Slashdot Mirror
Did MS Lobbying Stop NSA Work On SELinux?
inquisitive points to this CNET story on how George Wash Univ. may help Linux gain certification under the Common Criteria, certification required for software to be used in some sensitive government roles. In the same story, though, is an interesting quote from another effort at bringing GPL'd software to the public sector: "'We didn't fully understand the consequences of releasing software under the GPL (General Public License),' said Dick Schafer, deputy director of the NSA. 'We received a lot of loud complaints regarding our efforts with SE Linux.'" Sources familiar with events said that aggressive Microsoft lobbying efforts have contributed to a halt on any further work. 'Microsoft was worried that the NSA's releasing open-source software would compete with American proprietary software,' said a source familiar with the complaints against the NSA who asked not to be identified."
...called competition.
'Microsoft was worried that the NSA's releasing open- source software would compete with American proprietary software,'
Apparantly MS is worried that it'll catch on.
If you think education is expensive, you should try ignorance -- Derek Bok, president of Harvard
If the NSA software would compete with MS, then the government has no business releasing it. Government isn't there to compete with private industry. It's unfair, especially considering the fact that the government can subsidize any projects with tax money that comes from it's competitors.
We have Microsoft telling the NSA what to do. Shouldn't it be the other way around?
Or maybe it's one of Bill's minions I hear breathing over the phone line?
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
Use AIX or Solaris... so maybe they were wasting their time?
Aw, fuck it. Let's go bowling. - The Big Lebowski
maybe Microsoft has such poor faith in their products that they don't think they can compete against anthing else without a hugh advantage.
or possibly their products are that bad.
Translation...Complaints from Microsoft criticized the agency for providing the fruits of research to everyone, not just Microsoft, and thus hurting Microsoft's control over the world.
Thus...Bill slaps the NSA and says "Don't do that!", and the government quickly complies.
"I bet I'll get blamed for this." --Mayor Quimby
It wouldn't surprise me and goes in line with their current effort of "advising" the government on how linux is evil. Remember Corel dropping linux? Yes the linux desktop was a tough market, but really there is no doubt it was a quid pro quo transaction.
Also what's with MS giving its software away for Free to a different government every week? Its a clear pattern designed to make sure noone can possibly compete. How are they even allowed to do this? I mean its not like they are some cash strapped competitor with no market share looking to get an edge. They are a convicted monopolist who somehow continues to walk between the raindrops and "get away with murder" right out in the open!
If you wanna get rich, you know that payback is a bitch
No. On who pays the fiddler orders the tune..
Oh, you are saying its the tax payers who pay NSA, not Microsoft shareholders....
Bah..
<^>_<(ô ô)>_<^>
"Our interest is in helping to ensure that the government licenses its research in ways that take into account a stated goal of the U.S. government: to promote commercialization of public research."
As an American, i see the government to
- serve protect the people
above and beyond anything else. I include protector from other Americans, and other American Companies in this. The government was NOT made to serve commercial interests. The U.S. Gov't was made to keep individual freedoms, from the dammed British Stamps.I'm simply atonished by how a Company now has more power than an Individual. It was this way in the early 1900s and late 1800s, when de facto slavery of immigrants and whole families in factory towns led to the Union movements. Sadly, Unionization will not work in this day and age, not in these circumstances. Instead, sheer humanity must overcome evils like this, lead by initiatives like Open Source, which give the power back to the Individual, and letting him control his own destiny once more. Thank you programmers and hackers for letting OSS live on.
FSCK the man!
I'm not surprised Microsoft lobbied the NSA....
I'm surprised they listened. Didn't Alchin, senior Microsoft executive, recently testify (in the anti-trust case, IIRC) that Microsoft software is so poorly designed and/or implemented that full disclosure of the API would inevitably result in the death of many Americans? (That is, after all, what "national security" ultimately comes down to.)
Maybe Microsoft has a point that the NSA's work with SELinux hurts the proprietary software manufacturers, but by Microsoft's own testimony it should be out of the running for all future contracts anyway. I don't care about certification, when a senior exec testifies in court that using his product poses a threat to national security I want the procurement officials to pay attention!
(On a related note, I WILL be asking the Congressional candidates this election cycle what they plan to do about the Federal software procurement cycle in light of senior Microsoft executives admitting that the quality is so poor that it threatens the national security. Microsoft has made it's values clear - $40 billion in the bank is more important than lives - and I want to make sure that my representatives make our values as a country clear. I don't want to force governments to only use OSS software, but I have no patience for excuses from companies sitting on cash reserves larger than the GDP of many nations!)
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
Have anyone noticed this buzzword used by every Microsoft lobbying effort after 9/11 just to trying to give the probably fake impression of Microsoft being "patriotic"?
Somebody has to wake up.
It's good to see that we now live in a nation that fears competition, exhaults mediocrity, and rewards the foolish, corrupt, and wicked. Oh what a brave new world! Soma! Soma For All!
Welcome to hell.. The United Socialist States of America. I had hoped my kids whould have had the opportunity to grow up on the USA, looks like we lost the war for freedom.
-=[ Who Is John Galt? ]=-
'Microsoft was worried that the NSA's releasing open- source software would compete with American proprietary software,'
Indeed. We ought not have the government funding university labs, because releasing medical research to the public domain might interfere with pharmaceutical company profits.
Not everything that's good for General Motors is good for the country, or its people, or its economy.
~Idarubicin
In the Department of Defense, desktops and servers have to go through a NSA lockdown of the operating system before they can go into production. If you wanted to run linux on your desktop, the first question they ask is what does the NSA say about it.
:(
While there are lockdown procedures for Linux from what I understand, having an NSA secure version of linux would have gone a long way to validating the os from the information assurance people. I hate to be forced to use Winx for _security_ reasons.
Don
One day the United States will have a long range rocket or two loaded with WindowsCE and something's going to go wrong. A windows crash will happen.. the rocket will hit the wrong country.. and it'll cause the third world wear.
And it'll be Bill's fault that only cockroaches and ABIO roam the earth.
Should Microsoft be worried about releasing a secure product before ordering around the government? Next thing you know, Bush will come out and say that CEO's shouldn't take out loans from a company to buy stock. They are all a bunch of flamebaiting hypocritical butt-munchers.
And with that, I release my excellent karma to the winds of change.
Many complaints criticized the agency for providing the fruits of research to everyone, not just U.S. companies, and thus hurting American business
Gee, imagine that -- the fruits of the research that the hard working taxpayers of America paid for is also provided to those very same citizens! Outrageous! It may be true that this research also benefits any other government or company in the world which may choose to use it; but more importantly, it can benefit any US citizen who chooses to implement it.
aggressive Microsoft lobbying efforts have contributed to a halt on any further work. "Microsoft was worried that the NSA's releasing open-source software would compete with American proprietary software," said a source familiar with the complaints against the NSA who asked not to be identified.
Gee, imagine that -- the taxpayers get can get free access to the fruits of the research which their tax dollars made possible. Lets not forget, MS can also get access to this research and implement it: either the exact implementation, which would need to be separated (at a hands length) from other components of MS' OS, or the idea and make their own implementation, which they could license under any scheme they wanted.
Microsoft would not comment directly on its lobbying efforts, but did stress that it wanted to ensure the government continued to fund commercial ventures. "The federal government plays an important ro7le in funding basic software research," said a Microsoft representative. "Our interest is in helping to ensure that the government licenses its research in ways that take into account a stated goal of the U.S. government: to promote commercialization of public research."
That's interesting. According to MS, the government has an obligation to make taxpayers pay twice for the what their tax-dollars funded. Come on. Research is publicly funded because it can help all of the US, not just corporations like MS. Gee, tough concept there -- everyone pays taxes to support research, thus everyone should benefit from it, not just MS. Again, MS can make use of this research internally, thus benefit, or even put it in their OS at a hands length, or develop their own implementation of it.
In addition, the Common Criteria process, run jointly by the NSA and the National Institute of Standards and Technology under the National Information Assurance Partnership (NIAP), is better suited to certify proprietary software coming from a single company. It's ill suited to deal with the myriad updates that the open-source community produces on a regular basis.
Then the solution is rather simple. We create a central organization of Linux volunteers to handle the mriad of updates, and they analyze and review those updates (quality-control), and submit them to the NSA and the NIAP.
Back to the government development of GPL'ed software. I think that whenever possible, the government should develop using the BSD-type license (actually, I think that the public domain should be redefined to be like the BSD-license, so that credit is always given and that the "source" of the originals are always distributed under that "license"). This is because the BSD-license allows all of the US taxpayers to implement the code in exactly the way they choose, even charge for it or make non-free modifications; but it also preserves the commons aspect of what was created by a public effort. In some cases, it may be necessary to develop under the GPL because that which your basing development off of is the GPL; such was the case in SE Linux.
social sciences can never use experience to verify their statemen
Actually, I'm sure the government could still release public domain code as GPL improvements both technically and legally. Legally, they could make the diffs public domain, such that one could use their code improvements however one wanted to. But if someone wanted to distribute the whole work -- the whole SELinux system -- it would have to be under GPL distribution terms.
I'm not sure about the distribution of the work as a whole, however.
Comment removed based on user account deletion
Rather than breaking the law and killing something so that you could still continue to sell a product that at least *some* people don't want, perhaps you should find a better way of earning an income - something that doesn't depend on a resource that anybody could, given sufficient time, emulate as well or better (and for Free!) than you?
We who were living are now dying
With a little patience
It's particularly annoying that an explanation of exactly what the NSA didn't understand about the GPL wasn't well identified here-- other than "a lot of well-heeled lobbying.... erm complaints ... changed our minds".
The NSA has a large breadth of expertise to offer that should not benefit solely proprietary software. Has no-one bothered to propose to them the concept of dual-licensing? Surely if Microsoft was interested in a portion of their technology they could obtain that technology under a different license.
This whole escapade has the feel of ugly politics.
I know I found the idea of SE Linux extremely refreshing and encouraging.
Do not spread "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0" over the internet, thank you.
In essence, we get to decide who makes the money.
If our tax money goes to pay programmers for a public agency, such as, the NSA for instance, then the fruits of those efforts should be made available to the public that paid for it. Granted, software that deals with national security does not need to be opened to the world, but the NSA recognizes, as do many others in the security business, that having secure systems in the public leads to greater security overall. One insecure system by itself can't cause much damage, but when thousands, millions of them are exploitable, it is not only the owners of those individual systems that suffer, but others on the same network. The world survives if Yahoo and Ebay go down for a day due to the juvinile maliciousness of a 15 year old. But as our lives become ever more intertwined with public networks, there will be those with far less honorable intentions who can cause REAL damage.
The NSA had chosen to work on a product that will assist in making some of these systems more secure. They even did so in such a way that the conspiracy theorists out there can be satisfied without a doubt that there are no hidden NSA backdoors. And since they probably did so with the aim of using such software in house, at least to some extent, the lack of significant license expenses will result in less budget requirements, or at the very least, more efficient use of the current budget.
Microsoft may be upset over the double blow. One, because the NSA won't be purchasing as much of their software, and two because they'll be releasing their efforts back into the open source (read PUBLIC) community for no additional cost, therefore offering more competition to Microsoft. Of course, it's the very actions of companies like Microsoft that gave rise to the open source communities in the first place. Its a shame they feel the need to whine about it now.
-Restil
Play with my webcams and lights here
Apparently Microsoft is lobbying specifically against the GPL license for products made with tax dollars.
BSD or LGPL would be fine as far as I'm concerned.
Let's not be GPL integrist.
Recently, Tim O'reilly wrote a piece on the growing politicization of open source. The software industry has already been politicized by Microsoft. We already have an IT purchasing system where merit has been passed over for political expediency. Quoteth The Who, Microsoft "decided the shotgun sings the song". With government IT spending already politicized, Open Source is merely playing by the rules of the game.
Ergonomica Auctorita Illico!
Comment removed based on user account deletion
Many complaints criticized the agency for providing the fruits of research to everyone, not just U.S. companies, and thus hurting American business.
Microsoft would not comment directly on its lobbying efforts, but did stress that it wanted to ensure the government continued to fund commercial ventures. "Our interest is in helping to ensure that the government licenses its research in ways that take into account a stated goal of the U.S. government: to promote commercialization of public research."
Hmm, so let's get this straight, using tax-payers money to do useful research and then giving the results of the research out to the tax-payers, hurts companies, so instead the research should be handed over to a commercial company who will sell the IP at a huge profit ?
There is something wrong in American society where the needs of a few (or one) companies, outweighs the need of all the citizens, and the other 99.99% of companies, who would all benefit from the research being released into the public domain.
I suggest for the benefit of your country, you send a message of support to the Open Source now bill, before your government is completely assimilated.
"Free software as in beer, copy protection as in racket" - Telsa Gwynne
Comment removed based on user account deletion
SE Linux does not compete with private industry. Any corporation can take the techniques used to enhance linux (hence SE) and implement them in their own software. Any corporation can just grab the code and stick it in, provided they keep it separated from their proprietary code.
Any corporation can benefit from this by using it within their infrastructure.
MS' claims are absurd. The US government has the responsibility to do what is best for all of its citizens (while respecting the constitution and the amendments), not just what is best for corporate America. Granted, corporate America is a part of the picture, but its not all of it. SE Linux is a great benefit to the public as a whole.
The government has no obligation to subsidize obsolete products by buying them when it can make superior ones and use them; this -- subsidizing and using inferior products regarding security -- is dangerous to the security of the nation.
Futhermore, the results of government research should be available to all to use, whenver possible. In this case, the government based it off of the GPL, so it had to be GPL'ed. Never-the-less, it is available for all to use, with one restriction in that any modifications of it must also be GPL'ed. But MS whine the same complaint if the government did SE BSD: its competing with private industry. Bullshit.
If MS doesn't like the fact that this is hurting their business, they should make a more secure OS. But don't expect MY tax dollars to go towards buying an INSECURE OBSOLETE operating system, thus subsidizing a private industry (i.e., MS) which can't make it on its own.
social sciences can never use experience to verify their statemen
IMO Government research, if it is to be done at all, must be placed in the public domain for all to use. Its undesireable and unneccesary to have the government advocating any particular license. Using BSD or X11 license would make more sense for government software projects. Let everyone (even proprietaries) get some use out of it. After all, all that money to pay for it was stolen from them too.
Years ago the University Ag Campus where I went to school had a meat shop where you could get cheap beef/poultry/pork, etc. These were animals that had been raised on the Ag Campus farms for research and teaching and were no longer of use in whatever project. But they got into hot water with the Krogers supermarket chain because they were a gov't entity competing with private enterprise. NSA's Linux enhancements are no different. It isn't clear to me that MS is in the wrong here. Gov't should not be writing GPLd software that cannot be used in proprietary applications. A BSD style license would be much better. And such software efforts should be relegated to research only and not be attempts to build production ready software.
FreeSpeech.org
When you think about it, the government's only real job is to defend the rights and freedoms of its citizens.
Government's role is to promote the welfare of the people. Sometimes that means promoting business. Sometimes that means providing a social safety net. Sometimes that means providing for a common defense.
I have discovered a truly marvelous sig, unfortunately the sig limit is too small to contain i
"The federal government plays an important role in funding basic software research," said a Microsoft representative.
As a US tax payer, that is MY MONEY they are talking about there. I have no objectisons to the federal goverment funding development for things they need, but Microsoft is talking as if it is their right to have the money. It is not a right. Software may not be a significant part of the US budget (though much of it is obscured in other items), but it still amounts to millions or even billions of dollars a YEAR! (I used to work from one company that was getting a couple million a year to develop software, combine that with a few other companies)
I pay taxes on the money I earn. I expect that money will be used as carefully as I take care of mine. (and I'm known as a frugral guy) That doesn't mean spend no money, but it means think twice before spending it.
It is NOT the job of the goverment to fund research. Microsoft has a large pile of money, it is their job to invest that money in research. It is the goverment's job to see where the goverment needs something (that may not even be useful to anyone else), and supply money to get the need filled quickly. Any other research is for universities, and should be public domain.
When you think about it, the government's only real job is to defend the rights and freedoms of its citizens.
But wasn't that *exactly* what the NSA was doing by working on Security-Enhanced Linux? Defending your rights and freedoms by making sure the computers on which they depend are more secure? Should they be entrusting this job to corporate America, instead?
Second thing: What should happen to software that the government creates? Should it never be released to the public, left to sit and wallow as a waste of our tax dollars? Aren't we better off by having more choices in the marketplace instead of less?
(Wow -- every sentence a question.)
He who refuses to do arithmetic is doomed to talk nonsense.
in the article, the fear was that american businesses would suffer because, if the nsa produced open-source software, it would be available on a international level, and would offer more competition to american businesses.
"Many complaints criticized the agency for providing the fruits of research to everyone, not just U.S. companies, and thus hurting American business."
which is all bullshit: open source stuff would promote more and better research; you have to learn how to do it better/faster/whatever when everyone just got access to the latest greatest way of doing it (whatever "it" happens to be).
anyway the good news is,
"Despite the intense battle surrounding the open source, the NSA will still fund research on secure operating systems based on Linux as well as work with U.S. companies to create better security in their own operating systems."
There is a lot of code in the Linux kernel which has been released as BSD without the Advertising clause. BSD without the advertising clause is compatible with the GPL.
The SE Linus extensions could have benn released BSD.
But the bigger question is are the NSA-funded extensions Public Domain? Since the product of Gevernment Work may not be copyrighted and since the GPL requires copyright to function, I strongly suspect that the GPL can not be enforced on the SE Linux patches.
I have discovered a truly marvelous sig, unfortunately the sig limit is too small to contain i
"The federal government plays an important role in funding basic software research," said a Microsoft representative. "Our interest is in helping to ensure that the government licenses its research in ways that take into account a stated goal of the U.S. government: to promote commercialization of public research."
Translation: we want the Feds to pay for stuff we can package up and sell. God, mom, and apple pie forbid they release anything for free under a license we don't like.
Read another way, it sounds as if Microsoft wants to turn public information into private property for its own benefit.
A lot of people complain that the federal government seems to be bought and owned by numerous corporate interests. Microsoft seems to be saying that's the way it should be, that federally-produced software, made with taxpayer dollars, should be released in such a way that M$ can sell it back to those taxpayers for a healthy profit.
Perhaps I'm overreacting (I do that quite a bit lately), but this seems to be a very arrogant position for a company to take. Then again, this is the same company that invited Peru's president to its headquarters in an effort to fight a Peruvian free-software-in-government law, while that company's government made nasty noises to Peru through its ambassador.
Am I the only one creeped out by this?
Someday, you're going to die. Get over it.
Let the NSA continue it's research into securing the Linux Kernel. Then they can Certify it for Government Use ONLY.
Now this in my book does not compete with American Companies because as far as I know, there's no one out there who is trying to build a Linux kernel *just* for the government..
Besides, how many of you are going to trust the NSA enough to have a SE Linux box in your home LAN?
---
To err is human.. and then there was Microsoft...
spin-tastic!
Now, did you actually say anything to refute the previous poster? I mean, you can't deny the fact that the government already has its hand in quite a lot of things, through academic grants, defense research, etc. etc.
How the government wields power in this arena is how it premits the fruits of that labor to be releasesd. Refusing to release code under the GPL, but simultaneously allowing vendors to appropriate code developed with public money, smacks of hypocrisy and shows a clear bias in how they approach this issue. It is obvious that they bowed to pressure from a few whiney corporations threatened by Linux.
So, either the government keeps its hands off industry entirely, or it should plays fair and impartially. You can't have it both ways, using the former argument to attack the latter.
let me tell ya something, the government contract selection process period (IT or not) is heavily politicized.
DO NOT DISTURB THE SE
Nope, the BSD-without-advertizing license is compatible with the GPL. SELinux extensions could be clearly marked as BSD licensed, and anyone could lift those extensions out of the GPL codebase.
You can combine BSD code with GPL code any way you want. Only as long as you distribute them together do you have to (to distribute the GPL part), apply the GPL license to the work as a whole. Separate the GPL code from the BSD code and you have two separate works again, for which only the applicable license is valid.
Of course, such code might be so heavily integrated into the GPL code that separation might be pointless since you'd just get a bunch of unusable (altho BSD licensed) code.
To release source code under the GPL, you have to hold the copyright to the code.
The US Government (in this case represented by NSA) cannot hold a copyright, the law does not allow for it.
No copyright, no GPL, end of story.
But I have no doubt that M$ whined too.
Poul-Henning Kamp -- FreeBSD since before it was called that...
Apparently, all of a sudden the NSA's partner, Secure Computing Corporation, came out and made a special exception from their Manditory Access Control Patents for SELinux. It may have been a desperate act to keep the NSA on board. It seems this company was deriving exclusive software patents from work partial completed/funded by the NSA. If I were a generally unaware politican told of this situation by a Microsoft birdie, I would see it a fraud/waste as well.
Although I cannot know for sure, from the basic facts availible to me, this seems to be a case of SCC's software patent greed biting them on their own ass. MSFT probably spun it as, "the govenment partially paid for labor leading to a patent for a competitor of ours, and it's not public domain.
Disclaimer: I hate software patents, as much as I would hate math patents if they existed. This may bias me against SCC.
Novel theory: Modern Man evolved from psychopath
Agreed, there are differences that make GPL (not LGPL) licensed software difficult for being adopted by commercial interests.
The problem with commercial software however, is that its lifespan is limited by profitability-- a volatile threshold that has seen countless interesting innovations dead on the shelves of corporate dis-interest.
We saw with PGP what happens when a company decides to cancel a products. It goes on the forget-about-me-shelf until somebody with enough muscle and $$$ can buy it from them-- and maybe resurrect it.
Some technologies lend themselves rather badly to being closed up into proprietary black boxes and I think the domain of secure software is one of these such areas.
What happens when it simply isn't profitable to fix a security flaw? I know I've spent countless hours in meetings weighing the pros & cons of fixing flaws in commercial software; meetings where the severity of the flaw is a miniscule factor when wheighed against the perceived return/cost of working on it.
Some things need to be maintained regularly for long periods of time. Commercial interests often fail far short of doing the job adequately.
I think there is value in insisting that security technologies remain open-- ensuring that critical security software continue to be properly maintained. To this end, I think the GPL/LGPL (the LGPL moreso) is an excellent vehicule.
Do not spread "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0" over the internet, thank you.
Though I think that there's no basis for MS' complaints, all credability to them would be lost if MS released their additional improvements or modifications into the public domain or under the BSD license.
But the question is, can the government do that? According to the GPL, no. But, the owner of a copyright can grant exceptions to the license. Thus, Torvalds could grant an exception to the NSA regarding SE Linux, which would be as such: the original source code of the kernel/Linux upon which you based your modifications must still be released under the GPL; however, the modifications or additions you made may be released into the public domain or under the BSD license.
Furthermore, such would give the GPL license legal credability, as the government would be asking for an exception (though the NSA already gave the GPL license legal credability by releasing their modifications under the GPL).
That said, perhaps there should be some modifications of the GPL to allow people to release modifications under alternate licenses (which would include the public domain and OSI-certified or OSS licenses), if they can't possibly (due to legal restrictions) release it under the GPL. After all, its better that the modifications be released under a BSD-like license or the public domain (as opposed to the GPL), than not be released at all (which would ocur if the authors of the modifications were prevented from releasing modifications under the GPL).
social sciences can never use experience to verify their statemen
Therefore, when the government interferes with free enterprise, it's interfering with the rights of its citizens.
By providing a free operating system, the US govt. is NOT 'interfering with the rights of its citizens any more than:
1. The public libraries interfere with the private bookstores' rights.
2. Police officers interfere with private security firms' rights.
3. Public water fountains interfere with bottled water vendors' rights.
4. Free public skateparks threaten private Van's-owned parks.
I think it's high-time the US govt. supported an open-source OS project. Though backwards in its perspective on human rights, China is lightyears ahead in its thinking on this subject. If we had a national open-source OS that was used in every government office and available to citizens for free, it would be a dozen times more powerful of a punishment than any wrist-slapping the DOJ is going to give to MS for it's anti-trust crimes.
Seth
$5 / month hosted VPS on linux = awesome!
The government is owned and operated "by the people" for the benefit "of the people." It should go about its appointed tasks in spite of its possible effects on business. There are a million examples of things the government provides every day which could be construed as harming the commercial enterprises that provide those same services.
This goes to a more fundamental point. If the will and needs of the people must be set aside whenever some commercial interest feels unfairly marginalized then to my mind it satisfies one condition of "anti-competitive" monopoly behavior. i.e., If changes to a product are designed to serve the profit motive of an enterprise at the expense of hurting customers then that action can be seen as anti-competitive.
It seems to me that the American People should establish themselves as a corporation that can compete on the same level field as Microsoft. The American People - as shareholders in this enterprise - should seek to do what is in their best interest, in service of long-term viability, and to hell with competitors like Microsoft.
-- thinkyhead software and media
Nothing is stopping Microsoft from using SELinux. If they don't like GPL, they can just look at it and use the ideas with their own code. With an open license many "American" companies can make use of it. This is much better than the government working with a single company to develop a commerical product. In that case only that company benefits. Their argument is nothing but FUD.
>Linux is slower and less stable than windows
...If you're running a 486.
./configure . It ckecks for everything you need on your system and errors if you dont have it.
Which versions? Are you using standard (good) hardware or POS rummage stuffs?
>My windows box uses about 40 megs of ram to boot, Linux uses about 175 (and
Linux is a monolithic kernel)
I'm using 172 MB of memory (with all the nicieties ON). And about that "Monolithic kernel crap"..
modprobe idiot_slashdot_poster IQ=1
>Linux crashes much more often than windows, way more
How so? Windows freezes much more on me. Even hangs during INSTALL. I've never seen Linux hang like that.
>The few Apache/MySQL vs IIS/MS SQL tests I have seen have been won (sometimes dominated by) Windows
I dont care about those tests... However, I do remember some test that had really crappy hardware for Linux and a quad proc with Win. Wonder what won that...
X is a one size fits all poor implementation at a responsive display server (both Apple and MS are moving to hardware accelerated GUI)
>KDE is maybe the only thing on earth more intigrated than windows explorer, everything under the sun imbeded into konqueror, it makes it clunky as hell, Nautalus is nearly as bad
Damn straight. It crashes a lot over stupid stuff, and it does hog memory. Still, after it crashes It works OK.
>Ease of use for the newbie is not as important as ergonomics for powerusers, but Linux has yet to bring an environment to the table that I can efficiently get work done it.
If you like Windows interface, go use FVWM95. I'll stick to using KDE and Wmaker.
>WinXP Pro comes with a 480 meg CD, Mandrake is 3 CD's and SuSE is 7
That's all apps you can use. Only thing I need to download is a DVD/AVI app. Windows comes with garbage (MSNMessenger vs. Gaim , IE vs. Moz, Paint vs. Gimp, nothing vs GCC suite).
>NTFS is much more stable than any Linux file system, hard shut down in Linux and watch it fsck your box
Permissions on WinNT are much nicer to deal with. Still, XFS and Reiser are really good for Linux. Only a second or 2 to "check disk".
>Installing software on a Linux system is badly broken, often you end up fixing make files, chasing dependencies, or in situations where you can't update a library with out breaking other apps, many libraries are not very backwards compatable and someone still has yet to write an installer for Linux. Nullsofts SperPiMP installer for windows is only 498K but such a simple installer has yet to exist for Linux because it's design is funamentally flawed.
Even windows 3.11 had an installer and you can install the 32 bit libraries for it and still run binaries that were compiled on XP, lets see Linux do that
Creators dont care to package a nice installer like the one Loki used in UT install. Still, if you compile static LIBS inside your binaries, thye'll run on nearly any Linux X86 platform (if that's the arch you compiled them for). RPM's are OK, but you have different companies repackaging them and breaking them. Still, the best is AUTOCONF
>Developers will often use GPL just so they can avoid having to create and test seperate packages for the last 3 versionsof every major distro, GPL lets someone else do it.
Yep. Essentially they are lazy in a certain regard. If you'd undertsand, they make the app for themselves alone. If somebody else wants it, try it out. If it doesnt work (and you want it), you fix it and submit patches. That's part of the cost of using Linux stuff. It doesnt cost money... Just time.
>The exists no development environment more compelling than gcc and emacs, for this reason Linux apps will always be behind
QTdesigner, INTEL's cc, KDevelop... I'd say they're "nice". Still, that's a simple bitch comment.
>Would like feedback on this
>Thanks
A better analogy:
Say you have a chain of lemonade stands and are selling weak, unsweetened lemonade for $199 a glass. The lemonade stand is your only source of income, so you want to protect it. You forbid anyone from sharing the lemonade they drink and if they drink your lemonade you forbid them from drinking anything else to slake their thirst.
The community deploys water fountains, a few people put down fruit trees and a few start selling different kinds of fruit juices.
You bribe public officials with "campaign contributions" to pull the water fountains and send hired goons to intimidate, buy out, or otherwise break up your competition.
That's a better analogy of what Microsoft is doing with regard to Linux.
And no, I wouldn't hire goons, grab an axe, or bribe officials. I'd start offering what people were asking for rather than crush the life out of them like an asshole.
What we need is an international effort of coders to super-secure Linux. That sort of effort, distributed over the non-US world, would definitely justify the costs.
Maybe this will be the next step after Linux gets officially accepted by some large governments.
I have a problem with this statement:
Many complaints criticized the agency for providing the fruits of research to everyone, not just U.S. companies, and thus hurting American business.
This is pretty biased. Shouldn't it be more like 'Many complaints criticized the agency for providing the fruits of research to only free software developers, not to all software developers and companies, thus hurting American business.'
How would developing the security extensions in the public domain, or under a BSDish license keep them from being used by 'everyone'? Putting then in Linux (and consequently having them been covered by the GPL) does a much better job of keeping 'everyone' from using them than a more free license like BSD.
If the NSA were going to do something like this, they should have based it on one of the BSDs instead. By developing the extensions in Linux, they effectively made them useful only to Linux - putting them beyond reach of countless software companies. Of course, this has been the software industry's complaint to government funded research producing GPLed software from the start.
Yeah back in the early part of the century before Redmond bought the rights to everything that ever had been or ever will be invented, thought of, spoken, typed, glyphed or otherwise ideated or communicated in any living or non living mode. Then they put a EULA on the Declaration of Independence and the Constitution and made people pony up dollars if they wanted to be a legitimate licencee of Freedom and Democracy. Everyone else was sent to the Gulags "to protect them from themselves and to insure that the bona owners were not stolen from."
Then they added a new ammendment to the Contitution EULA that effectively invalidated the 13, 14, 15 ammendments of the old Constitution and made it legal for software companies (MS because by then there was only one) to literally own people and make them buy software whether they wanted to or not. Debtor's prisons came back online after over 200 years. The shortway around that was to simply become the nation and hire the entire country as cadres of MS employees. Everyone became a 'limited use MS employee licencee'.
Around 2014 was when DoubleplusXXXP+# was running the food distribution complex in east central Billtania (formerly called the "Midwest") and a major BSOD glitch caused 65 million people to starve to death. In order to make up market share MS tripled the food EULA charges on the survivors and then cut their wages by 30%. Which is when the mass suicides and infanticides began.
In 2018 Bill proclaimed himself God-Man and licenced the air we breathe now.
...with a few thousand unpatched Linux boxes? There's no magic bullet that suddenly makes a given server safe for eternity out there, now or ever. As the lifetime of a server unpatched and unmanaged (as all these hypothetical NT4 boxes in your example are) reaches infinity, you can be damned sure that the probability that ANY box gets rooted out reaches 100% as well.
Or will running SELinux and forgetting about those patches be different from running NT4 and forgetting to run well-publicized best practices checklists?
Easy does it!
This comment has been submitted already, 276865 hours , 59 minutes ago. No need to try again.
Well, the U.S. government does place restrictions on one's right to give software away (in the case of strong cryptography). Hence OpenBSD is based in Canada.
But do these U.S. export restrictions apply to free software? The current crypto export regulations (section 740.13(e)) seem to grant an export License Exception for publicly available source code and object code compiled from publicly available source code provided that the original publisher of such code notifies crypt@bis.doc.gov (cc: enc@ncsc.mil) of the code's public availability. (Notification seems not to be required for mirrors.)
Hence Mozilla is based in the United States, where the only restriction on exporting OSI Certified(tm) open source encryption software is that it not implement a system primarily designed to restrict the fair use of a copyrighted work.
Will I retire or break 10K?
We the people of the United States, in order to form a more perfect union, establish justice, insure domestic tranquility, provide for the common defense, promote the general welfare, and secure the blessings of liberty to ourselves and our posterity, do ordain and establish this Constitution for the United States of America.
If you look at the speed GNU/Linux is picking up in China and other countries in other parts of the world Microsoft can be seeng themselves outpaced by various distributions. Microsoft will find themselves fighting to many wars instead of making their own crappy OS workable.
Sure they can lobby and buy votes in congress but its harder to do it abroad. SElinux wasnt used that much and wasnt a fullblown ready to go distro but rather a concept. There are plenty of highly secure distros out there but one fact remain. Almost any distro can be secure if it has a good sysadmin. The same cannot be said about Windows where the sysadmin and his server is in the hands of someone else.
HTTP/1.1 400
I sort of work on SE Linux. Our group is unsponsored by the NSA (thus far). Since we are unofficially working on it, though, we hear birds chatter sometimes. The rumor mill around our office has been saying that it is not the case that Microsoft has done anything. What happened? A party, whose name shan't be mentioned, because we have not been told their name (we shall call them the Party), was given an SE Linux contract by the NSA. The NSA it seems didn't understand the GPL so well (or some lawyer of theirs who hammered out the contract didn't). The NSA contract said that the Party working on the contract could have propietary code, and could patent ideas used to achieve goals on the project. Much work was done on SE Linux in the mean time by the Party, but patents/etc are held on certain parts of the code by the Party, and therefore cannot be released under GPL. The quotes you see in this article heading make perfect sense to me in this context. The NSA didn't understand the GPL. And yeah, I would complain too if I couldn't have the complete source to my kernel...
Yes I hate Microsoft, but this article is kind of ridiculous...it uses some vague quote to make microsoft look bad. This is not the way to win the war.
The Right Reverend K. Reid Wightman,
The distinction between MAC (mostly used by the military) and Discretionary Access Control (the common form in most OSs) is classical in the security literature. SELinux was primarily an attempt to produce a MAC system our of a free resource, Linux, that is highly usable, works on cheap hardware, runs lots of applications, and could do many functions for the government. Microsoft, to the best of my knowledge, doesn't even offer an OS with MAC capabilities. That the NSA would be cowed by Microsoft nonsense out of continuing development on a worthwhile project that could save the government hundreds of millions of dollars is absurd and criminally stupid.
We may disagree as to what the general welfare requires, but the framers intended that we accept this principle as being essential to the preservation of freedom.
"Flyin' in just a sweet place,
Never been known to fail..."
Writing server-type apps to live within the constraints of a mandatory access policy is tough. (Look at how much crap runs as root because people can't make it live within the UNIX permission structure, which is far less restrictive.) But it's the only approach that works, because the applications aren't trusted.
If you want to help, make some major application, like a mail program, work under SELinux, with as little trusted code as possible. Somebody was doing this for an FTP server, but those are of limited use. A mail server on SELinux would actually be useful.
I know the US government is here to serve US interest and all but whatever happened to doing things for the betterment of mankind.
Perhaps I'm being too idealistic.
Two words: Post Office.
Next topic?
I am not a number! I am a man! And don't you
There are substantial research projects that consist of basic sciences, social sciences, and the humanities that do play a role in the public good. I don't a problem with the government funding basic research. Product development is another issue.
Having worked there, I can tell you this: intercepting a US person is a SERIOUS infraction. Its not something you can do without running afoul of a lot of laws. The abuse done by the NSA during the Nixon years caused a lot of severe curbs (both open and classified) to be placed on the NSA, and those laws have serious teeth that will bite anyone violating them. As with the armed forces, there are a lot of very liberty minded folks working there to preserve your freedoms at the cost of their own. One example is that free speech is very limited once you hold certain accesses and clearances.
IMHO, you're in more danger from those folks at the FBI.
You really ought to do a seach on "USSID 18". I cant say anything confirming or denying, but there are some very interesting things that have been declassified out of Big Daddy DIRNSA's pockets.
Secondarily, its NSA/CSS. Ever hear of the CSS side of the house? I suggest you look it up before posting obvious biased off-base stuff thats based on a hokey movie [sneakers].
Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo! http://goo.gl/J9bkO
I think the line about anyone having access is telling, but not in the way many people seem to be taking it. The NSA isn't concerned with US citizens having access to SELinux, although I'm sure that some people within the NSA are. They are concerned that security technology developed by the NSA will be made available to other countries. The NSA is fighting the tide of knowledge. The Soviet Union used to do this, to an even more dramatic extent than our government does. Anything mailed or published outside the USSR was subject to censorship. Soviet scientists used to get around this in interesting ways. For example, a physics paper was published that started "Imagine the interior of a star .... ". The censor immediately decided that there was nothing of interest militarily and passed the paper through for publishing in Western Europe. The star described could not possibly exist, it was actually describing a third stage thermo-nuclear explosion and gave Western physicists insight into the sophistication of Soviet nuclear weapons technology.
Information and knowledge cannot be prevented from spreading, as the Catholic Church in the middle ages learned, as the Soviet Union learned, and as the NSA keeps trying to forget.
In my universe I'm perfectly normal, it's not my fault you don't live in my universe.
Oh, I fully expect them to *try* to cut down the apple tree.
I just didn't expect the *owner* of the apple tree, the NSA, to *let* them cut it down.
Comment removed based on user account deletion
So let me get this right: the National Security Agency develops a port of Linux to augment, unsurprisingly, national security. Microsoft bitches that national security runs counter to their profit interests and manages to get SE Linux terminated.
Fine.
But let's be sure to mention this next time Osama bin Ballmer starts foaming at the mouth about how Linux is un-American, and remind him that Linux developers have never undermined the safety of American citizens in order to line their pockets.
And while we're at it, let's consider what gigantic software monopoly distributes a flight simulator capable of accurately emulating passenger airliners, along with detailed scenery of American airports and major urban centers, complete with individual office towers.
Of course, having already crippled Naval warships, I shouldn't be surprised that Microsoft is now trying to cripple our chief intelligence agency.
Proud member of the Weirdo-American community.
I've run Linux since 1993 when there were no distributions. I ran it on a 386 / 16 with 8Megs of memory. I've run almost every version since and I have yet to have any lockups / crashes. Either you have no idea how to install the OS or you are forcing the software to load into improper directories so that the system crashes when it is trying to run. Currently I'm running Mandrake 8.0 on a Pentium 100MHZ PC with 60 Megs memory and it hasn;t crashed in over six months. Personnaly, if I could run it at work, I'd delete every copy of windows I have and only run Linux.
I can't agree with your experiences on stability. In fact, I trust my Linux boxes more than anything with Winx on it. In my experience, the only reason our Winx boxes don't crash once or more per month is that we've adopted a strategy of rebooting them once per week so they don't "eat themselves". (A hard learned lesson. Maybe exagerated _a little_.)
That only addresses the server side of things though.
I agree on software installation - there are a lot of problems, mostly stemming from the lack of a strong, unified configuration. That is, everybody seems to have their own version of how a Linux (or unix in general) box should go together - and so the configuration options are too broad for a strong standard to emerge. MHO. Even Red Hat's RPM fails to solve the problem a lot of the time (my experience)...
I recently launched a RH7.3 server for MySQL & Resin (JSP Application Developmet). Everything from the CD went well - and then I needed to add Java. Got the RPM from Sun, and wouldn't you know it - the install went great.
(The other shoe drops here)
...but the program (java) wouldn't run - let alone the fact that I have to manually hack all of the environment varialbes. I thought that maybe this was ahead of the curve (using 1.4 instead of 1.3 on the CDs). I Turned back to the 1.3 version on the CD's - that failed too in precisely the same way.
As it turns out Java needed another package installed before it would work - a dependency - precisely what RPM is supposed to solve. After 3 days w/ tech support (sometimes it just doesn't go well) I got the answer on the package that needed to be there - I found it on the CD, installed it manually, and that problem was solved.
This is an example of something that should have been very simple, but became extraordinarly complex - from cryptic error messages and difficult technical support calls to locating installation packages to manual environment configuration etc... A less technical user would have been in real trouble.
An executive comparing that to the one-button install on a Winx machine doesn't take long to decide it's a better business decision to "stick with what works".
On the point of a user environment/desktop. There again, I have to agree. Every couple of months I pull out the latest RH version, wipe a machine, and try to build a user workstation that I could throw at my user base for business, software development, or even webware work... Every time so far it's a disaster - there are too many tools missing and the tools that do exist have steep learning curves.
On the point of learning curves, there's another core problem here I think - a cultural one. The *nix crowd in general seems to have a built in right of passage. You either know all of the right buzzwords, techniques, tools, and utilities, or it's your own fault that you haven't figured it out yet. (RTFM!)
It's difficult to describe - but I'll bet anyone who's tried to use *nix has had the experience:
You find yourself staring at a problem that should be simple to solve, but everything about it is inpenetrable - you don't even know what questions to ask... - or when abruptly reminded RTFM - which FM to F' READ...
...then, if you're lucky, you will stumble across some *nix guru who will press a few obscure keys and solve the problem instantly (thus is the power of *nix) - Even if they were nice about it and tried to teach you, and even if you took copious notes - this little tid-bit is probably not much more help than wrote instructions - and if you loose them, or forget them some day, you're just as lost as if you'd never had the help.
Even the simple things are maddening. Take the vi / emacs debate - then, prompty forget about it because it completely misses the point. For the typical computer user, in a world where every editor you can find works just about like Notepad (even edit on a DOS prompt works this way for the most part) - vi and emacs are useless and inaccessible.
The newbie can't begin to gain access to a *nix system. What we (people who want Linux to succeed) have to do is realize that in it's most profound terms.
In most of the companies in the world using computers, the guy that has to make it all work isn't a well trained technician or engineer, or even a hobbiest. He's the poor schmuck who figured out how to modify autoexec.bat with his trusty text editor - the token computer geek in the office - and through his continuing experiences he may eventually become a well trained technician... but today he can get by with a few simple tweaks and keep the wheels moving. This is just not so in the Linux world right now.
Show of hands: How many of you know why the following expression is a bad idea:
[ /] rm -rf *
The short of it is that I think *nix in general, and by extension Linux, is structured so that the learning curve is far too high for casual entry.
Once you get past the learning curve enough to be somewhat effective, you no longer have the time or energy it would take to bring the next fellow along - and so they will struggle as you have, or they won't "join the club".
I think it likley that until the Linux community solves this entry problem the barriers to solving usability, installation, and integration problems will remain unsolved.
What's needed is a workable environment that doesn't require a deep knowlegde, but does not preclude the benefits of that deep knowledge. A way for the novice to get their work done on their way to becoming a whiz...
Typically those in the open source development community that have the skills to solve these problems are busy with other things - and in any case there's little strong direction as to what the details of such an environment should be...
The challenge is going to be defining that goal and motivating the developer community to achieve it.
The first part is hard because the very people who can help to define that goal are kept out of the community by the entry barriers - and therefore don't get into the conversation.
The second part is hard because it is the nature of the development community (generally) to solve local problems and then share those solutions - rather than coming together to collectively solve a central problem they don't personally have. (Is that where RTFM comes from?!)
Think of it this way... If I have to make my mail server or database work properly, and I can fix the open source code to solve that problem - then I can do that and keep my job - it's all part of the work I've got to do. When I'm done, that work is now available for everyone. By extension, the most common problems will be solved and overall the open source software will be extremely reliable for the majority of people most of the time.
Try to apply that to this problem: Basic users need a unified desktop and operating system with integrated applciations and a shallow learning curve. Now tell your boss that you're working on a suite of productivity apps and a one CD linux distribution that will slickly install and interoperate with the majority of the business world running Windows. I'll bet he will ask: "How's that going to get our database up?"
The boss in this case might be the developer themselves. Best intentions, altruism, and grand visions not withstanding, it is not the open source developer's job to make everyone's desktop work and their installs go without a hitch - This is an advantage that the Microsoft developer has - it is their job and they get paid to do it. Similarly for the ISV/ISD - the potential for conflicts of interest are reduced significantly.
The short way of saying this might be that the open source community, left to it's own devices, probably can't solve this problem.
What's needed is an economically viable project that can focus the community on a unified vision, and specifically one that is strong enough, and compelling enough that the majority of the community will wish to participate.
To work, this project would have to encoumpass a wide range - not only the operating system and it's environment, but also the applications that make that environment powerful - IDEs for all programming languages, Word processing and document publishing, Spreadsheet, Database, Presentation, Mulitimedia, Web & Email access, all of those applications will have to work together in a seamless way - and had better coexist nicely with Microsoft's products which, like it or not, set the standard due to market share.
To date, I've seen some methodologies get close to supporting this kind of effort (a few good tries) - but nothing seems to have captured the critical mass necessary to generate this kind of focus.
It's a thorny problem.
I think we'ev seen some glimpses of what it _might_ be in the likes of MySQL, RedHat, Sun(java)... where there is a blend of open source and commercial licensing - sort of the best of both worlds. None of these seem to be perfected yet.
Anybody have a solution?
Oh, so I'm a Socialist for asserting that promoting the welfare of the people is a legitimate role of government?
I didn't advocate government ownership of industry.
I have discovered a truly marvelous sig, unfortunately the sig limit is too small to contain i
Did anyone bother to check the info? This quote may be old, misquoted (or misinterpreted), or dead wrong.
:-)
Dick Schafer is not the deputy director of the NSA. Per one of their press releases over two years ago, Bill Black is the Deputy Director:
http://www.nsa.gov/releases/newddir_071000.html
Also, SELinux was updated on July 3rd. Sounds like a bit of work for a dead project
http://www.nsa.gov/selinux/news.html
I am Me. No one else is Me, but Me. You are You. Get over it.
The founders intended for the federal government to be essentially what the libertarians say it should be. It enumerates specific powers granted to the federal government. Anything not covered by that enumeration, or one of the amendments, is not in the jurisdiction of the federal government. Please locate the constutitional authority for federal "welfare" programs such as social security and medicare.
You and I can think "general welfare" means whatever we want for it to mean; but when it comes down to it, the constitution determines what powers the federal government actually, legitimately, has.
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
Third - What the government produces, all competitors share equally...
That's what's SUPPOSED to happen.
But if the government enhances a GPLed product and releases the result, the enhancement comes under the GPL.
So proprietary software vendors (like Microsoft) DON'T get to use the improvements - at least not verbatim. The improvements carry the Gnu Public Virus and can't be integrated into the vendor's code base without risking a suit from the FSF for GPL violation.
Of course Microsoft cried "foul". They have a valid point. (How would YOU like it if the CIA spent a lot of YOUR tax money helping Microsoft fix up their software and wouldn't let YOU have the result?)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
We've /.ed "www.nsa.gov".
At first I was surprised, but a Netcraft look-up explained it all.
"The site www.nsa.gov is running Microsoft-IIS/5.0 on Windows 2000."
That does NOT comfort me at all.
As a longtime BSD advocate, I must partly disagree. SELinux must be under the GPL, because it's based on GPLd software. The NSA can't arbitrarily change the license. As long as the choose to create derivative products from GPLd code, they must use the GPL. Besides which, public domain is incompatible with the GPL.
p.s. On the other hand, the NSA getting involved in a hardened BSD OS would be awesome.
A Government Is a Body of People, Usually Notably Ungoverned
I believe that MS is probably guilty, based purely on their past history. I can't consider that attributing "unidentified sources" for this conjecture adds much of anything to its trustworthyness.
I think we've pushed this "anyone can grow up to be president" thing too far.
Having the U.S. government develop open source is just fine. We, the people, are the ones paying for the work, and the results of the work belong to us. However, having the U.S. government develop under the (full) GPL results in software which is restricted, and not available to everyone. The appropriate result of government work is really the PUBLIC DOMAIN.
C//
The article does say that Redhat is working with the NSA on something, although they don't tell you what it is. While they say that Redhat has the money to get certified, I'd be surprised if they really wanted to put forth that money to get it done. Then again, I have no idea what the cost/benefits ratio really is, so maybe that's something they're working on.
Either way, the SELinux stuff is GPL'ed, so I'd bet Redhat has taken it up and continued to work on it. There will be competition with Windows for the secure government desktops, and I know that the NSA understands the value in having the source GPL'ed. They just want to be able to cast the "guilt" on to Redhat when talking to Microsoft.
"I may not have morals, but I have standards."
Nah, you're a "Welfare Statist."
Welfare Statists advocate forcible (re-)distribution of wealth by the government (can't do it without using force), and government control (at some level) of the means of production. But not outright ownership.
"Welfare Statists" are generally "Liberals." "Socialists" are generally "Authoritarians" or "Totalitarians."
I'll take "welfare statists" over "socialists" any day, they're a much more reasonable bunch. Of course, the more capitalism and freedom-oriented the "welfare statist" is, the better I will like him.
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
The abuse done by the NSA during the Nixon years caused a lot of severe curbs (both open and classified) to be placed on the NSA, and those laws have serious teeth that will bite anyone violating them.
Indeed. However, there's absolutely nothing stopping a friendly foreign signals intelligence agency (say, the UK's GCHQ or Canada's CSE) from gathering intelligence on US nationals, and then passing that intelligence back to US agencies through the formalised intelligence sharing agreements that exist. Of course, the NSA isn't allowed to even solicit such information, but how hard do you think it would be for GCHQ to find out who the NSA is interested in, or simply make the judgement call on who to monitor themselves?
Which means that in reality, those safeguards against spying on your own people mean absolutely nothing. The NSA can enforce those regulations as tightly as they like, and all it does is create warm fuzzies. They'll still be getting all the intelligence they want.
First, the individuals:
;)
:o
:)
> Linux is slower and less stable than windows
A far too generic comment.
> The few Apache/MySQL vs IIS/MS SQL tests I have
> seen have been won (sometimes dominated by)
> Windows
You can't really compare mySQL and MS-SQL. mySQL is a lightweight database, MS-SQL tries to play in the same league as Oracle, DB2.
And while I don't have any links at hand to prove you that you're wrong about the speed-comparison, I think that Apache is fast enough for most websites. Let alone the security issues IIS has
> WinXP Pro comes with a 480 meg CD, Mandrake is 3
> CD's and SuSE is 7
This is because MS only gives you the basic OS with some goodies, whereas Mandrake/RedHat/SuSE t al. offer you an OS _and_ applications. In most cases you don't need to download/buy anything else than a Linux distro. It already has everything you need.
> Installing software on a Linux system is badly
> broken.
That'S what RPMs are for. Despite Win32 installation program, RPM keeps track of dependencies. Windows can't do that out of the box.
> The exists no development environment more
> compelling than gcc and emacs, for this reason
> Linux apps will always be behind
kDevelop, Kylix, only to name the two most professional ones. For Windows there MSVC++, which is actually a neat DevIDE, but it costs quite much and has issues of its own.
That said, a more general comment by me:
Linux can be a pain in the ass. Setting up a system is, for a (technical skilled) newbie much more difficult than setting up a Win32 box. Trying to make Linux do something can be quite some (research) work, and during that time you may say 'Oh what a crap system, nothing works.', but once you figured out how to do it right, Linux will rarely fail at its new job.
WinXP, on the other hand, is the best piece of code that left MS for a few years. It's stable, clearly multimedia-orientated, has a neat UI-design and runs everything you want. But it can be as much as pain in the butt as Linux, when your apps start crashing because you uninstalled a small shareware tool which removed a crucial DLL. Let a newbie figure that out...
But quite frankly, I wouldn't use Linux as my desktop OS if there wasn't this DRM/security stuff.
Summarized: Both OS'es aren't bad. Each has its use. I happen to favor Linux, you favor WinXP. But try to stay constructive
It's kinda disingenuous to say, "If the government produces IP, everyone should get a piece," and then turn around and say the government can pay others to produce software for it that everyone won't get a piece of. If you're paying a winning bidder to develop government software that relies upon an Open Source license like the GPL, ultimately, taxpayer dollars are being spent developing non-public domain software.
I'm not attacking you here; I've been thinking about the same thing myself for a while. Public domain is pretty obviously the best way of developing & releasing government source, since it preserves the ability of the code to be used for either proprietary or Open Source projects in the future. But limiting ourselves to public domain software is likely to be grossly inefficient as Open Source becomes more and more pervasive.
My own feeling is that guidelines should exist which take different licenses and their cost of development into account. For instance (very roughly):
All things being equal,
If the cost of creating public domain software is 150% or more of the cost of coding comparable software which relies on GPL code, the GPL software should be chosen.
If the cost of creating software which relies on GPL code is 150% or more of the cost of licensing comparable proprietary software, proprietary software should be chosen.
____
The actual percentages could change, obviously, but should still embody the notion that there is an acceptable amount extra we will pay for public domain software, and a smaller amount extra we will pay for Open Source software. Proprietary software is the worst deal, since it leaves us nothing to give back to taxpayers, so we should only choose it if it does everything we want and it's much cheaper than any other solution.
He who refuses to do arithmetic is doomed to talk nonsense.
Comment removed based on user account deletion
So proprietary software vendors (like Microsoft) DON'T get to use the improvements - at least not verbatim.
This is Microsoft's choice.
The improvements carry the Gnu Public Virus
No they carry an antibody against the proprietary software virus. The likes of Microsoft can't simply appropriate the code.
If you post it on the net, then there's nothing stopping [Axis of Evil] countries from getting the code. Hence, doesn't that put one in murky legal waters?
Not under the definition of "knowingly" used by BIS. Did you read the regulations I linked to? 740.13(e)(6) clearly states (my emphasis):
And if you really want to cover your rectum, you can make a "best effort" by looking up the IPv4 address ranges for the popular ISPs in the Axis of Evil, and just firewall those off.
Will I retire or break 10K?
In response to the article about the Tim O'Reilly
editorial the other day, I said that if the open-
source community is afraid to lobby, we will only
ensure that we are not heard in the halls of
power. This is a lousy situation, but a great
example of that phenomenon at work. Microsoft is
not afraid to make government aware of their
positions. Well, if we believe that open source
software promotes openness and prevents vendor
lock-in, and if we believe that those are good
goals for government -- as many of us do -- then
we should not hesitate to explain our reasoning
to our elected representatives and appointed civil
servants.
Ben "You have your mind on computers, it seems."
- I don't WANT a government-developed OS.
You're soaking in it! If you are using Linux, then you are probably using networking infrastructure developed by Don Becker on NASA's time. They supported his work, and he felt that as a government employee, he had a "patriotic duty" to develop technology that could be used freely by the citizens who paid his salary.If you don't agree with that, go use Microsoft Windows and don't forget to pay the proper per-connection license for your non-government network stack.
This is absurd. GPL'd software can be used by anyone willing to abide by the terms of the license. If a company chooses to make proprietary software and not release the source, they are voluntarily choosing not to use GPL'd software. It is ridiculous to say that they "cannot" use the software; that is a choice they made based on their own business model.
No wonder disney and six flags can't provide such good service anymore, you have all these national parks competing for business at a much lower price.
Tonight at 11: Kraft and Velveeta to sue US for government cheese cutting into their business.
Microsoft already does release GPL'ed code it did not write ...
Not relevant.
Here's another thing Microsoft can't do with any government code put out in the public domain: it can't monopolize access to that code the way it does to Windows code it writes itself
But we're not talking about code in the public domain. We're talking about code under the GPL. Such code is "monopolized" by the Open Source Community.
If the code were in the public domain (or under some other licenses, such as BSD), Microsoft could integrate it, or its features, with the core of its own systems, and distribute them without revealing the source. They couldn't stop OTHER people from doing the same. But other people count't stop them, either.
But the code is under the GPL. The GPL is a RESTRICTIVE LICENSE, based on copyright. If Microsoft integrates such code into one of its OSes, that puts the whole OS under the GPL and requires Microsoft to release the source.
And the NSA's changes aren't ADDITIONS to Linux, but MODIFICATIONS to it. So they're a derived work, and if the NSA releases it it MUST release it under GPL. They don't have the option to release their enhancements into the public domain or under any other license.
Linux is under the GPL, a restirictive license that makes its internals useful to the Open Source Community but not Microsoft. Microsoft's OSes are under the Microsoft ELUA, a restrictive license that makes them useful to Microsoft (and to some extent to its customers) but not to the Open Source community. The NSA is just as much in the wrong when it uses taxpayer funds to enhance Linux and give the enhancements to the Open Source Community but not Microsoft as it would be if it used the same funds to enhance Windows 2000 and give the enhancements to Microsoft but not to the Open Source Community.
So Microsoft was right to squalk. And the NSA was right, once it was pointed out, to stop working on Security Enhanced Linux.
I don't like it either. And I understand that the viral terms of the GPL exist explicitly to prevent a variation of "Embrace, Extend, Extinguish", to wit: "Embrace, Enhance, Exclude".
But if the Open Source Community licenses its work in a way that excludes the closed-source community from using the result, it must expect to work without government subsidies. (Or at least without more subsidies that Microsoft, and Sun, and Apple, and SGI, and HP, and IBM, and Amdahl, and SCO, and any other closed-source OS company receive.)
The cost to a closed-source company for using GPLed code has been characterized as "more expensive than money". Seems that catchphrase applies to the cost to the Open Source Community as well.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
I'm not trying to start any arguments here, but I do think a couple of things are quite ammusing.
:)
Firstly, the complaints are that a US government agency is providing security patches internationally for a product that was designed and built internationally. If they want a Kernel using the NSA security code only for use by US companies, I think that it should only be allowed to use the kernel code developed in the US. Pretty non functional I'd think. It's pretty poor of them to say, "we'll take all the code developed by foreign private companies and foreign governments thanks, but you lot arn't alowed to touch US Gov funded stuff!". If they (private or government) want to build on shared code, they should provide it.
Also I think it's ammusing that MS is kinda fighting on behalf of RedHat.
"I'll take the red pill. No! Blue! AAAaaaahhhhhhhhh"
- Monty Python meets the Matrix
If the NSA had wanted to make a secure version of FreeBSD, then the fruits of the research would have been available to everyone.
The results of would be available, to everyone, regardless of if the code was released BSD, GPL, or public domain. The only difference is that GPL code cannot be mutated into proprietary software. For most people and corporations this isn't any kind of issue at all, since they would never want to do this in the first place.
It is because they choose to use Linux, which is licensed under the GPL, that they received complaints because the fruits of the research would be available only to non-commercial entities.
This is completly untrue, it is equally available to all entities.
There are drastic differences between the BSD and GPL licenses,
These "drastic" differences mean nothing to most people. Since they involve a set of actions which few people would even consider. It is also highly questionably that any entity should be allowed to perform these actions on publicly funded material in the first place.
and it is extremely frustrating to see those issues either not addressed, or purposefully blurred. Commercial software developers are not complaining about Open Source, they are complaining about the GPL.
Proprietary software developers, a very tiny group, are the ones blurring the issue. Demmanding that the interests of the majority be subverted to protect their interests. (N.B. "commercial" is not a synonym for "proprietary".) In this case it isn't even the tiny group it's a minority of one. If a regular person had complained to the NSA, even if they had a more valid complaint, would any notice have been taken of them?
Some technologies lend themselves rather badly to being closed up into proprietary black boxes and I think the domain of secure software is one of these such areas.
It's quite possible that proprietary software is really best suited to highly specific applications and not as "software infrastructure". Though it is probably possible to "make do" with using proprietary software in this way.
Some things need to be maintained regularly for long periods of time. Commercial interests often fail far short of doing the job adequately.
There is a lot which falls into this catagory, most commonly in government usage, since government tends to have to keep data secure for a long period of time. However even commercial users of software often have such requirements.
I think there is value in insisting that security technologies remain open-- ensuring that critical security software continue to be properly maintained.
Security is an issue more or less fundermentaly incompatable with the ideas behind proprietary software.
I'm sure they could work out an arrangement whereby the FSF would add final spit and polish (say, a README) and accept copyright of the final work.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Based on what I wrote, the government would not be able to produce something like SELinux and release it to the public, because it would require a massive licensing violation to put someone else's GPLed work in the public domain.
Similarly with Windows. The Gov't should not hack windows. That would be unfairly assisting MS.
There are no trails. There are no trees out here.
If I were Microsoft, I would attempt to buy the patents to the Mandatory Access Controls as used in SELinux,
Using patents against the government which issued them is kind of a non starter. Especially if the magic words "national security" are involved.
For any horror story on software installation on Linux, I could come up with one for Windows too. For all the "reasons" someone comes up with for why linux sucks, I could come up with Windows couterparts. It's pointless.
I've got a major newsflash for all you OS bigots. Learning a new OS requires learning new skills, terminology, etc. It takes time. OS's are also different. Yessiree, folks. Setting an IP address on Windows is different than Linux, the Mac, VMS, AS/400, Mainframe, etc. Each OS has it's strengths and weaknesses, but YOUR lack of skill is NOT a weakness in the OS. The poster who claims that his linux kernel took 175M is a good example of someone who does not have the skill or knowledge to understand what he is doing / seeing (which in this case it's probably the fact that Linux uses most of the available memory for buffers / cache, and free's it as needed for other uses. One of those "performance enhancing" features.)
Understanding a feature and understanding the CONCEPTS behind the feature are two different things. Someone with conceptual / theoritical knowledge is going to be able to pick up a new OS easier than someone who doesn't. Someone without the conceptual knowledge moving from one OS to another is going to try apply the old OS's features and behaviors to the new one and therefore will have LOTS of problems. Stick a Windows user in front of a Mac for the first time and watch them squirm.
Yeah, a newbie installing Linux for the first time is going to be JUST AS CONFUSED as a newbie installing Windows. So what's a newbie to do?
First, any novice should buy a book on linux and READ THE DAMN THING. There are several modern distros that are well geared towards the novice. Most install MUCH easier than windows. As long as your hardware is listed as being supported on the compatablility matrix for the distro, things just work. Once installed, the system is fairly self-maintaining, and virtually anything can be done via GUI tools. Users don't need to use vi or emacs, they can use one of the bajillion other editors out there for either the command line or GUI. The solution to virtually any problem a newbie may face is easily solvable by typing a few keywords into google (since ALL linux documentation is online) or browsing the online manuals that come with the distro to find the solution. Next, get the damn book out again and try some of the examples. Learn the system. It's NOT that hard - if my 65 year old non-computer literate mother can do it, and my 9 year old nephew can do it, so can you.
Enough of the tired old whiney claim that Linux is hard. It's 100% FUD at this point. You just make yourself look incompetent.
The goverment doesn't design aircraft, they pay boeing and lockheed martin to do it. So why should they program a secure OS?
Not quite the same thing, since an aircraft is a physical machine which requires complex specialist manufacturing facilities
They shouldn't! Pay someone else to.
So governments should have a policy of paying private corporations, with tax payers money, even if they could do the work more cleaply themselves? Why not just have a "corporate support tax"?
It seems to me that ALL software produced with our tax dollars would represent a threat to commercial interests and should cease and desist immediately.
-unless the development work is given to US companies.
-and ONLY to US companies. No open source licensing allowed !
At least according to Microsofts argument.
Even leaving aside the 14th ammendment issues how exactly would you define "US company"? Being incorporated in the US would include plenty of "foreign companies". Attempting to work out comany ownership is not always simple, especially when you have companies able to own parts of each other in complex ways, when all of the companies involved are traded on a public stock exchange.
Maybe if someone were to come up with a definition Microsoft wouldn't actually qualify as a "US company" anyway.
Simply put, I do not want MY tax dollars going towards development of software licensed under the GPL. If my tax dollars fund development that goes into the public domain, fine. If my tax dollars fund development that gets licensed under the GPL, NOT FINE.
So you'd be happy to pay more taxes to compensate for the inability of government to modify GPL software in any way. You'd prefer if instead they either wrote from scratch (and released as public domain) or paid for proprietary software, either of which are likely to cost a lot more tax dollers than taking some GPL code, modifying it a bit then complying with both the rules requiring the publically funded work be made public and the GPL...
When it comes to spending public money there are usually rules about not squandering the money. Not allowing government departments to modify GPL software (which is effectivly what a "government may not release GPL software" type rule does, since, unlike private individuals and corporations, they are obliged to publish any modifications made) means that they can have to spend considerably more money, with no apparent benefit to anyone, except possibly a few corporations who didn't contribute their fair share of tax dollers in the first place.
These licenses are public-minded in the sense that they are specifically authored to ensure long-term free public access to the code -- the source [GPL] or the binaries derived therefrom [BSD], put simply -- and they do not discriminate against any individual or organization, nor do they restrict freedoms such as of speech once any such entity accepts the terms of these licenses. It is precisely this sort of public-minded, freedom-oriented licensing that Microsoft finds frightening,
When did "to further progress of science and the useful arts" become "to further the profits of big business" anyway?
because it cannot conceive of a future in which its business model, of selling closed software under licenses that stifle speech to people who think Software Is Magical And Thus Requires Great Expenditures By Huge Corporations,
To the vast majority of companies software is infrastructure. Even people who may think having clean water piped through out a building, electricity, high speed LANs, telephones, etc are "magical" generally understand that to get these sort of things sorted you can either employ people who know about them or get an external contractor in. No-one in their right mind would chase half way across a continent (or even the planet) to get a magic plumbing kit or a magic cabling kit or even a magic building kit. But somehow Microsoft has managed to sell the idea of a magic software kit, an off the shelf product which will cover all your companies needs without needing to employ an expert to set it up. Maybe because software is newer than buildings, plumbing, etc and there is no real material cost involved in deploying it.
but I think that it is important that properietary software vendors don't have to jump through a bunch of hoops in order to use the results of government sponsored software research.
It isn't the job of government to ensure any business models work and never break. Why shoudl proprietary software vendors get special treatment?
Your point is germaine. It's not the job of government to select business models. Picking GPL is a selection; one that specifically excludes certain models. Hence my original comment that public domain is more appropriate; or more open licenses (like the essentially unrestricted BSD, Apache, and similar licenses).
C//
Picking GPL is a selection; one that specifically excludes certain models.
It's an implicit choice, since they started with GPL material and obeyed the licence. N.B. none of the actual copyright holders are complaining about this.
That is exactly my point as well as that of the original poster. Proprietary software vendors should not get special treatment and neither should open source projects. In my opinion the GPL would amount to special treatment of open source efforts.
Proprietary software vendors are PSVs out of their own choice. No third party went to them and said "you are a PSV, you will always and forever be a PSV". Should corporations be protected form possible negative consequences of their own actions?
Given that you have some software that was funded by the government what should be done with it? In my opinion you want to maximize that value of the software to the people who paid for it, i.e. the people of the country.
By this criteria Microsoft probably shouldn't be considered part of the people who paid for it in the first place.
My opinion is that the best way to maximize the benefits for the people is to choose a license that maximizes use while also ensuring interoperability and thus competition.
If the US government cannot release GPL code then the only way they could make use of GPL code is to use the programs unmodified. This potentially places a huge and expensive restriction on the US government. Where they could have taken a GPL program and modified it a bit they now have to either develop from scratch or buy from a PSV.
The GPL does not maximize use while the public domain does nothing to ensure interoperability.
So maybe you;d need something else for software originated by the US government. The thing is that the issue is more about the US government creating derived works under licence. You'd also need to ensure that they are not restrained from modifying someone elses code, where the copyright holder is perfectly happy for them to do so. Otherwise this would be restricting the interests of the directly involved parties, the US Government and the GPL copyright holder, in order to satisfy some third party PSV.
But this is the thing. Government employees should not be in the business of giving up their intellectual property rights to private organizations. Why? "Their" intellectual property rights are actually _ours_.
C//
the constitution and the bill of rights do not delineate the only specific rights that you have- they are merely a list of rights that the founders felt needed to be enumerated for clarity. you are given the right to more or less EVERYTHING barring items that conflict with existing laws (and even that is arguable- you can claim, for example, that the DMCA and other 'corporate laws' violate many rights.)
don't assume you are only given what is listed- that's not how it was intended, and now how you should perceive it.
EOM