Slashdot Mirror
Did MS Lobbying Stop NSA Work On SELinux?
inquisitive points to this CNET story on how George Wash Univ. may help Linux gain certification under the Common Criteria, certification required for software to be used in some sensitive government roles. In the same story, though, is an interesting quote from another effort at bringing GPL'd software to the public sector: "'We didn't fully understand the consequences of releasing software under the GPL (General Public License),' said Dick Schafer, deputy director of the NSA. 'We received a lot of loud complaints regarding our efforts with SE Linux.'" Sources familiar with events said that aggressive Microsoft lobbying efforts have contributed to a halt on any further work. 'Microsoft was worried that the NSA's releasing open-source software would compete with American proprietary software,' said a source familiar with the complaints against the NSA who asked not to be identified."
college and universitys cheating those who already know the job out of jobs because they teach average joes how to do a better job.
I'm a big retard who forgot to log out of Slashdot on Mike's computer! LOOK AT ME.
...called competition.
'Microsoft was worried that the NSA's releasing open- source software would compete with American proprietary software,'
Apparantly MS is worried that it'll catch on.
If you think education is expensive, you should try ignorance -- Derek Bok, president of Harvard
If the NSA software would compete with MS, then the government has no business releasing it. Government isn't there to compete with private industry. It's unfair, especially considering the fact that the government can subsidize any projects with tax money that comes from it's competitors.
We have Microsoft telling the NSA what to do. Shouldn't it be the other way around?
Or maybe it's one of Bill's minions I hear breathing over the phone line?
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
maybe Microsoft has such poor faith in their products that they don't think they can compete against anthing else without a hugh advantage.
or possibly their products are that bad.
Translation...Complaints from Microsoft criticized the agency for providing the fruits of research to everyone, not just Microsoft, and thus hurting Microsoft's control over the world.
Thus...Bill slaps the NSA and says "Don't do that!", and the government quickly complies.
"I bet I'll get blamed for this." --Mayor Quimby
It wouldn't surprise me and goes in line with their current effort of "advising" the government on how linux is evil. Remember Corel dropping linux? Yes the linux desktop was a tough market, but really there is no doubt it was a quid pro quo transaction.
Also what's with MS giving its software away for Free to a different government every week? Its a clear pattern designed to make sure noone can possibly compete. How are they even allowed to do this? I mean its not like they are some cash strapped competitor with no market share looking to get an edge. They are a convicted monopolist who somehow continues to walk between the raindrops and "get away with murder" right out in the open!
If you wanna get rich, you know that payback is a bitch
"Our interest is in helping to ensure that the government licenses its research in ways that take into account a stated goal of the U.S. government: to promote commercialization of public research."
As an American, i see the government to
- serve protect the people
above and beyond anything else. I include protector from other Americans, and other American Companies in this. The government was NOT made to serve commercial interests. The U.S. Gov't was made to keep individual freedoms, from the dammed British Stamps.I'm simply atonished by how a Company now has more power than an Individual. It was this way in the early 1900s and late 1800s, when de facto slavery of immigrants and whole families in factory towns led to the Union movements. Sadly, Unionization will not work in this day and age, not in these circumstances. Instead, sheer humanity must overcome evils like this, lead by initiatives like Open Source, which give the power back to the Individual, and letting him control his own destiny once more. Thank you programmers and hackers for letting OSS live on.
FSCK the man!
I'm not surprised Microsoft lobbied the NSA....
I'm surprised they listened. Didn't Alchin, senior Microsoft executive, recently testify (in the anti-trust case, IIRC) that Microsoft software is so poorly designed and/or implemented that full disclosure of the API would inevitably result in the death of many Americans? (That is, after all, what "national security" ultimately comes down to.)
Maybe Microsoft has a point that the NSA's work with SELinux hurts the proprietary software manufacturers, but by Microsoft's own testimony it should be out of the running for all future contracts anyway. I don't care about certification, when a senior exec testifies in court that using his product poses a threat to national security I want the procurement officials to pay attention!
(On a related note, I WILL be asking the Congressional candidates this election cycle what they plan to do about the Federal software procurement cycle in light of senior Microsoft executives admitting that the quality is so poor that it threatens the national security. Microsoft has made it's values clear - $40 billion in the bank is more important than lives - and I want to make sure that my representatives make our values as a country clear. I don't want to force governments to only use OSS software, but I have no patience for excuses from companies sitting on cash reserves larger than the GDP of many nations!)
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
'Microsoft was worried that the NSA's releasing open- source software would compete with American proprietary software,'
Indeed. We ought not have the government funding university labs, because releasing medical research to the public domain might interfere with pharmaceutical company profits.
Not everything that's good for General Motors is good for the country, or its people, or its economy.
~Idarubicin
In the Department of Defense, desktops and servers have to go through a NSA lockdown of the operating system before they can go into production. If you wanted to run linux on your desktop, the first question they ask is what does the NSA say about it.
:(
While there are lockdown procedures for Linux from what I understand, having an NSA secure version of linux would have gone a long way to validating the os from the information assurance people. I hate to be forced to use Winx for _security_ reasons.
Don
For years the NT folks have never let us live down that their OS is certified and Linux was not.
This is really positive stuff.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
Comment removed based on user account deletion
I would take the apples and sell them at my fruit stand.
IMO Government research, if it is to be done at all, must be placed in the public domain for all to use. Its undesireable and unneccesary to have the government advocating any particular license. Using BSD or X11 license would make more sense for government software projects. Let everyone (even proprietaries) get some use out of it. After all, all that money to pay for it was stolen from them too.
Years ago the University Ag Campus where I went to school had a meat shop where you could get cheap beef/poultry/pork, etc. These were animals that had been raised on the Ag Campus farms for research and teaching and were no longer of use in whatever project. But they got into hot water with the Krogers supermarket chain because they were a gov't entity competing with private enterprise. NSA's Linux enhancements are no different. It isn't clear to me that MS is in the wrong here. Gov't should not be writing GPLd software that cannot be used in proprietary applications. A BSD style license would be much better. And such software efforts should be relegated to research only and not be attempts to build production ready software.
FreeSpeech.org
"The federal government plays an important role in funding basic software research," said a Microsoft representative.
As a US tax payer, that is MY MONEY they are talking about there. I have no objectisons to the federal goverment funding development for things they need, but Microsoft is talking as if it is their right to have the money. It is not a right. Software may not be a significant part of the US budget (though much of it is obscured in other items), but it still amounts to millions or even billions of dollars a YEAR! (I used to work from one company that was getting a couple million a year to develop software, combine that with a few other companies)
I pay taxes on the money I earn. I expect that money will be used as carefully as I take care of mine. (and I'm known as a frugral guy) That doesn't mean spend no money, but it means think twice before spending it.
It is NOT the job of the goverment to fund research. Microsoft has a large pile of money, it is their job to invest that money in research. It is the goverment's job to see where the goverment needs something (that may not even be useful to anyone else), and supply money to get the need filled quickly. Any other research is for universities, and should be public domain.
When you think about it, the government's only real job is to defend the rights and freedoms of its citizens.
But wasn't that *exactly* what the NSA was doing by working on Security-Enhanced Linux? Defending your rights and freedoms by making sure the computers on which they depend are more secure? Should they be entrusting this job to corporate America, instead?
Second thing: What should happen to software that the government creates? Should it never be released to the public, left to sit and wallow as a waste of our tax dollars? Aren't we better off by having more choices in the marketplace instead of less?
(Wow -- every sentence a question.)
He who refuses to do arithmetic is doomed to talk nonsense.
in the article, the fear was that american businesses would suffer because, if the nsa produced open-source software, it would be available on a international level, and would offer more competition to american businesses.
"Many complaints criticized the agency for providing the fruits of research to everyone, not just U.S. companies, and thus hurting American business."
which is all bullshit: open source stuff would promote more and better research; you have to learn how to do it better/faster/whatever when everyone just got access to the latest greatest way of doing it (whatever "it" happens to be).
anyway the good news is,
"Despite the intense battle surrounding the open source, the NSA will still fund research on secure operating systems based on Linux as well as work with U.S. companies to create better security in their own operating systems."
spin-tastic!
Now, did you actually say anything to refute the previous poster? I mean, you can't deny the fact that the government already has its hand in quite a lot of things, through academic grants, defense research, etc. etc.
How the government wields power in this arena is how it premits the fruits of that labor to be releasesd. Refusing to release code under the GPL, but simultaneously allowing vendors to appropriate code developed with public money, smacks of hypocrisy and shows a clear bias in how they approach this issue. It is obvious that they bowed to pressure from a few whiney corporations threatened by Linux.
So, either the government keeps its hands off industry entirely, or it should plays fair and impartially. You can't have it both ways, using the former argument to attack the latter.
Therefore, when the government interferes with free enterprise, it's interfering with the rights of its citizens.
By providing a free operating system, the US govt. is NOT 'interfering with the rights of its citizens any more than:
1. The public libraries interfere with the private bookstores' rights.
2. Police officers interfere with private security firms' rights.
3. Public water fountains interfere with bottled water vendors' rights.
4. Free public skateparks threaten private Van's-owned parks.
I think it's high-time the US govt. supported an open-source OS project. Though backwards in its perspective on human rights, China is lightyears ahead in its thinking on this subject. If we had a national open-source OS that was used in every government office and available to citizens for free, it would be a dozen times more powerful of a punishment than any wrist-slapping the DOJ is going to give to MS for it's anti-trust crimes.
Seth
$5 / month hosted VPS on linux = awesome!
A better analogy:
Say you have a chain of lemonade stands and are selling weak, unsweetened lemonade for $199 a glass. The lemonade stand is your only source of income, so you want to protect it. You forbid anyone from sharing the lemonade they drink and if they drink your lemonade you forbid them from drinking anything else to slake their thirst.
The community deploys water fountains, a few people put down fruit trees and a few start selling different kinds of fruit juices.
You bribe public officials with "campaign contributions" to pull the water fountains and send hired goons to intimidate, buy out, or otherwise break up your competition.
That's a better analogy of what Microsoft is doing with regard to Linux.
And no, I wouldn't hire goons, grab an axe, or bribe officials. I'd start offering what people were asking for rather than crush the life out of them like an asshole.
I have a problem with this statement:
Many complaints criticized the agency for providing the fruits of research to everyone, not just U.S. companies, and thus hurting American business.
This is pretty biased. Shouldn't it be more like 'Many complaints criticized the agency for providing the fruits of research to only free software developers, not to all software developers and companies, thus hurting American business.'
How would developing the security extensions in the public domain, or under a BSDish license keep them from being used by 'everyone'? Putting then in Linux (and consequently having them been covered by the GPL) does a much better job of keeping 'everyone' from using them than a more free license like BSD.
If the NSA were going to do something like this, they should have based it on one of the BSDs instead. By developing the extensions in Linux, they effectively made them useful only to Linux - putting them beyond reach of countless software companies. Of course, this has been the software industry's complaint to government funded research producing GPLed software from the start.
...with a few thousand unpatched Linux boxes? There's no magic bullet that suddenly makes a given server safe for eternity out there, now or ever. As the lifetime of a server unpatched and unmanaged (as all these hypothetical NT4 boxes in your example are) reaches infinity, you can be damned sure that the probability that ANY box gets rooted out reaches 100% as well.
Or will running SELinux and forgetting about those patches be different from running NT4 and forgetting to run well-publicized best practices checklists?
Easy does it!
This comment has been submitted already, 276865 hours , 59 minutes ago. No need to try again.
The distinction between MAC (mostly used by the military) and Discretionary Access Control (the common form in most OSs) is classical in the security literature. SELinux was primarily an attempt to produce a MAC system our of a free resource, Linux, that is highly usable, works on cheap hardware, runs lots of applications, and could do many functions for the government. Microsoft, to the best of my knowledge, doesn't even offer an OS with MAC capabilities. That the NSA would be cowed by Microsoft nonsense out of continuing development on a worthwhile project that could save the government hundreds of millions of dollars is absurd and criminally stupid.
Mark Westerman, managing partner with network consultant Westcam, installed the SE Linux access controls on a critical server for one of his customers after a common security flaw, known as a buffer overflow, allowed a hacker to take control of the company's server. Westerman configured the access rules but left the buffer overflow unpatched on the server as a test.
When the hacker came back a second time to the server and attempted to gain control of the process, the access controls limited what the attacker could do. Instead of taking control of the computer, the hacker could only crash the service that had the buffer overflow, but did no other damage.
That's all well and good, but if I were a Westcam customer, I don't think I would want a critical server left unpatched "as a test".
Having the U.S. government develop open source is just fine. We, the people, are the ones paying for the work, and the results of the work belong to us. However, having the U.S. government develop under the (full) GPL results in software which is restricted, and not available to everyone. The appropriate result of government work is really the PUBLIC DOMAIN.
C//
This is absurd. GPL'd software can be used by anyone willing to abide by the terms of the license. If a company chooses to make proprietary software and not release the source, they are voluntarily choosing not to use GPL'd software. It is ridiculous to say that they "cannot" use the software; that is a choice they made based on their own business model.
I'm surprised they listened."
The NSA needs Microsoft's cooperation in the future if they want security holes fixed in Microsoft operating systems. Goodness knows the free market economy has not reacted to convince Microsoft of a need for security.