongers have trotted out the same vague bogeymen prior to the publication of this report. And those objections to open source have no more basis in fact now than they did when they were originally brought out.
"Provided by the management for your protection."
I'm always amazed at the flat-out bullshit that gets published as "research". I guess I shouldn't be, since it all sounds good to someone who doesn't know anything about anything.
Where are the "think tanks" that actually have people who can think critically?
"If a software application representing 5000 hours uses GPL code that reflects only 100 hours, is the GPL fair in its argument that the entire product is GPL? This point is of considerable concern to software companies that value their secrets, design and architecture strategies. Proponents of the GPL argue that each party in the exchange is benefiting equally, but without a means to properly make this evaluation, this position at best is over-assuming."
If you don't want your app to be GPL, and you've already spent 5000 hours coding it, might as well spend another 100 writing that piece instead of cutting and pasting.
provided by microsoft perhaps?
"Executable software accompanies binary code also known as machine code."
What the heck are they talking about? Binary code IS executable code!
It's great to know that they have their facts straight...
come on fhqwhgads
The reason the source to gov't used software shouldn't be open is the same as the reson the NYSE doesn't let you take a camera onto the floor. If the SW is open then someone can have a MUCH, MUCH easier time to figure out an exploitation.
why run from Vincenzo?
Goodness, this thing is full of gramatical errors. (Grammar may be optional here, but these people are lobbying the Feds). Any of my teachers in High School would have sent this paper back if it had been submitted to them:
"harbors very close to IP infringement"
"are proponents for copyleft"
"code that reflects only 100 hours"
"knowledge of for something this critical"
Blech...
"Well it's not Victory - but then it's not Death either."
And they did it without mention of Natalie Portman (petrified), Hot Grits, G0@7S3, Beowulf Clusters, Micro$oft, etc.; Well done!
It is true that open source applications, being openly available on the internet and distributed in the same manner, are susceptible to backdooring and trojaning. Just look at IRSSI or FragRoute.
This risk factor is somewhat mitigated in commercial software, where the distribution is typically through CDs and other trusted media. Of course, someone can still somehow compromise a software developer's network, but it isn't exactly hanging out a sign saying "I'm the source code, hack me!" like the open source projects.
Just imagine, for a minute, how devastating it would be if Sourceforge was hacked and malicious code was inserted into a ton of the projects without anyone noticing for long enough that it could cause real damage? The danger is clear.
"I don't know that atheists should be considered citizens, nor should they be considered patriots." - George Bush
just drop me a line: rburkhart@rivenet.com
Yeah, there's nothing like the good ol' security through obscurity. Thank God no one knows how does the software controling 747 flight works, so now I can fly safely.
Krótko: kady Erotomek
W pimiennictwie ma swój domek.
Of course closed source, proprietary systems are better. When was the last time you heard of a proprietary system having security problems or backdoors? I know I wouldn't want thousands of programmers looking at the code controlling the flight of any plane I was on, since I am sure that not a single one of them would publicize the fact that there were obvious security holes or backdoors in the code. Hackers are all evil, every single one of them (and by hackers, of course I mean programmers who would dare touch open source.)
They attempt to draw a dividing line in a community. They do this by trying to stress "differences". They list these differences with the claim that it makes software more secure, BAH!
They also ignore the aspect of the GPL that says you can keep your secret changes if you don't distribute the software outside of your organization. Where is the security leak now?
The difference between "GNU FREE" and "BSD FREE" is that the people in BSD are willing to sacrifice themselves (no reward), whereas the GNU people are willing to take up arms (we reward you, but you must reward us in return, if you use our stuff).
The comminuty is more alike that it is different. Don't let these types of papers and publicity screw that up.
Sauce for the goose is sauce for the gander; anyone can put a backdoor into an OSS program, but anyone can also see it. With closed source, you're trusting that the vendor won't put one in. Of course, now you're assuming that (1) the vendor has no malicious intent and (2) that they keep their code completely safe. Of course, that could never happen...
Which is what this is.
Can anyone explain to me where these people get these stupid ideas?
Can a virus hide more effectively for example in a OpenSource system or a proprietary closed one?
Does anyone here honestly not understand the obvious answer to this question?
The facet of this report deals with the GPL, which requires Open Source as a policy for license compliance.
Therefore, I don't understand what the difference they are trying to make between GPL'ed and OpenSource in the introduction of this article from the author.
-Hack
Got Geometrodynamics? Awe, too hard to figure out? Too bad.
There is a big distinction between the GPL and the BSD-style licenses. The GPL is all about making sure that people who use GPL licensed code release their new code under the GPL too. The intention is to create more GPLed code. The BSD license is about propogating quality code. The idea is that if you think your code is a good implementation of something, you release it under the BSD, which allows anyone to use it in their own applications without being restricted in how they license their own code at all. A BSD coder doesn't care what use their code is put to or who profits from it, they just want it to be used. That's a pretty big difference :-)
One day, a group of daring young renegades discovered that there were other ways to get air, just by moving some rocks that blocked openings to the outside. And they offered their air free. At first people were hesitant to use Free Air, thinking something must be wrong with it since it was free. Initially Microshaft ignored the renegades, dismissing them as a fringe movement and minor nuisance. But eventually Microshaft saw them as a threat. They started a major marketing campaign to convince people that the Free Air was bad for their health. But people found that they actually felt better and healthier breathing the free, fresh air. Microshaft added more and more features to their air, perfuming it and coloring it with smoke to give it "added value". Many people started to dislike Microshaft's heavy, bloated air that was hard to breath and began flocking in droves to the sources of Free Air.
About this time, after some years of hard volunteer work, Open Air developers finally increased the size of a Free Air portal so that a person could actually squeeze through to the outside. The first brave individuals who ventured through it discovered that not only was there an unlimited supply of air in the outside world, there was no way you could harness and control its supply.
Alarmed, Microshaft sought to have the government declare Free Air illegal since it threatened their business model, which they had developed and rightfully earned through many years of hard work. They called the use of Free Air "theft" and claimed that the "viral" nature of the Public Breathing License advocated by many Open Air rebels would threaten the livelihood of Microshaft's suppliers and distributors. Indeed, the whole economy of the cave would collapse, they said. Laws were quickly passed and the portals of Free Air were sealed off.
A charitable organization called the Business Air Alliance was formed to help protect businesses against the threat of Free Air portals. By proving that it was theoretically possible to fund terrorist organizations with the money saved by breathing Free Air, the BAA successfully lobbied to strengthen the laws so that any attempt to make an opening to the outside became punishable by death. Possession of shovels and picks became a criminal offense, and the BAA performed random audits to help citizens comply with the law. For their protection, everyone was required to wear an Air Rights Management security device, which would send an alarm to the authorities if it didn't detect a secret mix of fumes found only in Microshaft air.
As time passed, Microshaft and the government became indistinguishable. To prevent future uprisings, a new feature was added to the air to keep the people sedated happily ever after.
by its programmer, hiding the underlying code from its user. Software can only be modified in
its "unlocked" state when source code is viewable.
This is the assumption that is the flaw in the entire argument. While having the source code makes it easier in some ways to find exploits, it of course makes it easier to find them earlier and fix them. Whereas in a closed source implementation it's more likely that there are unidentified flaws in the software because there are fewer eyes willing to parse through assembly listings. But if a 'terrorist' is dedicated enough to do that, they're more likely to find such flaws.
The GPL is one of the most uniquely restrictive product
agreements in the technology industry.
Interesting. I never thought of it that way when I can use a program for whatever purpose I want, make modifications to that program, and distribute either the original or my modified version of that program. Maybe I'm just weird like that...
By the early 90's, open source enthusiasts began to view Stallman as an extremist and fanatic. The rise in the popularity of Linus Torvalds and the Linux
open source operating system began to create new supporters. Ironically, Linux supporters
became the biggest proponents of the GPL. Although Stallman is a fallen hero in the open
source world, most open source products today are distributed under the GPL license.
While I'm not the biggest RMS fan, uhh, I can't just let that statement go. For once, I agree that not calling it GNU/Linux really misleads readers in this case. Without the GNU tools, Linux wouldn't have a leg to stand on. It's tough to dismiss RMS's importance here (but the author manages somehow..)
The article goes on (and on and on), but I think it's fair to say that this is a fairly one-sided view of the GPL that looks like it was written by MS and Kenneth Brown just signed his name to it. Nothing here, just the usual FUD.
Many of the headlines are quite revealing about their intentions. Many are about the importance of MCSE:
- Inc. 500 Shops Value Certification Most (MCSE vs college degrees)
- Familiarity Breeds Respect
- Technology Trends: Program Provides Information For New Age
- The Impact of Technology Training Programs Case Study: MCSE Training
And then there are numerous anti-trust criticism articles:"Recruiters tend to hire MCSEs just as often, if not more so, than those with a four-year college degree."
"Eighty-seven percent of human resource managers surveyed believed that MCSE's are equally or more successful than college students."
- Break up Microsoft? Rest of world pooh-poohs the notion
- Press Release: Japan, Switzerland, and the EU do NOT insist on breakup of Microsoft, unlike the U.S.
- Fine Microsoft, use funds for new competition (anti-breakup)
- Fine Microsoft and use funds to catalize new competition (anti-breakup)
- Break-up Remedy for Microsoft Not Supported by Key Democrats
- Technology and The Congressional Black Caucus (Microsoft anti-trust)
- Breaking Windows Over Antitrust Dogma
- Pause the Microsoft Case and Examine U.S. Anti-trust Policy
- Punishing Winners Hurts the Marketplace
- Suit Threatens U.S. Computer Dominance
- Taking a Byte Out of Microsoft
Etc. Also lots of articles about the precious intellectual property rights, although not specifically in relation to Microsoft.Make your own conclusions freely.
What I'd like explained to me is how the GPL could be considered somehow worse than other open source licenses for the purposes of national security. The apparent concern in using GPL software is that the source code is out there and available for hackers to look at. Even if you accept the logic that having that source code publicly available is more dangerous, I don't see how that would be different with a BSD style license.
I could, as a proprietary vendor, take a BSD style license product, and close it up and sell it to the government. At that point though, until I start adding modifications, there is no reduction in the risk of some outside source finding a bug in the code. Once I do make modifications, there's the risk of complacency. Perhaps the government doesn't realize that the code I sold them is based on a buggy open source implementation and is thus vulnerable to a potential security breach.
This just wreaks of having been written by Microsoft's PR department.
Oh, and one more comment. The notion that the GPL is somehow one of the most restricitve licenses is complete hogwash. Does microsoft let you incorporate the windows source code into your product under ANY circumstances? Hell they don't even let you see the source code in the first place (and thank god since it's apparently riddled with big security holes). So how is that MORE restrictive?
MMMMMM a big steaming pile of FUD!
This sig has been temporarily disconnected or is no longer in service
For example, if the Federal Aviation Agency were to develop an application (derived from open source) which controlled 747 flight patterns, a number of issues easily become national security questions...
FAA controlling the flight patterns of any aircraft is absolute nonsense! First, every pilot in the system would block it before it ever got past the talking stage, second it is just ignorant.
Maybe software to control the traffic flow? Sorry, that deflates this FUD too, since it would not apply to just one airframe and the author assumes that the people operating the aircraft are just going to let that happen too.
Maybe if he said some more nonsense about FAA requiring all 747s to have this software? Nope, that is the NTSB and the manufacturers, the latter would be marching on the Congress like you never seen before!
Humm, here is a more believeable thing to scare people with "what if all automated traffic light systems had to run Open Source, could you imagine the national security issue of flashing red lights all over the heartland"?
Eve Fairbanks says I drive a hybrid!LOL
People argue that the GPL makes it harder to secure software since you have to publish any changes you might make to the original software. Does seeing the new code actually make it less secure? I don't necessarily think so. Where high security is needed some agencies may prefer to use another license and still keep it OSS, but just seeing the code doesn't grant the power to break it if it's already solid.
This paper was prepared as part of The MITRE Corporation?s FY00 Mission-Oriented Investigation and Experimentation (MOIE) research project "Open Source Software in Military Systems.. This paper analyzes the business case of open source software. It is intended to help Program Managers evaluate whether open source software and development methodologies are applicable to their technology programs. In the Executive Summary, the paper explains open source, describes its significance, compares open source to traditional commercial off-the-shelf (COTS) products, presents the military business case, shows the applicability of Linux to the military business case, analyzes the use of Linux, discusses anomalies, and provides considerations for military Program Managers. The paper also provides a history of Unix and Linux, presents a business case model, and analyzes the commercial business case of Linux.
Here
robert,
no. they all don't do the same thing. you are a moron.
That's funny, it kinda looks like you're using Internet Explorer here.
"I don't know that atheists should be considered citizens, nor should they be considered patriots." - George Bush
The issue of whether source code is as-the-author-intended is an old one, and is very well catered for by signing the .bz2 or .gz archive with the authors GPG/PGP key.
.rpm's that are downloaded can be optionally (by default they are) checked against the GPG key - this prevents anyone from inserting their own version of /bin/login into the system... I'm assuming the machines doing the signing aren't the machines doing the delivery, but that would be an elementary mistake to make on Redhat's part...
If you subscribe to Redhat Network, all the
In short - this is not an issue.
Simon
Physicists get Hadrons!
Terrorists, seem to be the key word now a days. Kind of like *do it for the children*, or global warming.
If the application is well coded, then having the source code will not have any effect on how secure it is.
> There is a big distinction between the GPL and the BSD-style licenses. The GPL is all about making sure that people who use GPL licensed code release their new code under the GPL too. The intention is to create more GPLed code. The BSD license is about propogating quality code. The idea is that if you think your code is a good implementation of something, you release it under the BSD, which allows anyone to use it in their own applications without being restricted in how they license their own code at all. A BSD coder doesn't care what use their code is put to or who profits from it, they just want it to be used. That's a pretty big difference :-)
So, GPL programmers don't care about quality as much as BSD'ers, perhaps not at all - is that what you're saying here? I'd call a BIG foul on that one.
I suggest they read Villanueva's reply to Microsoft Peru, for its excellent and logical discussion of the reason why responsible government must use open-source software.
Remember the difference between the BSD-style and GPL-style freedoms are very important to MS. MS says BSD-licensed open code is good. Since MS can use it without contributing back, this is the kind of "free" that MS likes.
MS also says GPL-licensed open code is bad. Since MS can't use it without contributing back, it can only be used by MS's free-software competitors, thus MS strongly dislikes this kind of "free".
Now back to this study. Can anyone find the basic message surprising? "BSD code is benign, GPL is threatening". Microsoft-funded study, Microsoft-approved results.
As a side note, if MS didn't make this distinction and got everyone upset about using *any* free/open code, everyone would *also* have to stop using MS software. Remember, significant portions of their OS are built upon BSD-licensed code.
The MIT and BSD licenses, for instance, allow you to use, change and distribute software, with or without modifications, in source or binary form.
Microsoft, for instance, have used code from FreeBSD in Windows; if this code was GPLed, they would have to a) write their own code or b) open source Windows.
I have a hard time taking anyone seriously who could write that.
Trademarks protect product labeling. Patents protect ideas.
Unlike patents and copyrights, trademarks are there to protect consumers. If I go to the store and want to buy Kraft mac and cheese, I don't want to have someone labeling some other brand as Kraft. If it says RedHat, it should be from RedHat.
The idea behind open source and trademarks are to help the end user. I don't see how they are incompatable.
'SBEMAIL!' is better than a goat!!
"Another security concern is that the primary distribution channel for GPL open source is the Internet. As opposed to proprietary vendors, open source is freely downloaded. However, software in the public domain could contain a critical problem, a backdoor or worse, a dangerous virus."
While what you say is technicaly true, at least with open source, hackers(as in the jargon file definition) have a chance to go over the source and fix any back doors implemented. If you only receive binary files, who's to say that the company themselves hasn't inserted a backdoor or left a myriad of security holes unfixed. The above quote is a bad way of looking at it, because the exact same arguement can be applied to closed source.
And how is this more dangerous than a propietary vendor discovering a flaw in there product, keeping quite and not fixing it because it costs too much money?
UNIX/Linux Consulting
> This risk factor is somewhat mitigated in commercial software, where the distribution is typically through CDs and other trusted media. Of course, someone can still somehow compromise a software developer's network, but it isn't exactly hanging out a sign saying "I'm the source code, hack me!" like the open source projects.
And then there's the pirates' CDs that consumers buy thinking they are getting the real thing. What's to stop a pirate from turning evil (heh) and burning a trojanized bootleg rather than a straight copy?
Who's to say they haven't already done that...?
> Just imagine, for a minute, how devastating it would be if Sourceforge was hacked and malicious code was inserted into a ton of the projects without anyone noticing for long enough that it could cause real damage? The danger is clear.
There was a notorious case a couple of years ago where someone put a hax0red version of a popular OSS product on a popular FTP site. It was caught in about 4 hours, and the site admins used their FTP logs to identify and notify everyone who had downloaded it during that period.
Sheesh, evil *and* a jerk. -- Jade
I'm missing the joke, here. Copyright and Copyleft rights aren't the same thing as trademarks at all, and it's perfectly acceptable to enforce your rights under one but not the other. Or neither, or both, as is your want.
Whatever irony the author tried to find in this alleged stance by "many open source enthusiasts" is lost on me.
Here's another mirror, today only.
Open Source Whitepaper
This sig is self referential.
Study is just a hack piece I am afraid.
Even Allchin (under oath no less) testified that the GPL was one of the reasons that Microsoft did not include a SUN compliant JVM with XP.
What GPL has to do with a JVM from SUN is beyond me. But, that is the lie that Allchin put out to fool the court. And, the GPL was not even an issue in the trial.
I think Microsoft is just spending any money it can on bad mouthing the ideas it does not like. It does not matter if it is true or even relevant.
Besides, some bureaucrats only need a fake excuse anyway.
This fake study is just like the one a few weeks back bad mouthing linux on mainframes. It does not make any sense except the Microsoft salesman will be sure to refer to it during their sales pitches. After all, customers are assumed to be pretty stupid by Microsoft.
NexuSys - Linux support by the best
Would it be prudent for $GOVERNMENT_AGENCY to use software that thousands of unknown programmers have intimate knowledge of for something this critical?
I guess not, so they should not trust the thousands of unknown programmers at M$.
Lots of technical and environmental problems are solved by the application of vast amounts of nuclear power
The FAA has incredibly strict requirements for software critical to keeping a plane in the air. Open Source or not, every single line must be proven to do exactly what it needs to, and the entire system must be deterministic (meet real-time requirements, such as knowing the maximum latency for interrupt processing). The FAA itself should be giving these jokers an earful - this is pure FUD.
It's true that hackers could find exploits if they had the source -- but is that any worse than just having the exploits freely available, as is the case with (e.g.) Internet Explorer?
If the government really has a problem with open source, they can go ahead and contract to reimplement things from scratch. But for non-classified applications (such as serving documents available under the Freedom of Information Act), I see nothing wrong with open source solutions, especially if it can save the taxpayer some money! www.doe.gov, incidentally, is running Apache.
What makes open source especially well-suited for sensitive and secure environments is the fact that you can make additions and hack applications to better suit your security needs in ways that is impossible with propietary code, like windows.
...
...
...
Besides: It seems to me that the holes in M$ software are much more widely reported than those in linux
But then again, the same guys prolly prefer security holes in M$ software not to be reported in public, which makes it a lot easier for "bad people" to do "bad things" since the "good guys" don't have to plug the holes
Go figure
/penhead
> A few comments regarding the just-released 31-page report on Open Source
> Software from the Alexis de Tocqueville Institution.
>
> http://www.adti.net/html_files/defense/opensource
>
> This thing reads like an undergraduate term paper, with sporadic grammar
> errors and an embarassingly-light bibliography. Very little is spent
> talking about OSS and 'security' -- as their press release full of
> 'terrorism' jargon hinted at last week -- rather, most of the paper talks
> about the economic impact that OSS presents to the country and software
> industry, intellectual property theft, innovation, legal interpretations,
> etc. As a result of such FUD-inducing hysteria, it's probably - and sadly -
> going to get widespread media coverage....incidentially, the actual report
> is entitled "Opening the Open Source Debate"
>
> The report fails to acknowledge that any software has problems - and that
> closed-source software (eg, Microsoft) has been plagued with such issues.
> Further, it does not acknowledge that the majority of IT-related events,
> incidents, and vulnerabilities making headlines in recent years were NOT
> caused by OSS or GPL'd products, but from closed-source proprietary code.
>
> The report - especially its 7 concluding points read like a summary of
> Microsoft's courtroom testimony and "freedom to innovate" spin of recent
> years. Bottom line....this report says GPL bad, Closed-Source good.
>
> I wonder how much money Redmond paid to this group for this fear-mongering
> tripe.
>
> rick
> infowarrior.org
"The federal government's information systems requirements intersect countless sensitive operations."
If the federal government has done nothing wrong then I'm sure it has nothing to hide.
Of course any normal person would be utterly humiliated to have their name associated with this piece of nonsense. Perhaps that's why it has been pulled? I'd be interested if Microsoft really did pay for it. If so, I think they should feel a little cheated. The standard of FUD required in 2002 is far higher than this. Even the mainstream press are going to tear this crap to pieces.
Reality is defined by the maddest person in the room
I love the quote on backdoors and viruses. Windows systems don't have their source code publically available, and yet that doesn't seem to stop the creation of backdoor programs and viruses.
I like how they insinuate that people would just download some code from the Internet, and then immediately put that into a production air traffic control system. Talk about a straw man argument.
Someone needs to explain to this think-tank (or senseless-opinion-tank) that people can do these things called code reviews. Ya see, if I download a new version of this mail client (for example), I can look at the differences between the current source and the last version I checked. Not only could I spot back doors, but I'd likely find some bugs too.
These guys that develop safety-critical systems (like air traffic control) are real sticklers for inspections, documentation, etc. I bet most of them would be glad for more independant reviews of the code they depend on, rather than just hoping Windows doesn't have bugs in it.
As for me, my requirements aren't as critical. When I downloaded OpenOffice from some mirror in Timbuktoo, all I did was check the MD5 sum. The five seconds that took assured me that at least no third-party inserted viruses or back doors in the program.
Just in case everybody ./'s everyone else's mirror...
http://balloons.space.edu/old_opensource_whitepape r.pdf
Republican think tanks are for? Thinking? Please. Didn't you pay attention to the Republican part?
I am afraid that truth or relevance no longer matters to Microsoft.
What is important is that a so-called independant study bad mouths the GPL. That is the only relevance to this study. It is a study that the Microsoft salesman can use to fool the federal government. And, for the idiots to claim they did this or that because of a study they found.
It does not matter if it is valid. Its mere existance is enough.
NexuSys - Linux support by the best
It seems that this is a kneejerk to the RMS mentality. There is a middle ground and there are places where the GPL really has no business. And the GPL just happens to be a wonderfull thing in alot of situations. I think the government could reap grand rewards from the use of GPL, but I also believe that there is a time and a place for such a liscense. This whitepaper reads to me like it was written by somebody that was handcuffed to RMS for a few hours. There were some good points in there, their just hard to pick out because he is really overdoing it and losing credibility because of it.
edge
.02$
They play it as if it is, but by saying open-source good, GPL bad, they are clearly desperately attempting to keep the sea full of fish for MS when it needs a chunk of [stable and useful] code here and there for their projects. They hate the GPL cause theres no way they'll GPL the whole damn OS .. so this attack is specifically targetted at the GPL, with purely financial intentions in mind. The security angle is clearly just a way of getting people to read it, and to associate GPL with 'problems'. I'd imagine most decision-makers won't have to remember what those 'problems' are (much less understand them), but so long as they walk away going, 'open source good' (so MS can borrow at will, remember how much they like BSD license), 'GPL bad', they've done their job.
.. fortunately for them, in this day and age of specialization and legal and technological complexity, thats 99.9999% of the population on any particular issue.
.. "well, open source is fine, so long as we can keep the parts actually keeping the system secure obscured behind closed source?"
Ironic, huh? MS has the power and might to take and use, and they dont perceive having to apply the same standards as their code-base contributors (ie, the borrowed code) to their own product. It's flat out hypocracy to anyone with half a clue
Fuck 'em and their shareholders.
I assume by decrying the GPL for security, their lame argument is
So then why is open-source good? Seems to me that security is 80% of the benifit of open source. I guess MS's story is, 100% of the benifit of open source is 'borrowing' code, and 0% is security. Not surprising, but still infuriating.
"Old man yells at systemd"
It's your fault if you download your software from the internet without trusting the author _and_ validating a gnupg sig or something similar. Same thing with proprietary software that is just downloaded and run.
If you want that kind of security (if you have networked machines, you do), insist on a crypto signature or pay the author or a trusted distribution vendor for sending you the physical media with your software. It won't be more expensive than proprietary software, and is still more secure. Backdoors in proprietary have lasted longer in past!
It doesn't even have to be malicious. Awhile ago, the original author of cfingerd was heavily criticized for making a finger daemon that insisted on running as root. His response to such criticism was to simply abandon the project.
When holes were inevitably found in cfingerd, there was no one maintaining the project and thus no easy way to get it fixed short of someone actually adopting the project. In the absence of a caretaker, the last buggy version continued to live on in open source mirrors for quite a while.
From what I understand, the project was eventually continued and cleaned up, but the interim had a dead, unsafe piece of code sitting right next to its safer/more maintained breathren. At least with commercial code, the EOL'd stuff is usually explicitly EOL'd. On the other hand, in a non-source provided context, you're still beholden to the vendor for patches. But I believe in this case, the group is advocating commercial code that comes with the source.
I hope people will choose this opportunity to provide many intelligent, comprehensive, and teaching answers to this FUD.
Really, debunking those paltry arguments is a great chance to answer every questions a decision-maker unaware of the benefits of opensource still has.
People who feel threatened by open source and GPL and wave terrorism threats and other mixed non-sense just help our cause.
The more they yell and cry and act childish like this, the more open source get attention and recognition.
Thanks guys. Really. I mean it.
How can an organization named after deToqueville make such an argument for something that deToqueville himself criticized? Chapters of "Democracy in America" are centred around the notion of the "Tyranny of the Majority" and how it restricts freedom rather than promoting it.
In fact, if I correctly recall, there is a phrase that goes something like (major paraphrase, if you can find the literal, let me know; it might be Fromm, not deToqueville) 'In no other society are so many individuals dedicated to performing activities that promote an unfree society".
I'm sure that there are other societies that engage in such inherently hypocritical naming schemes, but it is ironic that the name of a person which criticized problems with America's political system is used to further corrupt it.
If some of that mission critical code that is used to guide 747's was at least ogled by Alan Cox and Linux before being put into production...
Remember, the more eyes look at the code, the shallower the bugs become...
Check out Thomas Greene's article at the Register, a great critique.
But what about microsoft? Because they kept their source private, it has led to countless problems and insecure systems around the world. I remember reading that Microsoft testified that if they released their sourcecode it would pose a threat to National security. If the OS had been made open source many of the bugs would have been figured out and solved a longtime ago.
The scrutiny of the open source community is a benefit. Having 10000 people looking at one project could generate a much more secure project then one where only one company looks at it. Many of the problems that exist today are due to people not realizing their mistakes, or not knowing how to write secure code. There is a reason that the NSA released SE Linux. They didn't go for security through obsecurity, they went for good secure code.
The open source debate is about keeping secrets. Completed (written) software is often locked by its programmer, hiding the underlying code from its user.
Not so sure about this... I think we've all met programmers whose binaries were more readable than their source.
;)
Just where would you be if you slipped in 100 hours of Microsoft proprietary code you got your hands on?
What would that do your 5000 hour product?
The GPL is less disruptive than borrowing other code that comes with limitations.
Besides, if you use code from other sources you certainly should know the impact of doing so. The GPL is not different in that regard.
I guess Microsoft thinks that proprietary code should be outlawed because if it should mistakenly get its way into an application, you could be sued, right?
NexuSys - Linux support by the best
I read the GPL and I don't see any provision mandating that if I use the code or modify the code that I MUST redistribute it.
Only provisions that I see state that if I DO distribute it, I must mark it clearly that I modified it and my changes must be GPL.
Where does it say I MUST redistribute my changes?
-- Many men would appreciate a woman's mind more if they could fondle it
GPL vs Open Source is a clearly different thing. GPL means the code is free to be used by anyone, provided they release _all_ their code as GPL.
Open source just means the code is visible to anyone. This gives 3rd-parties an easier time making programs which work with yours.
Their main points are that GPL is flawed due to requiring anything which uses GPLd code [no matter how little] to be licensed under the GPL; and, that most GPL projects encourage many unvarifiable developers to take part in the project, resulting in potential malicious code being inserted without anyone else taking notice.
Remember: Open-Source does not mean FREE software, it doesnt even mean "Libre" software, it just means that you can see the code. That is _ALL_ it means.
The internet would not have become so popular if not for the ease of looking at the code a page is displayed by, and learning from that code. Does that mean that you can legally copy word-for-word a copywrited web page? Of course not. But can you build a related site that offers a seemless transition in style of display between the websites? Of course you can.
Open Source allows you to see what someone did, how they did it, and then use that in order to make something which can work alongside the original product. Neither of you is required to give away anything for free, and why would you want to?
GPL, however, is known as a "Viral" license, in that using code from something licensed under the GPL requires that your code is now GPL-infected. I personally have no problem with this, since there is a simple protection from this so-called "Virus" by just NOT USING GPL'd CODE IN SOMETHING YOU DONT WANT TO GIVE AWAY THE SOURCE TO.
I dont think the GPL has anything against reverse-engineering in it, so anyone who wants their program to work with GPLd software but doesnt want to use GPL is no worse off than if the others werent using GPL.
Opponents of Open-Source dont seem to understand that while you can't trust an individual, that individual's code has to work well with everyone else involved in the project. The result is that not only will this untrustworthy individual be sneaking in his code, but he'll be doing it with everyone else watching. You would have to expect that not just the one person, but everyone working on the project, was out to get you. If you assume that, then you're still a lot better off than the same situation occuring with closed-source software. In fact, due to the GPL's "Viral" nature, you are far better off under the GPL. Remember: millions of people able to be intimately familiar with the code means millions of people able to see a problem. If you use the infected [two-meanings] code in your program, then yours is now GPL'd, and not only will everyone who was working with the other software have the potential to spot a problem, but everyone working with your software can too. This just increases the chance that the problem will be found.
If, on the other hand, it is merely "Open-Source", not "GPL'd" then the number of people potentially working with your code is vastly reduced. Instead of people writing code and wanting to contribute it to the project, they'll just be writing it for themselves. If they were contributing to the project, able to redistribute it themselves, they could use the code, other people could see what they were working on, help out, and in general- just have more people working on the code.
The article seems to think that the more people work on code, the worse off they are, due to the increased likelyhood of malicious code being inserted. However, the more people work on the code, the more chance there is of malicious code being caught.
I would hope that there is some law in place which makes writing malicious code into open software just as much a crime as writing any other virus, the only problem is that it would be harder to determine from where the code originated.
I just said a bunch of random stuff and not all of it is accurate or precise or true or meaningful. So just ignore everything I said, k'?
-- 'The' Lord and Master Bitman On High, Master Of All
If anything this suggests that you need to trust the source of software before running it. Well... Duh. If you are transferring software you trust over a network you don't, sign it with gpg or something. If you can securely transfer the key ahead of time (in person or via phisically secure disk), and check for valid sig, you don't have to worry about backdoors or trojaning from someone hacking Sourceforge or the like.
Patches submitted to the project on the otherhand are more complicated if anyone is allowed to get them checked into the main branch without review. Have a good maintainer for the mainline and this shouldn't be a problem either.
GPG sigs if done consistantly are great for maintaining security. And before someone suggests MD5 or something like that, you'd have to securely transfer the MD5 for every file. With public key encryption you only have to securely transfer the keey once.
NIH syndrome is more prevalent than people blatantly ripping off open source code or commiting 'acts of IP theft'. I think moreso than people give it credit for.
Even Mandrake rewrote their installer to "differentiate" between Red Hat. Redhat doesn't include fontdrake, or any of their competitor GPL tools. It seems alot more like a bazaar of cathedrals to use the analogy.
If I write the ultimate Linux app, what are the chances that someone is going to 'steal my IP', or even if it is GPL, contribute back? Look at the ton of duplicate GPL programs.
If I were a programmer I think I'd GPL my software so people can look at the code and contribute patches - chances are some other OSS programmer is going to not like the language it was written in, which widget set I used, or whatever, and just rewrite it to suit their needs.
I have no numbers to back this up, just seems that most programmers and/or companies prefer to write their own software, regardless of reusable code or license.
Since when has the GNU Public license carried the moniker of General Public License?
If we blindly take the assumptions of this article then only some DoD funded Unix should be used for Mission/Life critical systems.
Encore!! Encore!!
From under what bridge did these trolls come? I've never heard their nom de troll before. Have they previously waded so furiously into waters they have no understanding of, or is this shot across the bow to announce a new troll in town?
The appendix listing open source licenses is missing one obvious license: the Microsoft Shared Source License (SSL)(www.microsoft.com/licensing/sharedsource/def ault.asp) under which you can download stuff like the Java killer ( aka .NET) open source project.
Wondering if this is not considered an Open Source license enough after all, even with all the fuss that Microsoft made about it...
Microsoft is just playing the game they want here, one day supporting Open source, the other day, bitching about it. Make up your mind, MSFT!
PPA, the girl next door.
-- I feel better now. Thanks for asking.
IIRC, de Toqueville was the Frenchman who traipsed around some of early America's landmarks and acted snooty. He wrote a book about how stupid the USians were (while not actually using that word), which of course sold like hotcakes in the UK and now for some reason is required reading in American high schools.
I am wary of any think tank that associates itself with the name of Alexis de Toqueville, which as far as I'm concerned was besmirched from the start.
Back on-topic, this paper shows the same kind of anti-America, envy-motivated nonsense that de Toqueville spouted. Why don't they go back to France if they don't like the GPL. We are doing fine here with our superior software and baseball.
Karma: Good (despite my invention of the Karma: sig)
Would it be prudent for the FAA to use software that thousands of unknown programmers have intimate knowledge of for something this critical?
Would it be prudent for the FAA to use software that thousands of [unknown] programmers DO NOT have intimate knowledge of for something this critical?
Am I alone in thinking that, say, 10,000 critics are more likely to uncover the bugs between them than the few full-time employees of the FAA?
the bright blue screens!
*coughcough* Cydoor *coughcough* Kazaa.
Complaing that this is possible to do for open source projects while promoting closed source (windows) is rather like the pot calling the kettle black.
To make laws that man cannot, and will not obey, serves to bring all law into contempt.
--E.C. Stanton
The GPL is one of the most uniquely restrictive product agreements in the technology industry.
And, Yes, they have clicked ok to proprietary licenses much more restrictive than the GPL. These lines appear within their PDF file:
This simple fact can be easily verified with a command such as "stringsold_opensource_whitepaper.pdf| grep^/"
PJRC: Electronic Projects, 8051 Microcontroller Tools
Oops -- they forgot to mention that Open Source software also annoys your mom, rains out baseball games, and makes apple pie taste bad.
How many people have intimate knowlege of the internal code is irrelavent. What is relavent is how many experts have examined the code to be sure that it is correct. Before code is used for something like flight controll I would expect experts to examine it closely to be sure it worked right. (actually not, game programers with an AI can probably do a better job just rewarding their system for smooth flights even in turbluant weather, but that is a different debate)
100 experts paid by the goverment to assure the code is correct is not as good as 100 paid experts, plus 1000 amatures doing the same. And the existance of a few amatures sabotaging their work makes it better because it forces the experts to think things through. (when everything is expected to work you can be lazy with the rubber stamp, when some parts are suspected to be sabotaged you have to look closely)
There is a theory of testing which says you put some number of known bugs in the code without telling the testers. Don't stop testing until they find all the known bugs because that gives you the best chance of stumbling across the unknown bugs. (the countery argument is fixing known bugs cna introduce more so it isn't a clear win, but it is still a point to consider)
This is just standard anti-GPL FUD. Symptoms include harping on:
.com crash (crashes happen because idiots throw money at bad business plans, not because some of the bad business plans had access to some good free tools to base them on)
1) lack of "accountability, warranties, or liability" (For counterexamples, see Redhat, Caldera, etc)
2) 'must release modifications' (Get it straight, people, you only have to distribute the source *IF YOU DISTRIBUTE THE BINARIES*.. if you're just using your modifications internally, then YOU DONT HAVE TO DISCLOSE ANYTHING)
3) tie-ins to the
etc etc.
I hope someone with more time than me writes a nice rebuttal. ESR maybe.
--Z
I guess you are probably not successful if you program open source. What do you suppose he means be successful?
Can I bum a sig?
You're correct about the risk, but the Government has strict standards that systems must adhere to, both when they go into production and when they are in initial development. The Common Criteria site has a listing of protection profiles that basicly spell out all the requirements a system must adhere to in order to be considered 'secure.' In the Labeled Security Protection Profile (and likely the others...I'm only familiar with this one) there is a section that basicly states that "the developer must use a content management system" and provide all documentation for how it functions, is administered, and how changes to the content are tracked.
In other words if any government group were to use an open source product or start one of their own they are still required to keep their copy of the source tree for the code under rigid, monitored control to ensure what happened to irssi and FragRoute could not happen to their project.
I'm not saying that CVS will be the total solution to this problem, but it's nice to see that they do have measures built-in to mitigate the risks.
--Kylus
Idiot-proof something, and Life will build a better Idiot.
If distribution through the internet is such a bad idea why is MS pushing that feature of .NET?
There is a big distinction between the GPL and the BSD-style licenses. The GPL is all about making sure that people who use GPL licensed code release their new code under the GPL too.
Absolutely not. The GPL is all about making sure that people who DISTRIBUTE GPL licensed code release their new code under the GPL too.
You can change and use it all you want, but if you sell it to me, I must have a copy of your source.
--fatboy
The ADTI's problems with the GPL seem to stem from a misreading of the GPL that would disappear if they just read the GPL FAQ.
They seem to be under the impression that if you modify something under the GPL you must release it to the public, which isn't true. If you distribute the program to the public you must allow people to get a hold of the source code, but you don't have to distribute to the public. If the FAA wanted to develop their air traffic control system based on some GPL code, they could do that and as long as they distributed it within the FAA they wouldn't have to let anybody else see it. So if the program has code which needs to be kept secret you just keep the program secret.
The notion of open source software has nothing to do with free software. The purchase price of computer software is only a fraction of the total cost of ownership. So even if the price tag reads free , it can end up being more expensive than software you buy.
...?
Oh my.
Free beer anyone?
Engineering software has become considerably complicated and rigorous. It is not unusual for software to include millions of lines of source code. If the incentive to develop software is changed, we can subsequently expect the quality and efficiency of software to change.
Again, the only thing these people ever seem to think about is MONEY.
What about satisfaction, gaining skills, enjoying yourself, pride, recognition, respect,
Do I have to continue ?
Last I checked, they were upset about software patents. Don't mean to ad hominen on you, but is this guy a jackass, or what?
the graph of the number of source code lines in the nasa shuttle flight control, linux kernel, solaris and of course, winXP. WinXP blows them all away by a factor of ten.
What does this show? That Microsoft can write a ton of code? You can show graphs like this all day long and they mean nothing.
IF you keep code in-house, (applies in this case) then
you are exactly correct.
Unfortunately Microsoft realizes that when you are
talking to a bureaucracy only a few seeds of doubt
need to be planted to cause the damage necessary to
kill a project.
if it doesn't make sense, it's economics.
--
E_NOSIG
I watched you dance for about 30 seconds... and it scared me.
Open source = We can squeeze some money out of this
GPL = We can't profit from this, we must kill it.
> But I believe in this case, the group is advocating commercial code that comes with the source.
.. then it should be closed.'
/. arguments on whether OS is more or less secure than CS, so we dont need to go into that. But really, they like it when companies can borrow source (heaven forbid they have to actually hire as many skilled programmers as it takes to build any given application .. I mean, they have execs and marketers to pay, doncha know!) .. but hate it when they have to give that source back.
.. its just the thought of holding the quality of their software accountable to a community that scares the shit out of them. Anyone following what the multinationals have been doing for the last 20 years in order to divest themselves from ALL possible negative public reaction understands this position. Just like Nike no longer technically employs their sweatshop workers (they're contracted, so the accountability is divested from Nike to their contractors), companies want to be able to take 'tried and true' code, use it, not have to hold their use of the code (and the rest of their code) accountable to the community, and PLUS they get the benifit of passing the buck to the open-source author should problems be found! (Since in a closed source product, nobody can proove it _wasnt_ the open source chunk that caused the problems or indroduced the security hole or whatever.)
No, they ad advocating that open source is good, because commercial companies can use it to cut costs (and profit on the backs of others' work), but that those companies should not have to repay the community for reasons of security.
It really should read 'borrowable open-source good, except when the source code is mine
We all know the usual
I've been watching the commercial world come to the realization that open-source isn't what they should be scared of (MS has borrowed BSD'd code many a time)
It's the usual power mongering, and desire to not be held accountable for any of it.
"Old man yells at systemd"
For instance: I think he raises a valid point regarding the future viablity of Open Source products in a consumer focused marketplace. Needless to say - Windows is still light years easier to use than Linux. Afterall most people will never have to find out their system even has a commandline interface.
Heres another good one: Yes would some of the supposed experts here like to counter this seemingly valid point? Most people here (without even having read the original whitepaper) have gone off on the "Microsoft Funded FUD Machine" (without any real evidence) bandwagon without even considering the issues brought to light here.
Keep in mind that if you cannot look yourself in the mirror objectively - how can you expect anybody else to? The FUD has to stop and it needs to stop here before it stops anywhere else.
J
I love idealists not because I am one, but because they make life bearable for pragmatists such as myself.
"If a software application representing 5000 hours uses GPL code that reflects only 100 hours, is the GPL fair in its argument that the entire product is GPL? "
first of all, if the 100 hours is GPLd, then the GPL isn't 'arguing' anything -- the rest *is* GPLd, according to the GPL. using the verb 'argue' here is like saying that my rental agreement 'puts forth the assertion' that i have to pay my landlord every month. it's not appropriate, because there's nothing to argue, no ambiguity. the GPL is very clear here.
second, if GPL'd software is, as the statement is clearly implying, a negligible part of the final product, what's the big deal with spending the other 100 hours to build that part yourself? no one's making you use that 100 hours worth of software.
and imagine how stupid that argument sounds when phrased this way: "i just built a huge program that only makes use of [some copyrighted product] in passing -- why should i have to conform to that company's contract terms in order to use it?" would anyone argue that degree of use is going to make any difference at all here? and if you don't like corporate-bashing, consider this example -- "sure, i stole $100 from you, but i put it towards this car that cost $5000, so why should I owe you anything at all?"
this is a stupid point. if you don't want to use GPLd code, don't, and if you do, understand the terms.
god is just pretend.
Remember kids, if you use open source, you're supporting TERRORISM. (or was that communism?)
What about that "Netscape programers are weenies" backdoor Microsoft used to have in one of their products (I can't remember weather it was IE or ISS)
makes it also not tested?????
Don't you think that the software, regardless of the license, would be tested the same amount internally, by the developer before being released.
Besides, how are a white hat or cracker going to get access to the source code? There is no rule saying that they have to put the source code on the FAA website, or whatever. You only have to give the code to the people who are recieveing the software, in this case, the control towers.
And since all this software is custom anyway, don't you think that as it is right now, if the control towers DON'T like the software they can just goto the people who wrote it and say CHANGE THIS?
The GPL doesn't kill custom software, this is why all these comparisions fall flat on their face. GPL is great for custom software! What gpl is bad for is commodized software, aka , PC oses, Word processors, browsers, media players. Tools that everyone needs, not custom tools that only 1 out of a million people ever see.
Why not just use GPL'd software and pay a bunch of people to scrutinize the hell out of all the security issues (spending the money that you would if you had to rewrite the code anyway). Re-writing the code is simply going to introduce new security problems. Granted, they may be more difficult to find without having the source, but there will be more of them --- and anyone dedicated enough to scour source code for security holes probably has other tricks up their sleeves if they don't have the source. I would feel safer flying in a plane that had solid open source source than shotty propriety software.
Just in the quoted portion, there are major errors:
Strike 1: Open source and free sfotware are not in the public domain. Public domain means material on which copyright claims have been relinquished, and anyone can do as they please with it. Totally different concept.
Strike 2: Trusted distribution is an issue for both proprietary and free software. The old TCSEC (Orange Book) addressed this, and I presume the newer Common Critera do too. If security is important, you don't download from the public internet or buy a CD in a box from some easily-compromised retailer; you have a trusted courier take the software or data from point A to point B.
Strike 3. This is not a argument of the GPL - the GPL makes no arguments, it states conditions under which copying may be done, or a derivative work may be created. The issue of whether a work which incorpoates all or part of another work is a derivate is a question of copyright law, not specific to the GPL; and to that issue there is no general solution.
Three strikes. They're out. (Of touch with reality, I think.)
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
MD5 should be used whenever you download stuff from the internet that would be... well... anywhere remotely useful / has a chance of being used
patches
code
whatever.
My life in the land of the rising sun.
signing the .bz2 or .gz archive with the authors GPG/PGP key
So how do I verify that the public key against which the archive's hash was signed actually belongs to the developer and that there is no malicious (wo)man-in-the-middle sending me forged keys? How do I extend an OpenPGP web of trust beyond the boundaries of my home town? I've looked at the GPG manual, but it just dismisses the face-to-face key signing problem as a "social problem, not a technological problem, therefore Not Our Problem".
Will I retire or break 10K?
"If a software application representing 5000 hours uses GPL code that reflects only 100 hours, is the GPL fair in its argument that the entire product is GPL?
This "argument" really bothers me. What would they say to this: "If a software application represeting 5000 hours uses proprietary code reflecting only 100 hours, should the author really be guilty of copyright infringment?"
Last time I checked, no one was forced to use GPL code in their products. I think everyone would agree that the author of a piece of code is well within their rights to dictate the terms under which other people are allowed to use it. People who use the GPL effectively say, "I will share my code with you, however, you must share your code with me if you intend to use my code in your project".
Some people (e.g. those who use the BSD license) don't mind if others use their code without sharing in return. That is their perogative.
--
Wow, now "they" are switching to the "Big Guns", eh?
Personally, I think this just shows how scared certain people in the industry are. Most arguments against OSS are just BS and people with brains can easily uncover that. But throwing in National Security as a joker, the hope is that a lot of the decision makers are going into dummy mode... and maybe some do. But examples like lastest the developments in Germany point to the opposite... which just scares the hell out of the Establishment... Truely, we are living in interesting times!
Excellence: Moderate (mostly affected by comments on your karma)
There is a big distinction between the GPL and the BSD-style licenses. The GPL is all about making sure that people who use GPL licensed code release their new code under the GPL too.
.gov could pick up a bunch of GPL code, hire some hakers (or use the NSA) to brew their own system and simply make the decision not to share the code. That's nice and legal. They'd simply make distribution a matter of national security.
Except that using GPL code doesn't compel you to "release" anything. It only means that if you elect to share your code with another party, you do so under the terms of the GPL.
The
The only security issue with the GPL is the security of companies who derive revenue from selling proprietary code.
Howard Dean for president
oes this mean
... i don't
... why don't ... we still ...
we drop daisy cutters on
rural virgnia?
and before
and please dont fire out the stupid
logic it is their choice so let them
bear the consequences
... osama is messing with
us in part because we have
military bases in saudi arbia
... so by the same messed up
logic would lead one to believe
that 9-11 was fine as we had
it coming to us after so many
warnings
buy it.
can we all wake and say tragic
as it was it is being used to
justify the most absurd actions.
to be frank with everyone
if osama wants us to leave
saudi arabia
we just do that
have turkey and israel
imho it was not worth the
3,000 lives in the united
states and the countless more
lost in afghanistan plus the
liberties we are losing.
dunno what they are teaching
these clowns out in the war
college but one of Sun-Tzu
central tenants of war was
that it was far better to win
a war by not fighting at all.
Considering the the dirty-bomb-guy, José-Padilla, presented on air today, this anti-GPL stuff described may be threatening federal use of GPL'd softwae in the US.
I sure hope IBM, SUN and others quickly back up GPL, according to their previous support.
No offense meant, but should one really rely on RMS' FSF movement in anti-GPL cases like these? I believe IBM, SUN, and SGI executives have greater credibility in Washington.
"What I'd like explained to me is how the GPL could be considered somehow worse than other open source licenses for the purposes of national security."
The theory is explained in the paper, but it's quite lame. The idea is that if the government uses software under the GPL it will be forced to distribute code that it would rather keep secret, thus creating a security risk.
Unfortunately, some of the FUD in the paper won't be seen that way by some people. I've tried to explain the problem with security through obscurity to non computer literate people, and they don't buy it. They think the more obscure the more secure.
I highly recommend reading the paper with a highlighter and keeping track of the FUD. But try to remember that you are not the target audience. As an exercise try to imagine how you explain to a clueless person what the real errors and lies in Mr. Brown's work are.
I just had to write a response.
Okay, is it just me or is the difference b/w these pretty much nonexistent? I assume there are other open-source licenses, but they'd all do the same thing anyway.
The advantage of open source is that your customers can continue to maintain and upgrade your code after you go bankrupt.
-a
---
When the man in front of you is shot, pick up his gun and start shooting.
How to rationalize theft.
this while 9-11 thing is
... i don't
... why don't ... we still ...
out of control. last year
406,290 american died of
smoking does this mean
we drop daisy cutters on
rural virgnia?
and before
and please dont fire out the stupid
logic it is their choice so let them
bear the consequences
... osama is messing with
us in part because we have
military bases in saudi arbia
... so by the same messed up
logic would lead one to believe
that 9-11 was fine as we had
it coming to us after so many
warnings
buy it.
can we all wake and say tragic
as it was it is being used to
justify the most absurd actions.
to be frank with everyone
if osama wants us to leave
saudi arabia
we just do that
have turkey and israel
imho it was not worth the
3,000 lives in the united
states and the countless more
lost in afghanistan plus the
liberties we are losing.
dunno what they are teaching
these clowns out in the war
college but one of Sun-Tzu
central tenants of war was
that it was far better to win
a war by not fighting at all.
Following the old Usenet tradition that every spelling and grammar flame must contain at least one spelling or grammar error, you meant "its." There's no apostrophe. See Bob The Angry Flower for details.
This story came out early last week and is just a load of FUD. ADTI has no credibility and is funded by MicroSoft (which Microsoft admitted to).
These are the same guys who claimed that second hand smoke isn't harmful. Their panel of experts contained Scientists and Doctors who had previously been employeed by the Tobacco industry.
Article Link
Do a search for ADTI in article.
You can view the article at Phillip Morris Tobaccos archive.
See:
Article Link
Or the PDF at:
PDF Link
Their main points are that GPL is flawed due to requiring anything which uses GPLd code [no matter how little] to be licensed under the GPL; and, that most GPL projects encourage many unvarifiable developers to take part in the project, resulting in potential malicious code being inserted without anyone else taking notice.
Please, take a moment and read the GPL. Then come back and ask people questions about it. (I believe there was an Ask Slashdot about it awhile ago...)
Using GPL'd code does not mean you have to automatically release all of your code. First off, the GPL cannot override other more restrictive licenses. If you don't have the right to GPL the code that you've included then you can't release it, you have to remove the GPL'd code instead. Second, the GPL's release/publish conditions are only invoked if you release/publish your code. This is a very important distinction. If you develop something "in house" for your company's use, then you don't have to release the resulting code. If you don't distribute it then you don't have to publish it.
As far as "malicious code" goes, look at all of the "easter eggs" and "bugs" in current "professional" code. How much overall code review do you think goes on when an entire flight simulator gets packed into a spreadsheet application? (You may have noticed how a Service Release deactivated it.)
In the Open Source world, if you doubt some code then you can simply audit it. Good luck if you think there's some backdoor lurking in the latest MS code. (Look at MS's WMP EULA that gives them permission to force downloads on your box in the name of "DRM".)
There's a reason that people use the cover of darkness to perform questionable/malicious acts. Having the source code for full review and scrutiny is the best way to shine a bright light into all corners.
--- I wish I could hear the soundtrack to my life. That way I'd know when to duck.
You're kidding, right? With the exception of the hard sciences, academics are some of the worst purveyors of "my opinion is right". And even physicists, chemists, etc, sometimes let their personal opinions color their work. There is no such thing as unbiased thinking, only honestly held opinions and faith (for whatever reason) in your position/belifes.
Life is hard, and the world is cruel
I just said a bunch of random stuff and not all of it is accurate or precise or true or meaningful
Well at least you admit it.
Look, the GPL does not compel you to release, share or even present your source code if you're using a GPL-coded application. It only stipulates that if you share your code (in source or compiled binary form), you must do so under the terms of the GPL.
The government could easily act as a single entity here (an umbrella over all the various agencies, e.g FAA, FBi, etc) and use all the GPL'ed software it wants and be under zero obligation to share with anyone. That is, of course, assuming the develop it in-house. If they want the participation of the worldwide OSS/Libre Software development community, it becomes a bit more tricky. Hoever, they could always have the spooks scramble a few bits and keep the kinks to themselves.
Howard Dean for president
If you have something to say, why not start a petition? Why not write a well-written (as opposed to the one above) article and try to have a newspaper or respected journal publish it? Write your congressman (as I have done) and explain in a well-thought-out manner the points and counter points of why open source software is essential in maintaining the rate of innovation in the computer industry.
I'm not complaining, or trying to be a troll, but even if you copied and pasted some of these very good comments that appear here into an e-mail to some of the powers that be, it would do far more good, and would probably make you feel much better about your day as well.
Just my $0.02.
today is spelling optional day.
Sure, it's true bad people could submit code to open source projects in general, and hope to access some sort of backdoor when the code is used in a security application. With open souce or GPL, they just have to slip the code past the other programmers and everyone who looks through the code carefully.
On the other hand, closed source code such as Microsoft carefully controls who they hire to work on the code (with the exclusion of code that may be added by those who hack their systems). They don't open the code to review by outsiders, but that means that only those who actually insert the back doors will know about them. Thus, terrorists who can't write code (but can only read it) will be unable to breach MS security using a back door. In the event that MS code results in a security breach or other terrorist activity, the user may be entitled to a refund of the MS software purchase price. You must hold them non-accountable for actual losses as per the EULA.
Andrew
Yes, Microsoft's security sucks, and every one knows there are open security holes, and it takes ages for them to be patched... But Microsoft's OSes do have one advantage over all the current open source OSes -- Windows Update.
It may take MS too long to patch their stuff, but when the patch does come out, access to that patch is quick and easy. An update facility for *nix would be a huge step in combatting bugs and security problems. The facility need not be centralized, either; individual distributions or packages could have their own repositories.
Such a system could even go one step further than Microsoft and report when an unpatched hole is found, and give the option to disable that service 'til a fix is discovered. This would be highly appropriate for individuals, companies and governments who are worried about keeping their systems secure, and would keep them safer than any closed-source software can.
See the thing is that the GPL says that if I give you a piece of software then I must provide soure code with it. So, the code that the governmnet adds does not need to become a matter of public knowledge unless the software is being given to the public.
As I understand it, if the FBI got a copy of Linux, they could modify the source code and distribute as they wanted to within the FBI and never be compelled to give that source code to anybody else. It's only if the FBI started taking that code and giving it out to other organiaztions that it might be at issue.
This sig has been temporarily disconnected or is no longer in service
Has the site been hacked, or are they really that unprofessional?
When I go to the base URI of the site at
http://www.atdi.net
it says, on a black background:
.Site Closed.
[fuck off]
(The bracketted text was not added by me). Viewing the source of the home page reveals a frame set that redirects to a different URI that causes theabove message to be displayed.
Explanations?
On a lighter note, while many open source advocates atre proponents for copyleft, they insist on trademark protection for their ideas.
...by posting notices in publications and websites that their trademarks are protected. For example, the notice on the OSI website reads, "... To identify your software distribution as OSI Certified, you must attach one of the following two notices..." The same is true for a number of prominent open source firms including VA Linux.
You bet they do, or else commercial interests would steal their work and profit from it, without due compensation to the creator.
I hear the Red Cross and Salvation Army have trademarks as well, which they zealously protect, even though they are in the business of giving stuff away to those in need.
The Free Software Foundation, the Open Source Initiative and a number of other organized GPL enthusiasts protect their "marks"...
Putting the word "marks" in quotes in this context seems to imply that not-for-profit trademark holders are not holding "real" trademarks, and therefore the author of the paper feels entitled to sneer at them.
This is the most damning section of the entire document, im my opinion. The author betrays his contempt for the fact that open source advocates utilize the copyright system as it was intended: to control the distribution of their works. What burns this author the most however, is that he knows they are correct and the GPL succeeds at its aims, which is preventing GPL code from being hijacked by proprietary, closed source projects. This makes him very angry, and he can barely conceal it in this paragraph.
While each of these firms would insist that they are not against copyright protection, invoking the protections argues that they are against people copying their marketing documents and symbols.
He left out the crucial phrase at the end of the sentence: "without authorization." This guy is really burned that the GPL is successful. And it seems clear to me now that "this guy" is the Microsoft FUD^WMarketing department. Their past FUD releases on this topic have been infamous for conflating trademark and copyright, as well as copyright and copy-prevention.
Now I gotta go take a walk, because I am worked up. But man, this is the most blatant and desperate FUD I have read in a long, long time.
Edith Keeler Must Die
It asks if we want to trust software that thousands of unknown authors have contributed to, but I know a lot more about RMS and Linus than I do about, oh say, the latest goons that programmed Windows XP...Most open source authors not only accept but insist on credit for their work and normally are not hard to track down. And if it really bothers you to trust them, you have the code to check it out yourself. With closed source software its being made by legions of people you don't know and then they say, "Trust us, its bug free, it has no known issues." and then they don't let you examine the code to find out for yourself.
According to the BLS Computer and Mathematical Occupations employ 2,932,810 total employment. Of those 374k are employeed in the development or the customization of applications.
This risk factor is somewhat mitigated in commercial software, where the distribution is typically through CDs and other trusted media.
CD's being a trusted media assumes that it is impossible to put a virus on a CD, however, Microsoft (among others) have sent out CD's with virus on them. Just because it uses a different media than the internet doesn't mean it is any safer.
At least with open source, you have a chance of someone spotting malicious code. With binary code, you probably won't know it's there until it does something nasty, and maybe not even then.
Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.
was that you again, Bill? That's disgusting!!
try { do() || do_not(); } catch (JediException err) { yoda(err); }
Because of said deterministic requirements, you couldn't just release patches to air traffic controller code - but wouldn't it be cool to find a bug and send in a fix? A lazy Saturday afternoon spent reading code could make every air traveller in the sky safer.
Maybe the state's highest function is to grind out insoluble problems. (Zelazny, Hall of Mirrors)
If you're worried about backdoors and trojan horses being inserted during a transfer over the net, then contact the author and order the source on CD. The author doesn't offer CDs? Throw him some cash and I'm sure he'd be happy to burn you one. It would still be less expensive than ordering a commercial package.
Sorry, I couldn't resist. I agree with your substantive points.
"Another security concern is that the primary distribution channel for GPL open source is the Internet. As opposed to proprietary vendors, open source is freely downloaded. However, software in the public domain could contain a critical problem, a backdoor or worse, a dangerous virus."
Even worse! It could contain a gaping hole allowing virus writers to distribute email lightening fast throughout the world! Even worse, such a problem ignored for years, or only be fixed in a newer version!!!
Reverse engineering "harbors very close to IP infringement because and has staggering economic implications." [sic]
The economic implications are staggering! Wealth is replicated and distributed instantly at little to no cost! If only we could do that with cars and houses!!!
"On a lighter note, while many open source enthusiasts are proponents for copyleft, they insist on trademark protection for their ideas."
You mean after GIVING away thier hard work, they shouldn't ATLEAST be able to ask for CREDIT???
"If a software application representing 5000 hours uses GPL code that reflects only 100 hours, is the GPL fair in its argument that the entire product is GPL? This point is of considerable concern to software companies that value their secrets, design and architecture strategies. Proponents of the GPL argue that each party in the exchange is benefiting equally, but without a means to properly make this evaluation, this position at best is over-assuming."
Is it fair that you STEAL my 100 hours of code, which I donated to the community just because you're 50 times bigger? Is it fair to deny me the option to distribute MY work so people can't exploit my work for thier profit?
You don't even let me USE your software unless I pony up $$$, whereas I let you USE, SHARE, and MODIFY for NOTHING, so long as you don't exploit me work.
AND you expect me to let you exploit me because your software is 50 times bigger? Geeze, Why don't we set up the courts so whoever has the most money wins while we're at it.
"The federal government's information systems requirements intersect countless sensitive operations. The limitless potential for holes and back doors in an open source product would require unyielding scrutiny by staff that decided to use it. For example, if the Federal Aviation Agency were to develop an application (derived from open source) which controlled 747 flight patterns, a number of issues easily become national security questions such as: Would it be prudent for the FAA to use software that thousands of unknown programmers have intimate knowledge of for something this critical? Could the FAA take the chance that these unknown programmers have not shared the source code accidentally with the wrong parties? Would the FAA's decision to use software in the public domain invite computer 'hackers' more readily than proprietary products?"
This is the only tough question of the bunch. More people seeing the source code doesn't nessecarily mean it's going to be more secure. The only thing I can counter with commercial software, is there is no option to audit the security by looking through the source code. You pretty much have to take the vendor's word and hope if there are security holes, they will fix them promptly.
"Communism is like having one [local] phone company " - Lenny Bruce
What exactly was the difference again between executable software and binary code?
All proprietary licenses that I've ever seen place restrictions on how a user may use the software. The GPL contains no such restrictions. The GPL only resticts the way in which he can redistribute a modified version of the software, an activity expressly prohibited by proprietary licenses. Simply put, any claim that the GPL is more restrictive than proprietary licenses is laughably incorrect.
According to the Open Source Initiative, "the 'open source' label itself came out of a strategy session held on February 3rd 1998," in reaction to "Netscape's accouncements that it planned to give away the source of its browser." The term's purpose was "to dump the confrontational attitude that has been associated with 'free software' in the past and sell the idea strictly on the same pragmatic, business-case grounds that motivated Netscape." The attempt to paint the FSF as a radical offshoot of the open source movement is completely without factual basis.
The FSF has expressed no position on the patenting of inventions, in general, but only on the patenting of software.
According the NCSA's Procedures for Licensing NCSA Mosaic, "the software is not public domain, freeware or shareware." But then, we already knew that...
If it required a commercial partner to do this licensing, then clearly it wasn't even open source (as the term came to mean, when it was coined five years later), much less in the public domain!
At this point, I get tired of counting. This paper allegedly "details the complex issues surrounding open source," but fails to demonstrate even the most basic understanding of the term itself, competing licensing models, or the technology involved. It is, quite simply, not worthy of any serious consideration.
When or if RMS writes a response to this "paper", I hope he forgoes his usual moral high ground and lengthy expositions and calls it exactly what it is: garbage.
Very of little of that paper makes sense or raises valid points, and what it does is irrelavent to its thesis.
This paper is a comical inverse of Senetor Nuñez's letter to Microsoft: poorly thought out, badly written, and unable to withstand the application of basic logic. "GPL the most restrictive license" indeed ... the GPL can be ignored completely, leaving you with basic copyright law, while last I checked, Microsoft's license must be followed to the letter just to USE the software.
I'm sure everyone here can read through that paper and find all kinds of nuggets (not of wisdom, for sure). For instance in one sentence they claim that with Free Software you don't know what you're getting, but in the next deride programmers for using trademarks to protect their reputations (i.e., so they can ensure that you do in fact "know what you're getting").
And the usual "programmers need money so they can write code". Well, this has nothing to do with the government choosing software, unless the government is starting a new "software author welfare program".
The usual "if you combine GPL with another software, it all has to be GPL". Pray tell, what license do I use when I combine Windows XP with my own program and sell the combination? None, the men with guns come by, and I get put in jail. Don't redistribute GPL software if you don't like the terms. At least the GPL gives you a way to redistribute!
And finally the paper concludes with a rosy comment about the BSD license. I suppose when a company releases their software under the BSD license, somehow their secrets are better protected than under the GPL?
Finally, I like the graph on page 18.. apparently Windows XP has 30 million lines of code (30,000,000.00 to be exact, based on the legend), and Linux Kernel (apparently now an entire operating system on its own) only has 2 million or so. I'll take 2 million possible bugs over 30 million any day!
Ya know, there seems to be a golden opportunity here for some folx to make a good living working with and for the open source community. Simply convince the US government to give you a grant/contract as a security consultant to scour particular open source projects for security holes/bugs. The source could then be cleaned up to the governments liking and used by government institutions for a cheaper price than contracting someone to write it all over again, and the source still remains public.
Hey, I'd better patent this business practice before someone else thinks of this obvious method....:-)
This signature is a waste of 42 characters
Good comment. However, i would like to ask you, as you appear to have read the article and i cannot get into it at this moment..
This article is definitely misleading, confused, and from what i've seen seems to be mostly made of attacks on straw men. However: is there anything actively *INACCURATE* in it?
What i wonder is whether this article goes far enough that the GNU foundation would be able to sue them for libel. I doubt they would be so stupid as to let anything leaving them open to that slip in, but, you never know, and i thought it was worth a check.
Is there anything in the article which actually goes as far as making actively incorrect statements about what the GPL says and the GNU project does?
This risk factor is somewhat mitigated in commercial software, where the distribution is typically through CDs and other trusted media. Of course, someone can still somehow compromise a software developer's network
You must be referring to that time not too long ago when Microsoft's network was compromised, and possibly unknown things placed into the source code for their products.
Just imagine, for a minute, how devastating it would be if Sourceforge was hacked and malicious code was inserted into a ton of the projects without anyone noticing for long enough that it could cause real damage? The danger is clear.
Yes, I suppose it is -- but as the source code for things on Sourceforge exists in many copies all around the globe, it can be cleaned up somewhat more easily than, say Microsoft cleaning up their compromised source code repositories. Assuming they even tried. Some journalist should ask them about that -- "What effort has Microsoft made to inspect and clean their code of viruses, backdoors and trojans inserted when their network security was breached recently?" I'd love to see that question asked by, say, the Wall Street Journal. Or even The Register.
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
I remember reading a quote from one of Stallman's papers a while back. I'll have to paraphrase because I'm really busy but:
'When you redistribute your version of the software you must include all modifications you made to the GPL'd code.'
So, you don't have to redistribute your software at all but anybody who receives the binary version of your version of the software is entitled to the source.
Looks like the FUD is getting smelly : )
In the case of Red Hat, I believe their public key is on the original distribution CD. How hard would it be to trojanize a shrink-wrapped product?
This doesn't cover individual authors and their tarballs on the Internet, of course. But if you're really paranoid about security, either you'll only install stuff prepared by your distribution vendor, or comb through any untrusted source code yourself.
iSKUNK!
So don't release them. The GPL encumbers software only if it is released. Classified code obviously wouldn't be released, so the inclusion of GPL'd code within a classified program is acceptable as long as it remains illegal to release the program. I mean, who's gonna be stupid enough to call up the CIA and say "Hey, I noticed the source to GlobalThermonuclearWar 2.1.1 wasn't on the server I stole the binary from. Are you gonna give me the source or do I have to call Richard Stallman?"
There may be some limited circumstances in which a democratically elected government is justified in keeping secrets from the populace it governs. Those circumstances should never cover "how" decisions are made (the laws), only "what" decisions are made (the policies). But even in a transition period where some of the processes must be obscured for national security reasons, this does not conflict with the requirements of the GPL.
Even if we overlook the obvious gaffe of including public domain code in the mix, the author clearly misunderstands Open Source and the GPL. If an organization has no process in place for vetting the software it deploys, then neither open nor closed code will offer any barrier to malicious code. It is true that a truly security conscious organization would need to screen every proposed change to open source software, the use of closed code substitutes a blind trust in the proprietary vendor; a vendor with neither an understanding of the local deployment environment nor a motivation other than profit.
I wonder if the author has ever read a commercial (closed source) license agreement? Here's a hint: the phrase "AS IS, NO WARRANTY" is standard industry boilerplate. So that means GPL'd software is no better and no worse than proprietary software, right? Well actually it is. The closed nature of proprietary code denies the user the minimal "self help" provisions. On the other hand, there's nothing preventing a concerned organization from requesting competitive bids for the support of an open source application. The winner of such a contract would be under competitive pressure to perform, because they would not have a captive audience.
Perhaps the author would care to cite the law obligating commercial developers to produce manuals, or ensuring those manuals are correct, complete, and relevant? Furthermore, the author glosses over the fact that while the GPL demands that the source for a program be freely distributed, there is no such requirement for the manuals, instructions or technical information of that software. Again, the competitive market serves to ensure that quality add-ons are produced and maintained.
And of course, the would go against the very reason we have a government in the first place. What was that First Amendment again? Something about the right to keep others from cutting into your profits through their own expression of your ideas shall not be infringed?
I'll agree with other posters here. There's too much FUD here for me to waste any more of my time.
The thing about things we don't know is we often don't know we don't know them.
It's amazing how many published articles have been written that attempt to convince others that GPL is bad. At the same time, i've hardly seen as many articles in favor of GPL. More and more organizations have already seen the proof that GPL works.
I've heard other accusations that this "think tank" is really just a paid voice for M$ but in other forums contributors had trouble coming up with proof. This may not be proof, but here's one paragraph from the paper that settles the point pretty clearly for me: "Netscape was an aggressive firm. It endeavored to make its web browser the proprietary standard for web access, hoping that it would inevitably become more important than the PC operating system. Netscape began distributing its browser free to users. This strategy all but eliminated interest in Mosaic and NCSA led standards. Because Netscape was also able to do this without paying licensing fees to NCSA, it was able to undercut other commercial browser companies that had to meet NCSA license fee requirements. Not only did Netscape crush competition with its free browser model, but it also infuriated members of the open source community by aggressively introducing proprietary standards to the public Internet, something they felt no one should own. Conveniently, Netscape turned its enemies to Microsoft and their new browser, Internet Explorer." Poor, poor Microsoft...
Actually, I was trying to be Insightful, not Funny.
NAME
md5sum - compute and check MD5 message digest
SYNOPSIS
md5sum [OPTION] [FILE]...
md5sum [OPTION] --check [FILE]
DESCRIPTION
Print or check MD5 (128-bit) checksums. With no FILE, or when FILE
is -, read standard input.
If a software application representing 5000 hours uses GPL code that reflects only 100 hours, is the GPL fair in its argument that the entire product is GPL?
If a software application representing 5000 hours of work uses proprietary Microsoft code that only required 100 hours to develop, would Microsoft be correct in claiming that its copyright had been violated?
TheFrood
If you say "I'll probably get modded down for this..." then I will mod you down.
"The revenue from software comensates engineers, graphic artists, database programmers, hardware specialists, debuggers and a multitude pof contractors, partners and vendors. In the US , the software sector accounted for approximately 319 million jobs in 2001"
I just checked with the Census Bureau and there are only 287 million people in the US, so I guess in addition to everyone being employed in software there are 40 million hidden people working in software. If they cant even check basic facts, I wouldnt want to know what falasies are in the opinion section.
...are the politest things I can say about this.
The author has transparently started with the objective of rubbishing the GPL - then crudely constructs "evidence" to support this rubbishing.
It presents a world view that as a software developer I find difficult to recognise.
It probably isn't worth spending much effort reading or responding to this. So I will just pick on one aspect which struck me as interesting: The complete omission of any reference to standards and specifications. In my world software systems are underpinned if not driven by standards and specifications. Many of these standards are open and freely available. Some are ad-hoc. But they are always there.
Not so in Mr Brown's world. Everything is secret and proprietry. It is a given that for a piece of hardware, there will be no published specifications. The only way that a GPL driver for that hardware can be created is by reverse engineering the manufacturers own driver. Like wise there are no standards or even specifications for software systems. Everything is closed and therefore a GPL author must inevitably "steal" the creators "intellectual property"....
Sigh. There is lots more to be criticised but the premises are so illogical and falacious that it is soul destroying even to have to start.
Now I personally think that there is a role in the world for GPL, BSD and proprietry software licences. But this article neither makes the case for a multitude of licenses nor suceeds in saying why there is no place for the GPL (at least in any rational or credible way).
I would really like to see IBM explaining why they endorse the GPL, as this paper is sure to get a lot of coverage in the media - especially if Microsoft have paid for the article as has been rumoured.
It's in the best interest of many corporations that government does not adopt open source packages. Nothing new there! However, it's clear that there are myriad agencies using free operating systems (e.g., Linux), unix tools - GNU -, and dozens of scientific applications (e.g., TeX/LaTeX, Octave, R, ...), not to mention languages like Python and Perl. Obviously the list of usable, free, and open source programs is long. With such momentum within the various agencies I imagine the battle fought by corporate America is getting more difficult by the day. [Doesn't the NSA release a secure version of Linux?]
Unless legislation - materializes in the near future - is presented that prevents the use of such software within government the battle will never be won by closed source vendors. Though the quality and quantity of open source software must continue to increase. To that end, I hope that there is less fragmentation within the community....
Is there any evidence that lobbying for open source software is present within government?
Comment removed based on user account deletion
It wasn't just the factual parts that one can easily argue against, but simply the infamatory tone of the article...the word selection, making it sound so much worse than it is (if it can even be considered bad).
- Referring to souce code as a "secret formula".
- Binaries are "locked" code, while source is "unlocked" code. The choice of these words sets the tone for the whole paper.
- Calling the GPL "viral" simply proves that this is a Microsoft funded bash of the GPL.
And the one thing I never saw mentioned - if they don't like the freaking license, then don't use the damn product. Why is it so hard to understand? It doesn't infect you unless you WANT it to infect you!Stupid sexy Flanders.
Open software can be EXAMINED by SPECIALISTS
to make sure there are no backdoors. How
do you audit proprietary software?
Considered harmful.
How much government written programming code i sin public domain as opposed to own closed source?
Why is this important? Becasue the paper's author is attempting to pull the wool over someones eyes and is doing a very bad job of it..
All gov programming code is public domain unless otherwise closed ofr gov national security reasons..whether they want to admit it or not they are already using gpl code theri own!
They key question is how much did MS pay for the conclusiions in this report?
Its the saem story as when MS offered some lobbying bribes for the Gov Secuirty Test guidelines to be rewritten because winNT 4 fialed those test..doesn anybody remember this?
Its time to call a Spade a Spade..
This report is full of bullshit!!!!!!!!
Don't Tread on OpenSource
RMS probably isn't the best person to write the rebuttal since the paper is written largely from a business perspective, RMS's arguments may be somewhat orthogonal to the main thrust of this paper. Also, the fact that the paper attacks RMS directly (suggesting that he is not widely respected within the Free Software/Open Source community - which IMHO is bullsh1t) would make it awkward for him to respond without sounding too defensive. ESR might be a better bet - even though I have always seen him as a-little too preoccupied with self-aggrandizement. I would say that Bruce Schneier would be the best person to rebut this given his level of respect in the security community.
If a software application representing 5000 hours uses GPL code that reflects only 100 hours, is the GPL fair in its argument that the entire product is GPL? This point is of considerable concern to software companies that value their secrets, design and architecture strategies. Proponents of the GPL argue that each party in the exchange is benefiting equally, but without a means to properly make this evaluation, this position at best is over-assuming
To that you say...
Is it fair that you STEAL my 100 hours of code, which I donated to the community just because you're 50 times bigger? Is it fair to deny me the freedom to distribute MY work so people can't exploit my work?
You don't even let me USE your software unless I pony up $$$, whereas I let you USE, SHARE, and MODIFY for NOTHING, so long as you don't exploit my work. Yet, you don't think it's fair that I take measure to make sure you don't exploit my hard work?
"Communism is like having one [local] phone company " - Lenny Bruce
You have got to be kidding.
Netscape in the beginning may have had a proprietary browser but no one I know of ever dropped Netscape in favor of IE because Netscape was proprietary and IE was open.
That report is pure garbage. They lie about basic facts.
No one is more closed about their code than Microsoft. And, suggesting that the open source community flocked to Microsoft because Netscape was proprietary is a joke.
NexuSys - Linux support by the best
This is perfect example of security through obscurity.
Did anyone in this stink-tank ever do research into the GPL, open-source, linux, terrorism, operating system development or anything related to these topics. Obviously not. It's amazing how people can bought by the dark lord of Redmond.
.plan file. If you click the refresh button enough times in IE, with an IIS server you'll cause it to crash. Then ofcourse theres the weekly security flaw which must be fixed, virus', couple this with blue screens, regular reboots because of memory leaks, and high prices and you've got innovation.
How many terrorists would bother to go through hundreds of thousands of lines of code to find you can gain access to a damned finger server. Ooooh big deal, you can view my
I would love to see MS design a car or plane and try to explain to the customers that although the wings flew off, their not liable because you're licensing your seat!
It's amazing how they perceive a community of intelligent people working towards a single goal (stability / performance / reliability of products) a sin.
I think the kids who were part of this "think tank" were nothing more then disgruntled mcse's who got fired because their companies moved to unix and they couldn't understand a regular expression if their lives depended on it.
"Woah, you touch the keyboard to secure your computer." - Think Tank Morons
That has to be one of my favorite parts. Alright, maybe there's some truth to the Netscape part, but what the hell has IE been doing for the last few years if not trying to force their own proprietary standards on people?!?!
ActiveX? Non-standard HTML? C'mon!!
And what's so "convenient" about it? That these users were turned to the same corporation that's funding this whole POS (not a fact, but sure seems likely).
i.e. it's partly open. It has been viewed by hundreds or thousands of MS programmers, any one of whom might be an enemy spy. Windows src has already been distributed to certain colleges and corporations. Furthermore, MS's internal networks have been broken into in the past. Go ahead Bill, swear on a stack that no terrorists have the source to Windows.
Unless MS, Oracle, Sun, et al. do all their development under the same security controls as, say ICBMs, the "need for secrecy" argument works no better for their code than for OpenSource.
Maybe there are a few situations which call for Top Secret Source, but most do not. Use hardware as an analogy.
The U.S. armed forces use plenty of off-the-shelf type hardware. Many types of military aircraft are based on the same platforms as commercial craft. SR-71 Blackbirds are secret, 747-based AWACS share many of the same vulnerabilities as those flown by Trans American. F-xx fighters have been sold to questionable foreign governments, lost in battle, etc. How secret are they?
If the U.S. adopts this "Secret Source" philosophy, our computers will turn out the be the equivalent of those goofy cars (Trabant?) Russians were forced to drive all those years.
Think tanks do not work the way most people expect them to. They are not 'neutral' to a discussion. They receive a premise to discuss and assemble a team to do the research the question(s), discuss the result of the research and distill the results. They DO NOT try to consider all aspects of an arguement - that's not their business - ONLY WHAT THEY HAVE BEEN ASKED.
Commisioning a study by a think tank is like asking for a wish from a genie - You get what you you asked for ! - But what you get is not necessarily for what you wanted !
To understand this white paper you would have to have to review the original material presented to them for discussion. Their answer only reflects the bias of the original question. ( Garbage In - Garbage Out)
So as you look at the 'expert white paper' remember the genie and ask yourself what was the original question - and re-read with that enlightenment.
I've had to deal with the political problems created by studies by think tanks and 'experts' like this for years.
McHummer
Why would every user need a copy of the source, anyway?
I might even stretch that to include "the government" as a whole.
Stupid sexy Flanders.
And your point, Mr. Brown, is exactly what?
First point: Today I mistakenly started up IE's infamous "Windows Update" feature for the Win2K installation on the SunPCI card in my Ultra 10. The first "update" it wanted to install was the MS "Automatic Updater" so that Microsoft could cram changes to my system software down my throat whenever they chose to. Mr. Gates does not own my hardware, the State of Texas does. Given Microsoft's track record in the security area, please explain to me the exact difference between this "feature" and a "back door or worse, a dangerous virus"?
Second point: Microsoft's "Windows update" service is ONLY available over the internet and is usually the ONLY source for critical security fixes and other patches for Microsoft products. Please tell me exactly how that differs from the normal distribution channel for GPL software.
Reverse engineering "harbors very close to IP infringement because and has staggering economic implications."
Please show me your bar number before you start rendering legal opinions, Mr. Brown. The only class of Intellectual Property that is infringed by reverse engineering is patents. Specifically, so-called "clean room" reverse engineering of copyrighted works has been repeatedly blessed by the courts as an exercise of the fair-use doctrine.
"On a lighter note, while many open source enthusiasts are proponents for copyleft, they insist on trademark protection for their ideas."
Mr. Brown, this "lighter note" comment of yours is little more than a cheap shot that openly displays your lack of understanding of the subject matter on which you write.
"Open source enthusiasts" not only avail themselves of trademark protection, they also assert and defend their rights as copyright holders. This in no way conflicts with their advocacy of the principle of copyleft. What it DOES do is give them the power to enforce the particular license (GPL, LGPL BSD, or other) under which they choose to release their software.
"If a software application representing 5000 hours uses GPL code that reflects only 100 hours, is the GPL fair in its argument that the entire product is GPL? This point is of considerable concern to software companies that value their secrets, design and architecture strategies. Proponents of the GPL argue that each party in the exchange is benefiting equally, but without a means to properly make this evaluation, this position at best is over-assuming."
Answering your questions in order:
Yes, if it's my GPL code, it most certainly IS fair. If Microsoft, Adobe, Symantec or whoever, wants to license my code for use in their proprietary product, I will be HAPPY to negotiate a special *non-exclusive* license with them for a SUBSTANTIAL fee. HOWEVER, if their objective is to take my code without payment and claim it as their own they had better be ready for MAJOR litigation.
"The federal government's information systems requirements intersect countless sensitive operations. The limitless potential for holes and back doors in an open source product would require unyielding scrutiny by staff that decided to use it. For example, if the Federal Aviation Agency were to develop an application (derived from open source) which controlled 747 flight patterns, a number of issues easily become national security questions such as:
They already do. The FAA's Air Traffic Control Database uses Oracle 9i Real Application Clusters running on Dell PowerEdge servers and (surprise!) Red Hat Linux.
Apparently the FAA thinks it's a better gamble than hoping that no one with an old copy of debug.exe will find a buffer overflow in Windows 2000 Advanced Server.
Again, you clearly demonstrate your lack of knowledge in this field, Mr. Brown. GPL software is NOT public domain. It is private property released for public use under license. It is no more public domain software than Windows XP. And
However, a more cogent inquiry would be "If the FAA's Air Traffic Control System is exposed to access from the public internet, shouldn't we fire all the boneheaded bureaucrats that decided it SHOULD be?"
Most of the
Mr. Brown, your white paper exhibits a failure of understanding of your subject that I find very disappointing in one who would call his operation a "think-tank". You entitle your publication "Opening the Open-Source Debate,"
utter rubbish
Almost like when MicroSoft got hacked... except of course in the instance of closed sourced software, only your vendor can audit the code for trojans and backdoors. Kind of similiar???
Or maybe it is more like the time Microsoft placed a virus on their corporate update website???
Guess you don't have a point... is Bill paying you for this?
I have come to a conclusion that one useless man is a shame, two is a law firm, and three or more is a congress -J Adams
If you look at their other "papers", you will find out this place is just a Republican Capitalist Tool. All they do is publish BS for the republicans and other die-hard capitalists. According to them the IMF is good. India would probably have another story to tell. Concidering they have to export over half their grain to the west because they couldn't make payments on their loan (Tony Soprano anyone?). Well, thats those stupid Indian gov't fucks fault anyway. They'd rather nuke their neighbor than feed their people.
Good idea. We could go back to the way it was before money was invented. I do directory services consulting for a living. I could get paid in pigs, fresh fish, computers and the like. Then all I'd have to do is figure out how to transform the pig I got in Chicago to an airline ticket plus some thing of value that I could both take with me on the plane, and use when I get home to convert into food for my family, to compensate the electric company with, and so forth.
Maybe we could set up exchanges, so that when I'm in Chicago, I could go to the local exchange and give my pig to someone who needs a pig and has an airline ticket and other goods useful to me, or some more complicated transaction that an exchange could facilitate. In any case, the exchange would only have value proportional to the number of people using it and the diversity of goods being exchanged. This system would work better if we could link all of the exchanges together, so that I could give my pig, in Chicago, to someone in New York who has the airline ticket I need and some other goods, and the other goods could go to someone in California in exchange for some goods useful to me to be delivered to my home in Texas. The linking of exchanges would increase the number of users and diversity of goods and services available.
This would be an even more useful idea if we had the ability to assign a value to a good or service, based on how in demand that product or service was, or how much work was used to make it, or how necessary it was to life (fresh water is far more needed than, say, a computer, but it's also more available, and easier to obtain). That way, we wouldn't have to actually move my pig to New York, and wait for the airline ticket and goods to come from New York to Chicago. We could just give our pig to someone in Chicago in exchange for the appropriate units of value, which we could then send (much more simply) to New York. The person in New York could give his airline ticket to the exchange there, and the excess units of value could be kept on account so that he could get something else from the exchange later. Heck, we could even eliminate the entire idea of exchanges, and just pass the units of value back and forth. Oh, damn! I just invented money.
Well, let's try again. Perhaps we could have a moneyless society where all production was given freely to whomever needed it. For example, I could consult on computers for free, but I could also help myself to whatever food, toys, computers, airline tickets, or whatever I needed. There would be plenty for everyone, and everything would be free. Of course, if I could get all of my needs and wants met for free, I could stop working. In fact, retirement is my goal, and this would speed this up very nicely. Of course, then my consulting services wouldn't be available, but that's OK because someone would do it for free, just for the love of it. Certainly, there would be enough people who would generously give of their time cleaning public toilets and such to make it possible for the rest of us to still get our food and toys and such.
Well, OK, I admit that this isn't a good deal because in reality the majority of people are not willing to work if they don't have to, or more than they have to. This can be fixed, though. For example, I could get a work ticket that showed I had worked 10 hours today, and by presenting that ticket to the local food vendor, I could get my food. I could present the ticket to the local computer vendor and get my computer. Of course, it takes a lot more time to make a computer than to, say, clean a house. So we'll have to have some unit of value assigned to each product, based on, say, the amount of time that it takes to make it. A computer could have a value of 100 hours, and cleaning a house could have a value of five hours. Now, to get my computer, I could present 100 hours worth of my directory services consulting tickets. Hmmm...but anyone can clean a house, and not very many people can do directory services consulting. We need a way to add value to the hours of work based on how much effort was put into being able to do those hours of work. Using house cleaning as a base, let's say that it takes 40 hours of education, plus the attendant living costs during that time, for a total of, say, 50 hours, for each hour that it takes to learn to clean a house. In that case, I could buy a computer with two hours of my labor, since it would be two hours with a value of 100 hours of house cleaning (or whatever the base labor task was). Wait a minute, I've invented money again.
Perhaps you could enlighten us on how this would work? I seem to be out of ideas.
-- Two men say they're Jesus. One of them must be wrong. - Dire Straits
Why don't you go do something clever, like spell "MS" with a "$".
Remember that Russians hacked into the M$ network and stole the XP code right? How easy is it to slip in a backdoor and upload?
Further, if someone hacked sourceforge tons of developers would be posting in the forums asking explanation of the changes in the code. You don't think CVS on sourceforge is the only copy do you?
When you think you are secure, it is then that you are vulnerable.
Opensource software vendors can PROVE their software is secure, private sector is simply unwilling to do this.
Exerpt from Netcraft: The site www.adti.net is running Rapidsite/Apa/1.3.20 (Unix) FrontPage/4.0.4.3 mod_ssl/2.8.4 OpenSSL/0.9.6 on IRIX. Those terrorist bastards!
RICERCAR
nt but I got 20 seconds to fill so what the heck...
"In no other country in the world is the love of property keener or more alert than in the United States, and nowhere else does the majority display less inclination toward doctrines which in any way threaten the way property is owned."
Alexis de Tocqueville
In the United States in the 21st century, this is clearly manifested by resistance to a sensible tool like the GPL.
I trust that Slashdot readers will not confuse this "Tocqueville" institution with any level of sophistication or insight. Taken as a whole, their web site declares positions and malformed thought on a whole range of issues. There is a clearly intentional lack of background information on their "scholars".
ADTI's inability to parse basic issues surrounding open source software calls into question their credibility on other issues.
Ken Brown would be well advised to keep this paper away from informed scrutiny. Perhaps he will fine some like-minded light-weight industry types who, finding their desired points parroted with considerable precision, will scurry away to create a dog-pack chorus of agreeing howls.
We are faced with trying to determine if Brown is simply incompetent (distinctly possible, as the piece reads like a high school essay), or deliberately trying to cloud the discussion of a real issue: What is the role of open source software in current and future society?
Most modern software professionals will agree that open source can play a significant and important role in furthering the development of systems. Most would also agree that the GPL, in particular, is highly appropriate to certain kinds of development.
I think the important questions are as follows. Who funds ADTI? Who is Ken Brown, and what is his background? What media exposure is this report likely to generate? What are the most precise rebuttals to this document?
Ofcourse this guy is funded under the table by Gates and his minions.
I googled for Andre Carter of Irimi Corpn whose comments Mr. Kenneth (or whatever frickin name he has) values more than anything else and this is what I found :
One pro-Microsoft observer credited Gates with being precise and helpful. "His testimony has been soaked with real-world examples, [and it shows] he understands the ramifications of how the states [want to affect his business]," said E. Andre Carter, CEO of Irimi, a Washington-based mobile and wireless consultancy, who also works for the pro-Microsoft lobbying group Americans for Technology Leadership.
BINGO!
When idiots like these make money by lying through their teeth, spread FUD and otherwise confuse the idiots who make decisions in the Senate and everywhere else, this industry, this country and the world we live in has such a fucked up future.
Rapid Nirvana
In addition there is nothing to prevent the government or any other agency to negotiate a different licence with the copyright holder (although this may be difficult for collaborative projects.) From the GPL FAQ:
The GNU GPL does not give users permission to attach other licenses to the program. But the copyright holder for a program can release it under several different licenses in parallel. One of them may be the GNU GPL.
For example MySQL is more than happy to sell a non-GPL license for a closed-source application along with the GPL license.
lets take a look at these one by one shal we:
"Another security concern is that the primary distribution channel for GPL open source is the Internet. As opposed to proprietary vendors, open source is freely downloaded. However, software in the public domain could contain a critical problem, a backdoor or worse, a dangerous virus."
Where is the argument here? All i see is 2 statments of fact, followed by an opinionated speculation. Some of the worse viril i have encountered have come on Propietary software. Public domain software can be scrutinized by everyone, where your propietary software would require a court order and and a lot of arm forcing to have a look at. Also there are several cases of propietary software, even some form your beloved Microsoft that have backdoors built into them.
Your pathedic attempt at an argument here has failed miserably and you have now lost credibilility. Failure #1!
Reverse engineering "harbors very close to IP infringement because and has staggering economic implications." [sic] Your cunning use of the logical falicy "pushing the definition" will not work here (read: your jedi mind tricks do not work on us). If you do not know what Reverse Engineering is, then please do not use it in you arguments. It will only serve to make look even more foolish and make you lose even more credibility. Failure #2!
"On a lighter note, while many open source enthusiasts are proponents for copyleft, they insist on trademark protection for their ideas."
Again, where is the argument here? The writter seems to implicate that to insist on tradmarks to protect the credit you deserve for you ideas is counter productive to being proponets to copyleft, but completely fails to achive this implication. Failure #3!
"If a software application representing 5000 hours uses GPL code that reflects only 100 hours, is the GPL fair in its argument that the entire product is GPL? This point is of considerable concern to software companies that value their secrets, design and architecture strategies. Proponents of the GPL argue that each party in the exchange is benefiting equally, but without a means to properly make this evaluation, this position at best is over-assuming."
I smell a red hering. let's seee.. the writter starts off with a hypothedical...and then gives the side of the GPL supporters...and then he jumps to tearing down the GPL supports argument with and assumption of his own! Ack-ha! here is the red-hering. Failure #4!
"The federal government's information systems requirements intersect countless sensitive operations. The limitless potential for holes and back doors in an open source product would require unyielding scrutiny by staff that decided to use it. For example, if the Federal Aviation Agency were to develop an application (derived from open source) which controlled 747 flight patterns, a number of issues easily become national security questions such as: Would it be prudent for the FAA to use software that thousands of unknown programmers have intimate knowledge of for something this critical? Could the FAA take the chance that these unknown programmers have not shared the source code accidentally with the wrong parties? Would the FAA's decision to use software in the public domain invite computer 'hackers' more readily than proprietary products?"
So basically you're affraid that goverment agencies, such as the FAA, are so imcompetent that they cannot design a flight control system that is safe. and thererfore the flight control system needs to be designed by a propietary team which we all know never puts out software with security holes. 6 of one, half dozen of the other here. I'd rather be on a flight that should somethign go wrong, it would be easier to contact any number of 1000's of designers to fix. Failure #5!
Your aguments are weak, and pathedic. You have no credibility. Anything you say fomr here on out will fall on deaf ears. Your haste to condem that which you obviously do not know has casue you to become a failure. sit down untill you have somethign intelligent to say.
If a software application representing 5000 hours uses GPL code that reflects only 100 hours, is the GPL fair in its argument that the entire product is GPL? This sort of comparison just sounds to me like the first of several steps on the path of rationalizing theft of the GPL code. You downplay the size of the theft ("Aw, I could have written that in 100 hours!"), you attack the author ("Those lousy GPL crooks, they are just trying to steal my intellectual property rights!"), you attack the quality of the product ("It doesn't come with support, or snazzy bound manuals."), etc. Then you quietly slip it into your pocket, and hope that nobody notices...
The Comparative Code Chart shows the NASA Space Shuttle Flight Control having less than 2 million lines of code, the Linux Kernel having less than four million, the Solaris version having 8 million and Win XP having around 30 million!!!.
Now lets look at these figures based on what this idiot was talking about :
(1) His primary objective was security. Hence we are led to believe that Win XP having over 30 million lines of code and employing a few thousand testers and programmers, has a more secure code base, than the four million loc Linux kernel which is reviewed by millions of geeks all over the world. Hmm.. so a couple of thousand testers in Redmond were able to do a better job than the millions of open source geeks world over. Vewwyy good!!!
(2) Complexity of the software. Come on, obviously since the NASA program is only 2 million loc, and the XP having over 30 million loc, which is more complex and feature driven ? XP ofcourse. (On a side note, if I were the director for NASA, I would remove XP from all my machines this very day..heck I would be damn paranoid).
And then again If I were Gates, I would buy out this firm, fire this moron and make sure he never gets hired, and make the rest of the chimpanzees who worked there, read Dilbert cartoons for the rest of their lives.
Rapid Nirvana
At least academics have a peer review process, and this as true for the humanities as it is for the sciences. ADTI is raising hackles and jeers from anybody knowledgable about the issues of software licensing and systems security, and yet they are putting out their report and getting press coverage. An academic paper that received that kind of criticism in peer review would never be published in a reputable journal. Or if it were published, it would be published alongside in-depth critiques by acknowledged experts, so that anybody tracking down a reference to the article would also come across its critique. Think tank studies are by comparison an extremely biased form of communication, and one would do well to regard citations of them with suspicion.
I'm not TOO familiar with the GPL... could someone please explain:
Can/would/does the GPL prevent the government from creating their own, proprietary distros and not publishing the code?
What are the rules about sharing the bins w/o sharing the source?
Under the terms of the GPL, what is the definition of an "entity"?
I have yet to see a thorough and definitive post on what is and isn't in the GPL. It's easy to see that the troll who wrote this report has taken an extremist/alarmist view on the subject, but just how far out of context are his/her arguments?
But things like Ken Thompson's compiler hack take it to another level, and would be much more difficult to catch.
I'm not sure where exactly a hack of this level could be inserted into the current environment--gcc, the linux kernel, and glibc are all probably a bit obvious at this point--but how many different programs are there out there that are depended on by lots of other programs to convert from source to a running executable?
Somebody in a below post mentions inserting a hack into an Apache module; I don't think that would be enough. It would have to be something like insert a hack into an Apache library such that, when a certain module was compiled, it was compiled with a door enabled.
Could something like that make it past the many readers out there? If so, in which projects, and how nasty would it be?
I think it could happen, but it would have to be somebody who really had something to prove, and was a Roaring BadAss like Ken Thompson was. Who doesn't think Linux could hack the linux kernel to his own benefit?
Well, unless she's nasty.
C'mon, people, don't let them get you so head-up over a stupid piece of paper written stupidly. Check the site, especially their "touted accomplishments". It's a hard-right group for hire making hay with a good-sounding name and a crappy website. Nobody who knows the industry pays any attention to these morons, it's just red meat for the pro-MS crowd, bought & paid for.
God, how one can look at the painful stupidity of their arguments and not laugh is amazing. It's the most tortured piece of predetermined reasoning I've seen in a while. It's sad, when there are real think tanks that do real thorough work ala Rand Corp, that fly-by-nighters like this can give the industry a bad name so easily.
The only tool you've got against psychosis is experience.
NOBODY takes code directly off of SourceForge and
starts running it on a mission critical system.
MOST big projects using OSS install from a cd.
All the code on the main distributions web sites is
signed.
1.Install from cd or dvd.
2.Download signed patches from your distro web site.
--harden your system according to advice from your
distro.
--
Just because the code is accessible does not mean
an infinite number of holes will be found. If that
were true my inbox would recieve thousands of notices
a day. And I can tell you that I work FAR less than
a windows site of comparable size.
Everyone has posted numerous very good reasons why this white paper is worthless. The question we need to ask is, to whom is this targeted? And how do we counteract it? It's unclear to me whether it's directed at lawmakers, consumers, or the general public. Is it actually supposed to change people's minds, or is it just so policymakers who already are pro-microsoft can point to it as an "objective" study? Or is it just generalized FUD? It seems, though, if someone is paying for it, they have a specific purpose in mind. Any ideas out there?
It's not wasting time, I'm educating myself.
I was surprised to see that Google is currently showing this bogus Microsoft shell of a think tank as the #1 result for the query "Alexis de Toqueville". I am afraid that recent publicity from the Linux news sites may have moved them into this spot. This bogosity is easily fixed.
Those of you who run popular sites should do the following: add links to your more popular pages saying something like
Learn more about <a href="SOME-SITE_HERE">Alexis de Toqueville</a>
As the link target, use one of the more academically respectable Toqueville sites, like www.toqueville.org or the one at the University of Virginia. Remember, the purpose is to allow Google to provide better results to people who want to find out more about Toqueville, and to make this set of imposters less visible.
Statements like these, from the paper, are also pure rethoric:
What it comes down to is that a group of people with a pompous name, a conservative ax to grind, with funding from Microsoft, and with few security-related credentials put out a paper saying that the government shouldn't use open source and linking open source to terrorism in some underhanded way. What a surprise. The conservatives in this country have been using fear of terrorism to push a pro-corporate and anti-democractic agenda since 9/11.
While I'm not necessarily the biggest proponent of the GPL or even much of a believer in many open source principals, there are times when the dumbfuckery surrounding the GPL is just ludicrous.
First, if you don't distribute your code you're not required to release the source code to it but you can use all the GPLed code you want in it. I can hire someone on a contractural basis to write a program using GPLed components and neither of us is required to release the source code for anything if I'm not releasing my program to a third party. Section 2 of the GPL only applies to work you distribute or publish. If I write Jackassnix using GPL code and I never release it I don't have to provide anything to anybody. Thus, if the government contracted a group to modify and write software based on GPL software or including GPL software, the GPL would not supercede any other licensing or distribution rules covering the developed software. The author of the article seems to think your code is relicensed if you use GPL code which is simply retarded.
It is also pretty ridiculous to talk about insecurity when it comes to open source software. It is no better or worse than any other bit of software. Per so many lines of code there will be so many bugs. It doesn't matter how many eyes are looking over the code either. Many levels of government use different contractors and agencies for different tasks. There's no single standard between two government office buildings let alone the entire government body. Using software with a Free license (whatever it may be) would be a good idea in my opinion. Any government body or agency can hire their own contractors and give them the source code from the last contractor. This is arguably more secure than closed source review because the agency in question can has the code they paid for for later. The agency in question can hire other contractors to review and validate or secure the code they've got as well. A city wanting to use Windows XP Server can't exactly hire a security consulting company to review IIS for security holes. If they were using Free code they could. A dollar spent on security can save fifty in damages.
The FAA flight control system example is complete shit. Whatever code was used for the system would be reviewed by both FAA contractors as well as the NTSB. Given the current call for "security" it wouldn't be assanine to think said code might also end up reviewed by the FBI or NSA before it was pushed into mainstream use. Using the FAA as an example is just retarded scaremongering. Why would the FAA use some bit of GPL code written by some 15 year old Danish high school student anyways? Is there some bit of coding magic she did that revolutionized flight control software? As much as I hate the FUD acronym because of its flagrant and retarded use on slashdot, that example is pure FUD tactics.
Hopefully if you're reading this you've read the paper, it is one steaming pile of shit after another. One of the most interesting parts is when the author goes into open source software not having a warranty. Now some contracted code (for medical equipment or flight control systems) is going to be well tested and warrantied, most of the software using by everybody is provided as is. Microsoft and Sun's licenses tell you flat out they aren't responsible if their software pours sugar in your car's gas tank while giving your mother a deep colonic. Even if you used GPL software in a flight control system, it would still have to pass the same scrutiny as privately developed close source software. No one is going to load JumboJet OS onto a 767 they downloaded off fucking SourceForge.
I'm a loner Dottie, a Rebel.
Oh, please let me watch when RMS sees this.
A Quick search on netcraft revealed this info:
Rapidsite/Apa/1.3.20 (Unix) FrontPage/4.0.4.3 mod_ssl/2.8.4 OpenSSL/0.9.6 on IRIX.
Microsoft builds in deliberate gaps and then hopes no one thinks to break through the thin screen covering that gap: in housing design, that'd be called a Window.
So if an exploit results from using a pre-designed gap, as compared to actually breaking through what was supposed to be good security, call it a security window.
But the thrust of the paper is "GPL bad, open-source good," coincidentally Microsoft's position
I guess nobody told them that "open-source" is a superset of "GPL".
Comment removed based on user account deletion
" millions of open source geeks " This sort of statement reminds me of the delusional thoughts of "open source geeks."
.15% then that means there are around 150,000 linux users.
A) If there are 100 million (a stat I heard lately) ppl on the internet. And on the average (according to the logs of the several high volume commercial and government websites the company I work for) percentage of Linux users out there account for
B) Let's fudge the numbers by a magnitude of about 10 and say there are 2 million linux users out there. How many of those are "real" coders(not PHP newbies), let's be nice and say 50% that leaves about 1 million. Of those 1 million how many are using even the latest and most up-to-date stable kernel about 50%. Of the other 50% how many are using an old reliable older kernel 2.2.x, 1.6.x, etc? I'd say 40%. So this leaves 10% or about 100,000 that are using a beta kernel. Of those 100,000 coding/beta-kernel users how many are submitting bugs? 1 out of 20 would be a hopeful number. that is 5,000.
C) 5,000 is not a million.
Just because you and all your freinds are "open source geeks" does not mean there are millions of you.
Was it Logan's run or was it Mars?
I love a BSD/GPL flamewar as much as the next guy, but whatever you may say about either, the licencing differences have NO EFFECT on the security of apps covered by them.
These guys aren't programmers. They aren't developers, hackers, or coders. In a nutshell, they don't know what they're talking about.
Their claims are so ridiculous it's mind boggling. They start out by stating that "Completed (written) software is often locked
by its programmer, hiding the underlying code from its user." Truth is, nothing is locked, sealed or hidden away. It's only been translated.
That they can't even comprehend the basic nature of software taints this entire piece. These guys aren't programmers, and have about as much business commenting on software development as my physician or auto mechanic.
A Government Is a Body of People, Usually Notably Ungoverned
WOW! And here I though computers were electronic! Can't you just picture all of those little binaries, pulling their levers and spinning their wheels inside your PC, making that software do what it needs to do?
Hmmmm.... is your computer a little binary sweatshop?
We are the Music Makers, and We are the Dreamers of Dreams...
The page was generated with Adobe Go Live, and the mission statement is an image or something else difficult to copy, so I had to type it by hand for your enjoyment.
Since 1988, the Alexis de Toqueville Institution has studied the spread and perfection of democracy around the world. I'm not impressed
In this we follow the principles of Toqueville himself...
At the root, perhaps, is a populist belief in the basic goodness, perfectibility, and nobility of mankind and of the human community....
Our principles guide the selection of which issues are critical to the advancement of freedom - but we don't rush to judgment about which means will be most effective in producing it.
I'm afraid that they have rushed to judgment and condemned one of the most important documents protecting freedom of speech today. The GPL is the only document that insures that you will have control of your computer and therefore your publications will not be censored at the source. It does this by insuring that the possesor of GPL code will always have the ability to use, understand, modify and distribute that code as they see fit without reducing the rights of other users to do the same. Code that does not insure this right has all of the security flaws and fears raised in Ken Browns paper as the owner does not know what the machine is doing or have the ability to change it. ADTI completely misses the point and condemn the GPL because they fear it can not be comercialized in the conventional fashion and many other incorrect and confused reasons. This is a shame because there is nothing more important for "democracy" and freedom than the free exchange of information the GPL ultimately protects.
The greatest contradiction is seems to be their main reason for rejecting the GPL as a license worth using: that volunteer efforts can not match commercial ones, and that the GPL community of volunteers is a myth. Well, I'm sitting here with my mythical OS, typing into a mythical text editor, for a mythical browser. All are far better than commercial alternatives. All were developed and rely on tools created by volunteers and others who really do believe in the goodness and freedoms of their users. No one who has respect for his neighbor would ever say that people could not co-operate without a profit motive, but this is what Ken concludes,
What utter hogwash. The GPL enables all to participate in the development of new technology and removes many artificial barriers. The fruit of all the mentioned government programs has been brought to me in a form I can manipulate by Debian. The number of sound scientific programs I now have access to, through GNU compilers, is uncountable. There are few academic publishers who would have it any other way, they exist to teach and promote their various specialties. To top it off, large companies will continue to pour money into the exploitation of these technologies because it is in their best financial interest. So much the better if that means their derivative works will be available to me as well. How can anyone intellectually honest say otherwise, especially while espousing freedom and the goodness of man?
Oh, enough. The more I read of this MicroSoft parrot's garbage, the angrier I get. Especially unkind and untrue is the assertion that RMS is a "fallen hero" viewed as radical. I respect that man more every day. Ken Brown, you are a 1/4 watt bulb.
Friends don't help friends install M$ junk.
The way this is used here, does it like mean white lies?
Is it going to be turned into brown paper with all the shit that in it?
Who else do they do research for so that maybe we can inform their customers of their misdeads?!
People have the right to know the truth.
IS anyone going to write a clear paper on bringing clairity to that paper?
Who is their target that they think the paper will influence ???
This is a horribly naive view. If you REALLY want your code "to be used" then you should be interested in ensuring that it is used in a manner that can be audited. If you just release code into the wild and go hide your head in the sand you really have no clue what people are doing with your code. By making your "good code" free to all with no restrictions, you infact are asking people to use your code and then "mangle it".
The BSDl is not the logical licence for the sort of coder you describe unless that coder is horribly naieve.
BSD Sockets are the perfect example of this. Microsoft took what was essentially a "public domain" implementation and then did their usual "embrace and extend". The end result neither conformed to the established specification, nor was the end product something that one could confidently presume was a instance of some generous coders' "good code".
The license that infact achieves the objectives that you speak of is the Lesser LGPL. Such code can be perpetuated fairly freely and plays nicely with proprietary applications (like Oracle 9i, WordPerfect & Sim City 3000). Also, what gets spread around still remains open to scrutiny. Plus, any "extensions" are required to be shared.
You simply can't audit Embrace-and-Extend-ware to verify that your "perpetuate good code" objectives are actually being met.
A Pirate and a Puritan look the same on a balance sheet.
I must have missed this one... http://slashdot.org/comments.pl?sid=33949&cid=3674 476
...or as is more common: merely keep the source to winsock.dll available and copylefted while the rest of WinDOS remains unmolested.
Few modular software components are actually licenced as GPL. So bringing it up in such contexts is either quite dishonest or simply clueless.
A Pirate and a Puritan look the same on a balance sheet.
I can tell you one group of people this report failed to interview.
Security Experts, specifically encryption mathematicians
Anyone with any knowledge in that field knows that the best way to find out if a system is secure and difficult to break is to release the source code, algorithms, etc. to the general public and let them have at it.
The worst form of security is one that depends on the hope that the opposition can't access your code. For good security, you must assume that the opposition can always access your code, be it through OS, in which case everyone can access your code, or just through Reverse Engineering. While you can hope that R.E. is difficult for them, you can know that if no one else on the planet can break your system, there isn't much of a chance your opponent will either.
Just my thoughts.
~ kjrose
- It was probably pretty cheap (based on the low quality content and diminutive scale of the report)
- It is prime FUD
- FUD works
Microsoft (among others) has learned that a false statement repeated often enough will become indistinguishable from the truth. This is simply another statement proclaiming their alternative truth.
Furthermore this report, aimed at an audience on Capitol Hill, was carefully targeted. It adds to a substantial existing body of anti-GPL and pro-Microsoft propoganda. And it includes keywords (airplanes, security, jobs) intended to evoke emotional -- not logical -- reactions on the part of the intended audience.
The fact that the content is ridiculous is largely irrelevant; Microsoft doesn't care if anyone actually reads it, especially since most of the people in the intended audience scarcely know the first thing about technology to begin with. As long as it's occasionally and casually mentioned in conversations as being against GPL, it will have the intended effect.
Think carefully about the last time well founded logic, clear thinking, or common sense interfered with lawmaking in the areas of technology or security. I'm not holding my breath that this report will suddenly be skeptically and thoughtfully analyzed by the lawmakers whose interests are served by it!
Also keep in mind: the Greeks were wrong; it's not our capacity for logic that makes us different from the other animals. It's our capacity for creative and abstract delusion that makes us different.
My point was even if it were ten linux hackers who were scouring through the new kernel to find bugs, they would be a million times more productive than a thousand testers M$ is able to put behind the XP beta testing effort.
Its not the numbers that matters, but the effort and the knowledge you possess about what you are looking at.
And while you are at it, learn to spell!
Rapid Nirvana
Assume I have two software modules (A and B, why not?). A has GPL code in it. B has private proprietary UberSecretsOfDoom(TM) in it.
If I link the two in the same app, presumably if I'm GPL compliant, A and B must be returned as source to the public domain.
What if, on the other hand, A and B are embedded in seperate skeleton apps that communicate via sockets?
Or via shared files? Or Pipes?
I _assume_ that GPL wouldn't then force revelation of the contents of module B. My assumption is based on the fact that otherwise anyone whose GPL'd product talked to another system via a network (mail clients, nntp clients, web browsers and servers, etc) would then have a sudden need to be public.
Now if I am correct, this imposes design constraints, but it does mean you can design a system with GPL code in it without actually checking the other parts in to public archives. Just park the other proprietary bits out across some IPC channel or network channel, and then you may protect them (as all you exchange is "data").
Anyone care to tell me if this has a flaw in it? And if so, what?
-- Mal: "Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious."
I didn't mean to advocate the BSD there, and I agree that the end result is sometimes the odious embrace-and-extend. But for the times that has happened to the BSD TCP/IP stack, there have been hundreds if not thousands of times it has been reused in other applications, particularly embedded systems. In that context, the other reason for the BSD, the one I forgot earlier, comes out - interoperability. The other motivation I have heard for using the BSD is that you want to promote software interoperability by getting your implementation of a standard into as many different applications as possible. The downside of course is when a vendor with a strong market position just does an embrace-and-extend, which gives the double disrespect of abusing your code and damaging the environment for interoperability.
Anyway, I was trying to highlight the philosophical difference, not the pratical outcomes.
OK, do you have an opinion on what constitutes 'distributing'? This has been bothering me for some time. I have often seen people claim that you can use your GPL-derrivative for internal use without having to distribute source code, but I don't understand the basis of the claim.
For sure you don't have to put the source code up on a public FTP to let anyone have a copy. But don't you still have to make the source available, under the GPL, to anyone you distribute a binary? So there is nothing legally stopping someone inside your organisation demanding the code, then distributing it to the rest of the world. Its not even as if you could fire the guy, as he wouldn't have done anything wrong, just acting within his legal rights under the GPL.
This reads like a recent Canadian Government scandle...it seems like all the esteemed Toqueville Inst. did was re-write some MS FUD, and copy some text off the internet.
I do love the "...Numbers of Line of Code" in the OS chart...WinXP is big and tall, while Linux is short and stubby...gee, do they think that XP gives you a bigger dick? What drugs are these guys smoking?
ttyl
Farrell
CAN-CON 2019 - Ottawa's only book oriented Science Fiction Convention! October 18-20, Sheraton Hotel, Ottawa, Canada h
Remember: Open-Source does not mean FREE software, it doesnt even mean "Libre" software, it just means that you can see the code. That is _ALL_ it means.
When will you nutbags stop propogating this ridiculous fiction. Some of these Slashdot clowns are starting to believe it.
Go read the OSI's Open Source Definition. Then go read the FSF's Free Software Definition. The definitions are of course different, having been written by different people, but the spirit and intent of both definitions are identical: to classify a particular category of software having particular attributes.
Both allow the software to be used, copied, modified, the original distributed, and the deriviatives distributed. To say that Open Source merely means you can see the source code is either a result of your ignorance or your deception. Either get informed or stop lying.
A Government Is a Body of People, Usually Notably Ungoverned
Just have a look on this :n g_winners_hurts.html
:
http://www.adti.net/html_files/technology/punishi
The last paragraph almost says it all
Firms have to play rough to succeed in the today's global marketplace. If we want our industries to dominate the world, we have to abide some brutish business tactics, and we have to let those firms play for the biggest stakes, including market domination. It boils down to this: We would be better off with more companies like Microsoft, not fewer.
Consumer Reports should do a write-up. They are fair, impartial, and do not kiss anyones....um...nether regions. :-P
:-)
As an aside: Look at Consumer Reports - the industries wanted to get rid of them because they told the truth about products. So the industry guys started up Consumer's Digest. Now a lot of people confuse Consumer Digest with Consumer Reports.
Personally, I think Consumer Reports should do a magazine on how many other magazines accurately report news. That would get the industry guys!
This volunteer system works well as an
academic model, but not as a business one. It would be tenuous at best, to expect a volunteer
model to compete with a for-profit model. The underlying premise of capitalism is that
compensation is the best universal tool for motivating individuals to succeed. Full-time
programming teams produce innovations for pay and turn to IP protection to market their
products. However, without an incentive to create commercial software, filings for copyrights
and patents would immediately decline. Thus, it can be expected that innovation would be
adversely impacted if the financial incentives for innovating were affected.
This is not a logical conclusion to an almost correct statement. First of all there are incentives in producing products that if they work well would be invaluable to the consumer (you don't see me writing my own Photoshop, even though I can actually write the algorythms needed to do most of its functionality.)
A decline in patent filing does not mean a decline in innovation, it only means a decline in patent filing.
You can't handle the truth.
!SEINEEWERASREENIGNEEPACSTEN NSA_Key ...
What? You don't think that similar things are already in public software? Someone should start their *OWN* FUD campaign. How do we know that their code can't make us vulnerable to "computer terrorists"?
I politely told them they were being silly before the release, and why, and some of their caveats bear a suspicious similarity to some of my points. I haven't been paid anything for trimming back their embarrassment.
Perhaps Microsoft own Saab? Some Saabs carry a sticker saying `made by trolls in trollhagen'.
Got time? Spend some of it coding or testing
Your use of percentage is troubling. Try using 80h% (out of 256) for example, for half.
So many people have drawn the same conclusion about something I didnt even say in the first place...
..all two or three of you..
aside from that one guy who seems to think that there is only one definition of the term "open"
-- 'The' Lord and Master Bitman On High, Master Of All
I agree. I just took a course in cryptography. Seems you can make a system as secure as your CPU's allow.
Most of the discussion here has been about buggy code. The other issue is knowing which crypto methods are used.
Imagine this: You spy a million bits going from point A to point B. Because of location A and B you suspect a billion $ worth of information is encoded within. How would you start to decode it? Without knowing something about the crypto system you are dead in the water.
However, as you guys know, we have crypto methods wich would take several ages of the universe with all the computing power ever used by man to decrypt.
I regained faith in classical crypto. I learned that the method to use is covering the secret in so much calculation that you wouldn't redeem your cost of breaking the message.
Clever! Usurp Microsoft's product name and associate it with bad things.
If the media can get the entire country using the word 'hacker' incorrectly, surely we can convince people that mistakes in code are 'programming windows' or 'security windows' that leave 'open holes' for attackers.
And the best thing? Windows is already full of them.
Several from here
`Democracy and socialism have nothing in common but one word, equality. But notice the difference: while democracy seeks equality in liberty, socialism seeks equality in restraint and servitude.' Hmmm. So in AdeT's view, restricting Gummint to OSS is socialist, but OSS itself is democratic in nature?
He as a word to Microsft as well: `Nothing is quite so wretchedly corrupt as an aristocracy which has lost its power but kept its wealth and which still has endless leisure to devote to nothing but banal enjoyments. All its great thoughts and passionate energy are things of the past, and nothing but a host of petty, gnawing vices now cling to it like worms to a corpse.' (-:
Got time? Spend some of it coding or testing
..your comments were butt-ugly stupid, dude.
Where is your .sig quote from?
Do you have a link full speech?
* * Always question "the National Interest" - 9 times out of 10 it is a cover for evil
Too late. He died in 1859, got a weejie board? (-:
Google, 0.27 seconds. Slack.
Got time? Spend some of it coding or testing
Purveyors of `hard' science like physics, geology and biology are as prone to opinionitis as anybody.
Whenever someone says `think tank' I always associate it with `drunk tank'. Not sure why, but it works reasonably well in practice. (-:
Got time? Spend some of it coding or testing
Run a Linux or BSD box in bridge mode and it can be an invisible network link, monitoring or altering through traffic and the only external symptom is that it's slightly slower than a piece of wire.
I'm not sure how GPL would help a missile-tracking system, but Open Sourcing certain missile _guidance_ systems in the hope that your enemy adopted them would be a useful cold-war tactic. )-:
When I'm sitting on a large Airbus over many kilometers of thin air, it would cheers me to know that the code flying it had been `randomly' audited in an open source fashion in addition to the normal checks. It wouldn't be accessible to crackers (nobody would be twit enough to put an airliner's control systems anywhere near the internet), but finding a suitable platform to run it up on in your shed might be a hassle.
Got time? Spend some of it coding or testing
I am a computer scientist working for the Department of Defense. I write software that is classified. Does it use pieces of GPL software? Yes. Is it licensed under the GPL? Yes. But guess who it's distributed to? That's right, only people with classified clearance. So, when I give them the binaries, I give them the source code. Since they are the only people who ever get the software, there is no conflict.
I've had the government's lawyers go over this. Hell, I even bugged Stallman a bit and even got a reply. For once and for all, THIS IS LEGAL.
What security do you mean? *snicker*...hahaha. I can't tell you how many viruses I had in my Dos 6/Win 3.1 days. That was just from sneakernet.
Was the PDF taken down for editing or did the huge bandwidth pull from slashdot force them to take it down and let their (servers/ISP/whatever) recuperate?
... about Microsoft in that respect.. Some of these guys know the difference between secure and sealed up and lets say a windows machine. The big box that makes all the noise keeps our shit secure and everything looks cryptic and it has never failed. We call to get it serviced and thats it, "My unit is not gonna switch I don't care what anyone says - Unnamed Major".. "Fuck this goddamn general fault protection shit I need those hummers now.. so get some pencil and paper or a radio or whatever and work on it and whatever this is.. get it the fuck out of here and as soon as you can replace it with something that works do so, we'll deal with the higher ups later -- Unnamed Commander".
Alot of people don't seem to understand that Microsoft has about zero pull with these type of agencies because their goals require stable and secure software. You don't tell your guys in the field they aren't getting food or supplies because of a general protection fault error or someone hacked your shit so no one knows where the rendevous pt is. Now thank god for the NSA and Selinux during my weekends all I have to say is "the NSA is doing it.. it's fucking good enough for them but not us commander? Thats bullshit, I thought we were the last line of defense". That'll get him all riled up maybe might give me sometime to work an Army distro of Linux, or start a project or something.. You know friendly Army/Navy/Marine/Fbi/NSA etcetc compos =)
The only stuff I really see Microsoft Windows used in is like accounting/word processing. It usually works good there though, not much bitching.
Like Microsoft. Open source one day, open protocol (like ODBC), and then the door slammed in your face another day. I never thought I'd be comparing MSFT to a woman.
Damn, I can't win! Mark this -1 for loser. :)
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
As soon as you drop a cruise missle running GPL'ed guidance firmware onto an enemy target, why, then you've "distributed it to them", and owe them the source code.
8-).
Was anybody as surprised as I was to learn that "patents are in public domain" (top of page 8)?
I just had a revelation about the lowest level reason to support Open Source. Open Source truly puts the power with the people... Primarily because if no one owns it, the source code means nothing unless you understand it!!! This gives more incentive for people to increase their skills, and helps take the advantage from companies that accumulate IP, and then make enough money to defend it at all costs through manipulation, propaganda, and expensive lawyers.
As open source gains more acceptance, individual knowledge then truly becomes power, as opposed to power controlling individual knowledge...
When one of those first IIS worms hit (was it Code Red? It said "hacked by the chinese"), windowsupdate.microsoft.com was compromized. Upload a backdoored version of some critical updates, and voila! You've got yourself several thousand backdoored computers for you to further compromise.
Stop the brainwash
1. back doors will be found, if the code is examined by a half competent programmer. Once examined, patches and new releases can be diffed and changes examined for back doors.
2. computers are as secure as the admin is competent. it is very hard to exploit a back door that is on a server that is in a secure network. exposed services, once examined for back doors, are no longer dangerous if configured properly and kept up to date.
3. i am positive that micro$haft and all other proprietary software has back doors. do you trust micro$haft? or oracle for that matter?
i hope not. at least open source/gpl has source you can examine. how many vulnerabilities in proprietary software exist simply because they haven't been found yet?
4. pentagon has already determined that open source is not dangerous. do you believe the pentagon or this guy.
----end rant----
l8,
ac
software != air. Its not like there's all this naturally growing software out there that Microsoft is trying to charge us to access... Jeez.
I read it like this:
information is like air
Information, like air, is all around us. Owned by no one. Free to be gathered and used by anyone who stumbles upon it. Arranging and organizing it does not mean that you own it. And that is what software is: merely a particular arrangement of information.
I don't make the rules. I just make fun of them.
Check Appendix 1 in the document (it's a graphic, so I can't post it here, but it's worth the trip)
my god, if you really though all trolls where insingifigant little shits you were wrong(unfortunately). This seems to be the greatest troll of all time
Yes, if you're fighting for the enemy.
Are you sure they're giving you the binary? Did they give you that nice monitor on your desk, or would you say its still owned by the company?
The Wizard utters the word 'frobnoid!' and cackles gleefully
> Yes, if you're fighting for the enemy.
The point is, who gets to decide if you're fighting for the enemy? Is the mere accusation sufficient for revoking your constitutional rights?
No, the whole point of the constitutional guarantee of a trial by a jury of your peers is to keep the state from arbitrary acts of "justice". The jury acts as a buffer between the state and their accused peer.
Sheesh, evil *and* a jerk. -- Jade
Say what you will about the paper (or I'll say it for you: It's a travesty), the fact remains that some legislators will read it, as will many "thought leaders" who write opeds, talk to legislators otherwise help the sheep decide what to think.
The think tank model -- a 501(c)3 that doesn't lobby directly but creates and sustains a campaign of education and publicity for an issue or issues -- works. And we should be doing more of it ourselves.
Is fighting Da Man in court (ala EFF/FSF) a Good Thing? Absolutely. But this sort of reasoned-looking, scholarly-looking stuff frames the debate in some circles -- and some of those circles have legislative power.
ADTI has been egregious in creating what is pretty obviously a hired-gun paper. But think tanks conduct "directed research" all the time. Some almost-think-tanks (like the U.S. Chamber of Commerce) will even turn their lobbyists loose on behalf of your issue if the donation is high enough.
The point? Yes, this is crap. But yes, we should be doing a non-crap version of it.
Red Hat, the folks behind UnitedLinux and IBM (which, according to a recent Smart Money article, is the player most likely to make a killing from Linux) should be approached by a start-up think tank devoted to studying the benefits of open-source software.
My guess: Given the right board, the right leadership and the right start-up plan, you'd get the attention of the Big Boys.
Would it be a $2 million/year think tank? No. But if you're smart about picking your fights and picking your publicity points, you could run the whole thing on $200k a year or less -- and take steps to beat these clowns at their own game.
{former ThinkTankGuy mode: off}
"It was a summer's tale: Just a boy, his Linux, and a head full of dreams..."
So buy a CD from the FSF or Redhat or whoever.
There are reasons why democracy does not work nearly as well as capitalism.
-- David D. Friedman
Are you sure they're giving you the binary? Did they give you that nice monitor on your desk, or would you say its still owned by the company?
Precisely. Well put. If I wasn't posted here I would mod that up.
Howard Dean for president
I have nothing useful to contribute to this discussion
Today's Sesame Street was brought to you by the number e.
thorough work ala Rand Corp
That's "à la", you illiterate.
You thought you read 319 million. I checked it, it reads 319,000
"Communism is like having one [local] phone company " - Lenny Bruce
That's why you have tripwire servers and MD5 checksums...to assure that the files being downloaded are true to the original source or binary of the authors. When you conbine the aforementioned with PGP signatures...the likelihood of getting a large mass of trojaned software is remote.
Always value the individual over the system. --Bruce Lee "I don't need a Sig - I have a custom 191" - me