Slashdot Mirror
ADTI Whitepaper Released
"Another security concern is that the primary distribution channel for GPL open source is the Internet. As opposed to proprietary vendors, open source is freely downloaded. However, software in the public domain could contain a critical problem, a backdoor or worse, a dangerous virus."
Reverse engineering "harbors very close to IP infringement because and has staggering economic implications." [sic]
"On a lighter note, while many open source enthusiasts are proponents for copyleft, they insist on trademark protection for their ideas."
"If a software application representing 5000 hours uses GPL code that reflects only 100 hours, is the GPL fair in its argument that the entire product is GPL? This point is of considerable concern to software companies that value their secrets, design and architecture strategies. Proponents of the GPL argue that each party in the exchange is benefiting equally, but without a means to properly make this evaluation, this position at best is over-assuming."
"The federal government's information systems requirements intersect countless sensitive operations. The limitless potential for holes and back doors in an open source product would require unyielding scrutiny by staff that decided to use it. For example, if the Federal Aviation Agency were to develop an application (derived from open source) which controlled 747 flight patterns, a number of issues easily become national security questions such as: Would it be prudent for the FAA to use software that thousands of unknown programmers have intimate knowledge of for something this critical? Could the FAA take the chance that these unknown programmers have not shared the source code accidentally with the wrong parties? Would the FAA's decision to use software in the public domain invite computer 'hackers' more readily than proprietary products?"
Wow, these guys have figured out the PERFECT career:
they get paid to troll!
Man, I gotta hook myself up with a gig like this...
The Free desktop that Just Works
here is my mirror of the "old" report, safely out of the reach of the DMCIA...
A valid concern.
But is it more or less risky in comparison to using closed source software?
I can't be the only one saddened to see the name of Alexis de Toqueville besmirched by being associated with a think tank for hire.
His insights into America of the early 19th century were profound.
Meanwhile, the points of this paper, besides being wide of the mark in assessing the truth, are not even particularly original - other fear mongers have trotted out the same vague bogeymen prior to the publication of this report. And those objections to open source have no more basis in fact now than they did when they were originally brought out.
"Provided by the management for your protection."
"If a software application representing 5000 hours uses GPL code that reflects only 100 hours, is the GPL fair in its argument that the entire product is GPL? This point is of considerable concern to software companies that value their secrets, design and architecture strategies. Proponents of the GPL argue that each party in the exchange is benefiting equally, but without a means to properly make this evaluation, this position at best is over-assuming."
If you don't want your app to be GPL, and you've already spent 5000 hours coding it, might as well spend another 100 writing that piece instead of cutting and pasting.
Goodness, this thing is full of gramatical errors. (Grammar may be optional here, but these people are lobbying the Feds). Any of my teachers in High School would have sent this paper back if it had been submitted to them:
"harbors very close to IP infringement"
"are proponents for copyleft"
"code that reflects only 100 hours"
"knowledge of for something this critical"
Blech...
"Well it's not Victory - but then it's not Death either."
It is true that open source applications, being openly available on the internet and distributed in the same manner, are susceptible to backdooring and trojaning. Just look at IRSSI or FragRoute.
This risk factor is somewhat mitigated in commercial software, where the distribution is typically through CDs and other trusted media. Of course, someone can still somehow compromise a software developer's network, but it isn't exactly hanging out a sign saying "I'm the source code, hack me!" like the open source projects.
Just imagine, for a minute, how devastating it would be if Sourceforge was hacked and malicious code was inserted into a ton of the projects without anyone noticing for long enough that it could cause real damage? The danger is clear.
"I don't know that atheists should be considered citizens, nor should they be considered patriots." - George Bush
Yeah, there's nothing like the good ol' security through obscurity. Thank God no one knows how does the software controling 747 flight works, so now I can fly safely.
Krótko: kady Erotomek
W pimiennictwie ma swój domek.
They attempt to draw a dividing line in a community. They do this by trying to stress "differences". They list these differences with the claim that it makes software more secure, BAH!
They also ignore the aspect of the GPL that says you can keep your secret changes if you don't distribute the software outside of your organization. Where is the security leak now?
The difference between "GNU FREE" and "BSD FREE" is that the people in BSD are willing to sacrifice themselves (no reward), whereas the GNU people are willing to take up arms (we reward you, but you must reward us in return, if you use our stuff).
The comminuty is more alike that it is different. Don't let these types of papers and publicity screw that up.
Sauce for the goose is sauce for the gander; anyone can put a backdoor into an OSS program, but anyone can also see it. With closed source, you're trusting that the vendor won't put one in. Of course, now you're assuming that (1) the vendor has no malicious intent and (2) that they keep their code completely safe. Of course, that could never happen...
There is a big distinction between the GPL and the BSD-style licenses. The GPL is all about making sure that people who use GPL licensed code release their new code under the GPL too. The intention is to create more GPLed code. The BSD license is about propogating quality code. The idea is that if you think your code is a good implementation of something, you release it under the BSD, which allows anyone to use it in their own applications without being restricted in how they license their own code at all. A BSD coder doesn't care what use their code is put to or who profits from it, they just want it to be used. That's a pretty big difference :-)
One day, a group of daring young renegades discovered that there were other ways to get air, just by moving some rocks that blocked openings to the outside. And they offered their air free. At first people were hesitant to use Free Air, thinking something must be wrong with it since it was free. Initially Microshaft ignored the renegades, dismissing them as a fringe movement and minor nuisance. But eventually Microshaft saw them as a threat. They started a major marketing campaign to convince people that the Free Air was bad for their health. But people found that they actually felt better and healthier breathing the free, fresh air. Microshaft added more and more features to their air, perfuming it and coloring it with smoke to give it "added value". Many people started to dislike Microshaft's heavy, bloated air that was hard to breath and began flocking in droves to the sources of Free Air.
About this time, after some years of hard volunteer work, Open Air developers finally increased the size of a Free Air portal so that a person could actually squeeze through to the outside. The first brave individuals who ventured through it discovered that not only was there an unlimited supply of air in the outside world, there was no way you could harness and control its supply.
Alarmed, Microshaft sought to have the government declare Free Air illegal since it threatened their business model, which they had developed and rightfully earned through many years of hard work. They called the use of Free Air "theft" and claimed that the "viral" nature of the Public Breathing License advocated by many Open Air rebels would threaten the livelihood of Microshaft's suppliers and distributors. Indeed, the whole economy of the cave would collapse, they said. Laws were quickly passed and the portals of Free Air were sealed off.
A charitable organization called the Business Air Alliance was formed to help protect businesses against the threat of Free Air portals. By proving that it was theoretically possible to fund terrorist organizations with the money saved by breathing Free Air, the BAA successfully lobbied to strengthen the laws so that any attempt to make an opening to the outside became punishable by death. Possession of shovels and picks became a criminal offense, and the BAA performed random audits to help citizens comply with the law. For their protection, everyone was required to wear an Air Rights Management security device, which would send an alarm to the authorities if it didn't detect a secret mix of fumes found only in Microshaft air.
As time passed, Microshaft and the government became indistinguishable. To prevent future uprisings, a new feature was added to the air to keep the people sedated happily ever after.
by its programmer, hiding the underlying code from its user. Software can only be modified in
its "unlocked" state when source code is viewable.
This is the assumption that is the flaw in the entire argument. While having the source code makes it easier in some ways to find exploits, it of course makes it easier to find them earlier and fix them. Whereas in a closed source implementation it's more likely that there are unidentified flaws in the software because there are fewer eyes willing to parse through assembly listings. But if a 'terrorist' is dedicated enough to do that, they're more likely to find such flaws.
The GPL is one of the most uniquely restrictive product
agreements in the technology industry.
Interesting. I never thought of it that way when I can use a program for whatever purpose I want, make modifications to that program, and distribute either the original or my modified version of that program. Maybe I'm just weird like that...
By the early 90's, open source enthusiasts began to view Stallman as an extremist and fanatic. The rise in the popularity of Linus Torvalds and the Linux
open source operating system began to create new supporters. Ironically, Linux supporters
became the biggest proponents of the GPL. Although Stallman is a fallen hero in the open
source world, most open source products today are distributed under the GPL license.
While I'm not the biggest RMS fan, uhh, I can't just let that statement go. For once, I agree that not calling it GNU/Linux really misleads readers in this case. Without the GNU tools, Linux wouldn't have a leg to stand on. It's tough to dismiss RMS's importance here (but the author manages somehow..)
The article goes on (and on and on), but I think it's fair to say that this is a fairly one-sided view of the GPL that looks like it was written by MS and Kenneth Brown just signed his name to it. Nothing here, just the usual FUD.
Many of the headlines are quite revealing about their intentions. Many are about the importance of MCSE:
- Inc. 500 Shops Value Certification Most (MCSE vs college degrees)
- Familiarity Breeds Respect
- Technology Trends: Program Provides Information For New Age
- The Impact of Technology Training Programs Case Study: MCSE Training
And then there are numerous anti-trust criticism articles:"Recruiters tend to hire MCSEs just as often, if not more so, than those with a four-year college degree."
"Eighty-seven percent of human resource managers surveyed believed that MCSE's are equally or more successful than college students."
- Break up Microsoft? Rest of world pooh-poohs the notion
- Press Release: Japan, Switzerland, and the EU do NOT insist on breakup of Microsoft, unlike the U.S.
- Fine Microsoft, use funds for new competition (anti-breakup)
- Fine Microsoft and use funds to catalize new competition (anti-breakup)
- Break-up Remedy for Microsoft Not Supported by Key Democrats
- Technology and The Congressional Black Caucus (Microsoft anti-trust)
- Breaking Windows Over Antitrust Dogma
- Pause the Microsoft Case and Examine U.S. Anti-trust Policy
- Punishing Winners Hurts the Marketplace
- Suit Threatens U.S. Computer Dominance
- Taking a Byte Out of Microsoft
Etc. Also lots of articles about the precious intellectual property rights, although not specifically in relation to Microsoft.Make your own conclusions freely.
For example, if the Federal Aviation Agency were to develop an application (derived from open source) which controlled 747 flight patterns, a number of issues easily become national security questions...
FAA controlling the flight patterns of any aircraft is absolute nonsense! First, every pilot in the system would block it before it ever got past the talking stage, second it is just ignorant.
Maybe software to control the traffic flow? Sorry, that deflates this FUD too, since it would not apply to just one airframe and the author assumes that the people operating the aircraft are just going to let that happen too.
Maybe if he said some more nonsense about FAA requiring all 747s to have this software? Nope, that is the NTSB and the manufacturers, the latter would be marching on the Congress like you never seen before!
Humm, here is a more believeable thing to scare people with "what if all automated traffic light systems had to run Open Source, could you imagine the national security issue of flashing red lights all over the heartland"?
Eve Fairbanks says I drive a hybrid!LOL
This paper was prepared as part of The MITRE Corporation?s FY00 Mission-Oriented Investigation and Experimentation (MOIE) research project "Open Source Software in Military Systems.. This paper analyzes the business case of open source software. It is intended to help Program Managers evaluate whether open source software and development methodologies are applicable to their technology programs. In the Executive Summary, the paper explains open source, describes its significance, compares open source to traditional commercial off-the-shelf (COTS) products, presents the military business case, shows the applicability of Linux to the military business case, analyzes the use of Linux, discusses anomalies, and provides considerations for military Program Managers. The paper also provides a history of Unix and Linux, presents a business case model, and analyzes the commercial business case of Linux.
Here
> Where are the "think tanks" that actually have people who can think critically?
Think tanks only need to think critically enough to fool their intended audience.
And this is for consumption by businessmen, legislators, and bureaucrats, so...
Sheesh, evil *and* a jerk. -- Jade
The issue of whether source code is as-the-author-intended is an old one, and is very well catered for by signing the .bz2 or .gz archive with the authors GPG/PGP key.
.rpm's that are downloaded can be optionally (by default they are) checked against the GPG key - this prevents anyone from inserting their own version of /bin/login into the system... I'm assuming the machines doing the signing aren't the machines doing the delivery, but that would be an elementary mistake to make on Redhat's part...
If you subscribe to Redhat Network, all the
In short - this is not an issue.
Simon
Physicists get Hadrons!
Remember the difference between the BSD-style and GPL-style freedoms are very important to MS. MS says BSD-licensed open code is good. Since MS can use it without contributing back, this is the kind of "free" that MS likes.
MS also says GPL-licensed open code is bad. Since MS can't use it without contributing back, it can only be used by MS's free-software competitors, thus MS strongly dislikes this kind of "free".
Now back to this study. Can anyone find the basic message surprising? "BSD code is benign, GPL is threatening". Microsoft-funded study, Microsoft-approved results.
As a side note, if MS didn't make this distinction and got everyone upset about using *any* free/open code, everyone would *also* have to stop using MS software. Remember, significant portions of their OS are built upon BSD-licensed code.
I have a hard time taking anyone seriously who could write that.
Trademarks protect product labeling. Patents protect ideas.
Unlike patents and copyrights, trademarks are there to protect consumers. If I go to the store and want to buy Kraft mac and cheese, I don't want to have someone labeling some other brand as Kraft. If it says RedHat, it should be from RedHat.
The idea behind open source and trademarks are to help the end user. I don't see how they are incompatable.
'SBEMAIL!' is better than a goat!!
Study is just a hack piece I am afraid.
Even Allchin (under oath no less) testified that the GPL was one of the reasons that Microsoft did not include a SUN compliant JVM with XP.
What GPL has to do with a JVM from SUN is beyond me. But, that is the lie that Allchin put out to fool the court. And, the GPL was not even an issue in the trial.
I think Microsoft is just spending any money it can on bad mouthing the ideas it does not like. It does not matter if it is true or even relevant.
Besides, some bureaucrats only need a fake excuse anyway.
This fake study is just like the one a few weeks back bad mouthing linux on mainframes. It does not make any sense except the Microsoft salesman will be sure to refer to it during their sales pitches. After all, customers are assumed to be pretty stupid by Microsoft.
NexuSys - Linux support by the best
The FAA has incredibly strict requirements for software critical to keeping a plane in the air. Open Source or not, every single line must be proven to do exactly what it needs to, and the entire system must be deterministic (meet real-time requirements, such as knowing the maximum latency for interrupt processing). The FAA itself should be giving these jokers an earful - this is pure FUD.
Of course any normal person would be utterly humiliated to have their name associated with this piece of nonsense. Perhaps that's why it has been pulled? I'd be interested if Microsoft really did pay for it. If so, I think they should feel a little cheated. The standard of FUD required in 2002 is far higher than this. Even the mainstream press are going to tear this crap to pieces.
Reality is defined by the maddest person in the room
I love the quote on backdoors and viruses. Windows systems don't have their source code publically available, and yet that doesn't seem to stop the creation of backdoor programs and viruses.
I like how they insinuate that people would just download some code from the Internet, and then immediately put that into a production air traffic control system. Talk about a straw man argument.
Someone needs to explain to this think-tank (or senseless-opinion-tank) that people can do these things called code reviews. Ya see, if I download a new version of this mail client (for example), I can look at the differences between the current source and the last version I checked. Not only could I spot back doors, but I'd likely find some bugs too.
These guys that develop safety-critical systems (like air traffic control) are real sticklers for inspections, documentation, etc. I bet most of them would be glad for more independant reviews of the code they depend on, rather than just hoping Windows doesn't have bugs in it.
As for me, my requirements aren't as critical. When I downloaded OpenOffice from some mirror in Timbuktoo, all I did was check the MD5 sum. The five seconds that took assured me that at least no third-party inserted viruses or back doors in the program.
They play it as if it is, but by saying open-source good, GPL bad, they are clearly desperately attempting to keep the sea full of fish for MS when it needs a chunk of [stable and useful] code here and there for their projects. They hate the GPL cause theres no way they'll GPL the whole damn OS .. so this attack is specifically targetted at the GPL, with purely financial intentions in mind. The security angle is clearly just a way of getting people to read it, and to associate GPL with 'problems'. I'd imagine most decision-makers won't have to remember what those 'problems' are (much less understand them), but so long as they walk away going, 'open source good' (so MS can borrow at will, remember how much they like BSD license), 'GPL bad', they've done their job.
.. fortunately for them, in this day and age of specialization and legal and technological complexity, thats 99.9999% of the population on any particular issue.
.. "well, open source is fine, so long as we can keep the parts actually keeping the system secure obscured behind closed source?"
Ironic, huh? MS has the power and might to take and use, and they dont perceive having to apply the same standards as their code-base contributors (ie, the borrowed code) to their own product. It's flat out hypocracy to anyone with half a clue
Fuck 'em and their shareholders.
I assume by decrying the GPL for security, their lame argument is
So then why is open-source good? Seems to me that security is 80% of the benifit of open source. I guess MS's story is, 100% of the benifit of open source is 'borrowing' code, and 0% is security. Not surprising, but still infuriating.
"Old man yells at systemd"
The open source debate is about keeping secrets. Completed (written) software is often locked by its programmer, hiding the underlying code from its user.
Not so sure about this... I think we've all met programmers whose binaries were more readable than their source.
;)
I wonder if there's any "argument" in this ADTI diatribe Villanueva hasn't answered already in the letter you mention. If there is, I can't wait for Our Man In The Andes' response.
NIH syndrome is more prevalent than people blatantly ripping off open source code or commiting 'acts of IP theft'. I think moreso than people give it credit for.
Even Mandrake rewrote their installer to "differentiate" between Red Hat. Redhat doesn't include fontdrake, or any of their competitor GPL tools. It seems alot more like a bazaar of cathedrals to use the analogy.
If I write the ultimate Linux app, what are the chances that someone is going to 'steal my IP', or even if it is GPL, contribute back? Look at the ton of duplicate GPL programs.
If I were a programmer I think I'd GPL my software so people can look at the code and contribute patches - chances are some other OSS programmer is going to not like the language it was written in, which widget set I used, or whatever, and just rewrite it to suit their needs.
I have no numbers to back this up, just seems that most programmers and/or companies prefer to write their own software, regardless of reusable code or license.
Wish I had kept my old sig...
"Don't like the 'viral' nature of the GPL? Try this: WRITE YOUR OWN CODE"
If a business doesn't want to give away their code, they shouldn't weave in GPL source to begin with. If they do so, it's their OWN damn fault, not the GPL's.
Secondly, I still fail to see how this has anything to do with security. Open source is open source - whether released BSD/MIT style or GPL, it's STILL "open to hackers", which I thought was the point of the whole "risk" of Open Source security in the first place.
The Free desktop that Just Works
If we blindly take the assumptions of this article then only some DoD funded Unix should be used for Mission/Life critical systems.
Beware of the words "think tank." The closest you are going to get to unbiased thinking is from academia, not think tanks.
Can I bum a sig?
The solution then is to not include any GPL code in your security-critical application, not to denigrate the GPL. Look, if they went with a closed source OS and wanted to write the same application in-house and didn't want to include any GPL'd code this wouldn't even get airtime. They'd just write the stinkin' code - ALL of it (or they'd steal some good GPL'd stuff and just not tell anybody - no, nobody'd do that). What's the difference? If I don't want to share my 50bajillion lines of IP then I can probably figure out a non-GPL'd alternative to those 100 lines of code that I'm missing - including nabbing some BSD nuggets. Just because part of my solution is open source doesn't mean it all has to be.
--
As a matter of fact, I am a lawyer. But I play an actor on TV.
since you have to publish any changes you might make to the original software.
That is incorrect. You are allowed to take a GPL'ed program, modify it to your hearts' content, and never release a single line of source code to anyone. Only if you then *distribute* the code to anyone else do you have to offer up the code. You have the right to not share. But, if you do share, you have to share completley.
--You will rephrase your request for me to go to hell. Goto statements are not acceptable programming constructs
The GPL is one of the most uniquely restrictive product agreements in the technology industry.
And, Yes, they have clicked ok to proprietary licenses much more restrictive than the GPL. These lines appear within their PDF file:
This simple fact can be easily verified with a command such as "stringsold_opensource_whitepaper.pdf| grep^/"
PJRC: Electronic Projects, 8051 Microcontroller Tools
> But I believe in this case, the group is advocating commercial code that comes with the source.
.. then it should be closed.'
/. arguments on whether OS is more or less secure than CS, so we dont need to go into that. But really, they like it when companies can borrow source (heaven forbid they have to actually hire as many skilled programmers as it takes to build any given application .. I mean, they have execs and marketers to pay, doncha know!) .. but hate it when they have to give that source back.
.. its just the thought of holding the quality of their software accountable to a community that scares the shit out of them. Anyone following what the multinationals have been doing for the last 20 years in order to divest themselves from ALL possible negative public reaction understands this position. Just like Nike no longer technically employs their sweatshop workers (they're contracted, so the accountability is divested from Nike to their contractors), companies want to be able to take 'tried and true' code, use it, not have to hold their use of the code (and the rest of their code) accountable to the community, and PLUS they get the benifit of passing the buck to the open-source author should problems be found! (Since in a closed source product, nobody can proove it _wasnt_ the open source chunk that caused the problems or indroduced the security hole or whatever.)
No, they ad advocating that open source is good, because commercial companies can use it to cut costs (and profit on the backs of others' work), but that those companies should not have to repay the community for reasons of security.
It really should read 'borrowable open-source good, except when the source code is mine
We all know the usual
I've been watching the commercial world come to the realization that open-source isn't what they should be scared of (MS has borrowed BSD'd code many a time)
It's the usual power mongering, and desire to not be held accountable for any of it.
"Old man yells at systemd"
"If a software application representing 5000 hours uses GPL code that reflects only 100 hours, is the GPL fair in its argument that the entire product is GPL? "
first of all, if the 100 hours is GPLd, then the GPL isn't 'arguing' anything -- the rest *is* GPLd, according to the GPL. using the verb 'argue' here is like saying that my rental agreement 'puts forth the assertion' that i have to pay my landlord every month. it's not appropriate, because there's nothing to argue, no ambiguity. the GPL is very clear here.
second, if GPL'd software is, as the statement is clearly implying, a negligible part of the final product, what's the big deal with spending the other 100 hours to build that part yourself? no one's making you use that 100 hours worth of software.
and imagine how stupid that argument sounds when phrased this way: "i just built a huge program that only makes use of [some copyrighted product] in passing -- why should i have to conform to that company's contract terms in order to use it?" would anyone argue that degree of use is going to make any difference at all here? and if you don't like corporate-bashing, consider this example -- "sure, i stole $100 from you, but i put it towards this car that cost $5000, so why should I owe you anything at all?"
this is a stupid point. if you don't want to use GPLd code, don't, and if you do, understand the terms.
god is just pretend.
There is a big distinction between the GPL and the BSD-style licenses. The GPL is all about making sure that people who use GPL licensed code release their new code under the GPL too.
.gov could pick up a bunch of GPL code, hire some hakers (or use the NSA) to brew their own system and simply make the decision not to share the code. That's nice and legal. They'd simply make distribution a matter of national security.
Except that using GPL code doesn't compel you to "release" anything. It only means that if you elect to share your code with another party, you do so under the terms of the GPL.
The
The only security issue with the GPL is the security of companies who derive revenue from selling proprietary code.
Howard Dean for president
Following the old Usenet tradition that every spelling and grammar flame must contain at least one spelling or grammar error, you meant "its." There's no apostrophe. See Bob The Angry Flower for details.
Their main points are that GPL is flawed due to requiring anything which uses GPLd code [no matter how little] to be licensed under the GPL; and, that most GPL projects encourage many unvarifiable developers to take part in the project, resulting in potential malicious code being inserted without anyone else taking notice.
Please, take a moment and read the GPL. Then come back and ask people questions about it. (I believe there was an Ask Slashdot about it awhile ago...)
Using GPL'd code does not mean you have to automatically release all of your code. First off, the GPL cannot override other more restrictive licenses. If you don't have the right to GPL the code that you've included then you can't release it, you have to remove the GPL'd code instead. Second, the GPL's release/publish conditions are only invoked if you release/publish your code. This is a very important distinction. If you develop something "in house" for your company's use, then you don't have to release the resulting code. If you don't distribute it then you don't have to publish it.
As far as "malicious code" goes, look at all of the "easter eggs" and "bugs" in current "professional" code. How much overall code review do you think goes on when an entire flight simulator gets packed into a spreadsheet application? (You may have noticed how a Service Release deactivated it.)
In the Open Source world, if you doubt some code then you can simply audit it. Good luck if you think there's some backdoor lurking in the latest MS code. (Look at MS's WMP EULA that gives them permission to force downloads on your box in the name of "DRM".)
There's a reason that people use the cover of darkness to perform questionable/malicious acts. Having the source code for full review and scrutiny is the best way to shine a bright light into all corners.
--- I wish I could hear the soundtrack to my life. That way I'd know when to duck.
On a lighter note, while many open source advocates atre proponents for copyleft, they insist on trademark protection for their ideas.
...by posting notices in publications and websites that their trademarks are protected. For example, the notice on the OSI website reads, "... To identify your software distribution as OSI Certified, you must attach one of the following two notices..." The same is true for a number of prominent open source firms including VA Linux.
You bet they do, or else commercial interests would steal their work and profit from it, without due compensation to the creator.
I hear the Red Cross and Salvation Army have trademarks as well, which they zealously protect, even though they are in the business of giving stuff away to those in need.
The Free Software Foundation, the Open Source Initiative and a number of other organized GPL enthusiasts protect their "marks"...
Putting the word "marks" in quotes in this context seems to imply that not-for-profit trademark holders are not holding "real" trademarks, and therefore the author of the paper feels entitled to sneer at them.
This is the most damning section of the entire document, im my opinion. The author betrays his contempt for the fact that open source advocates utilize the copyright system as it was intended: to control the distribution of their works. What burns this author the most however, is that he knows they are correct and the GPL succeeds at its aims, which is preventing GPL code from being hijacked by proprietary, closed source projects. This makes him very angry, and he can barely conceal it in this paragraph.
While each of these firms would insist that they are not against copyright protection, invoking the protections argues that they are against people copying their marketing documents and symbols.
He left out the crucial phrase at the end of the sentence: "without authorization." This guy is really burned that the GPL is successful. And it seems clear to me now that "this guy" is the Microsoft FUD^WMarketing department. Their past FUD releases on this topic have been infamous for conflating trademark and copyright, as well as copyright and copy-prevention.
Now I gotta go take a walk, because I am worked up. But man, this is the most blatant and desperate FUD I have read in a long, long time.
Edith Keeler Must Die
According to the BLS Computer and Mathematical Occupations employ 2,932,810 total employment. Of those 374k are employeed in the development or the customization of applications.
And your point, Mr. Brown, is exactly what?
First point: Today I mistakenly started up IE's infamous "Windows Update" feature for the Win2K installation on the SunPCI card in my Ultra 10. The first "update" it wanted to install was the MS "Automatic Updater" so that Microsoft could cram changes to my system software down my throat whenever they chose to. Mr. Gates does not own my hardware, the State of Texas does. Given Microsoft's track record in the security area, please explain to me the exact difference between this "feature" and a "back door or worse, a dangerous virus"?
Second point: Microsoft's "Windows update" service is ONLY available over the internet and is usually the ONLY source for critical security fixes and other patches for Microsoft products. Please tell me exactly how that differs from the normal distribution channel for GPL software.
Reverse engineering "harbors very close to IP infringement because and has staggering economic implications."
Please show me your bar number before you start rendering legal opinions, Mr. Brown. The only class of Intellectual Property that is infringed by reverse engineering is patents. Specifically, so-called "clean room" reverse engineering of copyrighted works has been repeatedly blessed by the courts as an exercise of the fair-use doctrine.
"On a lighter note, while many open source enthusiasts are proponents for copyleft, they insist on trademark protection for their ideas."
Mr. Brown, this "lighter note" comment of yours is little more than a cheap shot that openly displays your lack of understanding of the subject matter on which you write.
"Open source enthusiasts" not only avail themselves of trademark protection, they also assert and defend their rights as copyright holders. This in no way conflicts with their advocacy of the principle of copyleft. What it DOES do is give them the power to enforce the particular license (GPL, LGPL BSD, or other) under which they choose to release their software.
"If a software application representing 5000 hours uses GPL code that reflects only 100 hours, is the GPL fair in its argument that the entire product is GPL? This point is of considerable concern to software companies that value their secrets, design and architecture strategies. Proponents of the GPL argue that each party in the exchange is benefiting equally, but without a means to properly make this evaluation, this position at best is over-assuming."
Answering your questions in order:
Yes, if it's my GPL code, it most certainly IS fair. If Microsoft, Adobe, Symantec or whoever, wants to license my code for use in their proprietary product, I will be HAPPY to negotiate a special *non-exclusive* license with them for a SUBSTANTIAL fee. HOWEVER, if their objective is to take my code without payment and claim it as their own they had better be ready for MAJOR litigation.
"The federal government's information systems requirements intersect countless sensitive operations. The limitless potential for holes and back doors in an open source product would require unyielding scrutiny by staff that decided to use it. For example, if the Federal Aviation Agency were to develop an application (derived from open source) which controlled 747 flight patterns, a number of issues easily become national security questions such as:
They already do. The FAA's Air Traffic Control Database uses Oracle 9i Real Application Clusters running on Dell PowerEdge servers and (surprise!) Red Hat Linux.
Apparently the FAA thinks it's a better gamble than hoping that no one with an old copy of debug.exe will find a buffer overflow in Windows 2000 Advanced Server.
Again, you clearly demonstrate your lack of knowledge in this field, Mr. Brown. GPL software is NOT public domain. It is private property released for public use under license. It is no more public domain software than Windows XP. And
However, a more cogent inquiry would be "If the FAA's Air Traffic Control System is exposed to access from the public internet, shouldn't we fire all the boneheaded bureaucrats that decided it SHOULD be?"
Most of the
Mr. Brown, your white paper exhibits a failure of understanding of your subject that I find very disappointing in one who would call his operation a "think-tank". You entitle your publication "Opening the Open-Source Debate,"
utter rubbish
Ofcourse this guy is funded under the table by Gates and his minions.
I googled for Andre Carter of Irimi Corpn whose comments Mr. Kenneth (or whatever frickin name he has) values more than anything else and this is what I found :
One pro-Microsoft observer credited Gates with being precise and helpful. "His testimony has been soaked with real-world examples, [and it shows] he understands the ramifications of how the states [want to affect his business]," said E. Andre Carter, CEO of Irimi, a Washington-based mobile and wireless consultancy, who also works for the pro-Microsoft lobbying group Americans for Technology Leadership.
BINGO!
When idiots like these make money by lying through their teeth, spread FUD and otherwise confuse the idiots who make decisions in the Senate and everywhere else, this industry, this country and the world we live in has such a fucked up future.
Rapid Nirvana
Unfortunately, his countrymen didn't learn very well from his writings, as France has been through at least 7 forms of government since their revolution.
For more info, see his book: Democracy in America
The page was generated with Adobe Go Live, and the mission statement is an image or something else difficult to copy, so I had to type it by hand for your enjoyment.
Since 1988, the Alexis de Toqueville Institution has studied the spread and perfection of democracy around the world. I'm not impressed
In this we follow the principles of Toqueville himself...
At the root, perhaps, is a populist belief in the basic goodness, perfectibility, and nobility of mankind and of the human community....
Our principles guide the selection of which issues are critical to the advancement of freedom - but we don't rush to judgment about which means will be most effective in producing it.
I'm afraid that they have rushed to judgment and condemned one of the most important documents protecting freedom of speech today. The GPL is the only document that insures that you will have control of your computer and therefore your publications will not be censored at the source. It does this by insuring that the possesor of GPL code will always have the ability to use, understand, modify and distribute that code as they see fit without reducing the rights of other users to do the same. Code that does not insure this right has all of the security flaws and fears raised in Ken Browns paper as the owner does not know what the machine is doing or have the ability to change it. ADTI completely misses the point and condemn the GPL because they fear it can not be comercialized in the conventional fashion and many other incorrect and confused reasons. This is a shame because there is nothing more important for "democracy" and freedom than the free exchange of information the GPL ultimately protects.
The greatest contradiction is seems to be their main reason for rejecting the GPL as a license worth using: that volunteer efforts can not match commercial ones, and that the GPL community of volunteers is a myth. Well, I'm sitting here with my mythical OS, typing into a mythical text editor, for a mythical browser. All are far better than commercial alternatives. All were developed and rely on tools created by volunteers and others who really do believe in the goodness and freedoms of their users. No one who has respect for his neighbor would ever say that people could not co-operate without a profit motive, but this is what Ken concludes,
What utter hogwash. The GPL enables all to participate in the development of new technology and removes many artificial barriers. The fruit of all the mentioned government programs has been brought to me in a form I can manipulate by Debian. The number of sound scientific programs I now have access to, through GNU compilers, is uncountable. There are few academic publishers who would have it any other way, they exist to teach and promote their various specialties. To top it off, large companies will continue to pour money into the exploitation of these technologies because it is in their best financial interest. So much the better if that means their derivative works will be available to me as well. How can anyone intellectually honest say otherwise, especially while espousing freedom and the goodness of man?
Oh, enough. The more I read of this MicroSoft parrot's garbage, the angrier I get. Especially unkind and untrue is the assertion that RMS is a "fallen hero" viewed as radical. I respect that man more every day. Ken Brown, you are a 1/4 watt bulb.
Friends don't help friends install M$ junk.