Slashdot Mirror
Software Choice Group Tells DOD Not to Use Open Source
ducomputergeek writes "A group calling themselves the Initiative for Software Choice, backed by Microsoft and others, is recommending that the DOD drop plans for further adoption of Open Source software. This comes after MITRE, a defense contractor, published a report stating that not only does the Department of Defense use opensource, but is recommend on using it more. The article is at News.com and you can read it here."
Strange, this is one of the companies behind it, and they do linux...
Mark
This would be the Henry Ford definition of choice then? "You can choose any supplier you like, so long as it's us."
This is my World Wide Web of Whatever
"Not inherently less secure" is a strange way of advocating your position. Double-negatives like this usually betray a defensive mind set. Why didn't they have the conviction to say "we're *more* secure"?
Ryan T. Sammartino
"Ancora imparo"
A group calling themselves the Initiative for Software Choice, backed by Microsoft and others, is recommending that the DOD drop plans for further adoption of Open Source software.
That's kind of a contradiction in terms isn't it? Initiative for Software Choice recommending that we drop open source software.
Well I'm sure the DoD remember their dead microsoft NT sub. The radar which doesn't work etc. The missing nukes because of SQL server? Microsofts admission and then retraction.. it is all documented out there..
A quick search of slashdot digs up this:
navy unhappy with microsoft
Even the average man in the street thinks of windows as less secure. I can't believe something like this would really fool people...
Indeed it does. The beauty of this is that every time a piece of FUD like this arrives, it adds mindshare of OpenSource to the equation.
It's like the old Monty Python sketch when in the cockpit of a plane John Cleese takes the microphone and informs the passenger that "There is no cause for alarm". When asked why he did that claiming the passengers now have to ponder "What is there no cause for alarm For!
This junk by MS almost ensures an invite for OpenSource to the party.
Help fight continental drift.
My employer just bought a $50K software package from a vendor that's turning out from the onset of the project to be an adversarial relationship with that vendor, but the contract is already signed and we're stuck with them for 5 years. The vendor has distributed to us a cdrom with their label on it, that contains some third-party commercial software that I betcha they don't have the rights to re-distribute in such a manner. The third party product has a couple of GNU binaries included in it. I opened them with "strings" and a hex editor and sure enuff, they're the real thing, complete with GNU copyright notice, etc. There are absolutely zero copies of the GPL text on the disk, or provided on hardcopy, and there is no mention whatsoever that GPL code is used as a component in the product(s) and I'd betcha if you asked, the vendor(s) will deny that they've used any. There is also no sourcecode whatsoever for *any* binaries on the disk, nor is there any available for download anywhere.
I want to blow the whistle on these people really badly, just for matter of principle, and also because of a bit of revenge towards an arrogant vendor who doesn't understand the "customer is always right" principle and who has lied to us on numerous occasions and repeatedly refuses to follow our instructions and many of the terms of the contract. I think I'm going to wait until the project is complete and the system is in full production use before suddenly discovering this GPL license breach and blowing the whistle to the FSF. I think it will hurt the evil vendor the most then. Anyone have any further comments or advice here?
Oh I totally agree. I'm all for OSS getting an equal share of the limelight with others, even Microsoft. Personally I think on an even playing field, OSS has way more pros than cons as opposed to more proprietary solutions. However the OSS community also has to realize that all they can do is showcase themselves as best they can. If an individual/company/organization/whatever decides they want Microsoft products (as an example) then that's their decision. Hopefully they've made an informed one, but if they have then they've chosen what's best for them. OSS shouldn't take that as a slap to the face, they don't have to win EVERY battle.
"I'm a leaf on the wind. Watch how I soar."
-Hoban Washburn
The first thing it told me was, "You can introduce hostile code into your network by opening an E-Mail" and therefore intructs you not to open E-Mail from anyone you don't know. They go on to say that you can also compromise the company's security by reading your Yahoo or Hotmail mail at work. Later in the course it instructs you to keep your system up to date by installing the latest Microsoft security patches, which is ironic because a co-worker just trashed his system by installing a Microsoft security patch and is looking at 3 days downtime while the technicians reinstall the OS (Technicians have an 8 hour response time and due to the holiday they were pretty close to that time. They took his computer away but they won't be able to deliver it on Friday because no one's going to be there.)
Great. So we know we have a problem but instead of taking steps to solve the underlying problem, we're just going to tell everyone in the company to modify their behavior because if they don't, the company's network and billions of dollars of assets will be compromised. Does anyone else see a problem with this?
Frankly, with the company's assets at stake, it would be a damn good idea to roll your own client code just so you can audit the source code. I did some auditing with Data General for a while and they had it right. Every auditing test was extremely well documented and available on the network, along with the automated code generated to test each function (In the C Library in this case.) But if rolling your own clients makes sense, you could save yourself a lot of time and money by grabbing open source projects for the applicaitons you need and feeding those to your audit and programming teams. You save some money and the open source community gets free high quality auditing of their source code and any additional features you decide to add to it. Everyone wins.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
--note: I have zero way to tell and zero insider knowledge of what intel might or might not do.
,please, think of the childrenz" or some such new law probably coming to a nation near you soon.
With that said, I would bet that if push came to shove, intel would fall on the side of millions of cpu chips to desktops (trusted and see-cure microsoft yada yada) instead of thousands to servers (terrible open source linux that any al queda teenager can hack open in 2 minutes yada yada). Public perception and marketing and outright lying and word twisting and propogandaizing will prevail in the short term. Not long term but the short term. The pushing and shoving being mandated "by law" with snoopervision hard coded into the chip itself, probably to "fight software and music and movie piracy and to help stop terrorism and them e-vile hackerz
Really, just guessing though. Microsoft's alleged "punishment" was too wussy, I am guessing there's a sub tosa deal in place now between the government and microsoft, there will be a slew of trojans hidden in their software and only a matter of time before they are inside the chips. The government has stated quite clearly that their goal is TOTAL surveillance, I mean, how many more clues are needed now? Intel will play ball with this if they are forced to choose. So will AMD probably as well, and it never has to be made public, at least past the plausable deniability level.
Open source software, the way it is marketed is perfect for DoD work simply because the software itself is tweakable. The IT people in govement departmenrs have a large degree of control over how software is used should they choose open source; they are not as reliant on MS's vision of how their software is used, nor should they be.
Should open source be required? I used to say yes, but then I realize, that is not choice. So of course no, but then neither should closed source be. It all comes down to what it will do for you. On one hand you get a product that MS does not warrent for any particular purpose, nor allow themselves to be held liable for any such use, versus a software product that does the same thing but at least allows the purchaser to to alter the code to suit their own preference, but retaining the decision as to whether to distribute it, under some liberal conditions.
Dawn of the Dead
OSS should threaten Intels position. If you have the source, you can recompile it for a different architecture, if you've got the binary, then you're stuck with whatever it's compiled from.
<quote> "Because of politics, some things are being forced on us that without political pressure we might not do, like Windows NT," Redman said. "If it were up to me I probably would not have used Windows NT in this particular application. If we used Unix, we would have a system that has less of a tendency to go down." </quote>
I know of one lab which is planning to move to linux systems + get a linux cluster....and only use MS when reports need to go out to people who only use MS...for what we do, Windows can't handle it...
Claims that the GPL will affect government usage of software have zero basis in reality.
1) If the Government wants to modify GPL software for internal usage they are free to do so. As long as they do not distribute outside of the government they are clearly within the GPL.
2) The Government is GPL proof. If the Government wants to declare that they are void from the provisions of the GPL they have any number of options for avoiding the provisions.
a) claim national security
b) claim national provenince and take ownership
c) change copyright law
The real claims of the movement are that it will cut into proprietary software houses right to earn a buck. This are also useless claims based on continued extortion of government dollars. These companies wish to continue taking excessive amounts of money from the government.
The government should own the software it uses. Would you be happy if all the tanks owned by the government were actually owned by Laidlaw and were supplied to the government on contract? A contract that could be cancelled at any time. That software controlling the battleship-sub-airplane-tank is owned by Microsoft. Microsoft reserves the right to disable it at any time should the government not keep it happy. (See why other governments are moving away from Microsoft)
Also if the government has the code all contractors are on an equal starting point. This presents the most competition into the contracting and supply route and will get the government the best price.
The only way to do this is to make it that the government will have the rights to the source code for all software used in any government project. The GPL achieves this. All contracts the govenment puts out for supply and services of computing contracts should require that the source code be supplied with all rights to modify to the government.
Bruce
Bruce Perens.
As we have seen with Microsoft's efforts to complicate other formats, the best way of wnsuring this is to demand source code. If Microsoft doesn't like it, well there is always OSS.
See my journal, I write things there
What they say is that closed source is not inherently less secure than open source. They are kind of arguing that its a tie. In reality this undersells the commercial world.
For example every security class A operating system for example is commercial (and presumably closed source). No open source has even gone for a high security certification though the NSA was going to build a high security version of Linux before they got stopped (nowhere near class A though). The issue though is that while there are excellent closed source secure systems Microsoft doesn't make any of them; vendors like IBM (with Z-OS) do.
However Palladium will move MSFT towards a capability system and these are substantially more secure (in practice) than systems based on file permissions (like Unixes). I wouldn't be so sure this is a permanent win for Linux rather than a short term victory based on:
a) Microsoft's poor execution on security
b) Services running with excessively high permissions
c) Security not being a focus of the company until recently.
Of course they'll fight it. They want the benjamins from the DoD coffers!
:P
I don't expect them to fight this battle as hard as others though. Why? Open source would be fine with them - if it was required to adhere to the BSD-style of open source.
Frankly, I'm in the middleground. I'll fight to the bitter end to prevent the GPL from breaching the government in most cases. Why? The GPL does not stand for freedom.
I am a taxpayer. Most programmers are. So are corporations. In the case of specially-developed software paid for with my tax money, I expect the license to be a BSD variant. I want free and unlimited use. No restrictions, other than proper credit, which is arguably an ethically right thing to do.
I wouldn't care if Microsoft or Sun or Apple could then take that code and use it for profit - I'd be able to, too. I'm a tax payer, so are they. Anyone who pays taxes should have unlimited use of the code.
And, for the love of Bob, I'd pray that if the DoD considers any sort of open source licensing, they have legal attack dogs go over the license with ten fine toothed combs. The last thing we need is some jackass managing to snag targetting programs for ICBM's.
For a simple analogy, ask yourself: all things being equal, who do you trust more: the used car salesman making a pitch (Microsoft) or the common views of a dozen of his ex-customers (other open source users)?
Also, this isn't like the Coke-vs.-Pepsi debate--two more-or-less equivalent products, where one can debate endlessly which one is better. Open source and closed source software are profoundly different development models. I think open source really is better for most users, in a clearcut economic sense. I have concluded that, in contrast to many economic arguments for open source, Microsoft's arguments are mostly logically and economically unsound. You may reach different conclusions, but the point is that this is something one can think about and determine the truth of logically. Therefore, it is not a question of advocacy and bias but putting forward logical arguments and empirical proof.
But wouldn't it be even better if FAA (no idea what it is, but it probably has something to do with airplanes and america (Flying Assosicaition of America?)) developed an in-house system with good auditing AND make it open source? The more eyes, the better.
You could argue that if the source is open, a nasty cracker (133t, is that it?) might stumble upon a security hole (3xp101t?) and take advantage of it. But it wouldn't take long before the rest of the 'net (or whatever the fora) knew it as well, and some smart people at FAA would at that time probably pick up the information, and have patches from the community waiting for in-house auditing. It's a better scenario than if a cracker found a security hole (3XpL0itz?) in a closed source, and nobody would know but the cracker. Your airplane goes down just like the servers..
I dunno if this is my honest opinion. I'm just asking, trying to establish a position. If I'm wrong, enlighten me!
Also they dont want the govt to fund or participate in any OSS projects, particularly GPL stuff, as it prevents their 'right' to profit from the developments. Heh. NSA Linux is one case in point...the TIA program will probably have to build the US police state on freebsd instead.
I actually think their argument about OSS code not necessarily being more secure is valid, an OSS project can have security bugs introduced as features, and often they get found by external black box attacks rather than source code walk throughs. But OSS projects can roll out fixes faster, which meant if had a widespread and secure update mechanism we could get those fixes out the door faster too. Compare that to win2K which is still available in the shops in 'Code Red Ready' form.
Not true, intel has a stake in microsoft that is alot greater than their stake in open source. They have a heavy market dominance, and alot of other ties so it's not a buisness killer for them if microsoft bit the dust tomorrow... but this is just a lead. If linux took over the desktop then for the most part there would be very little binding users to intel architecture in general. New architectures would be developed and adopted quickly by linux where the hardware manufacturers who make them could do the porting themselves if need be. This would be a substantial blow to the x86 architecture which intel is married to, and would also send a statement to the world that intel's design wasn't god and as soon as people had a choice, they chose something else.
RedHat, SuSe, etc are all commercial entities.
Karma: Food Fight (Mostly affected by Date Plate).