Slashdot Mirror
Author of Paper Critical of Microsoft is Fired
chongo writes "Daniel E. Geer Jr., one of the primary authors of a
report
Reliance
On MS A Danger To National Security,
was fired from @stake Thursday morning.
@stake said that 'The values an opinions of the
report
are not in line with @stake's views' and that Geer's
participation was 'not sanctioned.'
Microsoft, who has worked closely with @stake
in the past, denied that it was involved in @stake's
decision to fire Dan." There might not be anything fishy going on at all, but that's no reason to stop making perfectly good conspiracy theories.
Did he do this on his own, or as an @stake employee? I find it rather disturbing that a company can fire you for something you do of your own accord. What's next, are companies who like to suck up to MS gonna fire you for developing a linux program?
Am I just being naiive, or does this bother other people too?
if(!cool) exit(-1);
I guess that's where the phrase, "power corrupts" comes from, eh?
Read the EFF's Fair Use FAQ
He put his company and title in the paper. If he did not clear that with his company before publishing this paper, @stake has every reason to fire him.
Not only can it be viewed as damaging to a big client (Microsoft, in this case), but it can also be viewed as competing with your own company since both @stake and the paper deal with security. I'm sure he signed a non-compete agreement with @stake when he was hired.
Well actually it was Computing Technology Industry Association, but they are funded by MS. The say "the report is flawed by "myopically looking to technology (i.e., 'bad' software OS) instead of addressing the underlying cause -- human behavior -- for cyber breaches." "
So basically if humans just would stop being mean or stupid, there wouldn't be any problems.
Isn't that sort of like blaming plane crashes on gravity? I mean, human nature is what it is. There will be virus writers, there will be people who don't always install the patches right away.
What are they suggesting, that we try to change human nature? Genetically engineer better humans? How about they take human nature as a given (like gravity to an aeronautical engineer), and then fix the damn product?
The difference is that your consulting job is not on the line when you post alternative viewpoints on Slashdot.
Now, if you get fired for reading too much Slashdot on company time, we are absolutely not responsible.
Gotta love those @stake guys. Here's a relevant quote from their website:
"@stake has assembled the best minds in digital security to help you understand and mitigate the security risks inherent in your business model, so that you can maximize the opportunity in front of you. We help you make the hard decisions about what matters most in your business, so that your security investment has the greatest impact. We work in the space where your business and technology meet, because we believe that this is where security is most powerful."
Talk about blowing it out both ends. You can read their ethical and guiding principles as well.
This is what l0pht has turned into?
The report itself stated quite clearly in several places that Dr Geer was the Chief Technical Officer of @Stake.
I can't find a disclaimer anywhere in the report saying that he wasn't representing @Stake, and yet he used it to back up his authoritarian position, and intentional or not it appear that he was speaking on behalf of the company he worked for.
Perhaps more details will emerge about what actually went on, but it does seem quite irresponsible to make it appear that you're speaking on behalf of a company if you're not... if that's what happened.
If you sign an employment agreement, you'd better stick to it.
In particular, you shouldn't publish a paper without running it by corporate communications first. You especially shouldn't publish a paper that might be critical of a partner or customer without doing this. You know why? Exactly. You get fired. For violating your employment agreement. If you don't agree with the things that you signed, you shouldn't have signed them. Hell, even if you have permission to publish the paper, you might want to think twice about publishing a paper which is critical of a rather large customer.
When I worked at AOL, I tried to get some of the execs to realize that some of the employees could be a powerful force in the technical community to raise the image of the company. Just the ability to explain some of the things that weren't confidential, correct some of the misconceptions. It wouldn't be a magical transformation, but it would be an effort. And actually joining the community would be a big step. Peer review and PR oversight could both be used to help make sure that more incorrect information didn't go out, or that the wrong things didn't go out.
Noone wanted to talk about it. My assumption is that noone I got to wanted to rock the boat, and noone responsible trusted the employees. It's too bad really. But even with something like that in place, this type of paper would never pass muster. Not through a peer review, and not through PR. You just don't criticize a large customer. Especially a customer with as much money as Microsoft.
-Todd
"The details of my life are quite inconsequential..."
This really is something Greer should have seen coming. He published a highly critical, highly-publicized report bashing his consulting company's biggest client. Whether it is true or not is irrelevant; that the client was Microsoft is irrelevant -- replace "MS" with "Sun" or "Oracle" or any other company you like, and I bet his higher-ups still wouldn't be happy about it. You may not like who you work for, but it's not a good idea to bite the hand that feeds you.
The bold print giveth, and the fine print taketh away
As many, many researchers know, this is why so much commercial research is flawed - there are too many strong influences out there that taint the data.
This is the first overt firing that I've heard of in the IT industry, but I'm sure there have been thousands that we just never heard of.
Just think of those poor researchers at the cigarette companies - you know, the ones where if you found that there was a link between cigarettes and cancer, well, you must be fired.
Or the researchers for pharmacuticals... where if you find that drug X doesn't help cure Y, then you shouldn't expect any grant money next year. Yeah, not fired, but certainly the same net result.
The fact is that research SHOULD be independent. I don't know or care if this guy's paper was right or wrong. But it should be the research community, not MBAs, who decide the quality of research. Period.
I think that firing this guy due to his research is wrong. It looks like he was fired for financial relationship reasons, not because his study was consistently rejected by the research community. Should his employers be considered biased? As a potential customer, should I trust this company? If they are motivated more by their relationship with microsoft versus upholding the truth, I'll never recommend anyone to do business with them. And it looks like they are, and so I'll make sure they're scratched off the list.
What the hell?
First of all: False and misleading information? Unless you have some magical insider information on what exactly happened, who are you to claim that it's false and misleading? To dismiss it as false without having any facts is no better than accepting it as true without having any of the facts. Different sides of the same coin.
And second, it looks like a pretty tongue-in-cheek comment. You said it yourself:
Those sorts of things happen on their own more than enough as is; encouraging it is just unecessary.
Do you really believe that the editors don't also know this? Contrary to popular opinion they do actually read the site, sometimes. It's pretty clear to me that it's a jab at all the 'perfectly good conspiracy theories' that abound whenever a Microsoft story rolls around. Would you really call them 'perfectly good conspiracy theories' if you weren't against them? Sounds like a pretty sarcastic phrase to me.
But hey, don't let little old me get in the way of Slashdot's readers bashing Slashdot...
Random and weird software I've written.
For him to be canned over this report (which is excellent by the way), is awful. Other heavy hitters in infosec also collaborated on this report e.g. Schneier, Becky Bace, and Charles Pfleeger.
It's not so much that @stake doesn't have the right to fire him, but rather that it's a pity that they can't stand up to the truth. Not that corporations are known for their honor anyway. I would not trust a @stake with my business at this point-what's next? MS buying them into using their clearly superior security products?!
Simple point here: whether or not @stake is involved in a conspiracy, @stake clearly considers themselves to be a advertising/publicity agent of Microsoft.
@Stake clearly does not consider themselves to be a news organization, or a news clearing house.
That said, they should, in the future, be held to the standards of advertising agents, with all the benefits of such -- not news agents with their benefits.
Therefore, if they want to come in to cover a software convention, by all means let them [but at full price: no media pass]. If they want to claim first Amendment right to speech, they can, within the bounds and with the protections set by our government for advertisers. Not within the bounds and with the protections set by our government for news media.
I don't see a reason to apply conspiracy here; just treat them as what they consider themselves to be.
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
Whistle-blowing is never a popular job, but it's even riskier during bad economic times. Most of the backlash against this employee is due to the spineless quivering, in management, about losing vital business. Once again, we see why monopolies are unhealthy for society.
What are you gonna do, though, if you're canned? The employment-at-will doctrine has essentially always allowed bosses to hire and dump whomever they wish for any reason; dear old kooky Walt Disney used to go nuts with this easily abused freedom, and the 1990s left a trail of shattered lives and communities behind the rapacious "downsizing" of workers. Except where protected by civil rights or state employment law (and good luck bringing a case!), this is where you stand as an employee in America - at the mercy of the Man's whims. Learn to kiss ass; learn to run your own business; learn to work for decent people; these are among the few options for workers, and guess which one is most popular.
But this is also a hysterical time politically. Under the New McCarthyism the pasture of sacred cows has been enlarged: now not only our Glorious Leader is supposed to be beyond reproach, but so are certain corporate entities. And by burrowing like a common bacterial spirochete into the guts of American national security, Microsoft has begun to undergo the transformation - symbolically - from mere lawless and sloppy monopolist to vital U.S. institution. Yesterday, MS merely brought you BSODs, viral weakness and data loss. Today, it defends America against her enemies with its arsenal of...er...BSODs, viral weakness and data loss.
If this transformation continues, it will be more and more costly to criticize Microsoft as it mutates into an adjunct of the security state. HomeSec is already MS's taxpayer-subsidized tech support service, busily issuing warnings about the latest viruses and worms. This relationship should be promptly terminated by the next administration when the adults get to run things again.
I hate to be a rant...but I can't help myself. :-)
Ethics is going down the tubes. An example, I think was the investment community in the U.S.
If you watch the media, you have this over all impression, well, Enron was just a fluke, they had poor accounting.
But if you read the papers, this fluke, is being practiced by 100's of companies, all screwing over their investors like cheap whores on a Dutch street corner.
I hate to point this out, but these Ivy league trained people were taught and are taught that this is just ducky. How can it not be with so many companies screwing you on a daily basis.
It can't be a fluke when everyone is doing it.
Fluke? I think not, but you decide.
It has become ethical to do business unethically and it is proudly taught that way in our so called finest Universities.
If anyone has any money in US retirement investment funds, when they retire 30-40 years from now, I will be really amazed.
If you are an investor, and you are investing in US companies for retirement, you my friend are a sucker.
Same thing is happening here. Microsoft is not an innovative company, it buys companies.
They do not write good software and if you are stupid enough to buy Microsoft Press books written by PhD's who claim they even have a clue about good Software Engineering principles, you are just another duped "investor".
I would like to point out that Microsoft is one of the largest employers of Computer Science PhD's in the country.
As an example, one must ask this question after looking at these Software Engineering practices books that Microsoft Press publishes as oxymoronic.
My reasoning is as follows:
Exhibit A: Microsoft hires more PhD computer scientists than even IBM has to work on the secure initiative for 2000 and XP. Building and rebuilding the entire OS 2000, and then again with XP, from scratch, at a estimated cost of 2.8 billion dollars.
Exhibit B: A 18 year old in Minnesota, a 16 year old in Malaysia, and a 21 year old in Russia. All with WAY too much time on their hands, with NO source code, find more security holes in 2000, XP than you can possibly say "Code 'in'-Complete" in that past 14 months.
Exhibit C: A University student, in Finland builds a new operating system kernel called Linux, and in just 8 years it is being worked on by almost no PhD's and many testors and code contributors are in their early 20's or teens, and is far more capable than windows, 1.8 billion dollars later.
Is Linux just another Enron? Fluke?
My point is that the way we are being taught code in this country is not the way code should be written. Even if you have a PhD, its business as usual dogma, just like our MBA friends.
Is it a fluke that the best code being written is not through institutionalized learning in this country?
What do these exhibits tell us about our country in general, with regards to ethics?
It doesn't take a rocket scientist to figure out what is going on here.
Fluke?
I think not, but you decide.
-Hack
Got Geometrodynamics? Awe, too hard to figure out? Too bad.