Slashdot Mirror
Author of Paper Critical of Microsoft is Fired
chongo writes "Daniel E. Geer Jr., one of the primary authors of a
report
Reliance
On MS A Danger To National Security,
was fired from @stake Thursday morning.
@stake said that 'The values an opinions of the
report
are not in line with @stake's views' and that Geer's
participation was 'not sanctioned.'
Microsoft, who has worked closely with @stake
in the past, denied that it was involved in @stake's
decision to fire Dan." There might not be anything fishy going on at all, but that's no reason to stop making perfectly good conspiracy theories.
Can I have his job? I can write well, and I can be non-critical of Microsoft software.
For instance, they have made great strides in improving Calculator and Notepad in recent versions of Windows.
As you see the corporate world is just as powerful as government so watch what you say! Bill's still your boss! Oh and George Bush is your master if you arent wealthy.
If you use Linux, please help development of Autopac
BAN @stake or burn what ever your fancy ! errr what does @stake do neways before i go baning theam :)
Human being opposed to Micro$oft gestapo forced to leave the United States.
Did he do this on his own, or as an @stake employee? I find it rather disturbing that a company can fire you for something you do of your own accord. What's next, are companies who like to suck up to MS gonna fire you for developing a linux program?
Am I just being naiive, or does this bother other people too?
if(!cool) exit(-1);
I bet it was... the Time Terrorists*!
*Time Terrorists also responisble for the destruction of the Titanic, the Hindenburg, and the creation of SCO.http://mediagoblin.org/
Looks like there was more "@stake" than he expected =p
(waits for groans)
"Linux would be just as insecure, we swear!"- @stake.
Is there anything better than clicking through Microsoft ads on Slashdot?
OK, if you need to mention a company's gimmicky, non-alphabetical name once, so be it. But all those @s are giving me a headache in a brain region I haven't had to use since we had that run of :CueCat stories.
The scary thing is that you could use 4tst4k3 repeatedly and I wouldn't blink at it. 47s74k3 would require some effort...
What I'm listening to now on Pandora...
I'm tired of people hashing out their stupid little pet peeves on the basis of 'national security'. Its inane and tiresome to hear people trump up the 'unassailable argument'. Oh now we can't challenge you because if we do we're rooting for terrorists.
dont these places have editors? surely, a story that would have gotten someone fired wouldnt get approved.
That sucks, I guess you can not say anything anymore without risking being fired. Especially since the writers of that document say that they dont speak for their companies. There goes free-speech. Cheers, atarola
For every complex problem there is an answer that is clear, simple, and wrong. --H L Mencken
I read the article. I wonder if my job is at stake too! How far do the hands of Microsoft reach?
Magic Eight Ball: Outlook not so good., Hmmm, how about Excel and Word?
And, in other news, in an SEC filing, Microsoft has disclosed a cash "gift" to a company called @stake.
Said Microsoft spokesman: "It's a voluntary contribution, with much at stake. ".
I have no problem with your religion until you decide it's reason to deprive others of the truth.
may be he was just "temporarily" fired until the dust settles and Microsoft forgets about the whole thing... and then he'd be rehired... that's what i would do if i were a company and i were terrified of Microsoft...
While the firing was unecessary and I don't agreee with it in the slightest. (How can your participation be 'unauthorized'?), it's the editorial tagline that really irks me.
You, slashdot editor, member of the press, are actually encouraging and suggesting that false and misleading information be interpolated from a small number of facts. Sure, a healthy skepticism and more investigation is required to determine why he was fired but i think an editorial remark with a message consisting of:
"This isn't really big news, but if we pretend like all sorts of mysterious things are happening that we don't know about, it will be."
Those sorts of things happen on their own more than enough as is; encouraging it is just unecessary.
-Ryan
AUWYHSTOT (Acronyms are Useless When You Have to Spell Them Out Too)
I guess that's where the phrase, "power corrupts" comes from, eh?
Read the EFF's Fair Use FAQ
Seriously though, that movie is full of great quotes...who remembers the Supreme Being saying "I am the supreme being, I am not entirely dim"? And Evil talking about God:
Evil: God is not interested in technology... He knows nothing of the potential of the micro-chip or the silicon revolution. He's obsessed with making the grass grow and getting rainbows right... Look at what he spends his time on. 43 species of parrot! Nipples for men!
-Cyc
/.'s 10 Millionth
Well actually it was Computing Technology Industry Association, but they are funded by MS. The say "the report is flawed by "myopically looking to technology (i.e., 'bad' software OS) instead of addressing the underlying cause -- human behavior -- for cyber breaches." "
So basically if humans just would stop being mean or stupid, there wouldn't be any problems.
Isn't that sort of like blaming plane crashes on gravity? I mean, human nature is what it is. There will be virus writers, there will be people who don't always install the patches right away.
What are they suggesting, that we try to change human nature? Genetically engineer better humans? How about they take human nature as a given (like gravity to an aeronautical engineer), and then fix the damn product?
The difference is that your consulting job is not on the line when you post alternative viewpoints on Slashdot.
Now, if you get fired for reading too much Slashdot on company time, we are absolutely not responsible.
Before releasing a scathing report about a megacorporation.
Especially one that has a noticable business arangement with your employer.
Make sure that all of your upper management have their tin foil hats firmly in place.
Alternatively publish your story under an alias.
Try Anonymous Coward.
134340: I am not a number. I am a free planet!
Dan Geer was one of the few, if not the only, old school information security professional at @Stake. This canning, apparently for calling a spade a spade, combined with persistent rumours of mental health issues with one of their other prominent principals make me wonder if they are gonna circle the bowl to the left or to the right as they go down the hole.....
I read that as "Author of Paper Clip of Microsoft is Fired". It sounded much more exciting.
in the report. It doesn't state that "@Stake reports... blah blah" It states that "A leading panel of experts" who happened to be headed by a guy that worked at @Stake - released the report.
Personally I think Dan Greer should sue @Stake for invalid dismisal based upon personal opinions he expressed while not on company time.
Thanks to Google's cache, this is Dr. Geer's bio from @stake. I had the opportunity to hear him speak once, and he sounded about as brilliant as the following description would make you think:
Daniel E. Geer, Jr., Sc.D.
Chief Technology Officer
Daniel E. Geer, Jr., Sc.D. oversees the strategy and direction of @stake's approach to digital security. Over the last thirty years, Dr. Geer has led the application of technology in medical computing, distributed systems management, electronic commerce, and digital security. After fifteen years in the Harvard medical establishment, he variously served in senior leadership roles for MIT's groundbreaking Project Athena, Digital Equipment Corporation's External Research Program, Open Market, OpenVision Technologies (now Veritas), CertCo, and now @stake. His security consulting firm, Geer Zolot, was the first of its kind.
An expert in modern security protocols and business metrics, Dr. Geer has been called upon to testify before Congress on multiple occasions. Dr. Geer speaks and publishes regularly on a range of issues in digital security; his November 1998 speech, "Risk Management is Where the Money Is," has been widely quoted, warranting both reprint as a special issue of the RISKS Digest and prompting editorial comment in Wired Magazine. His bibliography is deep and continuing, and with Avi Rubin and Marcus Ranum, he is co-author of The Web Security Sourcebook.
He holds a Sc.D. in Biostatistics from Harvard University's School of Public Health as well as an S.B. in Electrical Engineering and Computer Science from MIT. His professional involvement includes a decade of leadership within USENIX, the advanced computing systems association, of which he is past president. He today serves as an advisor to the board of the Financial Services Information Sharing & Analysis Center (FS/ISAC) under the auspices of the US Dept. of the Treasury, as well as similar fiduciary and non-fiduciary roles for a select number of promising startups.
-- Brian T. Sniffen
Gotta love those @stake guys. Here's a relevant quote from their website:
"@stake has assembled the best minds in digital security to help you understand and mitigate the security risks inherent in your business model, so that you can maximize the opportunity in front of you. We help you make the hard decisions about what matters most in your business, so that your security investment has the greatest impact. We work in the space where your business and technology meet, because we believe that this is where security is most powerful."
Talk about blowing it out both ends. You can read their ethical and guiding principles as well.
This is what l0pht has turned into?
Remember Al Franken's book? He was sued because off his play on the FOX news slogan.
While this isn't quite the same, one can hope it might bring some publicity because this guy was fired for critizing Microsoft. It'll be like "Remember that guy who got fired for critizing Microsoft?" "Yeah, of course I remember him. Microsoft's big and dangerous, and something really has to be done about them."
I'm crossing my fingers here.
The report itself stated quite clearly in several places that Dr Geer was the Chief Technical Officer of @Stake.
I can't find a disclaimer anywhere in the report saying that he wasn't representing @Stake, and yet he used it to back up his authoritarian position, and intentional or not it appear that he was speaking on behalf of the company he worked for.
Perhaps more details will emerge about what actually went on, but it does seem quite irresponsible to make it appear that you're speaking on behalf of a company if you're not... if that's what happened.
what has the world come to when the Black hats become pawns of Gates and company...
Well slashdot is certainly the place for conspiracy theories.
Dawn of the Dead
If you sign an employment agreement, you'd better stick to it.
In particular, you shouldn't publish a paper without running it by corporate communications first. You especially shouldn't publish a paper that might be critical of a partner or customer without doing this. You know why? Exactly. You get fired. For violating your employment agreement. If you don't agree with the things that you signed, you shouldn't have signed them. Hell, even if you have permission to publish the paper, you might want to think twice about publishing a paper which is critical of a rather large customer.
When I worked at AOL, I tried to get some of the execs to realize that some of the employees could be a powerful force in the technical community to raise the image of the company. Just the ability to explain some of the things that weren't confidential, correct some of the misconceptions. It wouldn't be a magical transformation, but it would be an effort. And actually joining the community would be a big step. Peer review and PR oversight could both be used to help make sure that more incorrect information didn't go out, or that the wrong things didn't go out.
Noone wanted to talk about it. My assumption is that noone I got to wanted to rock the boat, and noone responsible trusted the employees. It's too bad really. But even with something like that in place, this type of paper would never pass muster. Not through a peer review, and not through PR. You just don't criticize a large customer. Especially a customer with as much money as Microsoft.
-Todd
"The details of my life are quite inconsequential..."
This really is something Greer should have seen coming. He published a highly critical, highly-publicized report bashing his consulting company's biggest client. Whether it is true or not is irrelevant; that the client was Microsoft is irrelevant -- replace "MS" with "Sun" or "Oracle" or any other company you like, and I bet his higher-ups still wouldn't be happy about it. You may not like who you work for, but it's not a good idea to bite the hand that feeds you.
The bold print giveth, and the fine print taketh away
The guy's opinion was very obviously true to most of us. Is there any way that @Stake is not a joke now? There are two sides to everything. Someone, please explain the other side of this one. I don't get it.
There is no America. There is no democracy. There is only IBM and AT&T and DuPont, Dow, General Electric, and Exxon
Just so everybody knows:
This is the same @stake that was formed from the l0pht heavy industries (www.l0pht.com) of old. Says itsecurity.com's Computer Security Dictionary of l0pht:
L0pht Heavy Industries
"A Boston-based group of hackers interested in free information distribution, finding alternatives to the Internet and testing the security of various products. Their web site houses the archives of the Whacked Mac Archives, Black Crawling Systems, Dr. Who's Radiophone, the Cult of the Dead Cow, and others. Current membership includes Mudge, Space Rogue, Brian Oblivion, Kingpin, Weld Pond, Tan, Stefan von Neumann and Megan A. Haquer. They can be reached at info@l0pht.com and maintain a web site at http://www.l0pht.com."
Hacker's Encyclopedia, by Logik Bomb (FOA), http://www.xmission.com/~ryder/hack.html, (1997- Revised Second Edition)
I wonder if good old mudge still works there? It's amazing what a little money'll do, eh?
Most places have editors - but to an extent, writers are given the right to publish what they want.
The reason being, if you write something for say, the Times, it will be printed millions of times - the cost of that involved is a lot, so there are many safeguards in check to prevent unauthorized publications. To upload something to the Internet, requires far less effort, therefore, fewer safegaps and stopguards are in place. If it took several million dollars to publish a paper in the web... you bet there would be good editors and whatnot.
Simply a matter of dollars and cents. However, if the paper had gotten less publication, he would have still had a job.
There is always a frontier where there is an open and willing mind
IMHO, firing such a senior guy in this fashion is usually done only when your cojones are in a vice being tightened at a rapid pace...
Greetings, serf! Welcome to 21st century feudalism. Remember these simple rules:
We look forward to several decades of exploiting you. Thank you.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
I was watching a US House of Reps "Worms and cyber security" subcommmitee on C-SPAN the other day. Testifying before the Congressmen were the following - Microsoft Corp senior security strategist Philip Reitinger, VeriSign VP Kenneth Silva, Lawrence Hale, director of the Federal Computer Incident Response Center, Christoper Wysopal consultant for @stake Inc, some other Russian security consultant, and a few other random folks.
The chairman of the committee asked the Verisign PHB and the two consultants if there were any security benefits in running open-source software, and which was more secure, open or closed. I almost shat myself. Here was the perfect opportunity to hear some glowing reviews of open source. Instead the two consultants, who seemed decently knowledgeable, and long winded on all other issues merely said that there are flaws in all types of software, and they would "guess" that the frequency of security flaws were the same as for closed source. Although the guy from @stake did mention that the theory behind open source security was that "the more eyes, the better", he also countered it with noting that most users of open source wouldn't be able to fix the code when a vulnerability was found.
That was it. No detailed explanation about anything. Just a brush off that was not quite as long as their testimony on why ipv6 wouldn't offer any extra security over ipv4. Luckily the Verisign bastard was there to add his two cents. To paraphrase him - "I would agree with their, (the consultants) testimony, but I would like to add that often the people who write open source software are not professionals". Then he took another shot mentioning "that often worms affect open-source software too". Often... I wonder what he considers "often". How can he even trot out the word "often" to describe the frequency of worms that affect open-source software when there are millions of Windows boxes that are constantly being hit by worms. He then added - "We must resist the temptation to demonize software vendors and other members of the network community. The finger pointing is often misplaced and in most cases does more harm than good." It was quite the interesting hearing, and gives me a bit of insight into what kind of info our Government is getting about open source.
Anti-social? My code is just platform-specific.
As many, many researchers know, this is why so much commercial research is flawed - there are too many strong influences out there that taint the data.
This is the first overt firing that I've heard of in the IT industry, but I'm sure there have been thousands that we just never heard of.
Just think of those poor researchers at the cigarette companies - you know, the ones where if you found that there was a link between cigarettes and cancer, well, you must be fired.
Or the researchers for pharmacuticals... where if you find that drug X doesn't help cure Y, then you shouldn't expect any grant money next year. Yeah, not fired, but certainly the same net result.
The fact is that research SHOULD be independent. I don't know or care if this guy's paper was right or wrong. But it should be the research community, not MBAs, who decide the quality of research. Period.
I think that firing this guy due to his research is wrong. It looks like he was fired for financial relationship reasons, not because his study was consistently rejected by the research community. Should his employers be considered biased? As a potential customer, should I trust this company? If they are motivated more by their relationship with microsoft versus upholding the truth, I'll never recommend anyone to do business with them. And it looks like they are, and so I'll make sure they're scratched off the list.
Companies have every right to fire you for things you do outside your job. You represent your employer. If I work as a mechanic and I get convicted of rape, my company can understandably fire me.
Moderation Totals: Flamebait=2, Troll=1, Redundant=1, Insightful=6, Overrated=1, Underrated=1, Total=12. (not mine)
Hopefully /. won't follow suit firing anti-MS writers. Then again, no more duplicates.. hard one.
Marxist evolution is just N generations away!
...that he decided to list his company affiliation in the list of authors. Most companies require any paper that goes external to go through a review and approval process, which would catch any differences in opinion between the author and the entity which that author represents in title.
I personally agree with the paper, too bad @Stake lost such a valuable employee. OS diversity can be a great asset in system security, as it keeps an attacker on their toes. However, administration becomes that much more complicated of course : |
"Sed Quis Custodiet Ipsos Custodes?" -Juvenal
I guess if you criticize Microsoft you get burned @stake :-)
Never attribute to stupidity what can be construed as a monopoly preservation tactic.
Someone just learned the value of a pseudonym.
Interesting. Does that mean that employees should only issue statements in the course of their job responsibilities? Or that job statements must be objective, fact-based and truthful but personal statements can be whatever they want? This latter interpretation seems to conflict with their action.
I don't think Dan Geer will have trouble finding a new job. However, it is an interesting reflection of what @Stake has become. Look at their management team. Looks awfully VC to me.
It's a sad state of affairs, but not surprising. It's been a long time since the "CIFS is caca" paper, and I lost respect for the l0pht back when *hobbit* was edged out. Mudge became "Dr. Mudge" (as if), and they all started running after the limelight. Sad, really. The Hacker News Network is long gone, and mudge is Pieter. It sucks for Dan, but it's just more of the same for the rest of us.
It takes a lot of nerve for Chris Wysopal to issue his little statement. Weld Pond would never have said something like that. Man, it's been a long path from BO2K to appeasing Microsoft. What a long, strange trip it's been. Sigh.
The difference between a Miracle and a Fact is exactly the difference between a mermaid and a seal. (Mark Twain)
There's a big differnce between an academic and sound treatise, and a politically motivated zealot's rant.
Most people can be terminated at will. Maybe they didn't want a politically motivated basher working for them.
I doubt MS got the guy fired. Why? It would just lead to these conspiracy theories, and it's not like it could stop the guy from writing papers.
He'll probably just do it full time now. He can move in with RMS and Stallman.
I don't need no instructions to know how to rock!!!!
That'll fix their wagon..
The real problem I have with this whole issue is that he did not imply or state in his report that @stake was sanctioning it in any way. The only @stake mention is in his title and his biography. If that can be construed in any way shape or form that @stake somehow approved of the report then someone has to go somewhere in a hand basket.
If terrorising a 12 y/o girl and college students into settlements for sharing 1's and 0's isn't terrorism, then what is?
Oh yeah, I can't get a law rushed on this issue unless I can prove the RIAA is a threat to national security...
You can't judge a book by the way it wears its hair.
Look at the big picture everybody, and take a page from the SCO playbook: keep the soap opera in the news and the issue stays in front of more eyes for a longer period of time. The real issue is that more attention needs to be paid to MS security for everyone's benefit, and this is a way of that happening.
When I was a kid, we only had one Darth.
Leave it to the Mercury News to report with more sordid details.
What caught my eye...
The CCIA trade group also ran into trouble Thursday when it sought to send a paid announcement about its critical Microsoft report to 140,000 subscribers of popular trade magazines for chief security officers and chief information officers.
The publisher for CIO and CSO magazines, CXO Media Inc., offers such announcements ``to target a specific market segment of our audience by designing a list of prospects for direct mail and e-mail purposes.''
But in this case, the subject was too touchy.
``We find it is too sensitive of material to send out. I'm sorry to be the bearer of bad news, but I have to deny your request,'' according to an e-mail from the publisher obtained by The Associated Press.
``We need to try to provide some balance on these issues, and this seemed a little one-sided,'' CXO spokeswoman Karen Fogerty said.
Sheesh! The mags won't even report this story if you pay them!
---
Fight the Power!
There is no America. There is no democracy. There is only IBM and AT&T and DuPont, Dow, General Electric, and Exxon
I love conspiracy theories as much as anyone, but that can be a dangerous route to go, as it is real easy for a situation to be called a "conspiracy theory" and thus trivialized.
It could even (possibly more likely) be more a matter of politics. Perhaps they are running a lot of m$ and whoever made the decision to run that software took the article personally?
Or maybe someone's afraid of scaring away sponsors, customers, etc?
The sad thing is that this sends a (often repeated) message that dissent in the bussiness community (indeed in other communities as well - higher ed [firstamendmentcenter.org], for example isn't as safe as it used to be).
In the immortal words of my main man Frankie H., "Fear is the mid killer".
-h
I hate to say it, but if you marry the CCIA position stuff wrapped around the report itself, it sounds like CCIA is advocating for government mandated software regimes!
It's clear that in Agriculture a pure monoculture is a bad thing, but there the government has to step in and tell folks to burn crops. I _don't_ want my company's software crops 'burned' at government insistence. Nor do I want the government telling me that I must not buy BSD because it doesn't fit into their scheme of monoculture at the moment.
So monoculture may be bad in the computer world, but when you actually start talking about a government mandated or enforced or even promoted plan, I get far more nervous than I was from just MS.
It isn't the report's pie-in-the-sky vision of a 1/3 computing world, it's what CCIA, a lobbying group, would DO with that report.
Fear the Bureaucrat!
It's really interesting, because I don't doubt for one second that M$ told them that either they fire them or they loose their business together. It is common sense, one uncloud's their mind, that M$ is a REALLY bad platform to be on in regards to security. It definitely has a wonderful software base, but that is due mostly to really good marketing, including making a visually appealing interface. Lock-in also plays a big role. However, when one has to worry continually about security holes in their systems, that is bad. Linux systems may have a large number of holes, but they are typically in the daemons running on the machine, and one can jail or chroot them into secure directories, but Windows' core services are the ones that are the culprits here-- and they cannot be jailed!
It's sad that a person who speaks truth gets fired if it is not in the best interest of their companies, but I guess that is why a truly outspoken person must be freelance, because otherwise they WILL be fired eventually for their honesty.
M$OS-less 15" Powerbook G4
Thosands of OSS developers went unpaid when the government realsed that the alteristic movement may undermine the US[sic] economy.
thank God the internet isn't a human right.
Lighten up. I think the tagline at the end of the article is just a little bit of healthy irony. At worst, it's nothing more than cutesy, at best it at least reminds people not to take themselved too seriously. The immediate instinct of many Slashdotters upon reading the skimpy facts of this case is to assume that there's something terribly unwholesome going on. At least Slashdot is reminding us to put on our tinfoil hats before we start ranting.
And don't get me started on calling Slashdot "the press"...
If the guy broke the terms of some contract, perhaps it's illegal. But...
"The values and opinions of the report are not in line with @Stake's views."
Does it make those opinions wrong? Are they not useful, regardless of what @Stake's view is? Does this imply that you need to toe the line of the most powerful entities, if not, you will be punished? We've been stuck in 1984 for long time it seems.
"Backups are for wimps. Real men upload their data to an FTP site and have everyone else mirror it." -- Linus Torvalds
1) Insult Microsoft!
2) ???
3) Get fired!
(Surprisingly, this is accurate.)
This happens to be an article on the front page of the Business/Technology section in Friday's Washington Post.
CowboyNeal's writeup, in which he uses the words "not sanctioned," is quoted directly from the article. The Post's paragraph states:
Massachusetts-based AtStakeInc., a computer security firm, said yesterday that chief technology officer Daniel R. Geer is "no longer associated" with the firm. A company statement added that Geer's participation in preparation of the report was not sanctioned by the firm, and that "the values and opinions of the report are not in line with @stake's views."
Please read the goddamn article before shooting the messenger. Thank you.
"Folks just call him Buckethead." -- Les Claypool
No more M$ software on my computer. I can't tell you the last time I ran Office or IE, anyway, esp. since Safari 1.0 came out. BBEdit is all the word processor I need 90% of the time, and for the rest AppleWorks is fine.
Now if only I could get Gentoo onto my girlfriend's VAIO...
Wasn't @stake the security company that grew out of the l0pht? Or am I on crack?
autopr0n is like, down and stuff.
Things have changed a bit around their shop since they "turned pro" and stopped being L0pht Heavy Industries.
Guess being security expert puts things in a different light than being a group hackers.
Dpn't let the brooha detract from report itself. It is a very well written and tightly argued document.
My favourite phrase...
The prevalence of security flaw (sic) in Microsoft's product is an effect of monopoly power; it must not become a reinforcer.
There are plenty others. Read it, I'm not surprised MS are upset enough to get this guy removed, it makes such compelling points.
-- Free software on every PC on every desk
Of course he'll get a new job, probably a better paying one. @Stake, on the other hand... None of you will ever buy from them after this, right? They let their greed get in the way of their objectivity. Those insecurities earn them money, that's why they don't support his opinions. You can't trust companies like that to give you good security advice.
"If you sign an employment agreement, you'd better stick to it."
What a load of crap, I bet you supported the south in the american cival war.
If I sign a NDA with a soap manufacture and then descover that there killing native americans to make soap, should I stick to the NDA?
thank God the internet isn't a human right.
GROAN
I am all for full disclosure, security, open source, and better design and practices. But @stake and MS are all for money. Let's be honest, we cannot expect them to hire editorial writers to critique their business or clients. The media and /. can do that.
The national security thing is not the real reason. The real reason was the guy was going against his company's agenda. Practically their whole current business plan. If I worked for Walmart as PR (I don't, btw) and I wrote about how huge stores and cheap prices were contributing to the degredation and commercialization of American society, I would be fired.
This guy was a CTO at a security-consulting firm, and he published a paper talking about how insecure one of their client's (probably a big one) software was. Not just any critique (i.e. only technical implications) but a paper making the conclusions that MS software is a threat to national security and the economy. If he had added Iraq in there he would of had a platform for a presidential campaign. This wasn't a phrack article here. It was asking for attention - media attention.
When you ask for media attention and you involve your firm in a negative light, don't expect to keep your job.
btw, good for him.
...that this paper was written by MS's opponents, as claimed by ACT president Jonathan Zuck on sourceforce.com.
It was co-authored by the (now-former) CTO of a security firm that does business with Microsoft. A business partner, one might say.
hmmm...
It's all Hood
I mean, if you're Microsoft, you've got a thick skin toward bad press.
I imagine it was just some chickenshit middle management type over at @stake who wet himself when his little pet security project churned out a ton of anti-microsoft press.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
I saw Geer talking on TechTV yesterday and he totally came across as an overzealous MS basher. I admit I haven't read the report, but in his little blurb he just kept talking about how nobody should ever use the most popular OS out there, and how bad MS is. It was like he thought he was posting on /. and forgot that he had published a report and was being featured on TV.
I'm a firm believer in the philosophy of a ruling class. Especially since I rule. -Randal, Clerks
Lock-in also plays a big role.
People in Soviet Russia, however, appear to be afflicted with amusing juxtapositions of the aforementioned situation.
A programmer is a machine for converting coffee into code.
Microsoft corporation would like to publically state that we had absolutely nothing to do with the termination of Mr. Geer. This action was entirely the choice and responsibility of @stake.
We would also like to take this opportunity to point out the sack of goat's blood splashed across the front door of Mr. Black was a random act of vandalism, and we know nothing about it. Except that it was a random act of vandalism, nothing more. The note in his mailbox threatening his life if he worked on any more papers with similar topics.. that had nothing to do with us either.
And, for the record, we have no knowledge of how or why someone used a laser engraver to etch a Windows Server ad into the side of Mr. Quarterman's car. We also did not kick his puppy in the ribs, breaking three of them because the little bastard got in our way. I mean, in the way of the perpetrator, whoever he may be.
Also, although we sympathize with Mr. Shchneier over his wife's recent permanent paralysis, we -- hold on, that one hasn't happened yet. I mean, uh, that one is, uh... WOW LOOK AT THAT MONKEY!
*ahem*
Live Meeting, formerly PlaceWare Conference Center, is a new service in the Microsoft Office System that enables you to collaborate online with employees, clients, and customers in real time with groups of 2 or more than 2,000. With just a phone and a computer with an Internet connection, you can free yourself from the cost and hassle of business travel. Download a trial today!
I was too lazy to check dictionary.com. I know why I thought there were two 'i's, though. It's cuz of that silly double-dot i that they used. Argh. :)
if(!cool) exit(-1);
"Participation in and release of the report was not sanctioned by @Stake," the security and consulting company said. "The values and opinions of the report are not in line with @Stake's views."
What?! What exactly wasn't true about what was said?
Quote: Daniel Geer "As fast as the world's computing infrastructure is growing, vulnerability to attack is growing faster still"
Quote: Daniel Geer "Microsoft's attempts to tightly integrate myriad applications with its operating system have significantly contributed to excessive complexity and vulnerability. This deterioration of security compounds when nearly all computers rely on a single operating system subject to the same vulnerabilities the world over"
Quote: Ed Black "Microsoft's monopoly threatens consumers in a number of ways, it it's clear it is now also a threat to our security, our safety, and even our national security."
Quote: Bruce Schneier "The problem is that of monoculture. As long as all computers are running the same OS, they're all vulnerable."
If @stake is saying they don't agree with these statements, then their credibility as a security company is seriously in question. It's one thing to say they fired someone for violating professional protocol, it's quite another to terminate them because what they said was incorrect.
Everything said by Geer, Black and Schneier is correct. What does @stake not agree with?
Ruby on Rails Screencast
Clearly, we can't assume that Microsoft strong-handed @stake. But I guess that's not the point here, is it?
It doesn't really bother me that this showed up on Slashdot.
But I am a bit annoyed that this was newsworthy for both the Washington Post and News.com. Are we so entertained by conspiracy theorists that we have to breast feed them with fodder like this?
Obviously, he knew full well what he was doing when he signed the report. I find it very believable he also understood what the end result of his actions would be. It seems a huge stretch to believe a man of his experience and background didn't fully understand the position he was placing himself and his employer in by participating in this report. He no doubt had an employment agreement specifically stating "pre-acceptance" of anything he published while while employed by @Stake. He violated the agreement, and they fired him. Not the first to get fired for violation of an employment agreement, certainly won't be the last.
. . . when you tell the truth about Microsoft, your job could be @stake.
bah-dum-bum,
@stake, eeye, and iss have all agreed w/ microsoft not to release details of even potential exploits until the microsoft has had 30 days to "evaluate" them, leaving admins and the public unnecessarily exposed to vulnerabilities. This is completely unacceptable, and contrary to the scientific peer-review process of real science. If you know there's a problem, you speak out, suggest a fix, and hopefully the appropriate parties will be responsible enough to take action. Additionally, others have to be able to VERIFY and REPRODUCE findings, a critical part of *real* research. But microsoft's tactic is to force so-called security "research" companies (who are in it for money, not necessarily for altruistic research or making things more secure) into a lop-sided, biases "standards" NGO, the "Organization for Internet Safety" (OIS), which Microsoft is a member. (read this). What they are proposing is censorship, hiding information until they can find a fix, so that only the hackers will know what's broken. Talk about the fox guarding the hen-house!!!
Additionally, the director of research for @stake, Chris Wysopal, is effectively lobbying congress to give teeth to the OIS, and more power to microsoft and their buddies.
OIS = @stake, BindView, SCO, Foundstone, Guardent, ISS, Microsoft, NAI, Oracle, SGI, Symantec. sounds like the stone cutter's guild to me.
Eeye seems to be left out for obvious reasons, they oppose this secretive "research." Read eeye's Marc Maiffret's (chief hacking officer) thoughts on things to a congressional subcommittee here.
"windows corrupts, microsoft corrupts absolutely."
The biggest trick the devil pulled was letting lawyers become politicians so they can write the laws.
For him to be canned over this report (which is excellent by the way), is awful. Other heavy hitters in infosec also collaborated on this report e.g. Schneier, Becky Bace, and Charles Pfleeger.
It's not so much that @stake doesn't have the right to fire him, but rather that it's a pity that they can't stand up to the truth. Not that corporations are known for their honor anyway. I would not trust a @stake with my business at this point-what's next? MS buying them into using their clearly superior security products?!
I disagree with your first point if only because twice is equivalent to several. Plus the bio itself is what makes it appear that @Stake has something to do with his opinion. Thanks for pointing out that sentance on page three -- I'd missed it completely and I stand corrected. It still seems inadequately informal though
That aside, I still think it looks irresponsible, since his employer obviously has a stake in the response to the report, yet without having asked permission from his employer there's still no clear attempt to distance himself.
The guy got fired for the truth, was he lying? I wrote email to @stake and told them that their credibility was on the line. FWIW I think they are partially owned by Microsoft. Everyone that knows anything knows Microsoft makes the poorest quality software in the world. Strong people have strong opinions, the more passion you have for a subject the more vocal you are about your view.
What will you do? Are you all spineless? Will you write a letter to @stake and tell them how you feel?
Your Average Joe
> I'm tired of people hashing out their stupid little pet peeves on the basis of 'national security'.
in that case I suppose the Terrorists Have Already Won!(tm)
-pyrrho
Its sad that @Stake would be so scared of Microsoft to fire someone for telling the truth.
I'm sure that some other company will be perfectly happy to snatch him right up, partly as a slap in the face to Microsoft and because he can obviously provide some valuable information about the security risks involved with Windows now and in the future.
Maybe even the CCIA might snatch him up? Personally, I think they owe it to him.
Volunteer Mozilla developer, RPI Student.
@stake has demonstrated that nothing, absolutely nothing, will get in the way of satisfying their clients. While this is admirable from a capitalist viewpoint, how much do you trust any information that they disseminate?
Thought so.
Tarring yourself as a Microsoft shill might be good for the bottom line but I doubt @stake's long term viability was helped by this move. Particularly since the point that Mr. Geer was making is patently obvious to anyone with a clue.
I'm sure going to tune out anything they say in the future.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
I can't argue with those points. You're absolutely right. It's just a shame to me that someone who knows a lot about something that affects the security of millions of Americans can't speak out about that threat without being fired by their employer.
It's rare to see a group of people take a stand about something they feel is of more importance than just dollars and cents. These folks are essentially blowing the whistle on something a lot of people have known about for a long time but have been too frightened to say for fear of the wrath of Microsoft.
While I absolutely agree with you that @Stake is just protecting their own interest, their action is proof of how far Microsoft has permeated the fabric of the IT business. Virtually every company in the industry has to be careful about criticizing (or even allowing an employee to criticize) Microsoft, for fear of retribution.
Read the EFF's Fair Use FAQ
First off, "they" wrote it. Each of the contributors listed their position and company with equal emphasis. No representations were made about the "official" positions of the respecitve and multiple companies listed.
Yes, we seem to be living in a world with increasing need to disclaim. In fact, we live in a legal claim/disclaim toxic environment.
If you were to global search-and-replace the company names with the names of universities; and likewise exchange the professional titles with academic ones; this paper would be perfectly kosher.
So now, apparently you can't publish a shcollarly work unless you *don't* have a "real job." How nice.
Remember: The great/golden age of the Arrab Empires collapsed because of one act. They closed their libraries. After that scolarship fell into disrepute. Then learning. Then knowledge. Then "not being an idiot" was against the social norm, and *poof* they lost the initiative.
Let's not repeat that debacle in our age, shall we?
Persons should enjoy the right to freely publish their thoughts and understandings of any issue with greater social ramafications.
Silence == Death... As a slogan it is applicable to far more than the AIDS crisis.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
The 'english' language changes on a daily bases. ,'
Beef, ' Etymology: Middle English, from Old French buef ox, beef, from Latin bov-, bos head of cattle
Date: 14th century', introduced after the french conqured england, cow
tymology: Middle English cou, from Old English cu; akin to Old High German kuo cow, Latin bos head of cattle, Greek bous, Sanskrit go
Date: before 12th century', is the english equivilent.
Next time choose a different language to police, before you judge others Illiterate.
thank God the internet isn't a human right.
i can see if a MS employee would be fired if they wrote a truthf.. err scathing report on the state of ms security. but a SECURITY COMPANY firing a consultant (whether executive of peon) because he writes an opinionated (and most likely highly accurate) report on one of the biggest offenders in the security business?
whats next? (cant think of witty analog... dammit)
... but *you* just contributed two more!
Would you prefer that we start writing and pronouncing it, "circa-stake?"
They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
Ben
Yeah but what about the moderation system? Don't you know that Linux users make up about 99% of all the mods?
If you use Linux, please help development of Autopac
Did he have to train his Indian replacement?
klerck, the reformed slashjerk.
Here's his ban page.
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
Yah, BeOS trolls are rare and prized.
@Stake on the other hand...
This is probably going to be a bit of a nightmare for them. The firing is starting to generate a lot of attention in the press. People who may or may not have heard of @Stake before this are now going to remember them as "the company that fired a guy for dissing the security of using all Microsoft."
I for one wouldn't want to hire a company whose line of business is other people's security but who fired a guy for pointing out obvious and factual problems with the security of a major software vendor. It speaks volumes to whose interests they are going to represent if I were ever their client.
It wouldn't be mine -- it would be their own and any bigger client whose interests might run contrary to mine.
Quoth he
"It's all academic anyway..."
>Don't you know that Linux users make up about 99% of all the mods?
Hmmmm... I guess that explains why I haven't had mod access for a LOOOONG time. But when I do get it, it comes in waves (like 5 points per day for a week). Strange...
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
You guys all need a real life. Spending life cycles debating this stuff is just a total waste of time. When you're all 80 and imoblized, you'll want the precious time back that you spent talking about this stupid, meaningless, stuff -- as if your contribution to the forum will make any difference at all. It won't. But that garabage along the street that you could have been picking up will still be there. There's better ways to spend your life than being a pissed-off evanglest for some stupid peice of technology.
Author of Paper Clip of Microsoft is Fired
Too bad, I hate clippy!
:P
DO NOT WRITE IN THIS SPACE
okChoose one: your politics, or your job.
That's life.
You write that as if Geer (or the parent poster) is complaining, or wanted it both ways, but we have no comment from him, and the parent post didn't seem to indicate that he should have it both ways, either.
Perhaps he felt his politics were more important, and he's just fine with being fired, and expected it all along. Why would he want to work for a security company that would fire him for criticising Microsoft's patently terrible security record?
He's certainly had a successful career before @stake, and may indeed continue to have one, either with another company or as a consultant to clients who value the integrity they may think he has displayed.
...as opposed to an overused perjorative. An except from http://www.disinfopedia.org/wiki.phtml?title=Consp iracy (watch out for the extra space in 'Conspiracy').
"Often, what are commonly called "conspiracy theories" are employed by people who would like to believe some conclusion but have little if any evidence for it. They therefore refer to a supposed conspiracy to justify both their conclusion and the fact that they cannot support it with evidence which, naturally, the conspirators are actively concealing. Such theories cannot be falsified; a conspiracy theorist takes lack of evidence for their theory, or even evidence that directly contradicts their theory, to mean that an extremely powerful conspiracy has either suppressed or fabricated the evidence in question."
I'm tired of seeing the label "conspiracy theory" invoked as a magical incantation to stop rational arguments before they even start...
people have figured out how to have a monopoly on mod access and hack the mods.
So no you wont get mod access until they fix the bugs.
If you use Linux, please help development of Autopac
wow. good.
You make some excellent points. This arguement can be used in a lot of different aspects of life. Basically, don't waste time on silly things that don't matter- especially when they are negative. Spend your time on something positive, and you, and the world, will be better for it.
Excellent point.
Strange use of the word 'imoblized' though- but that can be overlooked in this case.
No reason to lie.
One day, I'm sure IE will get around to displaying them correctly.
Yes, but... other than roads, sanitation, better medicine and the streets bein' safe at night, what have the Romans ever done for us?
Got time? Spend some of it coding or testing
Why assume that MS had ANYTHING to do with his getting fired - it could've just as easily been some nervous CEO who perceived, rightly or not, that firing this guy would be a better move than keeping him on board.
Think about whatever company you may work at, if not now then some day. If you wrote something critical of one of your company's main sponsors, or a frequent collaborative partner, it wouldn't be likely to go over well with the President, would it?
If you're at all worried that there's competition for your position in a collaborative partnership with, in this case MS, you're going to take pre-emptive steps to ensure that your partner knows how devoted you are, and if it gets to the point that they're pressuring you to do these things, then it probably means you're behind, which is a bad sign.
It's very possible that Microsoft didn't give a whit about this guy, or at least didn't care enough to tell the company to "do something about him!". Let's be honest, we do have a tendency to overhype the anti-MS sentiment in this community sometimes.
Moo
There might not be anything fishy going on at all, but that's no reason to stop making perfectly good conspiracy theories.
As a wise sage once told me, "never let the facts get in the way of a good story."
And how good of a story would it be if this were just "some guy got fired because he vocalised his views outside of the company, now that company looks bad which they're not happy about, although this is just like any other employee of any other company going and doing some extremely public thing and thus suggesting that everyone else in the company does that thing too." That wouldn't really be too interesting of a story. But Microsoft! Hmm, let's see, didn't one of the guys who used to work here almost have lunch with somebody who interviewed at Microsoft? That's the connection, right?
Alas, most of journalism and mainstream media is sure to prevent the facts from getting in the way of a good story...
...who bears bad news. Looks like this is @Stake's loss more than Mr. Greer's. Someone with his knowledge of secuity won't have a problem finding a job even in this economy (security being kind of a hot topic these days).
I just hope one day that the courts stick up for freedom of speech. If I work for a company and comment on things on my own time, it should be fine. Otherwise, it is a gross abuse of freedom of speech. It's too bad that many here actually support that view. It doesn't surprise me that most people here are capitalists and would put money before everything in their lives. It's really sucks. Government can't fire for you for things like that; religious organizations can't; etc; But CORPORATIONS can... :(:(:(:(:(:(
Sivaram Velauthapillai
Sivaram Velauthapillai
Seeking the meaning of life... @slashdot of all places
If I were a fly on the wall (next to the speakerphone), here's what I might have heard in the @Stake executive conference room:
@S: One of our employees is about to release a coauthored paper with very serious allegations about MS SW insecurities, and the threat they pose.
MS: If there's anything libelous in that report, @S is liable, too.
@S: No, he doesn't work here anymore.
MS: Maybe you're not liable then.
@S: See ya around.
@S: Better print a backdated pinkslip.
--
make install -not war
Are you nuts? Or do you just have a very small understanding of business?
If this person was a writer/researcher/whatever for a company, and he made comments that were not only attributed to him, as an individual, but to the company he worked for- yes, they can get rid of him. And, if these comments made by him, under the guise of 'official' statements were contrary to the companies position, then yes, he *should* be fired.
If he wants to say these things on his own time, and not associate them with his company, then fine. Unless of course he has a contract that states he CANNOT do this. This is fairly common for people who are a 'spokesperson' for their company. Or, who are strongly identified with the company.
But, this person wanted to use their company's good name to push his own agenda- that is not a good thing. I work for a major university- I cannot publish papers filled with my opinions, and my own platform, and associate it with my university. In fact, anything that IS published, and associated with the university, needs to get peer-reviewed by at least 3 other people who are experts in the field. This is to ensure that individuals cannot use the university's good name as their own pulpit.
No reason to lie.
This is the best post here... I can't believe so many slashdotters are supporting the firing. I guess just goes to show how many corporation-worshiping free market capitalists are here :(
Sivaram Velauthapillai
Sivaram Velauthapillai
Seeking the meaning of life... @slashdot of all places
According to the Washington Post, Lona Therrien, the @Stake spokesperson, "said the company had no conversations with Microsoft about Geer or the report."
However (same article), Sean Sundwell of @Stake said that on Tuesday night, when notice of the report's pending release was circulated, "Microsoft was contacted by @Stake officials . . . expressing their disappointment in the report and saying that Dan Geer's opinion did not reflect the position of @Stake and its commitment to an ongoing relationship with Microsoft."
So... which is it? Did they discuss the report directly with Microsoft or not??
Quoth he
"It's all academic anyway..."
Can't find any mention of any former l0pht members on their site anymore.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
What's next is corporations ruling over the lives of everyone. All industries will be monopolies or oligopolies. If you or anyone who works for a corporation criticizes any other corporation, you will be fired and blacklisted from all corporations...
Sivaram Velauthapillai
Sivaram Velauthapillai
Seeking the meaning of life... @slashdot of all places
I'm not nuts. He did this on his own time and he didn't represent it as the opinion of his employer. I don't know where you got that bit about using their company's "good name to push his own agenda."
The paper was written by six different authors, all of whom are very well respected in the security community. I think that covers your concerns about "peer review."
Obviously people who *do* go off half-cocked and represent half baked opinions as those of their employer have created a big problem for themselves, however... The opinions weren't half baked, weren't represented as the opinions of his employer and weren't presented by himself alone.
Sounds a bit like you've got an agenda yourself... or at least a chip on your shoulder. Long day at the university or something?
Quoth he
"It's all academic anyway..."
He probably would be in a government reprogramming session right now instead of just fired.
Gore (the godfather of the Clipper Chip, or have you forgotten?) made a lot of visits to Microsoft too you know. You think you can seek safety in any major party?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Simple point here: whether or not @stake is involved in a conspiracy, @stake clearly considers themselves to be a advertising/publicity agent of Microsoft.
@Stake clearly does not consider themselves to be a news organization, or a news clearing house.
That said, they should, in the future, be held to the standards of advertising agents, with all the benefits of such -- not news agents with their benefits.
Therefore, if they want to come in to cover a software convention, by all means let them [but at full price: no media pass]. If they want to claim first Amendment right to speech, they can, within the bounds and with the protections set by our government for advertisers. Not within the bounds and with the protections set by our government for news media.
I don't see a reason to apply conspiracy here; just treat them as what they consider themselves to be.
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
My favorite bit:
... pleased that he had maintained plausible deniability.
> Microsoft spokesman Sean Sundwall said AtStake
> contacted Microsoft Tuesday night to express
> disappointment in the report and to say it did not
> reflect AtStake's position.
So, if AtStake has all this integrity and independence, why do they contact someone at Microsoft to do the old "No! No, Master, it wasn't us! It was the tricksy CTO. But we fires him, yes! Is Master pleased with us?" routine?
> "Microsoft had absolutely nothing to do with
> AtStake's internal personnel decision," Sundwall said.
Just another day at the weasel ranch...
Wow, Write that Microsoft dominance hurts the country. Get fired for insulting Microsoft with company name.
Headline should have read:
Writer gets burnt @Stake.
This looks seriously bad for everyone concerned.
Somone got fired for having the wrong opinions? And which century do you live in over there?! If a company did that here, and the ex-employee could prove that, (s)he would sue them out of existence....
--The knowledge that you are an idiot, is what distinguishes you from one.
CCIA and the report's authors have arrived at their conclusions independently. Indeed,
the views of the authors are their views and theirs alone. However, the growing
consensus within the computer security community and industry at large is striking,
and had become obvious: The presence of this single, dominant operating system in the
hands of nearly all end users is inherently dangerous.
- Has anyone actually read the report? It says right there - the views in the report are of the authors alone!
Fucking @stake!
You can't handle the truth.
Whistle-blowing is never a popular job, but it's even riskier during bad economic times. Most of the backlash against this employee is due to the spineless quivering, in management, about losing vital business. Once again, we see why monopolies are unhealthy for society.
What are you gonna do, though, if you're canned? The employment-at-will doctrine has essentially always allowed bosses to hire and dump whomever they wish for any reason; dear old kooky Walt Disney used to go nuts with this easily abused freedom, and the 1990s left a trail of shattered lives and communities behind the rapacious "downsizing" of workers. Except where protected by civil rights or state employment law (and good luck bringing a case!), this is where you stand as an employee in America - at the mercy of the Man's whims. Learn to kiss ass; learn to run your own business; learn to work for decent people; these are among the few options for workers, and guess which one is most popular.
But this is also a hysterical time politically. Under the New McCarthyism the pasture of sacred cows has been enlarged: now not only our Glorious Leader is supposed to be beyond reproach, but so are certain corporate entities. And by burrowing like a common bacterial spirochete into the guts of American national security, Microsoft has begun to undergo the transformation - symbolically - from mere lawless and sloppy monopolist to vital U.S. institution. Yesterday, MS merely brought you BSODs, viral weakness and data loss. Today, it defends America against her enemies with its arsenal of...er...BSODs, viral weakness and data loss.
If this transformation continues, it will be more and more costly to criticize Microsoft as it mutates into an adjunct of the security state. HomeSec is already MS's taxpayer-subsidized tech support service, busily issuing warnings about the latest viruses and worms. This relationship should be promptly terminated by the next administration when the adults get to run things again.
is how I read it at first glance. Death to Clippy and the bonehead who thought that up!
Score:5, it must be real, right? Could someone please translate it for me?
Everything I have read here seems to assume that Dr. Geer didn't know this would cost him his job. Maybe he was on his way out and just decided to speak his mind...
If this article confuses you, don't worry. It was posted yesterday in a much clearer fashion.
Cheers,
Anyone with common sense.
Look at the history of Virginia Commonwealth University. See that point where they were completely shut down? That's because they *were* firing their tenured professors, and in the end completely shutting down the university was all that the state could do to stop it. When they sent examiners to interview the professors about the situation, the president would not let them alone with the professors. Anyhow, the state discovered that they couldn't do anything except close the university and fire everyone.
Jump over to James Madison University. It seems that the then president of the university was trying to force through academically impossible changes. [For example, teach upper-level calculus before basic calculus, "to give them a feel for it".] So one of the Physics professors came up with proof of tax fraud. At that point, the president fired the whole Physics department, because although he couldn't fire a tenured professor without cause, he could eliminate the need for the professor by abolishing Physics [impressive stupidity for a university with a medical program, but finding tax fraud was a real threat]. Eventually, the firing was rescinded, and the president retired, but the potential for tax fraud penalties was probably a slightly larger gun than tenure. Jump forward, same university, different president. The tenured professors' contract is the University Handbook; and the administration updated it, taking to itself all the rights of academic free speech, and making the contract unilaterally modifiable. My father caught this, and in the Faculty Senate pointed out that (1) this had no effect without Faculty Senate ratification, (2) they couldn't ratify it because unlaterally modifiable contracts are illegal,
(3) they shouldn't ratify it, and (4) without ratification, they were working either on the old handbook (in which case the old handbook stood), or else without a contract, which implied no particular tenure protection, but also implied no protection for the univeristy against lawsuit.
In the end, he got those clauses struck. But tenure really doesn't protect academic free speech too well.
In reality, tenure and academic free speech were initiated by the university administrations for their own convenience. It seems that, all the time people were coming up and saying "I'll donate X million dollars, if you'll teach this or that." And the problem was that if they taught this or that, 2 other donors would say "I'm not donating any more, because you're teaching nonsense." If they declined, however, then the person who wanted to affect the curriculum would begin a publicity campaign against the administration, and it was a real mess. So the academic free speech became a way that the administration could say "sorry, it's against contracts we've already signed. It's impossible."
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
So, it looks like his job was @stake?
Sigh.
@Stake absorbed l0pht, which had serious hacker cred just a couple years ago.
Google suggests, for more background: this and this.
Daniel E. Geer Jr must have really hit a sensitive area of Microsoft. Its really sad to see them so unwilling to realize that the report isnt a hit on MS but more about monoculture in the internet. Monoculture is bad, ask any biologist and hell tell you why. Diversity is much better but it demands open standards and interopability, something Microsoft have been successfully avoiding since day one.
HTTP/1.1 400
When you cross Lord Bill. So much for "innovation" and "new ideas" eh?
The Japanese have a saying that's appropriate here. "The nail that stands up gets hammered down." I just say, "the truth hurts, doesn't it?"
If they want MS as their sole client, that's one thing.
Their publically firing a whistleblower for being part of a group writing a negative article about MS software tells me that @stake can never be trusted again in any statement they make about MS software, operating systems, or security procedures. So what's the upside for a non-MS client to hire them?
Is anybody left at @stake from the old l0pht days?
Tech Public Policy stuff
is that the usual timeline?:
...
1.) invent some kewl pw cracking tool and post security advisories
2.) flame against the dark side of OSs and show the people why it is the dark side
3.) get some managers and let them make buisness out of what do and like to do
4.) get some people who are the same opinion and let them work for you
5.) name some CEO, CFOs and marketing guys
6.) let them tell you that the dark side is the dark side, but not so dark as you said and maybe even not dark at all - because its bad marketing
7.) get fired
maybe he didnt invent the tools, but Im sure,
they didnt hire him, because hes a tightas*
and "polical" correct
Complicated reasons for Microsoft's problems are given in the CyberINsecurity report. However, it seems to me that the security vulnerabilities in Microsoft software may be due to Microsoft pressuring programmers to finish and go on to new projects before they have had enough time to clean up their code.
On 11 September 2003, there were 31 unpatched vulnerabilities in Internet Explorer. On December 9, 2002, there were 19 security vulnerabilities. So vulnerabilities are being found faster than they are being fixed.
Certainly this is embarrassing for Microsoft. Presumably Microsoft would fix these problems if it could. However, maybe IE is a mountain of sloppy code, and it is expensive to fix. Maybe Microsoft is no longer able to hire programmers who are skilled enough to find the bugs.
Who uses the vulnerabilities before they are fixed? Do the U.S. government's CIA and NSA and FBI departments use them to spy on foreign governments? Is that why there are allowed to be so many?
Whatever the reason for the vulnerabilities, it is remarkable that there are 31 known and publicly documented security risks in just one computer program, particularly when that program is the most widely used program to connect to the Internet.
The CyberINsecurity report is almost a Microsoft love fest, because it only talks about one kind of shortcoming. I think my paper, Windows XP Shows the Direction Microsoft is Going is a bit better balanced.
Seriously....if the news around he got any mroe biased it would probably suffocate itself. POST TECH STORIES AND DROP THIS WAR OF ATTRITION WITH MS! Good lord! Yes yes, we know, MS=evil! GET OVER IT....good lord.
"The saddest words of mice and men, are not those which were, but should have been."
All that "customer relationship" and "customer partnership" focus of the last few years is coming back to haunt us. That's where you no longer just sell a product and walk away anymore. Now you basically live with them, answer phone calls at 2am for the next 20 years because you sold them a blender and they were lonely and couldn't remember if frappe was faster than chop.
In this new great scheme, your company sells the friendship of their employees to the customer for free. Therefore if you aren't there for a customer, even on your own time, you the employee are at fault. Even if they phone at 2am for some stupid reason.
Heaven forbid you should critize a customer on your own time, esp. publically. That's a clear violation of the corporate ass-kissing policy.
There is some justification for it though. Customers that like your employees are more likely to throw your company bones, and what's not to love about a company that makes it's employees all wipe your ass for you on their personal time if you choose.
But still, it just isn't right. Just because our companies CAN take our personalities from us doesn't mean they should. Basically, being a part of a corporation means subsuming your identity and adopting a corporate face mask in it's place. You are their personal avatar and the face of the company. It doesn't matter how stupid the customer is. The worst part is that it doesn't result in the company making more money either. Just the opposite, you end up doing nearly everything for free while getting little from customers in return.
Should really be something in the basic human rights section of the constitution for not having to hide your identity for not being perfect. I'm unsure of what the wording should be, but showing displeasure, not looking happy at all times, and generally having a perfect serving robot personality should not be cause for dismissal within limits.
It will be a sad day when everyone is that terrified of being unpleasant for even a moment that they have to hide their personality outside of the confines of their home, or perhaps not even there....
Yet another crippling bombshell hit the beleaguered HanzoSan when recently IDC confirmed that HanzoSan accounts for less than a fraction of 1 percent of all positive karma. Coming on the heels of the latest Netcraft survey which plainly states that HanzoSan has lost more karma, this news serves to reinforce what we've known all along. HanzoSan is collapsing in complete disarray, as fittingly exemplified by failing dead last in the recent Sys Admin comprehensive networking test.
You don't need to be a Kreskin to predict HanzoSan's future. The hand writing is on the wall: HanzoSan faces a bleak future. In fact there won't be any future at all for HanzoSan because HanzoSan is dying. Things are looking very bad for HanzoSan. As many of us are already aware, HanzoSan continues to lose karma. Red ink flows like a river of blood. HanzoSan is the most endangered of them all, having lost 93% of his karma. There can no longer be any doubt: HanzoSan is dying.
Let's keep to the facts and look at the numbers.
Slashdot editor CmdrTaco states that there are 3786 posts of HanzoSan. How many posts of HanzoSan are there? Let's see. The number of HanzoSan posts versus intelligent posts on Slashdot is roughly in ratio of 5 to 1. HanzoSan posts on Slashdot are about half of the volume of posts. A recent article put HanzoSan as author of about 80 percent of Slashdot posts.
All major surveys show that HanzoSan has steadily declined in karma. HanzoSan is very sick and his long term survival prospects are very dim. If HanzoSan is to survive at all it will be at (Troll,-1). HanzoSan continues to decay. Nothing short of a miracle could save him at this point in time. For all practical purposes, HanzoSan is dead.
Fact: HanzoSan is dead
I thought Bill Gates got a cop fired for giving him a ticket a few years back. Sounds just like his MO to me...
All data is speech. All speech is Free.
CIFS=Common Internet File System. This is a reference to the security flaws highlighted by Hobbit (from memory it was defcon 5, back in 1997) in the microsoft SMB (windows networking) products. A copy is still available from here.
and I lost respect for the l0pht back when *hobbit* was edged out. Mudge became "Dr. Mudge" (as if), and they all started running after the limelight. Sad, really. The Hacker News Network is long gone, and mudge is Pieter. It sucks for Dan, but it's just more of the same for the rest of us.
L0pht Heavy Industries (creaters of the L0phtcrack suite Pwdump that allowed brute force cracking of windows NT user/passes) went though a period of internal discontent. I cannot provide any details on this. Basically the author seems to be trying to highlight the corporate yes-men culture that has permeated this sector and presumably led to this dismissal for speaking the obvious but unapproved "truth".
It takes a lot of nerve for Chris Wysopal to issue his little statement. Weld Pond would never have said something like that. Man, it's been a long path from BO2K to appeasing Microsoft. What a long, strange trip it's been. Sigh.
I have to admit this part has me stumped. I assume he means that Chris Wysopal of @stake would answer differently to Weld Pond of Lopht. Since they are one and the same person I assume he means to highlight the change over time in Chris's opinions/loyalties... not really surprising in the context of articles like this (para. headed Who's Who).
It has indeed been a long and strange trip... no end in sight yet.
Q.
Insert Signature Here
...I guess he really didn't realize his job was @Stake...
(Mod -1 Horrible)
.
== WolfriderV6 == I'm willing to admit that *I just might* be wrong... Are you??
"Then "not being an idiot" was against the social norm, and *poof* they lost the initiative.
Let's not repeat that debacle in our age, shall we?"
Too late.
KFG
I call for a revolution...no, this isn't a joke...
:| I'll let you know when it comes)
Sivaram's Information Manifesto for the Ages
A person's thoughts, feelings, and works outside of work shall not be cause for dismissal; Only the person's performance shall merit termination. By allowing the corporations to get a stranglehold on people outside work, capitalists are shifting power to the few elites who control and benefit dispropotionately from these measures. It is a sick view that business comes before freedom. The fact that corporations own the water, supply the food, control the transportation, and pretty soon healthcare, education and the police, is no reason to back down!!!
Citizens cannot rely on the "elected" officials and the lawyer-influenced courts to protect themselves. Commercial censorship is a direct attack on freedom. The fact that you "work" for a corporation does not mean anything in the given climate of monopolies and oligopolies. What is a journalist to do when less than 5 companies own nearly all the media? What is an aerospace worker to do when you have two choices?
The destruction of your life is in your hands...
Sincerely,
Sivaram Velauthapillai, anti-Capitalist
Some of you are probably laughing at this... but I actually mean everything I say--except for the actual revolution part (it's not time yet
Sivaram Velauthapillai
Seeking the meaning of life... @slashdot of all places
I've mentioned this before when technology publications that focuse primaraly on Microsoft products CLAME the are impartal and have no ties to Microsoft that when you rely on someone for information your not impartal to that source.
Info 64 a publication for Commodore 64 users created on the Commodore 64 etc etc. The whole philosophy is the magazine should live and die by the products they support. Obveously they are no longer in publication.
Anywho when Commodore published the specs for the 4+ and C16 every Commodore mag published the specs exactly from the press kit. Info 64 did not.
A reporter at Info64 wrote an artical ripping on other Commodore based publications for doing that.
The point he made was that ANY publication that focuses on Commodore is answerable to Commodore. When Commodore hands out press kits there is an implied threat "report this and be glad we give you anything".
I rember that. I was a subscriber to Computs Gazzet Commoodre and Info 64. Compute was a publication powerhouse and got ALL the latest news and information but they were never critical of Commodore or the software titles. When they did report weak points they'd glaze them over like it didn't really matter.
All the platform publications were like that.
Except for Info64. Thats what I liked about them.
Info 64 starts off with a bunch of reviews and I always read them over. They are very critical and careful to review the software properly.
In other publications I skip the reviews becouse they were just free ads pretending to be lagit reviews.
The greatest database program ever... on the Vic 20? See where I'm going with this? Some of thies reviews were just downright garbage becouse the publications were fearful of being cut off.
Info64 didn't care. If they can't do it right they can't do it at all.
No Commodore never cut them off.
But now jump forward... Commodore is dead Microsoft rains suppream and Microsoft is making noises about it's latest and greatest Windows 95. Bug free and an Os itself not an envronment running on top of Dos. It now uses protected mode processing like OS/2 so a bug in a driver or application won't crash the whole operating system.
Microsoft handed out Windows 95 beta CDs.
Nearly every industry reporter got one. One reporter had the balls to point out every single problem in the Windows 95 beta.
Microsoft was angry and pulled that reporter from the beta program.
Commodore was bluffing Microsoft wasn't.
Now everyone is being very careful.
Unless they are Mac or Linux publications.
If you work for a publication that works with Microsoft ANY time your critical of Microsoft you put your job at risk.
I don't actually exist.
If you talk as an individual in a matter in which your employer may have a stake (think a financial analyst working for a bank) you better make sure your employer does not have a problem with what you are going to say, no matter how many disclaimers you put around your words.
The reason is very simple: a given company needs to keep a reputation, in the case of a security company they need to appear to be open and impartial when assesing different products. By having an employee that clearly has reached his own conclussions and made them public the employer is left in the difficult position to explain how they may be choosing MS stuff or recommending it given that one prominent employee has lambasted those products in a public forum.
Sorry, but I have no pity for this person in spite of broadly agreeing with his conclussions.
IANAL but write like a drunk one.
I guess you're right but... isn't that the definition of /.? If that's the case, they'd better shut it down and we should all go and smell the roses.
So much for free speech!
It's becoming increasingly common to have to do your job WRONG to keep it.
When you ask your superiors: Do you want it quick, cheap or good? - You know which one they will NOT choose.
As for Daniel E. Geer Jr. he did a good job... I am quite sure he will find a job pretty quick, however I do doubt the job will be with a large company.
- "They misunderestimated me."
Yes. And his Indian replcament has asked for a better compensation and a Linux box. They've agreed in principle.
Science as a way of life.
Come on. L' histoire se repete (everything happens again and again). In the thirties a guy in Holland wrote an article telling the truth about Adolf Hilter. He was taken to court, condemned and jailed. The reason was: Insult of friendly head of state. The sentence must still be on his record.......
Mod +1 comic insight...
...and he grinned, like a fox eating shit out of a wire brush.
I hate to be a rant...but I can't help myself. :-)
Ethics is going down the tubes. An example, I think was the investment community in the U.S.
If you watch the media, you have this over all impression, well, Enron was just a fluke, they had poor accounting.
But if you read the papers, this fluke, is being practiced by 100's of companies, all screwing over their investors like cheap whores on a Dutch street corner.
I hate to point this out, but these Ivy league trained people were taught and are taught that this is just ducky. How can it not be with so many companies screwing you on a daily basis.
It can't be a fluke when everyone is doing it.
Fluke? I think not, but you decide.
It has become ethical to do business unethically and it is proudly taught that way in our so called finest Universities.
If anyone has any money in US retirement investment funds, when they retire 30-40 years from now, I will be really amazed.
If you are an investor, and you are investing in US companies for retirement, you my friend are a sucker.
Same thing is happening here. Microsoft is not an innovative company, it buys companies.
They do not write good software and if you are stupid enough to buy Microsoft Press books written by PhD's who claim they even have a clue about good Software Engineering principles, you are just another duped "investor".
I would like to point out that Microsoft is one of the largest employers of Computer Science PhD's in the country.
As an example, one must ask this question after looking at these Software Engineering practices books that Microsoft Press publishes as oxymoronic.
My reasoning is as follows:
Exhibit A: Microsoft hires more PhD computer scientists than even IBM has to work on the secure initiative for 2000 and XP. Building and rebuilding the entire OS 2000, and then again with XP, from scratch, at a estimated cost of 2.8 billion dollars.
Exhibit B: A 18 year old in Minnesota, a 16 year old in Malaysia, and a 21 year old in Russia. All with WAY too much time on their hands, with NO source code, find more security holes in 2000, XP than you can possibly say "Code 'in'-Complete" in that past 14 months.
Exhibit C: A University student, in Finland builds a new operating system kernel called Linux, and in just 8 years it is being worked on by almost no PhD's and many testors and code contributors are in their early 20's or teens, and is far more capable than windows, 1.8 billion dollars later.
Is Linux just another Enron? Fluke?
My point is that the way we are being taught code in this country is not the way code should be written. Even if you have a PhD, its business as usual dogma, just like our MBA friends.
Is it a fluke that the best code being written is not through institutionalized learning in this country?
What do these exhibits tell us about our country in general, with regards to ethics?
It doesn't take a rocket scientist to figure out what is going on here.
Fluke?
I think not, but you decide.
-Hack
Got Geometrodynamics? Awe, too hard to figure out? Too bad.
From p.3 of the report:
Unless they modified the report after it was first posted? The version I'm looking at says modified 24/09/2003, 7:03 EST
Fixing copyright
If what's being said is true, this is a very bad move for @stake. The company used to be called L0pth Heavy Industries and was lead by Boston-based Mudge, now CEO of @stake. Mudge gave an interesting opinion in the preface of Hackproofing your network by Ryan Russel, saying that this world is driven by the people who, quote, are not afraid to rip things apart and see how they work from the inside. In summary, sharing of knowledge and open criticsm are key to the progression of society. Mudge gave an impression as if he believed in these values greatly.
Now, if a @stake employee whether on- or off-hours, writes a credible report on MS not representing those values, and gets fired for it, then the CEO in the building must have a different mindset. One of MS's: money money money, in a richman's world. And if so, @stake (and its services, including securityfocus.com) should not be considered so seriously anymore.
Anyone writing criticism upon 9/11 was fired; their words true or not. I thought the hacker mindset would be immune to that; sadly it's not. Shame.
All this under the presumption that the data in the article is correct.
-i
he simply became a government employee.
--
all that stuff you signed at HR when you took your last job? Maybe you should have read it or kept copies.
No kidding... I'm sorry that the guy is out looking for a new job, but if they cut him loose, they had a reason, and that reason probably had his signature on it.
That being said, this could be a Good Thing(tm). Now with all the attention that he got fired over the report, do you think (a) more or (b) less people will read the paper? I'm guessing more. Like when the feds started after Phil Zimmerman & PGP, this only shows that this has some real information that "they" don't want you to know.
The authors made it clear when the report was released Wednesday that they were speaking for themselves, not the companies or organizations they are affiliated with.
Although your point is well-taken if an employment contract specifically forbids this. Of course, business is business, and a lawsuit may be cheaper than pissing off a big customer...
Why use Fox News has a hypothetical example, when that did happen... to Bob Zelnick of ABC News, for writing a book about (then) Vice President Al Gore.
FYI: Rupert Murdoch, who owns Fox News Channel, also owns Harper Collins, which publishes books by authors like Michael Moore.
Part of being the CTO is to be out on the leading edge of the technology and spotting the trends before the big changes happen
Change can often threaten the intrenched
Consider the case of Philo Farnsworth and Edwin Armstrong - You may know one of them, but probably not the other - Fransworth is largely credited with inventing television,l and Armstrong invented FM radio - David Sarnoff at RCA was a ruthless businessman that saw TV at the future, and FM as a threat to his AM radio network - He crushed both men with endless litigation - Farnsworth died penniless, and Armstrong killed himself - FOllow the money, and don't screw with anyone's livelihood
That being said, you may be cetrain that @stake will have a devil of a time trying to get a decent CTO to repkace Greer, since she will likely be looking over her shoulder and self-editing a bit
But who needs progress and creative thinkers when the folks in Redmond do all of the thinking for you
Greer will be back at work in no time - It is only a matter of how much personal time off he wants to take
It's easier to ask for forgiveness than it is to ask for permission..
@stake, eeye, and iss have all agreed w/ microsoft not to release details of even potential exploits until the microsoft has had 30 days to "evaluate" them, leaving admins and the public unnecessarily exposed to vulnerabilities. This is completely unacceptable, and contrary to the scientific peer-review process of real science.
What an idiotic thing to say. Most legitimate security researchers give any company an agreed upon period of time before making public an exploitable security hole. Many times, this period is longer than a month. This allows a company time to create and distribute a patch against the hole. No legitimate researcher wants the internet to melt down or information compromised in the desire to rush to make a statement.
In professional ("real") scientific circles, there might not be a built-in delay before disseminating information, but you certainly jeopardize your career if you state anything in your publication that might be quickly interpreted as incorrect. (Just ask Pons & Fleischmann.) Many scientists will delay publication of information to be dead certain of their facts, and there can be a year of delay before a scientific journal will publish the information. (This is part of the peer review process.)
Microsoft may engage in egregious policies concerning disclosure of security vulnerabilities (but none that I'm immediately aware of), but requesting a researcher to delay public announcement before evaluating and producing a security patch is not one of them.
There is no America. There is no democracy. There is only IBM and AT&T and DuPont, Dow, General Electric, and Exxon
Microsoft hired @stake to improve security in Windows. In order to improve security (or most anything), you have to recognize what is wrong with that security. @stake just fired someone for publishing independent research related to what @stake paid this person to do: be critical of Microsoft Windows security. This firing leads me to believe that @stake wants it's employees to be critical --but not too critical-- of Windows. And while @stake can surely find people to fill this mediocre requirement, they probably won't find the "best" people. Indeed, there might be a quiet exodus of talent from @stake after this, and @stake might have trouble naming a replacement CTO that has the same level of competence in Windows security. Perhaps, an Anonymous Coward from @stake will update us on the chilling effects, if any, inside the company.
Sometimes I worry that I'll develop Alzheimer's disease, but no one will notice.
He's not just some shlub in a lab. The guy's the CTO, and as such, he is assumed to set the technical tone for the company (that's why he's the chief). If the board believes his personal vision is not in line with the company's goals (i.e., taking Microsoft's money and getting rich), then they would be failing in their duties if they did not replace him.
The idea that you might be fired for knowing a lot about linux is freakin moronic! I work for a microsoft solutions provider and I also develop for linux for work from time to time.
Now I could see maybe where someone who worked for a solutions provider could be discriminated against if you spent all your time whining and moaning about using microsoft products and flat out refused to become good at developing with them. If you refuse to learn the development environment, I'd be pretty inclined to stick you on a layoffs list as well.
On the other hand, if you're doing your job well, who cares what you know? These days successful contracting means being super flexible and knowing three or four languages well, not just one or two. Any employer encouraging lack of knowledge in their employees is a moron.
m.
Sure wish I had seen this earlier instead of 300+ replies later. Oh well, I guess thats what happens when you stick your head inside a Hobbit hole for three years and don't come out.
I feel I must reitterate L0phT =! @stake. Please do not confuse what I consider to be the good work of the L0pht with the corporate nonense that is @stake.
As for Dan and everyone else that works there they should have seen the writing on the wall three years ago when they fired my poor ass. Remember me, Space Rogue? HNN? All Gone. Why? I can only speculate but I think they felt that a critical mouthpiece would not be a good thing. Sound familiar? Hard to get someone to sign a big contract if you might call them names the next day.
Dan is a remarkable person. His mind works like no other person I have ever met. Don't feel sorry for him. Trust me, he is in a better place now.
Microsoft has continued its embrace, extend and I assume, extinguish policy with regards to information security. How? By hiring several of the people who were critical of the organization. Yes, that means previous @stake, Guardent, Foundstone, etc employees. That also means hackers, all who now work for the Giant in Redmond. Keep your enemies close. What better way to silence your critics than to hire them. Then you can keep them silent until they no longer pose a threat and dispose of them quietly at a later time when no one is looking.
Oh well, life goes on, the Internet is as insecure as ever, companies are still able to hide thier vulnerability, risks are not taken seriously and hackers still roam free. Nothing has changed, and nothing will until such time that people stop trusting everything that is spoon feed by anyone looking to make a buck. Yeah, I'm cynical. Sue me.
- SR
I was the IT Specialist of The divisional headquarters of The Salvation Army in Cincinnati - the 'go to' guy for half of Ohio and Norther Kentucky. I was one of the 30,000+ people sending letters to the DoJ regarding Microsoft's anticompetitive pratices. (I shared account of how they tried charging us twice for Office licenses.)
Three months later, I had a four day vacation and when I came back, the locks on my office were changed and my personal contents were cleaned out. They gave me a "farewell interview" to express that their sole reason for firing me was "dissatisfactory performance," which is all their employment policy required. My ten year career with them was over, they would not give me opportunity to defend myself, and they wouldn't give me severance or unemployment.
(The Salvation Army, as a church, is not required by Ohio law to pay into unemployment. Compounded with losing my pension settlement for three months, I spent those months at zero income.)
I found out over a year later that Microsoft was behind it... It wasn't a local decision at all, but was enforced by Paul Kelly, IT Director of New York's Territorial HQ, along with policy banning Linux in our ten state territory! Paul normally has no direct dealings with me on the divisional level, but a contact in New York revealed how pivotal Paul considered me in that contraversy.
I haven't pulled together the witnesses and evidence to prove this in court, but the commonly held opinion is that Paul got the call from Microsoft which says "get rid of the problem, or we'll audit your business licenses."
So it seems The Salvation Army, a church, is also a wholy owned and operated subsidiary of Bill Gate's Evil Empire(tm).
Joel 'Twisty' Nye, MCSA, Linux+
All this does is shoots down @stake's credibility.
Anyone with half brain will realise that running an entire network on a single OS is asking for it. This is why buildings don't tend to have the same key for every lock and the burglar alarm and keep skeleton keys well guarded. If this were the case, someone drops the key in the car park and whoever finds it has free reign and oh boy, the joy of the discovering that it opens every desk, filing cabinet and safe as well.
The headline was that a singular reliance on Windows is a bad thing and I can't see that this argument is flawed. For @stake to sack someone for daring to state the obvious is laughable and makes them look stupid in the same way that Microsoft always looked stupid when they'd claim that there were no reliability issues in Windows despite the fact that even the non-techiest people in an office could tell you what BSOD stands for.
If anyone at MS is thinking that this is a good thing then they should consider that many people watching have already, based on their previous record of dubious behaviour, put this down to their intervention. Whether it's true of not is irrelevant, it just seems most likely.
Hmmmmmm..... Deep fried and look like Squirrel.
Fired has very specific meaning, the linked artical says he was dismissed, not fired. Therefore I duopt he was fired. More likely he either was laid off, or "resigned for personal reasons". In either case when asked about it the company will say "He was an employee in good standing until he left." If he was fired they will say in court "He was a bad empolyee." This is a very strong legal statement, and no company wants to say that without all their legal details in order.
It is much harder to get a job if you are fired because checking will get a strong negative. It is very rare for anyone to have a bad reference, so getting fired puts you out of an entire field. It is very hard to not hide who you worked for without sending the different negative of being someone who hasn't worked in 10 years.
That said, the paper he wrote could be considered enoguh to fire him. However I don't think the lawyers (or HR) would fire him if there was any other alternative because of the legal hastles.
I believe you mean "Courtship Rite" by Donald Kingsbury. Advance apologies if there really is a book "Courtship Rites". But the quote sure sounds like Kingsbury.
I'm sure you are correct, but the popular press is probably going to put a sensational spin on this.
"A worthy cause has never been harmed by the truth" - Gandhi
Join, or Taste It!
Slashdot enjoys living in the past though, hence the fascination with Linux.
Ok...so I'm feeding the trolls. Sue me. (Not, not you, SCO, you can fsck off!)
Linux started in 1991.
Windows was originally released in 1984, I do believe. Presumably development started in 1983 or earlier.
Even Windows NT first came out around 1992, but was actually OS/2, by IBM, which was being worked on in the late 80's.
Windows in any incarnation is older than Linux.
Who's in the past, again?
"City hall" in German is "Rathaus" Kinda explains a few things......
Obviously if they refuse to believe MS has security problems, I seriously doubt the integrity of any of their products and services.
IIRC, @Stake either began as or incorporated l0pht heavy industries.
What happened to Mudge, CountZero and the other windows hackers that made l0pht what it was? Have they too sold out to M$?
What happened to the program that allowed anybody with console access to an NT machine admin rights with a 3.5" floppy?
Did they suddenly become M$'s bitch or has it been a long time coming?
+-+
I am always very careful whenever I post anywhere. Anything that comes close to my job or interests that my job affects. If you have not learned that management of your company may find your notes somewhere.
Years ago, I posted something similiar in an abject statement during my job, that I was supposed to address. Without going into specifics we got threatened to be sued because of FACTUAL statements. I did not get fired but was forced to post a retraction.
If what you say is true, and part of your job to say such things.. and you still get smacked.. its time to move to something different.
Problem? There is very little jobs out there that are that isolated that you can avoid such issues.
I can program myself out of a Hello World Contest!!
Actually, if the suits at @stake were more scared than ethical MS probably didn't have to pressure them. If you are a smallish company whose biggest client is a monopolistic giant and one of your employees very publicly criticizes them, that employee is almost guaranteed to be gone. This is probably even more likely if that criticism is directed at what is already a sore point of that client. That really sucks for the employee and for the consumer, but unfortunately that is the most likely outcome. In this case it's also bad for @stake since they could use this instance as an example of them being truly independent and not just MS puppets, which would give their reports saying "MS is plenty safe and getting better" more cred.
"Bugger this, I want a better world." - Jenny Sparks
Hey, as the dozens of people who watched Star Trek: Voyager can attest, you develop individuality within the Collective, the Queen knocks you off.
I am readig the report, and it doesn't say anything that I haven't been saying myself for the last three or four years. If @Stake is uncomfortable with his extracurricular activities (though I wouldn't have trumpted my connection to them in the paper), then they are probobly, as my investigations indicate, tied to M$ by an umbilical cord, and he would probobly find himeself very unhappy there heading into the future--especially given his social-consciousness.
I certainly hope he finds a job that keeps him in the business, so he can continue to be one of the voices in the dark.
Oh, and @Stake can blow me, those namby-pamby M$ whores. What weasels.
Mmmmmm... Bold, yet refreshing!
Please do not confuse Americans' right under the Constitution to speak freely with an obligation on the part of private parties (like Geer's employer) not to react negatively to our speech. You might be able to convince me that @stake's action was unreasonable, obnoxious, unethical, or even stupid, but never that it has anything to do with Geer's constitutional rights.
Every time some public figure says something that someone disapproves of, we see the First Amendment get trotted out. Stop it!
"Rub her feet." -- L.L.
The fact that they called MS to say "Hey, it doesn't reflect our views" shows that either a) @Stake's lawyers warned them that they might be sued, b) they were afraid of losing MS's business (which makes one wonder how little business they have elsewhere), or c) both.
JAV
I guess he kind of misunderstood that one. Buying no; Bashing yes.
I wonder if he would qualify for protection under the new whistleblower laws?
this is not a sig
All through the early to mid 90's the Army was using Windows for the computers that commanders and operations staff used in the field. I suspect that a lot of the computer gear that the individual soldiers carry now is based on Windows CE, although I can't speak from personal experience on that. My first comment is based on direct, first hand experience.
In my universe I'm perfectly normal, it's not my fault you don't live in my universe.
This clown gets fired for his keen observation of the obvious. Who cares. NEXT!
"Yeah, whatever. Tell it to the hand."
They have proven their bias as a MS mouthpiece, and their eagerness to placate their MS overlords.
They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
I see a direct correlation with the "one act". By appearing (we don't know the details, so I'll be conservative) to kowtow to MS, they just lost all credibility. Personally, I think all the @stake personnel need to start polishing their resumes, since I don't think it's long for this world.
"Sometimes a woman is a kind of religion, she can save your soul & set you free from all your sins" - Bad Examples
A while a go and formed a startup called Intrusec.
here is the website
They have a product called expose, that is like an IDS it seems.
Microsoft aggravates my tourettes syndrome.
The city I live in has a major (outsourced) call centre for Microsoft, and a University with a Computing Science degree program. Naturally, many of the CSCI students end up with call centre jobs.
One of my classmates went to work straight from class one day and left his copy of Linux Journal and Silberschatz & Galvin sticking out of his bag. One of the visiting MS bigwigs saw it & blew a hairy fit, and the guy was fired on the spot for "disloyalty".
Of course, this would require IT workers to join a union, which runs against their fiercely individualistic temperment, and their belief that they are so technically elite they can't be touched. (sarcasm)
See prior discussion in Slashdot .
"dope will get you through times of no money better than money will get you through times of no dope"
And you can get you pasword by following the instructions on this page:
http://slashdot.org/faq/accounts.shtml#ac300
Melius mori in libertate quam vivere in servitute.
Mabey he just has a chip in his head.
Crisis is the rule, not the exception.
I wonder what kind of hammer they put over his head to force him to shut up.
Quoth he
"It's all academic anyway..."
Yeah, that's what I thought when I was fired almost two years ago for telling the truth about Micro$oft's threat to national security. I'm still looking.
In times of universal deceit, telling the truth gets you modded -1 Troll
Agreed. It is very clear now that @Stake is
willing to sell its paying customers down the
river of security vulnerability in order to
curry favor with it's well-heeled sugar daddy.
I can't imagine that they will be getting a lot
of independent contracts after this, but perhaps
that won't matter, if MS is funnelling business
their way.
-I like my women like I like my tea: green-
> otherwise they WILL be fired eventually for their honesty
Well, I agree there are some places like that, it's not everywhere. Usually if you work for a smaller company, it's not as much of a problem. Unfortunately, I recently realized the greed of the tech community, so I know that most will just give in rather than work somewhere good...
I'm sorry, but isn't this the same company/group that made BackOrifice, in an attempt to embarass Microsoft while publicly proclaiming the massive security hole it exposed, while MS denied there were any such holes?
Does anyone see a disconnect here?
And here I thought it was all about information wanting to be free.
RIP l0pht.
Terrorists can attack freedom, but only Congress can destroy it.
i'm sorry if it's true because to me it just sounds completely unbelievable. even the guy with the call center story below sounds ridiculous. it reeks of FUD...
"know thine enemies" so that you can defeat them. you don't encourage ignorance about the competition. this is pretty much common business sense. it's common competition sense. i have hard time believing that's a policy that extends into the halls of microsoft but maybe since your talking about partners that can be exploited and you pretty much don't want them to think... you just want to soak up their technology and leave them a dry husk.
?
m.
... just put a @stake through its heart. Or more appropriately, its brain.
They publicly fired their Chief Technical Officer, sending the message to anyone else qualified for the job that they may as well stay away -- make no mistake, people who have the skills for that job aren't desperate even in this economy (yet). Whoever replaces him is not going to have the iconoclastic mentality that this industry segment requires. Not only that, they sent him to the loving arms of the competition. I'm sure at least one company is (cough) eEyeing a new lead researcher candidate.
I've finally had it: until slashdot gets article moderation, I am not coming back.
>Are those the weeks that you've used Linux? :-) No, I do use linux, just not totally on the desktop yet (it's on all the servers, of course).
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
If this person was a writer/researcher/whatever for a company, and he made comments that were not only attributed to him, as an individual, but to the company he worked for- yes, they can get rid of him.
What part of "the views of the authors are theirs and theirs alone" don't you understand?
--Tom
Blasphemy is a human right. Blasphemophobia kills.
As an employee of any company, you are obligated to not represent your employer without either express or implied permission. Implied permission would be whatever your company policy specifically allows. If you're making a statement outside the workplace, you'd better not mention your company without explicit permission, because doing so can imply that your statement is either a creation of, or authorized by, that company. It doesn't matter if you're disparaging MS or you're disparaging Linux, you're doing something you're not supposed to do. Maybe the company will agree with what you say and go easy on you, but they have no obligation to. Failure to receive such mercy after disparaging an important client hardly implies unethical behavior on the part of the employer.
That said, I agree with most of the things he said. Doesn't change the fact that his conduct appears to have been unprofessional.
WARNING: there is a trojan on your
"There might not be anything fishy going on at all, but that's no reason to stop making perfectly good conspiracy theories."
@stake actions are double plus ungood
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Isn't this exactly the kind of thing we thought could happen when l0pht merged with these guys?
It's nearly impossible for free thinking hackers and suits to have common goals.
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
I can't find that moderation on my pulldown menu.
All this from what used to be the uberhackers of the internet... the l0pht, now selling out to be planted firmly in Microsoft's butt.
The only thing Windows does on the Desktop thats so great is games and niche software.
If you use Linux, please help development of Autopac
That the state isn't protecting its people from incidents like this. Being scared shitless of what your company might do to you is no better than being scared shitless of what Stasi or the KGB might do to you if you make any mistake.
frob
//TODO: Think of witty sig statement
This version has some comments by Bruce Schneier supporting Greer. One has to wonder if Microsoft did not threaten a BSA audit or some such thing. Honestly, the probelm with Microsoft is that too many people use their products and actually seem to think there is a legitemate purpose for them beyond using the cds as coasters. These people refuse to allow even the slightest criticism of Microsoft and look at it as wild-eyed hatred.
But there are legitemate reasons to oppose what Microsoft is doing and their products, quite frankly, are a major cause of the problems we have today in the technology industry. The report in question does not in fact go far enough at all.
Sivaram, I really appreciated your comment showing your knowledge of U.S. politics, in another Slashdot story. Could you contact me? I'd like to talk about improving my articles.
Michael Jennings
futurepower@ NOT THIS myrealbox.com
Of course he'll get a new job, probably a better paying one. @Stake, on the other hand... None of you will ever buy from them after this, right? They let their greed get in the way of their objectivity. Those insecurities earn them money, that's why they don't support his opinions. You can't trust companies like that to give you good security advice.
If we followed slashdot's advice, we would never buy anything or even view ads for stuff. But even slashdot bombards us, not just with ads, but with stories that tell us to go buy stuff. They scream about the RIAA, but then there's a new CD out. DVDs are illegal to view under LInux thanks to the MPAA, but by the way LOTR is coming out in a new version on DVD. Oh the dilemmas of the modern man! :P
Amen brother! I work for the largest Canadian Bank; if I try to publish a paper that gives you the best financial advice but doesn't give the bank the best chance to sell their "products", of course I'd be fired. It's a good think I don't give out financial advice because I keep the large internet infrastructure running, not analyze market trends. You get the idea though...
Happiness is a slider variable
And they'd been working on it for a while before that. I believe it sipped in 1985 though.
It's interesting to see that a ruling corporate class that claims to value ethics and honesty so easily excludes honesty. Without honesty, all other values are useless.
A company requires you to speak in a certain way is a company that requires some people lie. By lie I mean any misrepresentation of their own perception of the truth - that includes but is not limited to "spinning, coloring", or such selective use of words. If it is not the whole story then it is not the truth.
One cannot trust any commercial speech because it is presumed tainted by threat of job. Therefor, any study, any science, any finding of supposed fact, that can have its money traced from corporate coffers, is probably a lie.
Before you dismiss me as a flaming liberal, I should point out that the lying in governmnet is far far worse. Government is worse! There, a lie means people get killed. Saying, look "I think Flame Broiled is much better than fried" to keep your job is somehow less than "I think the Iraqi people will accept us with flowers and prizes".
In my mind, the solution is not try and limit lying, because, as one CEO poster said, when you get to the top, you are accountable. We need to create and maintain a culture that says honesty is important. We need to celebrate those people that go out on a limb for what they think is the truth, from those crazy artists to renegade engineers, so that, when our kids have to decide to tell the truth or not, hopefully, they'll know that it's ok to say flame broiled is better than fried, but, that it's not ok to send their friends into a stupid and pointless war.
This is my sig.
I thought I recalled Mudge being fired about a year ago. In any case, I can't find his name on any advisories written recently (but he was all over the ones from 1999/2000).
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
The interesting thing here is that he was the CTO, an officer. That means that legal works (or worked) for HIM. That also means he was one of the policy makers for the company.
This looks like there was an internal feud going on. To be more specific, his direction for the company was incompatible with that of other officers. Quite possibly this was his play to have @stake either go his direction or part company with him. I guess we know which way they chose.
The even more interesting part is that his direction appears to be a lot more compatible with all the marketing blather on their site than the direction the company actually took here.
Being beholden to a particular software vendor to the point of being unwilling to recommend against their product even when it is clearly a security risk is ethically and technically incompatible with being a security consultancy that helps their clients to make the best security choices possible.
An officer of a company is responsable for the ethical as well as financial well being of the company.
The two possibilities here are that he got a nasty surprise in discovering that the rest of the officers were not nearly as committed to vendor neutrality for the sake of their client's security as he was, or this was a deliberate play to bring a known disagreement to a head.
I am referring to users who insist that everyone uses Fluxbox and IceWM, not to all Linux users in general.
In which case you should be saying:
'hence the fascination with Fluxbox and IceWM.'
Otherwise you're liable to get marked, rightly so, as a troll.
Besides...IceWM is a really nice WM for low memory systems. My wife's laptop has a choice of KDE or IceWM, and I always use IceWM, because it's a PII 300 with 64MB RAM. It runs KDE, but Ice is quicker.
"City hall" in German is "Rathaus" Kinda explains a few things......
At stakes credibility is zero after this. It's blindigly obvious that @stake:
They don't even know how to fire a whistle blower. Their timing is pathetic and the idiots actually admitted that they fired him over his paper. They tried to couch it in PHB terms, but they only ended up putting more steam in the whistle.
The dismissal is more damaging than the paper ever was. Everyone in IT knows what the paper said is true, but it's just so much background noise. Greer's dismissal is so shocking and so obvious that it may make news outside IT. Microsoft might as well send the BSA after public school systems. Oh yeah, I forgot, they already do that. They are a buch of dumb asses and @stake is their bitch.
Friends don't help friends install M$ junk.