Slashdot Mirror
Author of Paper Critical of Microsoft is Fired
chongo writes "Daniel E. Geer Jr., one of the primary authors of a
report
Reliance
On MS A Danger To National Security,
was fired from @stake Thursday morning.
@stake said that 'The values an opinions of the
report
are not in line with @stake's views' and that Geer's
participation was 'not sanctioned.'
Microsoft, who has worked closely with @stake
in the past, denied that it was involved in @stake's
decision to fire Dan." There might not be anything fishy going on at all, but that's no reason to stop making perfectly good conspiracy theories.
With a high paying open source company... oh wait, it's 2003, not 1998.
Can I have his job? I can write well, and I can be non-critical of Microsoft software.
For instance, they have made great strides in improving Calculator and Notepad in recent versions of Windows.
As you see the corporate world is just as powerful as government so watch what you say! Bill's still your boss! Oh and George Bush is your master if you arent wealthy.
If you use Linux, please help development of Autopac
BAN @stake or burn what ever your fancy ! errr what does @stake do neways before i go baning theam :)
Human being opposed to Micro$oft gestapo forced to leave the United States.
Did he do this on his own, or as an @stake employee? I find it rather disturbing that a company can fire you for something you do of your own accord. What's next, are companies who like to suck up to MS gonna fire you for developing a linux program?
Am I just being naiive, or does this bother other people too?
if(!cool) exit(-1);
If someone denies something- they did it.
If they didn't do it they're more likely to say "WTF are you talking about, you madman?!"
graspee
I bet it was... the Time Terrorists*!
*Time Terrorists also responisble for the destruction of the Titanic, the Hindenburg, and the creation of SCO.http://mediagoblin.org/
Looks like there was more "@stake" than he expected =p
(waits for groans)
The anti-Microsoft monoculture seems to be a danger to job security.
Try talking bad about Linux on Slashdot and I bet you'll get banned from this place. Be pro Microsoft or anti Apple and people will want to burn you like a witch from Salem!
If you use Linux, please help development of Autopac
"Linux would be just as insecure, we swear!"- @stake.
Is there anything better than clicking through Microsoft ads on Slashdot?
OK, if you need to mention a company's gimmicky, non-alphabetical name once, so be it. But all those @s are giving me a headache in a brain region I haven't had to use since we had that run of :CueCat stories.
The scary thing is that you could use 4tst4k3 repeatedly and I wouldn't blink at it. 47s74k3 would require some effort...
What I'm listening to now on Pandora...
I'm tired of people hashing out their stupid little pet peeves on the basis of 'national security'. Its inane and tiresome to hear people trump up the 'unassailable argument'. Oh now we can't challenge you because if we do we're rooting for terrorists.
Such sore loosers, sheesh.
dont these places have editors? surely, a story that would have gotten someone fired wouldnt get approved.
That sucks, I guess you can not say anything anymore without risking being fired. Especially since the writers of that document say that they dont speak for their companies. There goes free-speech. Cheers, atarola
For every complex problem there is an answer that is clear, simple, and wrong. --H L Mencken
I read the article. I wonder if my job is at stake too! How far do the hands of Microsoft reach?
Magic Eight Ball: Outlook not so good., Hmmm, how about Excel and Word?
And, in other news, in an SEC filing, Microsoft has disclosed a cash "gift" to a company called @stake.
Said Microsoft spokesman: "It's a voluntary contribution, with much at stake. ".
I have no problem with your religion until you decide it's reason to deprive others of the truth.
may be he was just "temporarily" fired until the dust settles and Microsoft forgets about the whole thing... and then he'd be rehired... that's what i would do if i were a company and i were terrified of Microsoft...
Its just *us* and *them*! Mel Gibson was right! Dear God no, I thought that was a movie! Time to start boobie trapping the house!
While the firing was unecessary and I don't agreee with it in the slightest. (How can your participation be 'unauthorized'?), it's the editorial tagline that really irks me.
You, slashdot editor, member of the press, are actually encouraging and suggesting that false and misleading information be interpolated from a small number of facts. Sure, a healthy skepticism and more investigation is required to determine why he was fired but i think an editorial remark with a message consisting of:
"This isn't really big news, but if we pretend like all sorts of mysterious things are happening that we don't know about, it will be."
Those sorts of things happen on their own more than enough as is; encouraging it is just unecessary.
-Ryan
AUWYHSTOT (Acronyms are Useless When You Have to Spell Them Out Too)
I guess that's where the phrase, "power corrupts" comes from, eh?
Read the EFF's Fair Use FAQ
Seriously though, that movie is full of great quotes...who remembers the Supreme Being saying "I am the supreme being, I am not entirely dim"? And Evil talking about God:
Evil: God is not interested in technology... He knows nothing of the potential of the micro-chip or the silicon revolution. He's obsessed with making the grass grow and getting rainbows right... Look at what he spends his time on. 43 species of parrot! Nipples for men!
-Cyc
/.'s 10 Millionth
Well actually it was Computing Technology Industry Association, but they are funded by MS. The say "the report is flawed by "myopically looking to technology (i.e., 'bad' software OS) instead of addressing the underlying cause -- human behavior -- for cyber breaches." "
So basically if humans just would stop being mean or stupid, there wouldn't be any problems.
Isn't that sort of like blaming plane crashes on gravity? I mean, human nature is what it is. There will be virus writers, there will be people who don't always install the patches right away.
What are they suggesting, that we try to change human nature? Genetically engineer better humans? How about they take human nature as a given (like gravity to an aeronautical engineer), and then fix the damn product?
What an ass-retarded thing to say. And what the hell does George Bush have to do with this story? Fuck off, HanzoSan.
Before releasing a scathing report about a megacorporation.
Especially one that has a noticable business arangement with your employer.
Make sure that all of your upper management have their tin foil hats firmly in place.
Alternatively publish your story under an alias.
Try Anonymous Coward.
134340: I am not a number. I am a free planet!
Dan Geer was one of the few, if not the only, old school information security professional at @Stake. This canning, apparently for calling a spade a spade, combined with persistent rumours of mental health issues with one of their other prominent principals make me wonder if they are gonna circle the bowl to the left or to the right as they go down the hole.....
... Another moron that doesn't realize that if he bites the hand that feeds him, maybe, just maybe, it will bite back. Good riddance.
"We are all in the gutter, but some of us are looking at the stars." - Oscar Wilde
I read that as "Author of Paper Clip of Microsoft is Fired". It sounded much more exciting.
in the report. It doesn't state that "@Stake reports... blah blah" It states that "A leading panel of experts" who happened to be headed by a guy that worked at @Stake - released the report.
Personally I think Dan Greer should sue @Stake for invalid dismisal based upon personal opinions he expressed while not on company time.
Didn't @stake used to be the guys who made all the L0pht script kiddie tools? How the tables have turned...
Thanks to Google's cache, this is Dr. Geer's bio from @stake. I had the opportunity to hear him speak once, and he sounded about as brilliant as the following description would make you think:
Daniel E. Geer, Jr., Sc.D.
Chief Technology Officer
Daniel E. Geer, Jr., Sc.D. oversees the strategy and direction of @stake's approach to digital security. Over the last thirty years, Dr. Geer has led the application of technology in medical computing, distributed systems management, electronic commerce, and digital security. After fifteen years in the Harvard medical establishment, he variously served in senior leadership roles for MIT's groundbreaking Project Athena, Digital Equipment Corporation's External Research Program, Open Market, OpenVision Technologies (now Veritas), CertCo, and now @stake. His security consulting firm, Geer Zolot, was the first of its kind.
An expert in modern security protocols and business metrics, Dr. Geer has been called upon to testify before Congress on multiple occasions. Dr. Geer speaks and publishes regularly on a range of issues in digital security; his November 1998 speech, "Risk Management is Where the Money Is," has been widely quoted, warranting both reprint as a special issue of the RISKS Digest and prompting editorial comment in Wired Magazine. His bibliography is deep and continuing, and with Avi Rubin and Marcus Ranum, he is co-author of The Web Security Sourcebook.
He holds a Sc.D. in Biostatistics from Harvard University's School of Public Health as well as an S.B. in Electrical Engineering and Computer Science from MIT. His professional involvement includes a decade of leadership within USENIX, the advanced computing systems association, of which he is past president. He today serves as an advisor to the board of the Financial Services Information Sharing & Analysis Center (FS/ISAC) under the auspices of the US Dept. of the Treasury, as well as similar fiduciary and non-fiduciary roles for a select number of promising startups.
-- Brian T. Sniffen
Gotta love those @stake guys. Here's a relevant quote from their website:
"@stake has assembled the best minds in digital security to help you understand and mitigate the security risks inherent in your business model, so that you can maximize the opportunity in front of you. We help you make the hard decisions about what matters most in your business, so that your security investment has the greatest impact. We work in the space where your business and technology meet, because we believe that this is where security is most powerful."
Talk about blowing it out both ends. You can read their ethical and guiding principles as well.
This is what l0pht has turned into?
Remember Al Franken's book? He was sued because off his play on the FOX news slogan.
While this isn't quite the same, one can hope it might bring some publicity because this guy was fired for critizing Microsoft. It'll be like "Remember that guy who got fired for critizing Microsoft?" "Yeah, of course I remember him. Microsoft's big and dangerous, and something really has to be done about them."
I'm crossing my fingers here.
The report itself stated quite clearly in several places that Dr Geer was the Chief Technical Officer of @Stake.
I can't find a disclaimer anywhere in the report saying that he wasn't representing @Stake, and yet he used it to back up his authoritarian position, and intentional or not it appear that he was speaking on behalf of the company he worked for.
Perhaps more details will emerge about what actually went on, but it does seem quite irresponsible to make it appear that you're speaking on behalf of a company if you're not... if that's what happened.
what has the world come to when the Black hats become pawns of Gates and company...
Well slashdot is certainly the place for conspiracy theories.
Dawn of the Dead
If you sign an employment agreement, you'd better stick to it.
In particular, you shouldn't publish a paper without running it by corporate communications first. You especially shouldn't publish a paper that might be critical of a partner or customer without doing this. You know why? Exactly. You get fired. For violating your employment agreement. If you don't agree with the things that you signed, you shouldn't have signed them. Hell, even if you have permission to publish the paper, you might want to think twice about publishing a paper which is critical of a rather large customer.
When I worked at AOL, I tried to get some of the execs to realize that some of the employees could be a powerful force in the technical community to raise the image of the company. Just the ability to explain some of the things that weren't confidential, correct some of the misconceptions. It wouldn't be a magical transformation, but it would be an effort. And actually joining the community would be a big step. Peer review and PR oversight could both be used to help make sure that more incorrect information didn't go out, or that the wrong things didn't go out.
Noone wanted to talk about it. My assumption is that noone I got to wanted to rock the boat, and noone responsible trusted the employees. It's too bad really. But even with something like that in place, this type of paper would never pass muster. Not through a peer review, and not through PR. You just don't criticize a large customer. Especially a customer with as much money as Microsoft.
-Todd
"The details of my life are quite inconsequential..."
This really is something Greer should have seen coming. He published a highly critical, highly-publicized report bashing his consulting company's biggest client. Whether it is true or not is irrelevant; that the client was Microsoft is irrelevant -- replace "MS" with "Sun" or "Oracle" or any other company you like, and I bet his higher-ups still wouldn't be happy about it. You may not like who you work for, but it's not a good idea to bite the hand that feeds you.
The bold print giveth, and the fine print taketh away
The guy's opinion was very obviously true to most of us. Is there any way that @Stake is not a joke now? There are two sides to everything. Someone, please explain the other side of this one. I don't get it.
The l0pht was mostly cult of the Dead cow people
No, no name here. what am i, stupid?
There is no America. There is no democracy. There is only IBM and AT&T and DuPont, Dow, General Electric, and Exxon
Just so everybody knows:
This is the same @stake that was formed from the l0pht heavy industries (www.l0pht.com) of old. Says itsecurity.com's Computer Security Dictionary of l0pht:
L0pht Heavy Industries
"A Boston-based group of hackers interested in free information distribution, finding alternatives to the Internet and testing the security of various products. Their web site houses the archives of the Whacked Mac Archives, Black Crawling Systems, Dr. Who's Radiophone, the Cult of the Dead Cow, and others. Current membership includes Mudge, Space Rogue, Brian Oblivion, Kingpin, Weld Pond, Tan, Stefan von Neumann and Megan A. Haquer. They can be reached at info@l0pht.com and maintain a web site at http://www.l0pht.com."
Hacker's Encyclopedia, by Logik Bomb (FOA), http://www.xmission.com/~ryder/hack.html, (1997- Revised Second Edition)
I wonder if good old mudge still works there? It's amazing what a little money'll do, eh?
Most places have editors - but to an extent, writers are given the right to publish what they want.
The reason being, if you write something for say, the Times, it will be printed millions of times - the cost of that involved is a lot, so there are many safeguards in check to prevent unauthorized publications. To upload something to the Internet, requires far less effort, therefore, fewer safegaps and stopguards are in place. If it took several million dollars to publish a paper in the web... you bet there would be good editors and whatnot.
Simply a matter of dollars and cents. However, if the paper had gotten less publication, he would have still had a job.
There is always a frontier where there is an open and willing mind
Too bad we can't ban him like he says is possible.
IMHO, firing such a senior guy in this fashion is usually done only when your cojones are in a vice being tightened at a rapid pace...
Greetings, serf! Welcome to 21st century feudalism. Remember these simple rules:
We look forward to several decades of exploiting you. Thank you.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
I was watching a US House of Reps "Worms and cyber security" subcommmitee on C-SPAN the other day. Testifying before the Congressmen were the following - Microsoft Corp senior security strategist Philip Reitinger, VeriSign VP Kenneth Silva, Lawrence Hale, director of the Federal Computer Incident Response Center, Christoper Wysopal consultant for @stake Inc, some other Russian security consultant, and a few other random folks.
The chairman of the committee asked the Verisign PHB and the two consultants if there were any security benefits in running open-source software, and which was more secure, open or closed. I almost shat myself. Here was the perfect opportunity to hear some glowing reviews of open source. Instead the two consultants, who seemed decently knowledgeable, and long winded on all other issues merely said that there are flaws in all types of software, and they would "guess" that the frequency of security flaws were the same as for closed source. Although the guy from @stake did mention that the theory behind open source security was that "the more eyes, the better", he also countered it with noting that most users of open source wouldn't be able to fix the code when a vulnerability was found.
That was it. No detailed explanation about anything. Just a brush off that was not quite as long as their testimony on why ipv6 wouldn't offer any extra security over ipv4. Luckily the Verisign bastard was there to add his two cents. To paraphrase him - "I would agree with their, (the consultants) testimony, but I would like to add that often the people who write open source software are not professionals". Then he took another shot mentioning "that often worms affect open-source software too". Often... I wonder what he considers "often". How can he even trot out the word "often" to describe the frequency of worms that affect open-source software when there are millions of Windows boxes that are constantly being hit by worms. He then added - "We must resist the temptation to demonize software vendors and other members of the network community. The finger pointing is often misplaced and in most cases does more harm than good." It was quite the interesting hearing, and gives me a bit of insight into what kind of info our Government is getting about open source.
Anti-social? My code is just platform-specific.
As many, many researchers know, this is why so much commercial research is flawed - there are too many strong influences out there that taint the data.
This is the first overt firing that I've heard of in the IT industry, but I'm sure there have been thousands that we just never heard of.
Just think of those poor researchers at the cigarette companies - you know, the ones where if you found that there was a link between cigarettes and cancer, well, you must be fired.
Or the researchers for pharmacuticals... where if you find that drug X doesn't help cure Y, then you shouldn't expect any grant money next year. Yeah, not fired, but certainly the same net result.
The fact is that research SHOULD be independent. I don't know or care if this guy's paper was right or wrong. But it should be the research community, not MBAs, who decide the quality of research. Period.
I think that firing this guy due to his research is wrong. It looks like he was fired for financial relationship reasons, not because his study was consistently rejected by the research community. Should his employers be considered biased? As a potential customer, should I trust this company? If they are motivated more by their relationship with microsoft versus upholding the truth, I'll never recommend anyone to do business with them. And it looks like they are, and so I'll make sure they're scratched off the list.
Companies have every right to fire you for things you do outside your job. You represent your employer. If I work as a mechanic and I get convicted of rape, my company can understandably fire me.
Moderation Totals: Flamebait=2, Troll=1, Redundant=1, Insightful=6, Overrated=1, Underrated=1, Total=12. (not mine)
Hopefully /. won't follow suit firing anti-MS writers. Then again, no more duplicates.. hard one.
Marxist evolution is just N generations away!
...that he decided to list his company affiliation in the list of authors. Most companies require any paper that goes external to go through a review and approval process, which would catch any differences in opinion between the author and the entity which that author represents in title.
I personally agree with the paper, too bad @Stake lost such a valuable employee. OS diversity can be a great asset in system security, as it keeps an attacker on their toes. However, administration becomes that much more complicated of course : |
"Sed Quis Custodiet Ipsos Custodes?" -Juvenal
I guess if you criticize Microsoft you get burned @stake :-)
Never attribute to stupidity what can be construed as a monopoly preservation tactic.
Someone just learned the value of a pseudonym.
Interesting. Does that mean that employees should only issue statements in the course of their job responsibilities? Or that job statements must be objective, fact-based and truthful but personal statements can be whatever they want? This latter interpretation seems to conflict with their action.
I don't think Dan Geer will have trouble finding a new job. However, it is an interesting reflection of what @Stake has become. Look at their management team. Looks awfully VC to me.
unless all of us do something about it. As long as Bush is in office, you can continue to kiss your god-given freedoms goodbye. But aren't you just engaging in hyperbole, you say? Hmm, well, lessee, put all the reports about stuff like this on one side of the scales, and all the (one, two?) reports about the government protecting our freedoms or, , increasing them on the other, and watch it come crashing down.
The freedom to speak, to publish, and to create are under the greatest threat they've been since the McCarthy years. Speak up now, or you will be silenced.
Do what you can, with what you have, where you are.
There's a big differnce between an academic and sound treatise, and a politically motivated zealot's rant.
Most people can be terminated at will. Maybe they didn't want a politically motivated basher working for them.
I doubt MS got the guy fired. Why? It would just lead to these conspiracy theories, and it's not like it could stop the guy from writing papers.
He'll probably just do it full time now. He can move in with RMS and Stallman.
I don't need no instructions to know how to rock!!!!
That'll fix their wagon..
The real problem I have with this whole issue is that he did not imply or state in his report that @stake was sanctioning it in any way. The only @stake mention is in his title and his biography. If that can be construed in any way shape or form that @stake somehow approved of the report then someone has to go somewhere in a hand basket.
If terrorising a 12 y/o girl and college students into settlements for sharing 1's and 0's isn't terrorism, then what is?
Oh yeah, I can't get a law rushed on this issue unless I can prove the RIAA is a threat to national security...
You can't judge a book by the way it wears its hair.
Look at the big picture everybody, and take a page from the SCO playbook: keep the soap opera in the news and the issue stays in front of more eyes for a longer period of time. The real issue is that more attention needs to be paid to MS security for everyone's benefit, and this is a way of that happening.
When I was a kid, we only had one Darth.
Leave it to the Mercury News to report with more sordid details.
What caught my eye...
The CCIA trade group also ran into trouble Thursday when it sought to send a paid announcement about its critical Microsoft report to 140,000 subscribers of popular trade magazines for chief security officers and chief information officers.
The publisher for CIO and CSO magazines, CXO Media Inc., offers such announcements ``to target a specific market segment of our audience by designing a list of prospects for direct mail and e-mail purposes.''
But in this case, the subject was too touchy.
``We find it is too sensitive of material to send out. I'm sorry to be the bearer of bad news, but I have to deny your request,'' according to an e-mail from the publisher obtained by The Associated Press.
``We need to try to provide some balance on these issues, and this seemed a little one-sided,'' CXO spokeswoman Karen Fogerty said.
Sheesh! The mags won't even report this story if you pay them!
---
Fight the Power!
There is no America. There is no democracy. There is only IBM and AT&T and DuPont, Dow, General Electric, and Exxon
I love conspiracy theories as much as anyone, but that can be a dangerous route to go, as it is real easy for a situation to be called a "conspiracy theory" and thus trivialized.
It could even (possibly more likely) be more a matter of politics. Perhaps they are running a lot of m$ and whoever made the decision to run that software took the article personally?
Or maybe someone's afraid of scaring away sponsors, customers, etc?
The sad thing is that this sends a (often repeated) message that dissent in the bussiness community (indeed in other communities as well - higher ed [firstamendmentcenter.org], for example isn't as safe as it used to be).
In the immortal words of my main man Frankie H., "Fear is the mid killer".
-h
I guess there was too much @stake to get offside with the Borg.
then what does that make you?
I hate to say it, but if you marry the CCIA position stuff wrapped around the report itself, it sounds like CCIA is advocating for government mandated software regimes!
It's clear that in Agriculture a pure monoculture is a bad thing, but there the government has to step in and tell folks to burn crops. I _don't_ want my company's software crops 'burned' at government insistence. Nor do I want the government telling me that I must not buy BSD because it doesn't fit into their scheme of monoculture at the moment.
So monoculture may be bad in the computer world, but when you actually start talking about a government mandated or enforced or even promoted plan, I get far more nervous than I was from just MS.
It isn't the report's pie-in-the-sky vision of a 1/3 computing world, it's what CCIA, a lobbying group, would DO with that report.
Fear the Bureaucrat!
Thosands of OSS developers went unpaid when the government realsed that the alteristic movement may undermine the US[sic] economy.
thank God the internet isn't a human right.
Lighten up. I think the tagline at the end of the article is just a little bit of healthy irony. At worst, it's nothing more than cutesy, at best it at least reminds people not to take themselved too seriously. The immediate instinct of many Slashdotters upon reading the skimpy facts of this case is to assume that there's something terribly unwholesome going on. At least Slashdot is reminding us to put on our tinfoil hats before we start ranting.
And don't get me started on calling Slashdot "the press"...
If the guy broke the terms of some contract, perhaps it's illegal. But...
"The values and opinions of the report are not in line with @Stake's views."
Does it make those opinions wrong? Are they not useful, regardless of what @Stake's view is? Does this imply that you need to toe the line of the most powerful entities, if not, you will be punished? We've been stuck in 1984 for long time it seems.
"Backups are for wimps. Real men upload their data to an FTP site and have everyone else mirror it." -- Linus Torvalds
1) Insult Microsoft!
2) ???
3) Get fired!
(Surprisingly, this is accurate.)
This happens to be an article on the front page of the Business/Technology section in Friday's Washington Post.
CowboyNeal's writeup, in which he uses the words "not sanctioned," is quoted directly from the article. The Post's paragraph states:
Massachusetts-based AtStakeInc., a computer security firm, said yesterday that chief technology officer Daniel R. Geer is "no longer associated" with the firm. A company statement added that Geer's participation in preparation of the report was not sanctioned by the firm, and that "the values and opinions of the report are not in line with @stake's views."
Please read the goddamn article before shooting the messenger. Thank you.
"Folks just call him Buckethead." -- Les Claypool
No more M$ software on my computer. I can't tell you the last time I ran Office or IE, anyway, esp. since Safari 1.0 came out. BBEdit is all the word processor I need 90% of the time, and for the rest AppleWorks is fine.
Now if only I could get Gentoo onto my girlfriend's VAIO...
Wasn't @stake the security company that grew out of the l0pht? Or am I on crack?
autopr0n is like, down and stuff.
The gratuitious use of "M$," even in your sig, automatically rules out any sort of validity of your opinions.
All businesses are out for $.
"Sufferin' succotash."
Things have changed a bit around their shop since they "turned pro" and stopped being L0pht Heavy Industries.
Guess being security expert puts things in a different light than being a group hackers.
Dpn't let the brooha detract from report itself. It is a very well written and tightly argued document.
My favourite phrase...
The prevalence of security flaw (sic) in Microsoft's product is an effect of monopoly power; it must not become a reinforcer.
There are plenty others. Read it, I'm not surprised MS are upset enough to get this guy removed, it makes such compelling points.
-- Free software on every PC on every desk
"If you sign an employment agreement, you'd better stick to it."
What a load of crap, I bet you supported the south in the american cival war.
If I sign a NDA with a soap manufacture and then descover that there killing native americans to make soap, should I stick to the NDA?
thank God the internet isn't a human right.
Bruce is the founder of Counterpane systems. He also frequently suggests avoiding Microsoft software when ever possible (I'm to lazy to provide a link, go look up his cryptogram newsletter.)
Beside any company that rids them selves of Bruce would have to be truly stupid (he has written several encryption algorithims as well as being the author of Applied Cryptography).
GROAN
You say that as if being a BeOS troll were frowned upon here.
I am all for full disclosure, security, open source, and better design and practices. But @stake and MS are all for money. Let's be honest, we cannot expect them to hire editorial writers to critique their business or clients. The media and /. can do that.
The national security thing is not the real reason. The real reason was the guy was going against his company's agenda. Practically their whole current business plan. If I worked for Walmart as PR (I don't, btw) and I wrote about how huge stores and cheap prices were contributing to the degredation and commercialization of American society, I would be fired.
This guy was a CTO at a security-consulting firm, and he published a paper talking about how insecure one of their client's (probably a big one) software was. Not just any critique (i.e. only technical implications) but a paper making the conclusions that MS software is a threat to national security and the economy. If he had added Iraq in there he would of had a platform for a presidential campaign. This wasn't a phrack article here. It was asking for attention - media attention.
When you ask for media attention and you involve your firm in a negative light, don't expect to keep your job.
btw, good for him.
...that this paper was written by MS's opponents, as claimed by ACT president Jonathan Zuck on sourceforce.com.
It was co-authored by the (now-former) CTO of a security firm that does business with Microsoft. A business partner, one might say.
hmmm...
It's all Hood
I mean, if you're Microsoft, you've got a thick skin toward bad press.
I imagine it was just some chickenshit middle management type over at @stake who wet himself when his little pet security project churned out a ton of anti-microsoft press.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
I saw Geer talking on TechTV yesterday and he totally came across as an overzealous MS basher. I admit I haven't read the report, but in his little blurb he just kept talking about how nobody should ever use the most popular OS out there, and how bad MS is. It was like he thought he was posting on /. and forgot that he had published a report and was being featured on TV.
I'm a firm believer in the philosophy of a ruling class. Especially since I rule. -Randal, Clerks
Microsoft corporation would like to publically state that we had absolutely nothing to do with the termination of Mr. Geer. This action was entirely the choice and responsibility of @stake.
We would also like to take this opportunity to point out the sack of goat's blood splashed across the front door of Mr. Black was a random act of vandalism, and we know nothing about it. Except that it was a random act of vandalism, nothing more. The note in his mailbox threatening his life if he worked on any more papers with similar topics.. that had nothing to do with us either.
And, for the record, we have no knowledge of how or why someone used a laser engraver to etch a Windows Server ad into the side of Mr. Quarterman's car. We also did not kick his puppy in the ribs, breaking three of them because the little bastard got in our way. I mean, in the way of the perpetrator, whoever he may be.
Also, although we sympathize with Mr. Shchneier over his wife's recent permanent paralysis, we -- hold on, that one hasn't happened yet. I mean, uh, that one is, uh... WOW LOOK AT THAT MONKEY!
*ahem*
Live Meeting, formerly PlaceWare Conference Center, is a new service in the Microsoft Office System that enables you to collaborate online with employees, clients, and customers in real time with groups of 2 or more than 2,000. With just a phone and a computer with an Internet connection, you can free yourself from the cost and hassle of business travel. Download a trial today!
"Participation in and release of the report was not sanctioned by @Stake," the security and consulting company said. "The values and opinions of the report are not in line with @Stake's views."
What?! What exactly wasn't true about what was said?
Quote: Daniel Geer "As fast as the world's computing infrastructure is growing, vulnerability to attack is growing faster still"
Quote: Daniel Geer "Microsoft's attempts to tightly integrate myriad applications with its operating system have significantly contributed to excessive complexity and vulnerability. This deterioration of security compounds when nearly all computers rely on a single operating system subject to the same vulnerabilities the world over"
Quote: Ed Black "Microsoft's monopoly threatens consumers in a number of ways, it it's clear it is now also a threat to our security, our safety, and even our national security."
Quote: Bruce Schneier "The problem is that of monoculture. As long as all computers are running the same OS, they're all vulnerable."
If @stake is saying they don't agree with these statements, then their credibility as a security company is seriously in question. It's one thing to say they fired someone for violating professional protocol, it's quite another to terminate them because what they said was incorrect.
Everything said by Geer, Black and Schneier is correct. What does @stake not agree with?
Ruby on Rails Screencast
Microsoft is now even worse than just a monopoly! People and companies are so frightened of even displeasing Microsoft that they will cut their own throats off before saying anything "wrong".
Self-sensorship is mostly present in totalitarian regimes, mind you.
Clearly, we can't assume that Microsoft strong-handed @stake. But I guess that's not the point here, is it?
It doesn't really bother me that this showed up on Slashdot.
But I am a bit annoyed that this was newsworthy for both the Washington Post and News.com. Are we so entertained by conspiracy theorists that we have to breast feed them with fodder like this?
Obviously, he knew full well what he was doing when he signed the report. I find it very believable he also understood what the end result of his actions would be. It seems a huge stretch to believe a man of his experience and background didn't fully understand the position he was placing himself and his employer in by participating in this report. He no doubt had an employment agreement specifically stating "pre-acceptance" of anything he published while while employed by @Stake. He violated the agreement, and they fired him. Not the first to get fired for violation of an employment agreement, certainly won't be the last.
. . . when you tell the truth about Microsoft, your job could be @stake.
bah-dum-bum,
@stake, eeye, and iss have all agreed w/ microsoft not to release details of even potential exploits until the microsoft has had 30 days to "evaluate" them, leaving admins and the public unnecessarily exposed to vulnerabilities. This is completely unacceptable, and contrary to the scientific peer-review process of real science. If you know there's a problem, you speak out, suggest a fix, and hopefully the appropriate parties will be responsible enough to take action. Additionally, others have to be able to VERIFY and REPRODUCE findings, a critical part of *real* research. But microsoft's tactic is to force so-called security "research" companies (who are in it for money, not necessarily for altruistic research or making things more secure) into a lop-sided, biases "standards" NGO, the "Organization for Internet Safety" (OIS), which Microsoft is a member. (read this). What they are proposing is censorship, hiding information until they can find a fix, so that only the hackers will know what's broken. Talk about the fox guarding the hen-house!!!
Additionally, the director of research for @stake, Chris Wysopal, is effectively lobbying congress to give teeth to the OIS, and more power to microsoft and their buddies.
OIS = @stake, BindView, SCO, Foundstone, Guardent, ISS, Microsoft, NAI, Oracle, SGI, Symantec. sounds like the stone cutter's guild to me.
Eeye seems to be left out for obvious reasons, they oppose this secretive "research." Read eeye's Marc Maiffret's (chief hacking officer) thoughts on things to a congressional subcommittee here.
"windows corrupts, microsoft corrupts absolutely."
The biggest trick the devil pulled was letting lawyers become politicians so they can write the laws.
For him to be canned over this report (which is excellent by the way), is awful. Other heavy hitters in infosec also collaborated on this report e.g. Schneier, Becky Bace, and Charles Pfleeger.
It's not so much that @stake doesn't have the right to fire him, but rather that it's a pity that they can't stand up to the truth. Not that corporations are known for their honor anyway. I would not trust a @stake with my business at this point-what's next? MS buying them into using their clearly superior security products?!
I disagree with your first point if only because twice is equivalent to several. Plus the bio itself is what makes it appear that @Stake has something to do with his opinion. Thanks for pointing out that sentance on page three -- I'd missed it completely and I stand corrected. It still seems inadequately informal though
That aside, I still think it looks irresponsible, since his employer obviously has a stake in the response to the report, yet without having asked permission from his employer there's still no clear attempt to distance himself.
The guy got fired for the truth, was he lying? I wrote email to @stake and told them that their credibility was on the line. FWIW I think they are partially owned by Microsoft. Everyone that knows anything knows Microsoft makes the poorest quality software in the world. Strong people have strong opinions, the more passion you have for a subject the more vocal you are about your view.
What will you do? Are you all spineless? Will you write a letter to @stake and tell them how you feel?
Your Average Joe
> I'm tired of people hashing out their stupid little pet peeves on the basis of 'national security'.
in that case I suppose the Terrorists Have Already Won!(tm)
-pyrrho
Its sad that @Stake would be so scared of Microsoft to fire someone for telling the truth.
I'm sure that some other company will be perfectly happy to snatch him right up, partly as a slap in the face to Microsoft and because he can obviously provide some valuable information about the security risks involved with Windows now and in the future.
Maybe even the CCIA might snatch him up? Personally, I think they owe it to him.
Volunteer Mozilla developer, RPI Student.
@stake has demonstrated that nothing, absolutely nothing, will get in the way of satisfying their clients. While this is admirable from a capitalist viewpoint, how much do you trust any information that they disseminate?
Thought so.
Tarring yourself as a Microsoft shill might be good for the bottom line but I doubt @stake's long term viability was helped by this move. Particularly since the point that Mr. Geer was making is patently obvious to anyone with a clue.
I'm sure going to tune out anything they say in the future.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
I can't argue with those points. You're absolutely right. It's just a shame to me that someone who knows a lot about something that affects the security of millions of Americans can't speak out about that threat without being fired by their employer.
It's rare to see a group of people take a stand about something they feel is of more importance than just dollars and cents. These folks are essentially blowing the whistle on something a lot of people have known about for a long time but have been too frightened to say for fear of the wrath of Microsoft.
While I absolutely agree with you that @Stake is just protecting their own interest, their action is proof of how far Microsoft has permeated the fabric of the IT business. Virtually every company in the industry has to be careful about criticizing (or even allowing an employee to criticize) Microsoft, for fear of retribution.
Read the EFF's Fair Use FAQ
First off, "they" wrote it. Each of the contributors listed their position and company with equal emphasis. No representations were made about the "official" positions of the respecitve and multiple companies listed.
Yes, we seem to be living in a world with increasing need to disclaim. In fact, we live in a legal claim/disclaim toxic environment.
If you were to global search-and-replace the company names with the names of universities; and likewise exchange the professional titles with academic ones; this paper would be perfectly kosher.
So now, apparently you can't publish a shcollarly work unless you *don't* have a "real job." How nice.
Remember: The great/golden age of the Arrab Empires collapsed because of one act. They closed their libraries. After that scolarship fell into disrepute. Then learning. Then knowledge. Then "not being an idiot" was against the social norm, and *poof* they lost the initiative.
Let's not repeat that debacle in our age, shall we?
Persons should enjoy the right to freely publish their thoughts and understandings of any issue with greater social ramafications.
Silence == Death... As a slogan it is applicable to far more than the AIDS crisis.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
The 'english' language changes on a daily bases. ,'
Beef, ' Etymology: Middle English, from Old French buef ox, beef, from Latin bov-, bos head of cattle
Date: 14th century', introduced after the french conqured england, cow
tymology: Middle English cou, from Old English cu; akin to Old High German kuo cow, Latin bos head of cattle, Greek bous, Sanskrit go
Date: before 12th century', is the english equivilent.
Next time choose a different language to police, before you judge others Illiterate.
thank God the internet isn't a human right.
())========D
And with skill we will aboid teh laemness filtar!
You lose.
Twats.
i can see if a MS employee would be fired if they wrote a truthf.. err scathing report on the state of ms security. but a SECURITY COMPANY firing a consultant (whether executive of peon) because he writes an opinionated (and most likely highly accurate) report on one of the biggest offenders in the security business?
whats next? (cant think of witty analog... dammit)
When a group of so called 'White Hat Hackers' (I love the marketing term the media and corporations swallow so easy) turn their back on a comrade just to stay 'in line' with corporations that bruttaly spend hundreds of $$$$$ on M$, my only thought is how a crap a human beings can be.
Let's face it, most of Hackers that turned 'Security Advisors/Consultants' made fame from other's work and showed themselves as the ultimate geniuses (no doubt that some of them really are geniuses but not the mayority). At the end they are one more in the burocrat pile, no wonder why Rain Forrest Puppy (My respects to him) stepped back. Is really funny how all this security advisors solve or hide the outside/inside hacks within the corporations just to keep their juicy contracts and keep all the shit and proofs away. Oh boy, I still laugh out loud with the fluffy bunny hack at securityfocus.com.
Well guys is every man for himself, at the end you decide to be in peace wih your conscience (if you still have it) doing the right thing or not.
Peace....
... but *you* just contributed two more!
Would you prefer that we start writing and pronouncing it, "circa-stake?"
They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
Ben
Does slashdot have a who's who page, or a time line hidden somewhere?
nuff said - fucking ingrate corporate types!!!!!!
Yah, BeOS trolls are rare and prized.
@Stake on the other hand...
This is probably going to be a bit of a nightmare for them. The firing is starting to generate a lot of attention in the press. People who may or may not have heard of @Stake before this are now going to remember them as "the company that fired a guy for dissing the security of using all Microsoft."
I for one wouldn't want to hire a company whose line of business is other people's security but who fired a guy for pointing out obvious and factual problems with the security of a major software vendor. It speaks volumes to whose interests they are going to represent if I were ever their client.
It wouldn't be mine -- it would be their own and any bigger client whose interests might run contrary to mine.
Quoth he
"It's all academic anyway..."
Author of Paper Clip of Microsoft is Fired
Too bad, I hate clippy!
:P
DO NOT WRITE IN THIS SPACE
okChoose one: your politics, or your job.
That's life.
You write that as if Geer (or the parent poster) is complaining, or wanted it both ways, but we have no comment from him, and the parent post didn't seem to indicate that he should have it both ways, either.
Perhaps he felt his politics were more important, and he's just fine with being fired, and expected it all along. Why would he want to work for a security company that would fire him for criticising Microsoft's patently terrible security record?
He's certainly had a successful career before @stake, and may indeed continue to have one, either with another company or as a consultant to clients who value the integrity they may think he has displayed.
...as opposed to an overused perjorative. An except from http://www.disinfopedia.org/wiki.phtml?title=Consp iracy (watch out for the extra space in 'Conspiracy').
"Often, what are commonly called "conspiracy theories" are employed by people who would like to believe some conclusion but have little if any evidence for it. They therefore refer to a supposed conspiracy to justify both their conclusion and the fact that they cannot support it with evidence which, naturally, the conspirators are actively concealing. Such theories cannot be falsified; a conspiracy theorist takes lack of evidence for their theory, or even evidence that directly contradicts their theory, to mean that an extremely powerful conspiracy has either suppressed or fabricated the evidence in question."
I'm tired of seeing the label "conspiracy theory" invoked as a magical incantation to stop rational arguments before they even start...
This reeks as a typical example of a "kill the messenger" type of thing.
Companies reading the 'offending' piece should wonder whether it represents perhaps more truth than MS is willing to let out.
So in essence, this little hint of anger in MS's behaviour towards such a tiny piece of work and one of the persons who wrote it, should give us a good idea that it is starting to get a little hot under their feet..
I don't think anyone will read this message. I just wanted to say something to @stake.
1. You have no legal grounds. The work was not yours, but his.
2. What values do you hold? That one "world" operating system is good? the only thing the paper said was that if the government used a variety of platforms rather than a monoculture that it would be less vulnerable. This is a very good sound thesis.
Regardless of what the thesis is, it is a first amendment violation to fire him. Your management should be held to account, and he should be rehired immediately.
ACLU? EFF? EOEC (Equal Opportunity Employment Commission)? Anybody want to take this on?
--Sam Katz
contactthruslashdot@paperlessconscience.com
One day, I'm sure IE will get around to displaying them correctly.
Yes, but... other than roads, sanitation, better medicine and the streets bein' safe at night, what have the Romans ever done for us?
Got time? Spend some of it coding or testing
Why assume that MS had ANYTHING to do with his getting fired - it could've just as easily been some nervous CEO who perceived, rightly or not, that firing this guy would be a better move than keeping him on board.
Think about whatever company you may work at, if not now then some day. If you wrote something critical of one of your company's main sponsors, or a frequent collaborative partner, it wouldn't be likely to go over well with the President, would it?
If you're at all worried that there's competition for your position in a collaborative partnership with, in this case MS, you're going to take pre-emptive steps to ensure that your partner knows how devoted you are, and if it gets to the point that they're pressuring you to do these things, then it probably means you're behind, which is a bad sign.
It's very possible that Microsoft didn't give a whit about this guy, or at least didn't care enough to tell the company to "do something about him!". Let's be honest, we do have a tendency to overhype the anti-MS sentiment in this community sometimes.
Moo
There might not be anything fishy going on at all, but that's no reason to stop making perfectly good conspiracy theories.
As a wise sage once told me, "never let the facts get in the way of a good story."
And how good of a story would it be if this were just "some guy got fired because he vocalised his views outside of the company, now that company looks bad which they're not happy about, although this is just like any other employee of any other company going and doing some extremely public thing and thus suggesting that everyone else in the company does that thing too." That wouldn't really be too interesting of a story. But Microsoft! Hmm, let's see, didn't one of the guys who used to work here almost have lunch with somebody who interviewed at Microsoft? That's the connection, right?
Alas, most of journalism and mainstream media is sure to prevent the facts from getting in the way of a good story...
...who bears bad news. Looks like this is @Stake's loss more than Mr. Greer's. Someone with his knowledge of secuity won't have a problem finding a job even in this economy (security being kind of a hot topic these days).
I just hope one day that the courts stick up for freedom of speech. If I work for a company and comment on things on my own time, it should be fine. Otherwise, it is a gross abuse of freedom of speech. It's too bad that many here actually support that view. It doesn't surprise me that most people here are capitalists and would put money before everything in their lives. It's really sucks. Government can't fire for you for things like that; religious organizations can't; etc; But CORPORATIONS can... :(:(:(:(:(:(
Sivaram Velauthapillai
Sivaram Velauthapillai
Seeking the meaning of life... @slashdot of all places
If I were a fly on the wall (next to the speakerphone), here's what I might have heard in the @Stake executive conference room:
@S: One of our employees is about to release a coauthored paper with very serious allegations about MS SW insecurities, and the threat they pose.
MS: If there's anything libelous in that report, @S is liable, too.
@S: No, he doesn't work here anymore.
MS: Maybe you're not liable then.
@S: See ya around.
@S: Better print a backdated pinkslip.
--
make install -not war
This is the best post here... I can't believe so many slashdotters are supporting the firing. I guess just goes to show how many corporation-worshiping free market capitalists are here :(
Sivaram Velauthapillai
Sivaram Velauthapillai
Seeking the meaning of life... @slashdot of all places
According to the Washington Post, Lona Therrien, the @Stake spokesperson, "said the company had no conversations with Microsoft about Geer or the report."
However (same article), Sean Sundwell of @Stake said that on Tuesday night, when notice of the report's pending release was circulated, "Microsoft was contacted by @Stake officials . . . expressing their disappointment in the report and saying that Dan Geer's opinion did not reflect the position of @Stake and its commitment to an ongoing relationship with Microsoft."
So... which is it? Did they discuss the report directly with Microsoft or not??
Quoth he
"It's all academic anyway..."
Can't find any mention of any former l0pht members on their site anymore.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
What's next is corporations ruling over the lives of everyone. All industries will be monopolies or oligopolies. If you or anyone who works for a corporation criticizes any other corporation, you will be fired and blacklisted from all corporations...
Sivaram Velauthapillai
Sivaram Velauthapillai
Seeking the meaning of life... @slashdot of all places
He could cross over to the dark side, hack MS and prove his point...
Top 5 reasons to become a hacker:
5 -- Easier than getting a real CS degree
4 -- On top of 15 minutes of fame, you may also get 15 years of jailtime at no extra cost if you act now!
3 -- Opportunity to be featured in Jon Katz's new book about "Hacking in America: The Paradigm Shift Toward Increased Justice After 9/11"
2 -- Something to do while you're busy not trying to find a job
1 -- j00 c4n 7yp3 31gh7y w0rd5 4 m1nu7e 1n h4x0r-5p34k
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
He probably would be in a government reprogramming session right now instead of just fired.
Gore (the godfather of the Clipper Chip, or have you forgotten?) made a lot of visits to Microsoft too you know. You think you can seek safety in any major party?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Simple point here: whether or not @stake is involved in a conspiracy, @stake clearly considers themselves to be a advertising/publicity agent of Microsoft.
@Stake clearly does not consider themselves to be a news organization, or a news clearing house.
That said, they should, in the future, be held to the standards of advertising agents, with all the benefits of such -- not news agents with their benefits.
Therefore, if they want to come in to cover a software convention, by all means let them [but at full price: no media pass]. If they want to claim first Amendment right to speech, they can, within the bounds and with the protections set by our government for advertisers. Not within the bounds and with the protections set by our government for news media.
I don't see a reason to apply conspiracy here; just treat them as what they consider themselves to be.
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
My favorite bit:
... pleased that he had maintained plausible deniability.
> Microsoft spokesman Sean Sundwall said AtStake
> contacted Microsoft Tuesday night to express
> disappointment in the report and to say it did not
> reflect AtStake's position.
So, if AtStake has all this integrity and independence, why do they contact someone at Microsoft to do the old "No! No, Master, it wasn't us! It was the tricksy CTO. But we fires him, yes! Is Master pleased with us?" routine?
> "Microsoft had absolutely nothing to do with
> AtStake's internal personnel decision," Sundwall said.
Just another day at the weasel ranch...
Wow, Write that Microsoft dominance hurts the country. Get fired for insulting Microsoft with company name.
Headline should have read:
Writer gets burnt @Stake.
This looks seriously bad for everyone concerned.
Somone got fired for having the wrong opinions? And which century do you live in over there?! If a company did that here, and the ex-employee could prove that, (s)he would sue them out of existence....
--The knowledge that you are an idiot, is what distinguishes you from one.
CCIA and the report's authors have arrived at their conclusions independently. Indeed,
the views of the authors are their views and theirs alone. However, the growing
consensus within the computer security community and industry at large is striking,
and had become obvious: The presence of this single, dominant operating system in the
hands of nearly all end users is inherently dangerous.
- Has anyone actually read the report? It says right there - the views in the report are of the authors alone!
Fucking @stake!
You can't handle the truth.
Whistle-blowing is never a popular job, but it's even riskier during bad economic times. Most of the backlash against this employee is due to the spineless quivering, in management, about losing vital business. Once again, we see why monopolies are unhealthy for society.
What are you gonna do, though, if you're canned? The employment-at-will doctrine has essentially always allowed bosses to hire and dump whomever they wish for any reason; dear old kooky Walt Disney used to go nuts with this easily abused freedom, and the 1990s left a trail of shattered lives and communities behind the rapacious "downsizing" of workers. Except where protected by civil rights or state employment law (and good luck bringing a case!), this is where you stand as an employee in America - at the mercy of the Man's whims. Learn to kiss ass; learn to run your own business; learn to work for decent people; these are among the few options for workers, and guess which one is most popular.
But this is also a hysterical time politically. Under the New McCarthyism the pasture of sacred cows has been enlarged: now not only our Glorious Leader is supposed to be beyond reproach, but so are certain corporate entities. And by burrowing like a common bacterial spirochete into the guts of American national security, Microsoft has begun to undergo the transformation - symbolically - from mere lawless and sloppy monopolist to vital U.S. institution. Yesterday, MS merely brought you BSODs, viral weakness and data loss. Today, it defends America against her enemies with its arsenal of...er...BSODs, viral weakness and data loss.
If this transformation continues, it will be more and more costly to criticize Microsoft as it mutates into an adjunct of the security state. HomeSec is already MS's taxpayer-subsidized tech support service, busily issuing warnings about the latest viruses and worms. This relationship should be promptly terminated by the next administration when the adults get to run things again.
If you know how to do the corporate-talk you can sound professional. Such things don't mean shit. What matters in corporate world are contracts, not vague promises.
However, you cannot make a web page which is devoid of words. So, you insert some words which do not mean anything. Then other companies know you're "in".
is how I read it at first glance. Death to Clippy and the bonehead who thought that up!
Everything I have read here seems to assume that Dr. Geer didn't know this would cost him his job. Maybe he was on his way out and just decided to speak his mind...
If this article confuses you, don't worry. It was posted yesterday in a much clearer fashion.
I know guys who think they were fired because they were taller than their supervisor. So that you think the universe picked on you because you downloaded RH ISOs isn't surprising.
Cheers,
Anyone with common sense.
Look at the history of Virginia Commonwealth University. See that point where they were completely shut down? That's because they *were* firing their tenured professors, and in the end completely shutting down the university was all that the state could do to stop it. When they sent examiners to interview the professors about the situation, the president would not let them alone with the professors. Anyhow, the state discovered that they couldn't do anything except close the university and fire everyone.
Jump over to James Madison University. It seems that the then president of the university was trying to force through academically impossible changes. [For example, teach upper-level calculus before basic calculus, "to give them a feel for it".] So one of the Physics professors came up with proof of tax fraud. At that point, the president fired the whole Physics department, because although he couldn't fire a tenured professor without cause, he could eliminate the need for the professor by abolishing Physics [impressive stupidity for a university with a medical program, but finding tax fraud was a real threat]. Eventually, the firing was rescinded, and the president retired, but the potential for tax fraud penalties was probably a slightly larger gun than tenure. Jump forward, same university, different president. The tenured professors' contract is the University Handbook; and the administration updated it, taking to itself all the rights of academic free speech, and making the contract unilaterally modifiable. My father caught this, and in the Faculty Senate pointed out that (1) this had no effect without Faculty Senate ratification, (2) they couldn't ratify it because unlaterally modifiable contracts are illegal,
(3) they shouldn't ratify it, and (4) without ratification, they were working either on the old handbook (in which case the old handbook stood), or else without a contract, which implied no particular tenure protection, but also implied no protection for the univeristy against lawsuit.
In the end, he got those clauses struck. But tenure really doesn't protect academic free speech too well.
In reality, tenure and academic free speech were initiated by the university administrations for their own convenience. It seems that, all the time people were coming up and saying "I'll donate X million dollars, if you'll teach this or that." And the problem was that if they taught this or that, 2 other donors would say "I'm not donating any more, because you're teaching nonsense." If they declined, however, then the person who wanted to affect the curriculum would begin a publicity campaign against the administration, and it was a real mess. So the academic free speech became a way that the administration could say "sorry, it's against contracts we've already signed. It's impossible."
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
So, it looks like his job was @stake?
Sigh.
One shouldn't be fired for bringing up "bad news". Forcing employees to remain silent when they know, or at least believe strongly that they know, something is one of the reasons for the Columbia Shuttle disaster. Some NASA engineers "believed" somethhing was wrong. But they had to prove that the Shuttle was unsafe, rather than the other way around, proving that it was safe. I think the people who fired Dr. Greer should be thankful he's speaking his mind about the problems affecting the "system" of their biggest customer. At least maybe now Microsoft should doublecheck their attitude to security, how safe or unsafe Windows and its other products are.
Daniel E. Geer Jr must have really hit a sensitive area of Microsoft. Its really sad to see them so unwilling to realize that the report isnt a hit on MS but more about monoculture in the internet. Monoculture is bad, ask any biologist and hell tell you why. Diversity is much better but it demands open standards and interopability, something Microsoft have been successfully avoiding since day one.
HTTP/1.1 400
When you cross Lord Bill. So much for "innovation" and "new ideas" eh?
The Japanese have a saying that's appropriate here. "The nail that stands up gets hammered down." I just say, "the truth hurts, doesn't it?"
If they want MS as their sole client, that's one thing.
Their publically firing a whistleblower for being part of a group writing a negative article about MS software tells me that @stake can never be trusted again in any statement they make about MS software, operating systems, or security procedures. So what's the upside for a non-MS client to hire them?
Is anybody left at @stake from the old l0pht days?
Tech Public Policy stuff
is that the usual timeline?:
...
1.) invent some kewl pw cracking tool and post security advisories
2.) flame against the dark side of OSs and show the people why it is the dark side
3.) get some managers and let them make buisness out of what do and like to do
4.) get some people who are the same opinion and let them work for you
5.) name some CEO, CFOs and marketing guys
6.) let them tell you that the dark side is the dark side, but not so dark as you said and maybe even not dark at all - because its bad marketing
7.) get fired
maybe he didnt invent the tools, but Im sure,
they didnt hire him, because hes a tightas*
and "polical" correct
(aerial shot of huge parking lot, Microsoft sign nearby being chainsawed up for disposal) ...your dreams.... come true....
Complicated reasons for Microsoft's problems are given in the CyberINsecurity report. However, it seems to me that the security vulnerabilities in Microsoft software may be due to Microsoft pressuring programmers to finish and go on to new projects before they have had enough time to clean up their code.
On 11 September 2003, there were 31 unpatched vulnerabilities in Internet Explorer. On December 9, 2002, there were 19 security vulnerabilities. So vulnerabilities are being found faster than they are being fixed.
Certainly this is embarrassing for Microsoft. Presumably Microsoft would fix these problems if it could. However, maybe IE is a mountain of sloppy code, and it is expensive to fix. Maybe Microsoft is no longer able to hire programmers who are skilled enough to find the bugs.
Who uses the vulnerabilities before they are fixed? Do the U.S. government's CIA and NSA and FBI departments use them to spy on foreign governments? Is that why there are allowed to be so many?
Whatever the reason for the vulnerabilities, it is remarkable that there are 31 known and publicly documented security risks in just one computer program, particularly when that program is the most widely used program to connect to the Internet.
The CyberINsecurity report is almost a Microsoft love fest, because it only talks about one kind of shortcoming. I think my paper, Windows XP Shows the Direction Microsoft is Going is a bit better balanced.
Seriously....if the news around he got any mroe biased it would probably suffocate itself. POST TECH STORIES AND DROP THIS WAR OF ATTRITION WITH MS! Good lord! Yes yes, we know, MS=evil! GET OVER IT....good lord.
"The saddest words of mice and men, are not those which were, but should have been."
This seems like a major blunder on @stake's part. If I needed to hire security consultants I would certainly be worried about @stake's lack of integrity. Firing a highly (indeed, very highly) respected member of the security community for pointing out valid security issues gives the impression that @stake will NOT give me optimal security for my situation on MY networks. In fact, I think I would seek out Mr.Greer instead since he has shown that he would look out for MY secuity related interests instead of comprimising to the short term cash flow.
In short: The hiring of security consultants is based on complete trust and @stake is sacrificing my trust and security for convenience and partnerships.
What's next from @stake?: "MMM, Windows is way more secure than *nix"
All that "customer relationship" and "customer partnership" focus of the last few years is coming back to haunt us. That's where you no longer just sell a product and walk away anymore. Now you basically live with them, answer phone calls at 2am for the next 20 years because you sold them a blender and they were lonely and couldn't remember if frappe was faster than chop.
In this new great scheme, your company sells the friendship of their employees to the customer for free. Therefore if you aren't there for a customer, even on your own time, you the employee are at fault. Even if they phone at 2am for some stupid reason.
Heaven forbid you should critize a customer on your own time, esp. publically. That's a clear violation of the corporate ass-kissing policy.
There is some justification for it though. Customers that like your employees are more likely to throw your company bones, and what's not to love about a company that makes it's employees all wipe your ass for you on their personal time if you choose.
But still, it just isn't right. Just because our companies CAN take our personalities from us doesn't mean they should. Basically, being a part of a corporation means subsuming your identity and adopting a corporate face mask in it's place. You are their personal avatar and the face of the company. It doesn't matter how stupid the customer is. The worst part is that it doesn't result in the company making more money either. Just the opposite, you end up doing nearly everything for free while getting little from customers in return.
Should really be something in the basic human rights section of the constitution for not having to hide your identity for not being perfect. I'm unsure of what the wording should be, but showing displeasure, not looking happy at all times, and generally having a perfect serving robot personality should not be cause for dismissal within limits.
It will be a sad day when everyone is that terrified of being unpleasant for even a moment that they have to hide their personality outside of the confines of their home, or perhaps not even there....
Yet another crippling bombshell hit the beleaguered HanzoSan when recently IDC confirmed that HanzoSan accounts for less than a fraction of 1 percent of all positive karma. Coming on the heels of the latest Netcraft survey which plainly states that HanzoSan has lost more karma, this news serves to reinforce what we've known all along. HanzoSan is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive networking test.
You don't need to be a Kreskin to predict HanzoSan's future. The hand writing is on the wall: HanzoSan faces a bleak future. In fact there won't be any future at all for HanzoSan because HanzoSan is dying. Things are looking very bad for HanzoSan. As many of us are already aware, HanzoSan continues to lose karma. Red ink flows like a river of blood. HanzoSan is the most endangered of them all, having lost 93% of his karma. There can no longer be any doubt: HanzoSan is dying.
Let's keep to the facts and look at the numbers.
Slashdot editor CmdrTaco states that there are 3786 posts of HanzoSan. How many posts of HanzoSan are there? Let's see. The number of HanzoSan posts versus intelligent posts on Slashdot is roughly in ratio of 5 to 1. HanzoSan posts on Slashdot are about half of the volume of posts. A recent article put HanzoSan as author of about 80 percent of Slashdot posts.
All major surveys show that HanzoSan has steadily declined in karma. HanzoSan is very sick and his long term survival prospects are very dim. If HanzoSan is to survive at all it will be at (Troll,-1). HanzoSan continues to decay. Nothing short of a miracle could save him at this point in time. For all practical purposes, HanzoSan is dead.
Fact: HanzoSan is dead
I thought Bill Gates got a cop fired for giving him a ticket a few years back. Sounds just like his MO to me...
All data is speech. All speech is Free.
CIFS=Common Internet File System. This is a reference to the security flaws highlighted by Hobbit (from memory it was defcon 5, back in 1997) in the microsoft SMB (windows networking) products. A copy is still available from here.
and I lost respect for the l0pht back when *hobbit* was edged out. Mudge became "Dr. Mudge" (as if), and they all started running after the limelight. Sad, really. The Hacker News Network is long gone, and mudge is Pieter. It sucks for Dan, but it's just more of the same for the rest of us.
L0pht Heavy Industries (creaters of the L0phtcrack suite Pwdump that allowed brute force cracking of windows NT user/passes) went though a period of internal discontent. I cannot provide any details on this. Basically the author seems to be trying to highlight the corporate yes-men culture that has permeated this sector and presumably led to this dismissal for speaking the obvious but unapproved "truth".
It takes a lot of nerve for Chris Wysopal to issue his little statement. Weld Pond would never have said something like that. Man, it's been a long path from BO2K to appeasing Microsoft. What a long, strange trip it's been. Sigh.
I have to admit this part has me stumped. I assume he means that Chris Wysopal of @stake would answer differently to Weld Pond of Lopht. Since they are one and the same person I assume he means to highlight the change over time in Chris's opinions/loyalties... not really surprising in the context of articles like this (para. headed Who's Who).
It has indeed been a long and strange trip... no end in sight yet.
Q.
Insert Signature Here
...I guess he really didn't realize his job was @Stake...
(Mod -1 Horrible)
.
== WolfriderV6 == I'm willing to admit that *I just might* be wrong... Are you??
"Then "not being an idiot" was against the social norm, and *poof* they lost the initiative.
Let's not repeat that debacle in our age, shall we?"
Too late.
KFG
I call for a revolution...no, this isn't a joke...
:| I'll let you know when it comes)
Sivaram's Information Manifesto for the Ages
A person's thoughts, feelings, and works outside of work shall not be cause for dismissal; Only the person's performance shall merit termination. By allowing the corporations to get a stranglehold on people outside work, capitalists are shifting power to the few elites who control and benefit dispropotionately from these measures. It is a sick view that business comes before freedom. The fact that corporations own the water, supply the food, control the transportation, and pretty soon healthcare, education and the police, is no reason to back down!!!
Citizens cannot rely on the "elected" officials and the lawyer-influenced courts to protect themselves. Commercial censorship is a direct attack on freedom. The fact that you "work" for a corporation does not mean anything in the given climate of monopolies and oligopolies. What is a journalist to do when less than 5 companies own nearly all the media? What is an aerospace worker to do when you have two choices?
The destruction of your life is in your hands...
Sincerely,
Sivaram Velauthapillai, anti-Capitalist
Some of you are probably laughing at this... but I actually mean everything I say--except for the actual revolution part (it's not time yet
Sivaram Velauthapillai
Seeking the meaning of life... @slashdot of all places
I've mentioned this before when technology publications that focuse primaraly on Microsoft products CLAME the are impartal and have no ties to Microsoft that when you rely on someone for information your not impartal to that source.
Info 64 a publication for Commodore 64 users created on the Commodore 64 etc etc. The whole philosophy is the magazine should live and die by the products they support. Obveously they are no longer in publication.
Anywho when Commodore published the specs for the 4+ and C16 every Commodore mag published the specs exactly from the press kit. Info 64 did not.
A reporter at Info64 wrote an artical ripping on other Commodore based publications for doing that.
The point he made was that ANY publication that focuses on Commodore is answerable to Commodore. When Commodore hands out press kits there is an implied threat "report this and be glad we give you anything".
I rember that. I was a subscriber to Computs Gazzet Commoodre and Info 64. Compute was a publication powerhouse and got ALL the latest news and information but they were never critical of Commodore or the software titles. When they did report weak points they'd glaze them over like it didn't really matter.
All the platform publications were like that.
Except for Info64. Thats what I liked about them.
Info 64 starts off with a bunch of reviews and I always read them over. They are very critical and careful to review the software properly.
In other publications I skip the reviews becouse they were just free ads pretending to be lagit reviews.
The greatest database program ever... on the Vic 20? See where I'm going with this? Some of thies reviews were just downright garbage becouse the publications were fearful of being cut off.
Info64 didn't care. If they can't do it right they can't do it at all.
No Commodore never cut them off.
But now jump forward... Commodore is dead Microsoft rains suppream and Microsoft is making noises about it's latest and greatest Windows 95. Bug free and an Os itself not an envronment running on top of Dos. It now uses protected mode processing like OS/2 so a bug in a driver or application won't crash the whole operating system.
Microsoft handed out Windows 95 beta CDs.
Nearly every industry reporter got one. One reporter had the balls to point out every single problem in the Windows 95 beta.
Microsoft was angry and pulled that reporter from the beta program.
Commodore was bluffing Microsoft wasn't.
Now everyone is being very careful.
Unless they are Mac or Linux publications.
If you work for a publication that works with Microsoft ANY time your critical of Microsoft you put your job at risk.
I don't actually exist.
If you talk as an individual in a matter in which your employer may have a stake (think a financial analyst working for a bank) you better make sure your employer does not have a problem with what you are going to say, no matter how many disclaimers you put around your words.
The reason is very simple: a given company needs to keep a reputation, in the case of a security company they need to appear to be open and impartial when assesing different products. By having an employee that clearly has reached his own conclussions and made them public the employer is left in the difficult position to explain how they may be choosing MS stuff or recommending it given that one prominent employee has lambasted those products in a public forum.
Sorry, but I have no pity for this person in spite of broadly agreeing with his conclussions.
IANAL but write like a drunk one.
L0pht Heavy Industries insists they didn't "sell out" when they started @Stake. Geer wasn't too smart in posting the article as an @Stake employee (whether he intended or not, the paper makes it sounds like those were his intentions) but I still see too much irony in L0pht firing a member for being critical of Microsoft.
Hacker News Network was assimilated by @Stake, and I've given up on visiting the site since they don't post anything really relevant anymore.
I know everyone needs to eat, and making a nice living is, well, nice. But man, now they REALLY smell of a bad sell out now.
So much for free speech!
It's becoming increasingly common to have to do your job WRONG to keep it.
When you ask your superiors: Do you want it quick, cheap or good? - You know which one they will NOT choose.
As for Daniel E. Geer Jr. he did a good job... I am quite sure he will find a job pretty quick, however I do doubt the job will be with a large company.
- "They misunderestimated me."
Come on. L' histoire se repete (everything happens again and again). In the thirties a guy in Holland wrote an article telling the truth about Adolf Hilter. He was taken to court, condemned and jailed. The reason was: Insult of friendly head of state. The sentence must still be on his record.......
Mod +1 comic insight...
...and he grinned, like a fox eating shit out of a wire brush.
I hate to be a rant...but I can't help myself. :-)
Ethics is going down the tubes. An example, I think was the investment community in the U.S.
If you watch the media, you have this over all impression, well, Enron was just a fluke, they had poor accounting.
But if you read the papers, this fluke, is being practiced by 100's of companies, all screwing over their investors like cheap whores on a Dutch street corner.
I hate to point this out, but these Ivy league trained people were taught and are taught that this is just ducky. How can it not be with so many companies screwing you on a daily basis.
It can't be a fluke when everyone is doing it.
Fluke? I think not, but you decide.
It has become ethical to do business unethically and it is proudly taught that way in our so called finest Universities.
If anyone has any money in US retirement investment funds, when they retire 30-40 years from now, I will be really amazed.
If you are an investor, and you are investing in US companies for retirement, you my friend are a sucker.
Same thing is happening here. Microsoft is not an innovative company, it buys companies.
They do not write good software and if you are stupid enough to buy Microsoft Press books written by PhD's who claim they even have a clue about good Software Engineering principles, you are just another duped "investor".
I would like to point out that Microsoft is one of the largest employers of Computer Science PhD's in the country.
As an example, one must ask this question after looking at these Software Engineering practices books that Microsoft Press publishes as oxymoronic.
My reasoning is as follows:
Exhibit A: Microsoft hires more PhD computer scientists than even IBM has to work on the secure initiative for 2000 and XP. Building and rebuilding the entire OS 2000, and then again with XP, from scratch, at a estimated cost of 2.8 billion dollars.
Exhibit B: A 18 year old in Minnesota, a 16 year old in Malaysia, and a 21 year old in Russia. All with WAY too much time on their hands, with NO source code, find more security holes in 2000, XP than you can possibly say "Code 'in'-Complete" in that past 14 months.
Exhibit C: A University student, in Finland builds a new operating system kernel called Linux, and in just 8 years it is being worked on by almost no PhD's and many testors and code contributors are in their early 20's or teens, and is far more capable than windows, 1.8 billion dollars later.
Is Linux just another Enron? Fluke?
My point is that the way we are being taught code in this country is not the way code should be written. Even if you have a PhD, its business as usual dogma, just like our MBA friends.
Is it a fluke that the best code being written is not through institutionalized learning in this country?
What do these exhibits tell us about our country in general, with regards to ethics?
It doesn't take a rocket scientist to figure out what is going on here.
Fluke?
I think not, but you decide.
-Hack
Got Geometrodynamics? Awe, too hard to figure out? Too bad.
From p.3 of the report:
Unless they modified the report after it was first posted? The version I'm looking at says modified 24/09/2003, 7:03 EST
Fixing copyright
If what's being said is true, this is a very bad move for @stake. The company used to be called L0pth Heavy Industries and was lead by Boston-based Mudge, now CEO of @stake. Mudge gave an interesting opinion in the preface of Hackproofing your network by Ryan Russel, saying that this world is driven by the people who, quote, are not afraid to rip things apart and see how they work from the inside. In summary, sharing of knowledge and open criticsm are key to the progression of society. Mudge gave an impression as if he believed in these values greatly.
Now, if a @stake employee whether on- or off-hours, writes a credible report on MS not representing those values, and gets fired for it, then the CEO in the building must have a different mindset. One of MS's: money money money, in a richman's world. And if so, @stake (and its services, including securityfocus.com) should not be considered so seriously anymore.
Anyone writing criticism upon 9/11 was fired; their words true or not. I thought the hacker mindset would be immune to that; sadly it's not. Shame.
All this under the presumption that the data in the article is correct.
-i
he simply became a government employee.
--
The post to which you are replying is just a trawl, and lookee! tonite there's some fish on the menu!
The following should have been a dead give-away:
Unless @stake was a governmental entity, First Amendment does not apply to them:
FWIW, they now want $350 for a single license of LC4, so.... Slashdotters unite! Download a keygen today and taunt @stake with hundreds in lost revenue :)
all that stuff you signed at HR when you took your last job? Maybe you should have read it or kept copies.
No kidding... I'm sorry that the guy is out looking for a new job, but if they cut him loose, they had a reason, and that reason probably had his signature on it.
does the history really matter? shouldn't each post be modded for the merit of the post rather than the history or karma of a poster?
however, softwar gangsters aside, va lairIE/robbIE's treatmeNT of their loyal 'fans' is also whoreabully tainted buy ?pr? ?firm? nazi content.controll, including excessive MiSuse of lairIE's pateNTdead PostBlock(tm) devise, (c SourceForgerIE(tm), all rights reserved, you have none).
responding to the rumour that some of yOUR attention spans are limitdead buy endless corepirate nazi hypenosys:
you can anticipate all you want. our advise is to be as far away from the walking dead contingent as possible, when the big flash occurs. you wouldn't want to get any of that evile on you.
as to the free unlimited energy plan, as the lights come up, more&more folks will stop being misled into sucking up more&more of the infant killing barrolls of crudeness, & learn that it's more than ok to use newclear power generated by natural (hydro, solar, etc...)methods. of course more information about not wasting anything/behaving less frivolously is bound to show up, here&there.
cyphering how many babies it costs for a barroll of crudeness, we've decided to cut back, a lot, on wasteful things like giving monIE to felons, to help them destroy the planet/population.
no matter. the #1 task is planet/population rescue. the lights are coming up. we're in crisis mode. you can help.
the unlimited power (such as has never been seen before) is freely available to all, with the possible exception of the aforementioned walking dead.
consult with/trust in yOUR creator. more breathing. vote with yOUR wallet. seek others of non-aggressive intentions/behaviours. that's the spirit, moving you.
pay no heed/monIE to the greed/fear based walking dead.
each harmed innocent carries with it a bad toll. it will be repaid by you/us. the Godless felons will not be available to make reparations.
pay attention. that's definitely affordable, plus you might develop skills which could prevent you from being misled any further by phonIE ?pr? ?firm? generated misinformation.
good work so far. there's still much to be done. see you there. tell 'em robbIE.
the rest of the wwworld is laughing/crying at/for US in sympathy/disgust, as we fall/jump into the daze of the georgewellian fuddite corepirate nazi life0cide.
Get the software here and the key generator here
That being said, this could be a Good Thing(tm). Now with all the attention that he got fired over the report, do you think (a) more or (b) less people will read the paper? I'm guessing more. Like when the feds started after Phil Zimmerman & PGP, this only shows that this has some real information that "they" don't want you to know.
Why use Fox News has a hypothetical example, when that did happen... to Bob Zelnick of ABC News, for writing a book about (then) Vice President Al Gore.
FYI: Rupert Murdoch, who owns Fox News Channel, also owns Harper Collins, which publishes books by authors like Michael Moore.
Part of being the CTO is to be out on the leading edge of the technology and spotting the trends before the big changes happen
Change can often threaten the intrenched
Consider the case of Philo Farnsworth and Edwin Armstrong - You may know one of them, but probably not the other - Fransworth is largely credited with inventing television,l and Armstrong invented FM radio - David Sarnoff at RCA was a ruthless businessman that saw TV at the future, and FM as a threat to his AM radio network - He crushed both men with endless litigation - Farnsworth died penniless, and Armstrong killed himself - FOllow the money, and don't screw with anyone's livelihood
That being said, you may be cetrain that @stake will have a devil of a time trying to get a decent CTO to repkace Greer, since she will likely be looking over her shoulder and self-editing a bit
But who needs progress and creative thinkers when the folks in Redmond do all of the thinking for you
Greer will be back at work in no time - It is only a matter of how much personal time off he wants to take
Microsoft tries to fend off the attacks on its software, worms, viruses, etc. I suppose one could not expect more from them. Linux, in it's diversity, is a hard target to hit. I, for instance, and running FVWM, Opera 6.03 on Basiclinux 2, and I might just be a very small minority doing that today. Now that this guy has been fired, Microsoft may be blamed for it, even though they didn't do anything. It's true that Microsoft's products have been so successful that most computers in use today have them installed. I do, I have to run DOS to boot my Basiclinux system through loadlin. Actually, I use Win98 to get the Basiclinux system downloaded and going. I could have used Redhat 6.1, also installed on this box to do most of that, but I still have to use loadlin through DOS to get going. I use a little dos menu to choose my OS upon startup. This is not to say that I like the way Microsoft has changed Windows, from Win98 to XP.
It's easier to ask for forgiveness than it is to ask for permission..
@stake, eeye, and iss have all agreed w/ microsoft not to release details of even potential exploits until the microsoft has had 30 days to "evaluate" them, leaving admins and the public unnecessarily exposed to vulnerabilities. This is completely unacceptable, and contrary to the scientific peer-review process of real science.
What an idiotic thing to say. Most legitimate security researchers give any company an agreed upon period of time before making public an exploitable security hole. Many times, this period is longer than a month. This allows a company time to create and distribute a patch against the hole. No legitimate researcher wants the internet to melt down or information compromised in the desire to rush to make a statement.
In professional ("real") scientific circles, there might not be a built-in delay before disseminating information, but you certainly jeopardize your career if you state anything in your publication that might be quickly interpreted as incorrect. (Just ask Pons & Fleischmann.) Many scientists will delay publication of information to be dead certain of their facts, and there can be a year of delay before a scientific journal will publish the information. (This is part of the peer review process.)
Microsoft may engage in egregious policies concerning disclosure of security vulnerabilities (but none that I'm immediately aware of), but requesting a researcher to delay public announcement before evaluating and producing a security patch is not one of them.
There is no America. There is no democracy. There is only IBM and AT&T and DuPont, Dow, General Electric, and Exxon
Microsoft hired @stake to improve security in Windows. In order to improve security (or most anything), you have to recognize what is wrong with that security. @stake just fired someone for publishing independent research related to what @stake paid this person to do: be critical of Microsoft Windows security. This firing leads me to believe that @stake wants it's employees to be critical --but not too critical-- of Windows. And while @stake can surely find people to fill this mediocre requirement, they probably won't find the "best" people. Indeed, there might be a quiet exodus of talent from @stake after this, and @stake might have trouble naming a replacement CTO that has the same level of competence in Windows security. Perhaps, an Anonymous Coward from @stake will update us on the chilling effects, if any, inside the company.
Sometimes I worry that I'll develop Alzheimer's disease, but no one will notice.
The point of this report cannot be argued because it is simple common sense. Relying upon one supplier for one product, can only leave ALL consumers of that product, vulnerable to ONE attack. This is inherently a weak position for ALL consumers. When ALL consumers represent the world, then the WORLD is potentially vulnerable to a single attack.
@stake fired Dr. Geer for publishing a common sense opinion. This is nothing more then a knee-jerk response from a company trying to protect it's "bank" side.
He's not just some shlub in a lab. The guy's the CTO, and as such, he is assumed to set the technical tone for the company (that's why he's the chief). If the board believes his personal vision is not in line with the company's goals (i.e., taking Microsoft's money and getting rich), then they would be failing in their duties if they did not replace him.
The idea that you might be fired for knowing a lot about linux is freakin moronic! I work for a microsoft solutions provider and I also develop for linux for work from time to time.
Now I could see maybe where someone who worked for a solutions provider could be discriminated against if you spent all your time whining and moaning about using microsoft products and flat out refused to become good at developing with them. If you refuse to learn the development environment, I'd be pretty inclined to stick you on a layoffs list as well.
On the other hand, if you're doing your job well, who cares what you know? These days successful contracting means being super flexible and knowing three or four languages well, not just one or two. Any employer encouraging lack of knowledge in their employees is a moron.
m.
Sure wish I had seen this earlier instead of 300+ replies later. Oh well, I guess thats what happens when you stick your head inside a Hobbit hole for three years and don't come out.
I feel I must reitterate L0phT =! @stake. Please do not confuse what I consider to be the good work of the L0pht with the corporate nonense that is @stake.
As for Dan and everyone else that works there they should have seen the writing on the wall three years ago when they fired my poor ass. Remember me, Space Rogue? HNN? All Gone. Why? I can only speculate but I think they felt that a critical mouthpiece would not be a good thing. Sound familiar? Hard to get someone to sign a big contract if you might call them names the next day.
Dan is a remarkable person. His mind works like no other person I have ever met. Don't feel sorry for him. Trust me, he is in a better place now.
Microsoft has continued its embrace, extend and I assume, extinguish policy with regards to information security. How? By hiring several of the people who were critical of the organization. Yes, that means previous @stake, Guardent, Foundstone, etc employees. That also means hackers, all who now work for the Giant in Redmond. Keep your enemies close. What better way to silence your critics than to hire them. Then you can keep them silent until they no longer pose a threat and dispose of them quietly at a later time when no one is looking.
Oh well, life goes on, the Internet is as insecure as ever, companies are still able to hide thier vulnerability, risks are not taken seriously and hackers still roam free. Nothing has changed, and nothing will until such time that people stop trusting everything that is spoon feed by anyone looking to make a buck. Yeah, I'm cynical. Sue me.
- SR
I was the IT Specialist of The divisional headquarters of The Salvation Army in Cincinnati - the 'go to' guy for half of Ohio and Norther Kentucky. I was one of the 30,000+ people sending letters to the DoJ regarding Microsoft's anticompetitive pratices. (I shared account of how they tried charging us twice for Office licenses.)
Three months later, I had a four day vacation and when I came back, the locks on my office were changed and my personal contents were cleaned out. They gave me a "farewell interview" to express that their sole reason for firing me was "dissatisfactory performance," which is all their employment policy required. My ten year career with them was over, they would not give me opportunity to defend myself, and they wouldn't give me severance or unemployment.
(The Salvation Army, as a church, is not required by Ohio law to pay into unemployment. Compounded with losing my pension settlement for three months, I spent those months at zero income.)
I found out over a year later that Microsoft was behind it... It wasn't a local decision at all, but was enforced by Paul Kelly, IT Director of New York's Territorial HQ, along with policy banning Linux in our ten state territory! Paul normally has no direct dealings with me on the divisional level, but a contact in New York revealed how pivotal Paul considered me in that contraversy.
I haven't pulled together the witnesses and evidence to prove this in court, but the commonly held opinion is that Paul got the call from Microsoft which says "get rid of the problem, or we'll audit your business licenses."
So it seems The Salvation Army, a church, is also a wholy owned and operated subsidiary of Bill Gate's Evil Empire(tm).
Joel 'Twisty' Nye, MCSA, Linux+
All this does is shoots down @stake's credibility.
Anyone with half brain will realise that running an entire network on a single OS is asking for it. This is why buildings don't tend to have the same key for every lock and the burglar alarm and keep skeleton keys well guarded. If this were the case, someone drops the key in the car park and whoever finds it has free reign and oh boy, the joy of the discovering that it opens every desk, filing cabinet and safe as well.
The headline was that a singular reliance on Windows is a bad thing and I can't see that this argument is flawed. For @stake to sack someone for daring to state the obvious is laughable and makes them look stupid in the same way that Microsoft always looked stupid when they'd claim that there were no reliability issues in Windows despite the fact that even the non-techiest people in an office could tell you what BSOD stands for.
If anyone at MS is thinking that this is a good thing then they should consider that many people watching have already, based on their previous record of dubious behaviour, put this down to their intervention. Whether it's true of not is irrelevant, it just seems most likely.
Hmmmmmm..... Deep fried and look like Squirrel.
Fired has very specific meaning, the linked artical says he was dismissed, not fired. Therefore I duopt he was fired. More likely he either was laid off, or "resigned for personal reasons". In either case when asked about it the company will say "He was an employee in good standing until he left." If he was fired they will say in court "He was a bad empolyee." This is a very strong legal statement, and no company wants to say that without all their legal details in order.
It is much harder to get a job if you are fired because checking will get a strong negative. It is very rare for anyone to have a bad reference, so getting fired puts you out of an entire field. It is very hard to not hide who you worked for without sending the different negative of being someone who hasn't worked in 10 years.
That said, the paper he wrote could be considered enoguh to fire him. However I don't think the lawyers (or HR) would fire him if there was any other alternative because of the legal hastles.
Linux?
o ad &name=NS-lj-issues/issue114&file=index
http://www.linuxjournal.com/modules.php?op=modl
I believe you mean "Courtship Rite" by Donald Kingsbury. Advance apologies if there really is a book "Courtship Rites". But the quote sure sounds like Kingsbury.
you are a Microsoft basher, if you yell fire.
He refused to be assimulated so he was annialated.
The Microsot way... the racist of the internet. And we thought it was going to be Uncle Sam. Looks like Uncle Bill is the one to worry about.
Join, or Taste It!
"Participation in and release of the report was not sanctioned by @Stake," the security and consulting company said. "The values and opinions of the report are not in line with @Stake's views", to take money from Microsoft in exchange for flattering reports.
Geer could not be immediately reached for comment. But he didn't have to say words "I am not a whore like my former employer", as they were screaming from the text even without his input.
Obviously if they refuse to believe MS has security problems, I seriously doubt the integrity of any of their products and services.
IIRC, @Stake either began as or incorporated l0pht heavy industries.
What happened to Mudge, CountZero and the other windows hackers that made l0pht what it was? Have they too sold out to M$?
What happened to the program that allowed anybody with console access to an NT machine admin rights with a 3.5" floppy?
Did they suddenly become M$'s bitch or has it been a long time coming?
+-+
I am readig the report, and it doesn't say anything that I haven't been saying myself for the last three or four years. If @Stake is uncomfortable with his extracurricular activities (though I wouldn't have trumpted my connection to them in the paper), then they are probobly, as my investigations indicate, tied to M$ by an umbilical cord, and he would probobly find himeself very unhappy there heading into the future--especially given his social-consciousness.
I certainly hope he finds a job that keeps him in the business, so he can continue to be one of the voices in the dark.
Oh, and @Stake can blow me, those namby-pamby M$ whores. What weasels.
Mmmmmm... Bold, yet refreshing!
Please do not confuse Americans' right under the Constitution to speak freely with an obligation on the part of private parties (like Geer's employer) not to react negatively to our speech. You might be able to convince me that @stake's action was unreasonable, obnoxious, unethical, or even stupid, but never that it has anything to do with Geer's constitutional rights.
Every time some public figure says something that someone disapproves of, we see the First Amendment get trotted out. Stop it!
"Rub her feet." -- L.L.
You are accusing slashdot of fixing it so that windows users dont get mod points?? plz die troll
The fact that they called MS to say "Hey, it doesn't reflect our views" shows that either a) @Stake's lawyers warned them that they might be sued, b) they were afraid of losing MS's business (which makes one wonder how little business they have elsewhere), or c) both.
JAV
I guess he kind of misunderstood that one. Buying no; Bashing yes.
I wonder if he would qualify for protection under the new whistleblower laws?
this is not a sig
I guess you don't need books to trot all over Asia kicking butt...
All through the early to mid 90's the Army was using Windows for the computers that commanders and operations staff used in the field. I suspect that a lot of the computer gear that the individual soldiers carry now is based on Windows CE, although I can't speak from personal experience on that. My first comment is based on direct, first hand experience.
In my universe I'm perfectly normal, it's not my fault you don't live in my universe.
It's just too bad, a semi rebelious security group that was once L0pht Heavy Industries, is a bunch of corporate ass-kissers now. What a shame. And to think L0pht once hosted Cult of the Dead Cow txts.
This clown gets fired for his keen observation of the obvious. Who cares. NEXT!
Given @Stake's obvious arse-licking expose towards a company who uses security holes in their Operating $ystem as a means of enforcing upgrade, embrace and extend, I hereby rename @Stake to @Fake/b>.
"Yeah, whatever. Tell it to the hand."
They have proven their bias as a MS mouthpiece, and their eagerness to placate their MS overlords.
They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
I see a direct correlation with the "one act". By appearing (we don't know the details, so I'll be conservative) to kowtow to MS, they just lost all credibility. Personally, I think all the @stake personnel need to start polishing their resumes, since I don't think it's long for this world.
"Sometimes a woman is a kind of religion, she can save your soul & set you free from all your sins" - Bad Examples
" There might not be anything fishy going on at all, but that's no reason to stop making perfectly good conspiracy theories."
A while a go and formed a startup called Intrusec.
here is the website
They have a product called expose, that is like an IDS it seems.
Microsoft aggravates my tourettes syndrome.
This is one fired dude that I hope goes Postal on Microshaft with a BFG and enough TNT to blow a hole through Redmond, WA.
Hello, @stake? Yeah, I just read a paper by Dan Geer on the inherent dangers of software monoculture, and I was very impressed.
I have a huge security budget to blow before the end of the year, and I would like to spend it all on your products and services! Could I please discuss this with Mr Geer? - What you say!! Oh well never mind, then...
Under Dan Greer, @Stake's IT has done an amaizing job, at least at keeping their website running. They have a server that has been running non-stop since July 2002, the other server has been running non-stop since April 2003. Anyone care to guess if Dr. Greer followed his own advice and ran an non-MS server? The answer to the retorical question is Apache on FreeBSD. Compare that with any site, MS or otherwise, and decide if you can find anyone that has done a better job of selecting tools and running a tight ship. If actions spoke louder than words at @Stake, he should still have his job.
I've also heard other independent rumors of a certain large software vendor suggesting that they would give huge software sales concessions to firms, basically giving it away for free, if they would eliminate their unix-literate IT staff and replace their "legacy" unix systems with the aformentioned vendor's software instead. Isn't this tactic illegal as hell?
The city I live in has a major (outsourced) call centre for Microsoft, and a University with a Computing Science degree program. Naturally, many of the CSCI students end up with call centre jobs.
One of my classmates went to work straight from class one day and left his copy of Linux Journal and Silberschatz & Galvin sticking out of his bag. One of the visiting MS bigwigs saw it & blew a hairy fit, and the guy was fired on the spot for "disloyalty".
Of course, this would require IT workers to join a union, which runs against their fiercely individualistic temperment, and their belief that they are so technically elite they can't be touched. (sarcasm)
See prior discussion in Slashdot .
"dope will get you through times of no money better than money will get you through times of no dope"
whereas if you were in, let's say some un-named SW Asian countries, you would be imprisoned, pauperized, and your family tortured for even saying anything against your "beloved leader".
So how does the fact that he still has his life, liberty, and the chance to sue for damages (Not to mention the possibility to be hired by IBM just for having the courage to tell the truth) - suddenly become a negative aspect of living in the only free country in the world?
It is a shame that your eyes are so blinded by your hate that you fail to see the truth. America is not perfect, but it is light-years ahead of any of the alternatives out there.
I thank the Gods every day that I now live in America, and no longer live under the socialist "People's Democracy" Nanny state of my birth. Here I can talk and write about not only my homeland, but about my new homeland without fear of reprisals.
Here in America I do not fear the police, the press, or the Government. Here in America I can change the government by voting, by debating at Town Hall, and by running for office.
Here in America I am now equal to Rich White Males and Poor Women of Color, Here in America I am NOW Human.
Here in America I am no longer a Dalit.
And you can get you pasword by following the instructions on this page:
http://slashdot.org/faq/accounts.shtml#ac300
Melius mori in libertate quam vivere in servitute.
This is completely unacceptable. It's a sad state of affairs, but not surprising. It's been a long time since the "CIFS is caca" paper, and I lost respect for the l0pht back when *hobbit* was edged out. Mudge became "Dr. Mudge" (as if), and they all started running after the limelight. Sad, really. The Hacker News Network is long gone, and mudge is Pieter. It sucks for Dan, but it's just more of the same for the rest of us. It takes a lot of nerve for Chris Wysopal to issue his little statement. Weld Pond would never have said something like that. Man, it's been a long path from BO2K to appeasing Microsoft. What a long, strange trip it's been. Sigh.
I wonder what kind of hammer they put over his head to force him to shut up.
Quoth he
"It's all academic anyway..."
Agreed. It is very clear now that @Stake is
willing to sell its paying customers down the
river of security vulnerability in order to
curry favor with it's well-heeled sugar daddy.
I can't imagine that they will be getting a lot
of independent contracts after this, but perhaps
that won't matter, if MS is funnelling business
their way.
-I like my women like I like my tea: green-
I'm sorry, but isn't this the same company/group that made BackOrifice, in an attempt to embarass Microsoft while publicly proclaiming the massive security hole it exposed, while MS denied there were any such holes?
Does anyone see a disconnect here?
And here I thought it was all about information wanting to be free.
RIP l0pht.
Terrorists can attack freedom, but only Congress can destroy it.
i'm sorry if it's true because to me it just sounds completely unbelievable. even the guy with the call center story below sounds ridiculous. it reeks of FUD...
"know thine enemies" so that you can defeat them. you don't encourage ignorance about the competition. this is pretty much common business sense. it's common competition sense. i have hard time believing that's a policy that extends into the halls of microsoft but maybe since your talking about partners that can be exploited and you pretty much don't want them to think... you just want to soak up their technology and leave them a dry husk.
?
m.
... just put a @stake through its heart. Or more appropriately, its brain.
They publicly fired their Chief Technical Officer, sending the message to anyone else qualified for the job that they may as well stay away -- make no mistake, people who have the skills for that job aren't desperate even in this economy (yet). Whoever replaces him is not going to have the iconoclastic mentality that this industry segment requires. Not only that, they sent him to the loving arms of the competition. I'm sure at least one company is (cough) eEyeing a new lead researcher candidate.
I've finally had it: until slashdot gets article moderation, I am not coming back.
As an employee of any company, you are obligated to not represent your employer without either express or implied permission. Implied permission would be whatever your company policy specifically allows. If you're making a statement outside the workplace, you'd better not mention your company without explicit permission, because doing so can imply that your statement is either a creation of, or authorized by, that company. It doesn't matter if you're disparaging MS or you're disparaging Linux, you're doing something you're not supposed to do. Maybe the company will agree with what you say and go easy on you, but they have no obligation to. Failure to receive such mercy after disparaging an important client hardly implies unethical behavior on the part of the employer.
That said, I agree with most of the things he said. Doesn't change the fact that his conduct appears to have been unprofessional.
WARNING: there is a trojan on your
Did you folks read the report? There are a number of serious issues that can be addressed on this topic. BUT, the report chose to mix a lot of attacks on Microsoft and its supposed business practices into the material, instead of focusing on the legitimate technical issues.
I want to point out to Slashdoters that the biggest issue isn't Microsoft, but is the failure of IT staffs and end users. There have been attacks that have crippled thousands of servers where patches had been available for months. That isn't Microsoft's fault. That fault lies solely with the IT staffs for not applying patches.
In corporate settings, PC's running XP and Win2000 could be set up with permissions on files and directories that would generally prevent non administrative users and programs they run from modifying sensitive system files. How many IT departments seriously study this, have policies, and execute them?
How many companies are still running Windows 9x instead of Windows 2000 or XP? They'll complain about the cost of upgrade but then pay a much higher price when their systems are compromised? False economy and short term thinking.
Why are critical systems like the 911 system even connected to the Internet or systems that are on the Internet? We can fire wall off these critical systems, prevent the systems attached from downloading files, etc. The report doesn't talk about that.
And what will having another vendor or two do? I guess it is better to have only half of the systems go down under an attack than all of them. But the authors underestimate the hackers and virus writers. If we have 2-3 vendors, the hackers will just have to be a bit more clever and build adaptive attacks that can determine the right vulnerability and then attack it. The authors clearly state that all software will have bugs and vulnerabilities. the hackers will crack this problem. its the kind of challenge they love.
And, if IT staffs are not taking care of applying patches in a homogeneous environment, think of how much worse it will be in a multi-vendor environment. And your costs will go up. There will be different interfaces. Software vendors will have to build and test multiple versions of applications and someone (the end user / IT staffs) will pay for this in higher software and maintenance costs. I remember when we have a lot more vendors and things were not necessarily a whole lot better. The authors of this report were around then and know better.
The list goes on of issues that will not be solved by having multiple vendors. Te issue isn't the vendor or concentration but the failure of the users. You can't blame the door company for burglars getting in if you leave the doors wide open in a high crime neighborhood. And the Internet is a high crime neighborhood.
Should Dan Geer have been fired? Probably not. Is this report biased against Microsoft? yes. Does the report oversimplify the issues and solutions? Definitely. Should someone with Dan's experience and knowledge have provided us a less headline grabbing and more realistic analysis and suggestions? You know the answer.
"There might not be anything fishy going on at all, but that's no reason to stop making perfectly good conspiracy theories."
@stake actions are double plus ungood
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Isn't this exactly the kind of thing we thought could happen when l0pht merged with these guys?
It's nearly impossible for free thinking hackers and suits to have common goals.
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
I can't find that moderation on my pulldown menu.
All this from what used to be the uberhackers of the internet... the l0pht, now selling out to be planted firmly in Microsoft's butt.
I meant to only type 'racist' once.
That the state isn't protecting its people from incidents like this. Being scared shitless of what your company might do to you is no better than being scared shitless of what Stasi or the KGB might do to you if you make any mistake.
frob
//TODO: Think of witty sig statement
This version has some comments by Bruce Schneier supporting Greer. One has to wonder if Microsoft did not threaten a BSA audit or some such thing. Honestly, the probelm with Microsoft is that too many people use their products and actually seem to think there is a legitemate purpose for them beyond using the cds as coasters. These people refuse to allow even the slightest criticism of Microsoft and look at it as wild-eyed hatred.
But there are legitemate reasons to oppose what Microsoft is doing and their products, quite frankly, are a major cause of the problems we have today in the technology industry. The report in question does not in fact go far enough at all.
Sivaram, I really appreciated your comment showing your knowledge of U.S. politics, in another Slashdot story. Could you contact me? I'd like to talk about improving my articles.
Michael Jennings
futurepower@ NOT THIS myrealbox.com
And they'd been working on it for a while before that. I believe it sipped in 1985 though.
An officer of a company has the authority to sign agreements to bind the company. In exchnage for that authority, he is shown no mercy in cases of abuse. This is no mere "employee". If the bleeting Chief Technology Officer of a consultancy, the highest authority on company intellectual property in this case, starts spouting off in public without EXPLICITLY disclaiming his opinion, and while also STATING his position, then he is representing the company. Two possibilities: - Either he is at odds with the company's position, which reflects badly on the internals of company politics in a very public forum, and should be shown the door, - Or he represents the company's opinions, in which case he is very likely be shown, along with the whole company he just sunk, the bottom of Bill Gates' swimming pool, for, oh, about 15 minutes. It's a no-brainer for the Co., and he seems to have acted like a no-brainer himself. But seriously though, wasn't that report just juicy or what? Quote: If Monica made a career out of having seen the bottom of presidential desk, I think Geer will survive...
It's interesting to see that a ruling corporate class that claims to value ethics and honesty so easily excludes honesty. Without honesty, all other values are useless.
A company requires you to speak in a certain way is a company that requires some people lie. By lie I mean any misrepresentation of their own perception of the truth - that includes but is not limited to "spinning, coloring", or such selective use of words. If it is not the whole story then it is not the truth.
One cannot trust any commercial speech because it is presumed tainted by threat of job. Therefor, any study, any science, any finding of supposed fact, that can have its money traced from corporate coffers, is probably a lie.
Before you dismiss me as a flaming liberal, I should point out that the lying in governmnet is far far worse. Government is worse! There, a lie means people get killed. Saying, look "I think Flame Broiled is much better than fried" to keep your job is somehow less than "I think the Iraqi people will accept us with flowers and prizes".
In my mind, the solution is not try and limit lying, because, as one CEO poster said, when you get to the top, you are accountable. We need to create and maintain a culture that says honesty is important. We need to celebrate those people that go out on a limb for what they think is the truth, from those crazy artists to renegade engineers, so that, when our kids have to decide to tell the truth or not, hopefully, they'll know that it's ok to say flame broiled is better than fried, but, that it's not ok to send their friends into a stupid and pointless war.
This is my sig.
I thought I recalled Mudge being fired about a year ago. In any case, I can't find his name on any advisories written recently (but he was all over the ones from 1999/2000).
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
The interesting thing here is that he was the CTO, an officer. That means that legal works (or worked) for HIM. That also means he was one of the policy makers for the company.
This looks like there was an internal feud going on. To be more specific, his direction for the company was incompatible with that of other officers. Quite possibly this was his play to have @stake either go his direction or part company with him. I guess we know which way they chose.
The even more interesting part is that his direction appears to be a lot more compatible with all the marketing blather on their site than the direction the company actually took here.
Being beholden to a particular software vendor to the point of being unwilling to recommend against their product even when it is clearly a security risk is ethically and technically incompatible with being a security consultancy that helps their clients to make the best security choices possible.
An officer of a company is responsable for the ethical as well as financial well being of the company.
The two possibilities here are that he got a nasty surprise in discovering that the rest of the officers were not nearly as committed to vendor neutrality for the sake of their client's security as he was, or this was a deliberate play to bring a known disagreement to a head.
At stakes credibility is zero after this. It's blindigly obvious that @stake:
They don't even know how to fire a whistle blower. Their timing is pathetic and the idiots actually admitted that they fired him over his paper. They tried to couch it in PHB terms, but they only ended up putting more steam in the whistle.
The dismissal is more damaging than the paper ever was. Everyone in IT knows what the paper said is true, but it's just so much background noise. Greer's dismissal is so shocking and so obvious that it may make news outside IT. Microsoft might as well send the BSA after public school systems. Oh yeah, I forgot, they already do that. They are a buch of dumb asses and @stake is their bitch.
Friends don't help friends install M$ junk.
Real question we should be asking is : How much under the table money did the CCIA pay this so-called "independent security experts" to do a hatchet job on Microsoft?
Given that the CCIA is the most nasty, hateful anti-Microsoft organisation on the planet, and given that the CCIA is financed by the Microsoft hating Oracle, IBM and Sun Microsystems, and given further that Larry Ellison was forced to admit that he hired criminals to break into the offices of Microsoft suporters and steal laptop computers, is there a any clear thinking person who gives the slightest credibility to this stupid, useless report?
This is merely another blatant attempt by the increasingly desperate Sun Microsystems (Read about Sun's pending about even more hefty loses here http://news.com.com/2100-7341-5083654.html), Oracle and IBM (which is still under investigation by the SEC for declaring fraudulent results sepecially in their linux business) to steal more government money and put it in their pockets.
This report should be treated with the contempt it deserves and put in its rightful place in the bin!!