Slashdot Mirror
Geer Comments On Firing From @Stake
dwbryson writes "Last week Dan Geer, co-author of the CCIA Microsoft security report, was fired from @stake for expressing 'values and opinions [of the report] not in line with @stake's views.' Now Geer has been talking to eWeek and comments on his dismissal."
We still have the bill of rights in the USA, however it is being weekened daily.
Microsoft deserves it's reputation if it fires people just for speaking out. This man did not deserve to be fired just for saying what everyone knows: that Microsoft is monopolistic.
-StarMaven
"The Venn diagram of facts doesn't intersect. The intersection of all of those statements is the null set," Geer said.
Ahhh, one of our own... :)
I guess Geer should read "The Surprising Benefits of Being Unemployed" from earlier. Perhaps it will help?
This one is going to pass just like every other Microsoft injustice.
I'm ashamed of our academics, as cited in the article. He apparently went to get 9 to sign onto that paper and all declined because of funding issues.
What's the point of tenured academics if they are going to be afraid of losing corporate grants and therefore are squelched?
Yet another reason I hate academia, besides that one class...
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
"In the land of the freeeee and home of the brave......."
If a figurehead/spokesperson for my company talked like that, I'd kick him out too. Nobody who's not a geek understands what that means.
All errors in this comment are mine. Corrections are considered a derivative work, and punishable under copyright law.
This shows once more that Microsoft has become too dominant. If even the security companies can no longer speak freely without endangering their existence (and that's why they fired Dan Gear) then what kind of free speech do you really have? Only the kind you can buy...
Irrespective of whether Microsoft had anything to do with the firing, a company such as @stake should stand by its employee and its own credibility...
Why should companies trust future research from @stake? Should existing employees be watching their backs? Bad smell all around!
unfair dismissal
While I don't really like the idea of someone getting let go for speaking their mind, what's unfair about it? His company clearly has ties to MS, and he jeopardized those ties with his statements. If it were his own company, he could have felt free to say anything about anyone he wanted to, and dealt with the aftermath of his comments on his own. But it was someone elses company... someone who was (yuck) concerned about their business relationship with Microsoft.
While the first amendment gives every American the freedom to express their beliefs/thoughts and guarantee no retribution from the government, it gives us no protection from employers.
Here's a proof. Go to your boss. Call that boss every foul word you can think of, and then say you were exercising your freedom of speech. Better yet, do it over an intercom at work, broadening your audience. You will probably be fired, but not wind up in court.
When you work for someone else, you have to play by their rules. Sometimes those rules allow for changes to be made by going through said company's proper channels, sometimes there is no room for discussion at all. Any way you look at it, they are the ones who have bestowed the job.... not the other way around.
I think the problem this guy ran into was the size of his audience. Maybe when he spoke at conferences about security and Windows (oxymoron that it is), his user base was a select group, and small by comparison. But in print, your audience can be unlimited, and so can the damages of your statement.
Saying Android is a family of phones is akin to saying Linux is a family of PCs.
I agree that any company today would have fired Geer after he endangered its revenues. However, I also think that is a problem in itself. I would have liked to see @stake defend Geer, but unfortunately that's not the nature of the beast. People are becoming expendable.
You're kidding, right? I can understand that you didn't read the article, but have you never heard of him before?
I suppose if you were hiring a security consultant, a prime concern would be how well he could blow smoke up your ass.
There's an old adage that says "If you take the king's shilling you become the king's man". @Stake has just loudly announced that they are little more than another Gartner. Why should anyone take any pronouncements they make seriously? Especially since we know they are adverse to offending MS. Someone last week put it best: "l0pht is getting s0pht."
Anyway, @Stake did not "bestow" the job on Geer. He was a founding member and it become politically incorrect for him to do something he had always been doing. He is correct in that we have a very large problem. When tenured academics scuttle about in fear of MS, we definitely have a problem.
There is nothing in the article that would indicate that Greer wasn't playing by the rules. Oh, you didn't read the article? Right, it's /., slipped my mind.
Anyway, he might have grounds for wrongful termination, if he wanted to pursue it. Probably best to just move on; he won't lack for job offers.
should've been what got him fired.
I read the paper. It really was nothing new, nothing groundbreaking. It read just like so many stories before.
Don't get me wrong. I agree with everything he said. But really, it was just spouting off what we've read all over the place in the tech journals, anti-trust news, etc.
His job is to spot the trends coming in the future - And his employer gags him for doing his job - I stand by my remarks in the previous thread on this topic - @Stake will have a very hard time attracting a decent replacement candidate, and their research will now always be suspect...
Becoming?
People have long been the most expendable part of any enterprise.
Karma: Bad. Calmer, good.
I like it that the CTO is expendable, and not just the 'little people' for a change.
@Stake probably didn't defend him because it knew what he was saying was a biased, and incorrect interpretation. After all, if security is improved by using a variety of products, he'd have said that TCP/IP is the bad boy of internet security (as *all* internet attacks use it), or SMTP, or HTTP, etc. No, instead he singles out MS. At no point did he bother to point out the benefits of a widespread 'standard' either.
I wouldn't mind if Linux was 99% of all systems used today, I think we'd have pretty much the same issues to deal with though - and Geer would be sniping at Linux's security flaws in favour of OpenBSD!
His company clearly has ties to MS, and he jeopardized those ties with his statements.
His company also clearly pretends to be about security, and firing him destroyed any credibilty they might have had in that field. Everyone knew that Microsoft doesn't care about security, and now everybody knows that @stake doesn't care about security either.
Man gets fired for making 'false' claims that a company exploits its monopoly of the market, because his bosses dare not offend that company. Hmm.
"I Know You Are But What Am I?"
These people should get funding from companies who actually want objective analysis/research, ie companies who want good advice on which product to buy, investors, etc. not by companies that have a stake in the outcome of the research.
@stake used to be "l0pht heavy industries", a nifty little group of hackers toying around. (www.l0pht.com) Now they're all business. Lame. "What happened l0pht? You used to be cool."
most of y'all are accepting the ?pr? ?firm? scriptdead 'training' that this kind of behaviour is just part of doing 'business'.
lookout bullow. the phonIE facade of the felonious payper liesense stock markup FraUD execrable is dissolving into coolapps/the abyss.
pay attention. that's affordable, & tends to prevent eyecons from misleading you over&over.
consult with/trust in yOUR creator. vote with yOUR wallet. more breathing. that's the spirit.
the lights are coming up now. see you there?
You seem to be implying that the boss is doing a favour to the workers by giving them a job, rather than the way it really is. The workers' labour is worth more to the company than the company's wages are to the workers. As long as I've a hand on each arm and a head on my shoulders, I won't go short. A boss hasn't that luxury .....
It is still unfair dismissal. As long as his name was on the report, then the report is his words, not his employer's, and if someone can't understand, well, that's their problem. You cannot be dismissed from a job simply for disliking your boss, otherwise there would be many more on the dole than working.
In my last job, I made no secret what I thought of my boss. My co-workers {as, one by one, they left the company; some had nervous breakdowns, some got other jobs, some were desperate enough that they would forego six weeks' giro by leaving a job voluntarily; one went into what he described as a less stressful job - teaching!} felt the same way. In this job, I'm fortunate to have a boss I get on with really well. Even if I didn't, that would not be grounds for dismissal.
Also, there is a commonly-overlooked defence to libel, and that is that it was true.
Je fume. Tu fumes. Nous fûmes!
I am surprised that Dan has decided to publicly say anything. This would seem to indicate his relutcance to pursue the matter in court. Or maybe he just hasn't spoken to a lawyer yet. Or is this opening slavo?
Before the obvious referances are made let me just say (again) that what @stake has become is in no way related to what L0pht was. I think there is only one of us left (Weld), everyone else has seen the writing on the wall and moved on. I just hope Dan is able to put this behind him soon and move on as well.
- SRspacerog AT spacerogue DOT net
It's a basic rule of employment, accept the money, play by the rules.
If one of my employees did or said something that was obviously against the interests of my business, I would reprimand and possibly fire him. If they discussed this in public, I would blacklist him as a "big mouth".
What Greer says is something I also believe, but unfortunately being right does not pay the bills. He has probably made himself unemployable by any conventional organisation, and will have to find a way to leverage his notoriety into another kind of power: lobbyist, perhaps.
Ceci n'est pas une signature
@Stake probably didn't defend him because it knew what he was saying was a biased, and incorrect interpretation. After all, if security is improved by using a variety of products, he'd have said that TCP/IP is the bad boy of internet security (as *all* internet attacks use it), or SMTP, or HTTP, etc. No, instead he singles out MS. At no point did he bother to point out the benefits of a widespread 'standard' either.
Did you even read the paper? TCP, SMTP, and HTTP are open protocols with many different implementations. Generally public protocols don't have major design flaws. It's the implementations that introduce buffer overflows and other exploits. If you have multiple implementations, these exploits tend to get spread around.
I wouldn't mind if Linux was 99% of all systems used today, I think we'd have pretty much the same issues to deal with though - and Geer would be sniping at Linux's security flaws in favour of OpenBSD!
Yes, any monoculture is vulnerable to infections, and 99% Linux would be as well. Its only possible advantage over Windows in that case would the modularity of some of its services, and more open codebase for security audits. But who wants 99% of anything? I'd much prefer the "Big 3" that most mature industries settle on. The fact that we're still 90% Ford Model T means we've got at least a decade or two to go.
As an example of the kind of behind-the-scenes influence that large vendors have, Geer cited his efforts to find an academic security expert or two to sign on to the paper on software diversity. After contacting nine people and striking out each time, he gave up.
"All of them said it was too hot for their position," Geer said. "They enjoy the free speech benefits of tenure but not necessarily those of funding."
His experience is interesting; it shows just how there are limits, even in academia, to how far people are willing to go in their pursuit of the truth.
Microsoft might not have an irresponsible security record due to business practices, but the hypothesis put forward by Geer and the others should be examined carefully and openly both for where it might errors, and where their hypothesis fits the facts. That's the way all scientific progress is made.
And he's right, too, about a phone call not being necessary. Conditioning, and seeing what happens to people that take a stand in opposition to some powerful force, is enough to convince most people that self-censorship, if not the better part of valor, is certainly the better expedient for maintaining your comfort.
"Provided by the management for your protection."
The article mentions the security consulting firm Geer started in the 90's. Geer knows how to start and run a company. By now, there are bound to be folks losing faith in their own tenure at @Stake. Perhaps this firing will be the birth of a new security firm, founded by Geer, former @Stake employees, and experts that declined to sign on to the security paper. With enough credibility, the new company might lure some of Microsoft's business away from @Stake.
Sometimes I worry that I'll develop Alzheimer's disease, but no one will notice.
I must disagree...
@Stake is supposed to be a security research and consulting firm. How is any research out of this company ever to have even one ounce of credibility again? I realize Mr. Geer's paper was not published as an "official" company report, but they were angry based on the fact that his paper might "appear" to be At Stake's opinion.
So if At Stake is so concerned about ruffling Microsoft's feathers that a report they DIDN'T EVEN WRITE causes the firing of a senior, uber-experienced employee with a vast repository of knowledge to draw on, how do we know their reports aren't already being slanted to avoid offending "partner" Microsoft?
His firing is tantamount to killing the messenger for a message they didn't like. Sorry, but as an employee I resent the idea that if I do something on my own time and dime that offends somebody inside some business partner's corporate structure, I could lose my job. In this economy, that is a pretty chilling statement, President Bush's assinine assertions that "Everything is okay!" aside...
Who did what now?
First of all, Geer just became a martyr of sorts. As he is practically the creator and one of the more important celebrities in the security field, he's not wanting for job offers or opportunities. He'll probably just make his own.
Whether or not Microsoft had anything to do with his firing, directly or not, is somewhat irrelevant. Sure it adds more fuel to the "we hate Microsoft" fire but outside of that it proves nothing except that @Stake is driven by their sponsors and not by the ideal of exposing the truth. This makes @Stake a security company that isn't secure in its convictions. Security you cannot trust.
Geer, on the other hand, has proven himself to be unshakeable from the pursuit of the truth. He is unshaken by political and financial forces and the industry will see that, like it or not, his opinions can be trusted.
Generally, this is a good thing for him and the business of security. The more high-profile these matters become, the more public opinion will influence commerce in these matters.
It is hard for the American heart to forgive even perceived violation of the free speech ethic. We believe we can say whatever we want whenever we want so long as it is the truth. The public perceives the "breech" of the free speech ethic as a bad thing. "Oh look honey, this bad company fired this man because he was doing what he was hired to do and they didn't like the truth." That's the message most people will receive in this case I believe.
They probably fired him because they knew they couldn't get him to retract anything he said.
I don't see use of common communication protocols as a significant monoculture problem. I think the popular standardization on Wintel is, however. And I agree that Geer's group would be protesting about the standardization on Linux if Intel GNU/Linux was on 90% of all computers running today - that's the entire point, it's the standardization on a single platform that's the problem, not Microsoft itself.
You are not alone. This is not normal. None of this is normal.
This has nothing to do with libel, or slander for that matter. It has everything to do with the idea that an employer does not have to retain anyone on it's payroll for any reason whatsoever. If I have a company, you cannot force me to keep someone under my employ that I don't want to (other than the OSHA, EEOC type laws here in the US). That's absurd!
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.
Where does that say anything about being able to keep your job when you exercise your right to say what you want? He didn't go to jail, so freedom of speech was upheld.
You seem to be implying that the boss is doing a favour to the workers by giving them a job, rather than the way it really is. The workers' labour is worth more to the company than the company's wages are to the workers.
That's extremely arrogant. While I take pride in myself and my work, and would not compromise myself, my morals, ethics, or my beliefs for an employer, I am fully aware that any of those can get me terminated from this company at any time. My company has a dress code, and I abide by it. My company has policies about timekeeping, and I abide by them. If I don't like them, then I don't have to work here.
I liken it to the Jewish man who had his son join the Boy Scouts of America (a Christian organization), then sued them for saying a Christian prayer before every meeting (he lost). There is no law saying that any private organization has to allow freedom of any kind in their arena. If a company says you have to wear blue suits (old IBM) then either you do, or you leave.
It's simple really. Their money, their rules.
Saying Android is a family of phones is akin to saying Linux is a family of PCs.
Considering that the avowed objective of any corporation is to make money, and no other purpose, they are by definition non-ethical.
Considering that you're making an assumption about all corporations, you are by definition not using logic. Please provide evidence first that 'corporations' (excluding the individuals that make them up) have *any* sort of aim. Then please provide evidence that every corporation in existence (including all employees) has no aim or goal other than 'making money' and has no legal or moral compunction when it comes to said sole aim. I won't hold my breath. Of course the 'virtual entity' isn't ethical, because it's virtual. However, the decisions aren't made by the 'virtual entity', they're made by people, who may or may not be ethical.
A corporation has no conscience, no morals, and should not be considered equal or superior to a human being, and be given equal rights.
Are you saying that people should give up their rights when they are employed by 'a corporation', but not when they are self-employed? How can you justify this? If Geer worked for me, and my biggest customer was IBM, and he wrote a paper that was highly critical of IBM, I'd fire him. Why shouldn't a corporation be allowed to do that too? He made a choice in putting his name to that report. I respected the choice he made, until I found out that he didn't expect any fallout from it. Initially I thought he was risking his job to speak his mind on purpose. Now it seems he had no clue there could be repercussions from his action, even though 9 other people had the prudence to know it.
I know everyone likes to jump on the 'corporations are evil' personification bandwagon, but people make up the corporations, they make the decisions, and in this case, it was a prudent business decision. It's not like they fired him cause he put up an 'I hate Microsoft' blog or something.
http://xkcd.com/386/
>It's so funny when people get carried away by the
>expertise they possess in aparticular area, and think they
>can apply it for an another -especially, when they speak
>on behalf of their employer.
RTFAs.
1) Geer is both well known and well respected inside this field, he was speaking inside of his area of expertise.
2) He wasn't speaking "on behalf of [his] employer." The paper specifically states that the individuals who signed it represented themselves and not their companies.
3) From what he has said he has a long list of job offers already.
Integrate Keynote and LaTeX
Gheez!!! Why is everyone else, who has no involvement with this company, saying what they're supposed to do, and how they're supposed to act? This is America, and that company broke exactly zero laws. While most of us will disagree with their reasoning behind it, that company is not "supposed" to do anything.
While this hurts their reputation with the informed general public, nothing wrong, according to US law, happened.
When you do something on your own time and dime, and you're a leading expert at a company in the same field as your comments were made, you may have just damaged the company's relationship with another. While that's fine and dandy, the company loses money. Maybe the should. Maybe their relationship is a distasteful one anyway. But the bottom line is, when someone causes a company that kind of stress, they generally get let go.
You don't own your job, your company does. All you own is your career.
Saying Android is a family of phones is akin to saying Linux is a family of PCs.
That being said you can run GNU/Linux and get rooted just as easily as you could with Windows if you don't patch your system.
if you don't have root you can't get rooted
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Sorry, but as an employee I resent the idea that if I do something on my own time and dime that offends somebody inside some business partner's corporate structure, I could lose my job.
...working for a competitor? ...putting code you don't own into open source? ...like badmouthing your company in a public setting? ...like taking copies of software your company makes, selling them, and keeping the money?
Like...
I read some of the above, and I say:
Whether @stake abd microsoft had the right to act as they did is beside the point. The point is that this sort of thing is really really bad for society because of the chilling effects. If it's risky to criticize the big boys, guess what, they get less criticism than they should have on account of their actions. They seem to be acting better than they really are - the mechanisms in a democracy that should prevent this sort of thing don't work, because people are afraid to speak up.
I don't know if this legally is a free speech issue, but it is in practice.
xkcd is not in the sudoers file. This incident will be reported.
Please mod parent up, and parents parent down. Also:
At no point did he bother to point out the benefits of a widespread 'standard' either.
So? Do all who post bugs also need to state all parts of a product where there are no bugs? He was warning of the dangers of monoculture. Do you ever hear someone talking about the benefits of alcohol when they warn agains it?
True, but that's up to the company, and they'll have to live with their decision.
Saying Android is a family of phones is akin to saying Linux is a family of PCs.
Well stated. To which I'd add:
4) In the paper, Geer identifies himself as the Chief Technical Officer of @Stake. Kindly explain how being the CTO of a computer security company fails to qualify one to speak about computer security.
On the most immediate level, yes, the government's *not* taking action against @stake affirms the Bill of Rights (and yes, the Bill of Rights is best applied to *all* groups within our society, including both individuals and corporations and even clubs if you like.)
However, let me push this to an extreme: suppose Microsoft employed everyone in the US: by saying who had a job and who didn't, they could say who died without trial. At that point, wouldn't they be the de facto government? Thus, the Bill of Rights, as a philosophical statement of politically and economically effective action, is denied by @stake's actions (and by Microsoft).
Which probably meets most peoples' sensibilities pretty well -- nothing against Bill Gates, but they wouldn't want to live in a country ruled by Microsoft without a Bill of Rights (though some do have something against Bill Gates, too). So no, the Bill of Rights doesn't apply. But really, if things were the best possible, it would.
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
what happens to hackers when they have a taste for the money, ideals and the "good of the people" is all well and good but a new pool and condo speaks louder @stake was just assimilated the day they put on a suit and cut their hair
I feel bad for him partly because he got fired for a stupid reason... But mostly because people in this thread keep spelling his last name wrong!
There are only 10 kinds of people in this world... those who understand binary and those who don't
I think you're being a little over-picky here. The legal purpose of a corporation is to limit liability to its owners. This then assumes that its owners are non-management funders. The point of investing is to gain a return. Therefore the lowest common denominator of incorporation is that they exist to make money. The default rules governing directors of corporations make it clear that it is unethical for the directors to cause the company to do anything not in the best interests of the shareholders. The only common interest the diverse shareholders in any sizable company have is in maximizing the return on their shares.
Of course, in practice, these rules are bent, non-profit corporations exist, ethical considerations are considered essential to maximizing return, etc. But, I believe the poster is correct in stating that the LCD of corporations is making money. No other ethic can be universally applied.
Milo
Q.
Insert Signature Here
I wonder if Computer World will drop their rankings in the "Top 100 Places to Work in IT"
Computer World PDF?
A computer once beat me at chess, but it was no match for me at kick boxing. Emo Philips
If you cash in your business for gold, you're going to lose the gold, and then have nothing. If, on the other hand, you trade in your gold for a business, then you're going to get even more gold.
Substitute reputation for business, and you have the security business in a nutshell. @Stake just traded in their business for gold. Geer just traded in his gold for business.
Sooner or later, it's going to be apparent: EVERYONE gets what they deserve.
Bravo, Geer. If you never get another job, I predict you'll still look back on this and say it was one of the best days of your life.
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
Sorry Worm,
If he had an employment contract, it's not as simple as you put forward.
Even if his employment was "at will", he might have some recourse should he want to take it, and depending on the state.
Employment is not a favor granted. It's an exchange. If you learn that now and stop brown nosing your employers, you'll have a bit more dignity and you might feel better about yourself.
now THAT is a serious charge, and should never be made without evidence. Can you point to specific examples of plagiarism? If so, then your *answer* should be modded through the roof. But aside from that, you've just made a false accusation, and should never be listened to again.
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
Here's an idea that I don't think has been explored much... maybe the big problem was that he said the opinions were his own and not @stake's.
If I worked for Adobe, and then decided to release a photoshop clone in my spare time, and claimed that it was my own program, not Adobe's, I think that there would be some problems.
In his job as a security expert, I'm sure that he used @stake's resources and expertise in coming up with the paper. So technically he might not have the right to say that the paper is his own and has no affiliation with the company.
Perhaps if he had brought the paper to his employers and gotten their approval, they could have released it as part of a security report and sold it. Basically he took something that he made for his company and gave it away.
he wasn't even saying anything new or original.
Those of us running OS/2 in the '90s knew OS diversity was good, "Hummm -- how long have I had that (impotent) boot virus? Oh, well." Slashdot archives? It must have been at least three years ago that diversity in the OS environment was discussed in the web media as a good thing.
I read the paper. It really was nothing new, nothing groundbreaking. It read just like so many stories before.
Stating the obvious is not Plagarism. Plagarism means copying someone else's words. Got evidence for that?
My Karma: ran over your Dogma
StrawberryFrog
So what you're really saying is If Geer worked for me, and my biggest customer was IBM, and he told the truth, I'd fire him.
Nice.
Not true. Passing an idea off as one's own is plagiarism. They need more citations. Now, I see, the (.pdf) is an executive summary. Maybe the real paper has better citing.
I work for a meta-corporation that is actually three separate corporations owned and run by the same group of owners: an IT training company, a systems implementation and integration company, and a hardware sales and refurbishing company. I now work in the third company. Our training branch has been exclusively MS-only since they cancelled all their Oracle programs two years ago. Recently our systems implementation and integration company has been made a "deal", that they must terminate all their Unix/Linux/BSD-literate staff and sign an agreement to not hire any more Unix expertise, nor implement or even work to integrate any operating systems other than you-know-who's, as long as the contract is in force... in other words it is an exclusivity agreement. They are getting substantial discounts on software licenses in return for the contract. I used to work for the integration side of the meta-corp, but since I'm the Unix specialist, I had to go. So did several of my peers under the guise of "downsizing". I am thankful that I was allowed to transfer to the sales corp and retain all my seniority and benefits from the years I worked in implementation and integration, but am sore that I work at a very boring job now and am looking for a different one because I'm not happy here anymore. I had to sign an NDA that I would not disclose my knowledge of the deal that transpired too, hence my posting as A/C here. IANAL, but I can't help but doubt the legality of the deal... especially how it seems to be such a blatant anti-trust violation.
@stake ethics
People couldn't type. We realized: Death would eventually take care of this.
Like... ...working for a competitor? ...putting code you don't own into open source? ...like badmouthing your company in a public setting? ...like taking copies of software your company makes, selling them, and keeping the money?
Um, the guy didn't do any of these. Nice strawmen.
He spoke up, maybe made a mistake in using his company's name related to his name as co-author.
However, the company then firing him as a result, would for me, anyway, be a sure sign that I would not want to work at that company.
So, IMHO, maybe for him it is a blessing in disguise.
Regards,
Fredrick
Let's get it weekdayed.
"The Venn diagram of facts doesn't intersect. The intersection of all of those statements is the null set," Geer said.
this guy must be a real smooth talker with the ladies
I agree that @Stake's decision to fire Geer was not a 'free speech' issue. In fact I think the firing is understandable because
- The particular truth which Geer had been pointing out is extremely dangerous for Microsoft's monopolistic strategies. Think about what will happen when this point is widely publicised and taken seriously by those who make purchase decisions for mission critical IT infrastructure of US government institutions. Not only would MS lose some significant revenue (as those institutions would have to make room in their IT budgets for buying stuff from a competitor of MS), but perhaps even more significantly they'd lose their current effective monopoly in one fell swoop.
- The risk of losing MS as a customer is probably unacceptable to the VC shareholders of @Stake.
Therefore, this is just another example of venture capital funding corrupting a company.However, there is a Free Speech issue here:
The real problem is that these events, together with earlier events in which MS abused their position of power to strike back at those who had the courage to speak up in the antitrust trials, will cause many people to think twice before they speak up about this truth. The article mentions the reluctance of many academics to get involved in the discussion for fear of losing funding.
The free speach issue is that MS has more power than any business should have, and they're abusing this power. It cannot be avoided that government has this power, and that's why there's a need for the First Amendment which intends to prevent governments from abusing the power they have.
The First Amendment does not help if the dirty work of suppressing Free Speech is done by a company and not by government. In this context I'd like to remind everyone that Microsoft apparantly would have no hesitations to kill a Free Speech website like Slashdot if they believe that to be in their business interests, and they think they can get away with it.
How can mega-corporations like MS be stopped from suppressing Free Speech?
From 1998:
Microsoft: A U.S. Security Threat
An all-encompassing operating system bares itself to hostile exploitation of paralyzing security flaws. The presence of a fatal defect is unavoidable, as the complexity of Microsoft systems expands to bizarre proportions with each new release. It's the search for such a fault that occupies the minds of some of the brightest computer experts. Finding a crack through which one could induce mayhem with only a few keystrokes would be worth a great deal of money, especially when supporting an act of terrorism.
The point is, this is nothing new. And here's a simple example of somebody drawing the Code Complexity parallel to increased insecurity.
This is NOT a technical document. It is politically motivated rhetoric and that is the reason he was let go. If he published a paper analyzing Microsoft security issues from a technical standpoint I'm sure he would still have a job. Instead, he leveraged his status at a premier security company to push politics. This document is just useless bullshit. The fact that someone would even put their name on trash like this makes me doubt their professionalism.
Man gets fired for making 'false' claims that a company exploits its monopoly of the market, because his bosses dare not offend that company. Hmm.
I didn't read anyone from @stake saying his claims were false, merely that they did not reflect the official company stance. He got fired not for speaking truth, or even presenting his opinion; he got fired for possibly negatively impacting his company's bottom line.
http://xkcd.com/386/
I suppose if you were hiring a security consultant, a prime concern would be how well he could blow smoke up your ass.
Corrected version:
I suppose if you were hiring a consultant, a prime concern would be how well he could blow smoke up your ass.
People rarely want consultants to say anything other than what they were hired to say.
I equate it to government/corporate funded surveys and studies: find what we're looking for or it's your ass.
http://xkcd.com/386/
Of course, in practice, these rules are bent, non-profit corporations exist, ethical considerations are considered essential to maximizing return, etc. But, I believe the poster is correct in stating that the LCD of corporations is making money. No other ethic can be universally applied.
No ethic can be universally applied. That was my point. If all corporations exist to make money, non-profit corporations would not exist. Yet they do. Therefore, not all corporations exist to make money; not all corporations exist for any single common reason.
That was the point I was making. Also, the OP was guilty of personification, which is not applicable to the 'legal entity' which is a corporation.
Had the OP stated that 'many corporations exist to make money' I would not have quibbled with that particular point, although I still reject the personification aspects of the OP. I realize it may seem like a tiny distinction, but it is not. It's the difference between 'some white people are racist' and 'all white people are racist'.
http://xkcd.com/386/
He SPECIFICALLY stated he was NOT representing his employer. How much clearer could he make that? Knowing where he works and who he was representing in the paper was VERY clear and spelled out.
If he said "Production Line Worker, General Motors", would that mean he was representing GM? What if he stated he was catholic, would that mean he was representing the Pope?
Do you think that if had no specific reference to CTO of @Stake that the outcome here would be any different and he'd still be working there? What would you suggest he should have done? Do you think your idea would have prevented him from being fired?
IMHO, he was fired because MS is their biggest client and as a consultant, he said something negative about them (on his own time). In the financial industry this process is heavily regulated by the SEC and can be labeled as deceptive and is illegal. Not illegal in the non finacial world but definately a questionable practice.
Bad boys rape our young girls but Violet gives willingly.
For health-related info we need a law making it a criminal act to knowingly suppress information about a potential significant hazard to human health.
So what you're really saying is If Geer worked for me, and my biggest customer was IBM, and he told the truth, I'd fire him.
Nice.
I realize how someone of limited intelligence might come to that conclusion, however that was not at all what I was 'really saying'. Any employee of mine should feel free to speak only truth. I'd fire someone I caught lying. However, publishing a paper bashing your biggest source of revenue is NOT SMART. It wasn't the veracity of his comments that got him fired, it was at whom they were aimed. Should an employee of mine cause my customers to stop giving me revenue, with what would you propose I pay the rest of my employees? Righteous anger? Become self-employed if you don't wish to consider the consequences of your actions, or else you risk becoming unemployed.
http://xkcd.com/386/
was naming microsoft specifically. That entire paper could have been written without stating the name of our favorite monopoly. People would infer it.
This then assumes that its owners are non-management funders.
Wrong. A great number of privately held corporations are actively managed by one or more shareholders. Indeed, it is also the case that with public corporations that persons holding large numbers of shares would be likely candidates for the Board. But even so, every shareholder is a "manager" in the sense that they have input into the overall direction of the corporation.
Not that this invalidates your overall argument. It's obvious that if the main goal were not to generate a financial return on investment that a corporation is a lesser vehicle than a not-for-profit structure. So the choice to use a corporate structure would imply that profit was a goal of the enterprise. I suppose you could ask whether the goal of making a profit was ethical, but that's a whole separate question. And I think most reasonable people would say that if a company performed its operations in an ethical manner, then the profits were ethical. And vice versa.
I do not have a signature
What I was responding to was this:
My point is that Geer was qualified to speak on security issues, not that he was speaking on behalf of his employer.
In his report, Geer blows the whistle on the dangers of a Microsoft monoculture. As we know all too well, whistleblowers are often rewarded for the efforts with firing, blacklisting, ect.
Here's a snippit from an article discussing the space shuttle disasters, which displays a few parallels with the current situation:
It is often said that whistleblowers are like miners' canaries, warning of impending tragedies that others cannot sense. Experience also shows that, particularly in "can-do" workplaces like NASA's, whistleblower complaints reflect otherwise hidden or unrecognized agency pathologies. For example, in the early 1990s, senior officials at NASA's Office of the Inspector General (OIG) -- the guardians of an agency's correctness -- were themselves the targets of accusations that they were asking their employees to lie about illegalities they witnessed in the inspector general's office. The NASA OIG also was accused of "signing off" on a $1.7 billion contract so that a contractor would have reduced oversight at the Jet Propulsion Laboratory. These and other revelations were brought to light by whistle-blowers, often at considerable risk to their professions.
From the article:
Microsoft, based in Redmond, Wash., has used @stake's services for several years.
and we all know how good their security is now! That's OK, Geer; you didn't wanna work for a company as incompetent as this anyway!
Dude, I miss HNN. Just thought I'd let you know that I used to read it all the time, and submitted fairly often, too. I appreciated your efforts. Also, not that you would remember me, but I want to thank you for being polite to me.
I talked to you at BlackHat one year(can't remember which one). I was one of the wanna-bes hovering around at the opening mixer while you were eating with Jericho and some of the other people from attrition.org. You were really nice to me, despite my annoying fanboy behavior.
The same is true of Hobbit. He talked to me for about an hour friday night of DC6, and I thought that was the high point of that con. So many of the people with major reputations are rude (e.g. Route)....It is really cool that you guys don't act that way.
"Weapons should be hardy rather than decorative" - Miyamoto Musashi
I think that goes for OS's too
@Stake is a security consultant. It couldn't care less about it's reputation with the general public, "informed" or otherwise, what matters is the expectations of your clients, who keep their own people on a pretty tight leash.
But funders that are actively involved in the management of the company do not necessarily have limited liability. The function of investor and manager are legally segregated. This is, in fact, a common problem for investors (like VCs) that are guaranteed a seat on the board of directors: who do they represent? Themselves or all shareholders? To avoid liability for their decisions as directors, they have to disregard their individual interest as a shareholder in favor of the interests of all shareholders. The same goes for management.
So, the assumption of the theory of the corporation is that investors and managers are separate entities and, although in practice these rules are not always strictly followed, they are separate decision-making entities.
Milo
It was pretty painful, but not like you'd think.
"For those who don't know, Geer wrote an article talking about the risks of monoculture that situations like we have with Microsoft expose."
Lets look at the article's title:
Does anyone see the word Monoculture in there? No, just monopoly. It's up there next to "Dominance", "Cost", and "Insecurity".
Somewhere along the lines, this paper jumped from technical analysis to political polemic, and Geer got the political response. Don't get me wrong: The vast majority of the conclusions reached in this article have way more than a grain of truth in them. But the degree to which Schneier backpedalled on the tone was pretty noticable, and stood in stark contrast to the near-rage of the paper itself.
Would Geer have kept his job if the paper was more objectively written? I don't know. But I sure note what I see reported on doesn't match what I read in that paper, and I have to wonder why.
Yours Truly,
Dan Kaminsky, CISSP
DoxPara Research
http://www.doxpara.com
Go to your boss. Call that boss every foul word you can think of, and then say you were exercising your freedom of speech. Better yet, do it over an intercom at work, broadening your audience. You will probably be fired, but not wind up in court.
How about doing it while you are both on vacation? Does he have a right to fire you? He still has? Then it's not capitalism, it's fucking barbarian feodalism. You call yourself a free country? Free country my ass! You freed the blacks, didn't you? Much good it did to you - now there is no distinction between whites and blacks, but only because you all have slave mentality now.
I am not trolling. Seriously, how can anyone sane consider that normal???
Future Wiki -- If you don't think about the future, you cannot have one.
You weren't paying attention last week. Yes, the report was critical of Microsoft's shoddy security record. But the main concern is that any software monoculture is dangerous. Geer's #1 recommendation is to use a mix of (non-Windows) systems, which Microsoft obviously can't approve (short of being broken up by antitrust).
The report was a baddly written crock
This may be true -- I haven't read it.
I could not find a single original thought. You can find more interesting arguments in an average slashdot post.
Frankly, this comment sounds like someone *else* with an axe to grind. There is absolutely zero reason for a paper intended to summarize problems with a company's products to contain "original ideas". If I am a researcher that simply ties a vast set of information and ideas that other people have come up with but together form a useful set of data, I've done my job.
Academics do not routinely brief the press over the papers they are releasing.
And it's probably a less-than-good idea for those in academia, but he was working in the private sector. Building name recognition is a good idea. Lots of historically important scientists have become famous not some much for coming up with ideas themselves, but because they were the ones to popularize them -- they were good at promoting themselves.
Geer was clearly grinding an axe.
I'm impressed that you can so comfortably make such a call -- but even if this is the case, I fail to see why someone writing a paper that expresses their own opinions should then lose their job for it. He wasn't doing this at work, and he wasn't claiming that his employer's views were his. I damn well think that I should be able to write critically about a company in my free time even if my employer has a business relationship with that company without fear of being fired.
It is quite another to participate in a press call organized by the customer's competitors with the sole purpose of damaging the competitor.
Look, man. Come back to reality. He's working in the private sector. What the heck do you think *happens* in the private sector? Microsoft comes up with people funded to make Linux look bad all the time. Big companies do this all the time.
May we never see th
The key was informed general public. Most people could care less about security consultants. The informed general public could be potential clients of this company. They're the ones who should be concened with this company's reputation. Current clients also, but they obviously aren't that informed since they signed on with them anyway.
Saying Android is a family of phones is akin to saying Linux is a family of PCs.
You're missing the point. If I were an employer and I had an employee that hurt a business relationship by using their status as a security expert (which either the got from my company or perpetuated through my company), I would fire them on the spot.
Similar to the hollywood elite who use their status as a public figure to soapbox their own personal beliefs. They have an advantage by being public figures that you and I don't have... free access to the media. However, you can bet that if one of them got on TV and said "Everyone should download movies for free, rather than buy them from MGM" that they wouldn't work for MGM again.
Saying Android is a family of phones is akin to saying Linux is a family of PCs.
I also don't believe that Microsoft had a hand in firing Greer. I seriously doubt that anybody from Redmond called anyone at @stake and said that Greer had to go...or that there was even any indirect pressure. But given the publicity that his paper received, I can certainly believe that the management of @stake looked at the paper and looked at their relationship with Microsoft and decided that one was more important to them than the other.
Who knows...maybe Greer did know that he had a high probability of being fired for publishing the paper. He's not going to be standing in the unemployment line. He'll have a new job very soon. But that line of reasoning is just as unfair to Greer as suggesting that there was some kind of unspoken conspiracy between Microsoft and @stake.
In the end, I think that an individual who holds a prominent position within a company and who also takes a philosophical position against one of that company's largest customers knows (or should know) that there may be unpleasant fallout from that stance. Whether or not Greer knew, it seems to me that he is handling the situation reasonably well by keeping the issue alive and above the noise level in the news.
And ultimately, that will probably serve him well and keep attention focused on the issues that he raised in his paper.
-h-
That's not a point. That's pedantic hair-splitting. The poster was clearly (to everyone but you) referring to for-profit corporate entities. And as far as the personification of "the legal entity which is a corporation" goes, the Supreme Court is about 117 years ahead of you. See Santa Clara County v. Southern Pacific Railroad Company.
"If you're thinking what I'm thinking, you're right." -
Exactly. If you kowtow to the demands of everyone who tells you they are helping you out by letting you work for them, you are making things worse, not better, for everyone else. If you conform to unreasonable expectations instead of protesting at them, you merely reinforce the company's idea that their expectations are reasonable. Then they start expecting even more unreasonable things. That's how your rights get eaten.
But it's a fundamental law that anything anybody does on their own time, at their own expense and away from company premises is their own business. Not their employer's. When knocking-off time comes around, workers are free of all obligations to their employees save turning up for work the next day. If my boss doesn't like dogs, there is nothing he can do to stop me from owning a dog, as long as I don't bring it into work with me. My workplace might have a no-smoking policy, but as long as I could last the day without a puff, I'm free to smoke all the fags I want the minute I'm off the premises. Even if I had lived out a fantasy and beaten my old boss up in an alleyway, as long as that incident took place away from company premises, it would never have been sufficient grounds in and of itself for dismissal.
Je fume. Tu fumes. Nous fûmes!
The article(yeah I know, sacrilege for RTFA)... states that this guy's last day as an employee was Tuesday.
The report was published Wednesday.
An announcement went out on Thursday publiclly stating this guy wasn't an employee.
So obviously his no longer being an employee was not some sort of reaction to his opinion paper.
However, he also states that on Wednesday he did telephone interviews and referred to himself as an @stake employee. Well considering his last day was tuesday, that certainly was not the case. So it's not unreasonable for the company to on thursday issue a press release pointing out how he isn't an employee.
I have to question Dan Geer's credibility here, as well as his motivations. This report when it came out was quite clearly paid for and motivated by Microsoft competitors. Now we have a guy who quit his job on Tuesday claiming that he's being repressed so he can get free publicity. Sorry, not buying it.
No, the GOP is a division of big business, not the other way around.
Of course, the democratic party is a division of the American Trial Lawyers Association, so choose your poison.
Milo
That's not a point. That's pedantic hair-splitting. The poster was clearly (to everyone but you) referring to for-profit corporate entities. And as far as the personification of "the legal entity which is a corporation" goes, the Supreme Court is about 117 years ahead of you. See Santa Clara County v. Southern Pacific Railroad Company.
I suppose you'd call it 'pedantic hair-splitting' if he had said 'all women are blonde' and I said 'some women are blonde'. If the poster meant 'for profit corporate entities', then that's what should have been said. Words mean things, and 'all' means 'all'. The phrase 'all corporations' has NO business meaning 'only for-profit corporations'. Sorry, it's not hair-splitting, it's knowing the difference between 'some' and 'all'.
There's a difference between 'a group of people join together to form a legally recognized entity' and 'the entity itself possesses human traits and emotions'. Again, you may call it hair-splitting but to me it's a vast difference. Calling all corporations unethical (but not the people which make them up) is ridiculous. It would be ridiculous to say 'all people who make up corporations are unethical', yet remove the 'all people who make up' part and I'm supposed to accept it? Why? That makes no sense.
http://xkcd.com/386/
Je fume. Tu fumes. Nous fûmes!
Corporations have all the same constitutional rights and responsibilities under the law as individuals. Of course, while it's easy for a corporation to benefit from the rights (e.g. freedom of speech) there is no one person to bear the responsibility (e.g. punishment for murder). This follows an 1886 Supreme Court ruling, so this isn't news. More info here.
After all, if security is improved by using a variety of products, he'd have said that TCP/IP is the bad boy of internet security (as *all* internet attacks use it), or SMTP, or HTTP, etc.
No, he's absolutely correct. Heterogenous environments necessarily tend towards being more secure against complete collapse, since complete collapse entails failure of all components simultaneously -- and different components have different weaknesses.
TCP/IP *is* a risk, but the benefits of using a single protocol are overwhelming (plus, it's relatively small and simple, and doesn't have that much potential for holes at the design level). One of the attacks against TCP/IP at the design, rather than implementation level, was SYN flooding. When SYN flooding came out, there was a serious concern about its impact. Same goes with source spoofing -- another design level issue that provided a whole generation of headaches WRT to the r* services.
However, using the same *implementation* of TCP/IP, which is more analogous to what Geer was arguing, *has* had exactly the kind of security impact that you're claiming is not an issue. The BSD TCP/IP stack is almost everywhere today -- Linux is one of the very rare exceptions that (currently) uses a different codebase. Attacks against this TCP/IP implementation like teardrop and bonk have affected significant swaths of computers, and had a serious impact.
The argument that relying on a single implementation of software to provide global services is exactly what Geer's pointing out is a bad idea. Word a bad idea? Absolutely. Before the Word monoculture, macro viruses simply were not an issue. Now, if a worm can propagate using Word, it can cause untold damages to individuals and companies aroung the globe in a short period of time. Same goes for Outlook viruses. You can't claim that this isn't the case -- it's *happened*.
I wouldn't mind if Linux was 99% of all systems used today, I think we'd have pretty much the same issues to deal with though - and Geer would be sniping at Linux's security flaws in favour of OpenBSD!
Absolutely. What's wrong with that? There's nothing hypocritical there. Linux is significantly more enjoyable than Windows for me, so I'd prefer a 99% Linux universe to the current situation. That world would be more prone to complete failure than a 30% Linux, 30% Windows, 30% BSD universe, however.
May we never see th
Huh?
It sure sounds like you are saying monoculture is not a bad thing!
Chant the mantra with me now: "Diversity enhances Survivability". Repeat until you reach inner peace.
All exploitable bugs start life as undetected exploitable bugs. Patching does not fix bugs which are not detected by the patcher. The Bad Guys (TM) are not motivated to disclose all exploitable bugs to the patcher. Therefore, there are going to be (at some point in time) exploits for bugs without patches.
In a high-bandwidth software monoculture (such as exists in many if not most large corporations) this is a recipe for disaster. Google for blaster and nachia/welchia if you don't believe me!
Software (particularly OS) diversity is the ONLY "real solution", as you put it, to this problem. The really hard-core high-availability guys are now implementing dual-OS redundant systems; a Win2K box that takes over from a linux machine or an Tru64 box that can substitute itself for a Sun system.
Scott Adams says you should even encourage users to get whatever system they find most useful for their desktop, so that macs, linux, BSD, Windows, BEOS, etc. are all represented on the corporate network. It seems to me that would only work in low-turnover knowledge-worker type environments, though; otherwise the support burden would probably outweigh the productivity and survivability increases.
Obviously, you should patch. But that's a reactive rather than an active solution, and it's not a remedy for the fabled zero-day exploit anyway.
IME, when companies want a consultant to analyze something, it's generally to sign off on a point they want made. They're leveraging the consultant's reputation. This can either be for external use ("Look, customers! This product is good/competitor's product is bad/etc!") or for internal use ("Look, VP! My idea is good!")
May we never see th
This makes it worse not better
What this means, if true, is that you can NEVER trust anything from anybody in the commercial world that pertains to Microsoft.
Nothing Nada Zilch,
Treat anything as an Infomercials with without the warning.
Help fight continental drift.
You are very correct, I did misunderstand.
Bad boys rape our young girls but Violet gives willingly.
I'm sorry. I didn't realize I was communicating with one of those special people who are differently abled when it comes to making contextual inferences. I hope I didn't hurt your feelings.
"If you're thinking what I'm thinking, you're right." -
1/ Microsoft and @Stake credibility is damaged.
2/ Mucho publicity means, at the very least, more people will read Dan's paper.
3/ Dan Geer will find a fulfilling new gig. Presumably his new employer will have a stomach for his outspoken nature.
Hardly a catastrophe or injustice.
@stake was claiming his last day was tusday.. but they never informed him or anyone else until thurdsay... Makeing it seem they decided to fire him after the paper came out wednesday, decided to fire him and "covered their tracks" my saying they already had decided on firing him before the release of the paper. That's why Geeer made the commend about the facts not matching up and creating a "null set".
I'm sorry. I didn't realize I was communicating with one of those special people who are differently abled when it comes to making contextual inferences. I hope I didn't hurt your feelings.
I guess wanting words to have meanings which don't change every 2 seconds *is* different, here on slashdot. However, no matter how you wish to slice it up, no matter how much you insult me, no matter how you twist what I said, 'all' and 'a subset of all' are not, and will never be, the same thing. Sorry. About hurting my feelings: only people that have some sort of worth to me can hurt my feelings, and you've no need to ever worry about that. Just to state it again, you shouldn't use the word 'all' if you aren't referring to...wait for it...all of something.
http://xkcd.com/386/
Did you even read the paper?
OP is quoting or paraphrasing an interview (at the bottom) from Chris Wypol and seen on EWeek.
I find it very odd that Chris Wysopal is trying to completely blow off the context of the study and making the comparison with a flaw in TCP/IP. His statement is a 100% a pure corporate puppet remark and pretty much sums up where @Stakes interests really are.
Bad boys rape our young girls but Violet gives willingly.
if we live in a secure world, how would companies like @Stake make money? @Stake clearly fired Geer for a good reason. They want to be in business 10 years from now, and apperantly Geer had released a paper, however rudimentary, pointed security to a right direction.
Of course, you'll go on to say that all of the things that drove the firing didn't have anything to do with it. You'll be a pussy and trot out some lines about team players or corporate vision and dissemble on the actual reasons.
Hey, if certain other companies knew the real reasons they might not choose to do business with you in the future, right? If you're a bend-over bitch for a company like Microsoft, there are companies who might want a more impartial vendor and/or researcher who may not use you if they know you're going to vet everything through a billg-filter.
When I was a kid, we only had one Darth.
An unresolved question in IT security is to what extent will tactical loyalties dominate, and to what extent will strategic principles dominate. Of course it will be some combination as it is in all industries, but there is much disagreement about which will ultimately be more heavily weighted. Loyalty without principle begets corruption, principle without loyalty begets back stabbing. Neither extreme works, but there is much room for discretion.
Dan Geer's bold move is a vote in favor of principle. The fact that he can do this and remain employable must scare those who seek the stability of loyalty-only based professional conduct. As scary as that might be for some, I think it bodes well for the IT Security industry. Corruption begets industrial impotence. If security were less important, perhaps we could tolerate more corruption. As it is, perhaps those cowards should consider the garbage industry.
Ben
remove the i:
b e n m i o r d at earthlink dot net
L0pht were fantastic. There were always 'up-there'. There was always some wicked code coming from them, new ideas, a PalmOS wardialer, whatever. They were doing what they were good at. @Stake are just corporate money whores. You can see them as a front for Microsoft. By that, I mean that Microsoft will use them to validate & push their own agenda. Apart from that, they're the security equivalent of McDonalds. SpaceRogue mentionned that Weld was the only person from L0pht left at @Stake. If all the rats leave the ship, do you think it's because 'something' is wrong with the ship ? You have group of friends/coders/hackers who fuck off when funding arrives ?!! What does that tell you ? As soon as @Stake became alive, I forgot about them. For me L0pht died right there and then. I doubt that I'm alone in that belief. In my mind @Stake == 1/L0pht || @Stake =! L0pht. Pick your favorite.
> ...I see nothing wrong with presenting both ideas in the proper light...
And there, in one simple phrase, is the reason why Creationism does not belong in a school. Why is it that you present the idea of evolution, and the idea of creation, and don't cover the literal thousands of other "beginning of time" theories that exist all over the world? You don't want to teach any theory of creation other than your own personal version, and by not presenting your particular creation theory among a hundred other creation theories, you seek to give it a level of validity above any of those "other" theories. Isn't this what you accuse evolutionists of doing?
When you're willing to present any religious theory other than your own as a valid "theory", then you can readdress the issue. For now, you're just forcing your religion into the classroom as "scientific".
Virg
It seems to be happening that matters which begin as purely technical/scientific become marketing and sales issues. Witness what happened to the Darpanet when it went public and became the Internet we know today. At the time I was studying CS in college and I recall academics and government types where wringing their hands over the inevitable "dumbing down" of the technology in favor commercial applications and services to the public. Read that as marketing and sales. And we can see where that got us; mom and pop on broadband but with "personal" technology never meant to leave the secure isolation of the living room.
Although viruses got their start on the floppy disk vector (recall boot sector viri?) they have come into their own throught the vector of the Internet. That machine could not have been better built to propogate malware even if one had set out to do so, but the only reason it can actualy do so to the degree it has is because of the brain dead operating systems (and rookie sysadmins) at the remote ends of the pipes. And the monoculture of both is at the heart of the problem. I use MacOSX on broadband, but do you seriously think I have to worry about any of this? No I do not.
Enter security. Now an entire industry has emerged to counterpoint the monoculture, an industry devoted to what would simply have been the day-to-day work of any competent sysadmin just 10 years ago, except that today there are few competent sysadmins. Rather there are hordes of desktop drones massaging M$-based networks across the planet, only incidently linked each to the other by an Internet of which they have no particular understanding nor much interest (a direct reflection of M$'s own utter indifference.) It has all become a dense, dry, sprawling monotypic tinder of light twigs and leaves awaiting the match. The security industry is built around that monoculture of neglect and ignorance, would have no purpose without it, and yet is directed at undoing what the monoculture has done to, and via, the Internet. And since M$ is just a marketing and sales juggernaut with its roots deep in the fertile manure of personal computing, should anyone be surprized that here again the network technology and science are falling under the tracks of the M$ Panzer divisions? I should hope not. M$ did not become a monopoly by being easily distracted with technical details.
I can see no solution but one. Government will not act because politicos are hip to marketing. Regulators will not act because they are afraid of the politicos and like their cushy jobs. And people will continue to select technology out of innocent ignorance. M$ spends freely, buys strategic friends, revises history, and builds outward seemingly oblivious to the coming train wreck because they know for a fact they will just walk away with profits intact; they are afterall about personal computers, and not much more. What is the Internet to M$ except a problem? They distribute their software on CDs and only security patches over the Internet to defend their CD-based software from Internet attack. I should think they would be twice-pleased if the Internet and everything associated with it, including OSS, simply vanished in a general conflagration.
The one solution? I propose we take a clue from Nature and let it burn. We don't need these weeds growing here anymore, burn them out and their seeds as well. The network will survive because the network is not the problem, while the strictly "personal" computers will burn to the ground at the ends of the pipes. Then perhaps something more robust will spring up where they were. It might even be that M$ has the very thing waiting in the wings, ready to roll out, "Windows ProSecure" or some silliness. Fine with me. But if they don't then they are fools and their undoing will be of their own devising.
=^..^= all your rodent are belong to us
> Since the theory of evolution states that everything evolved by pure chance without any intelligent design...
BZZZT. This is not what the theory of evolution says. Reread it and try again, being careful not to confuse the terms "intelligent design" with "environmental constants".
Virg
The entire Microsoft hegemony is on its way out. Might take another decade, but it's going to happen. One way or the other. I'm sure it will happen in my lifetime. When the Microsoft corporate headquarters are torn down and converted to a parking lot, I'll be standing in line to pull into the first open space. Bill Gates is a lying, conniving little weasel who needs to disappear, along with his cadre of slimy, shiny-suit wearing creeps and thugs. The Microsoft operating system is a pathetic pile of gibberish that has NO business being at the heart of the IT industry.
Your making the assumption that the paper is correct. The paper is a thinly veiled attempt to push an agenda of open standards, using security as an excuse. No one in their right mind relies on obscure software for security, but this is what the paper suggests. I don't believe the author believes this either, but was pushing a different agenda, and that is why he was rightly fired.
Vote for Pedro
Bunch of losers. Biggest 'old-boy club' on the planet. Degrees mean exactly JACK.
What you are alluding to is called a "gag clause," and used to be a part of some HMO contracts. It was designed to prevent a physician from discussing treatment options that the HMO does not cover... typically expensive treatments like bone marrow transplants for certain cancers, etc.
Such clauses are almost universally despised by the public in general, and the medical community in particular. A number of states have passed laws making them explicitly illegal.
Most all doctors I've ever known would give you the straight scoop... I sure as hell would. Without full knowledge of risks and benefits, there can be no real choice... it's that "informed" part of "informed consent."
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
Of course, you'll go on to say that all of the things that drove the firing didn't have anything to do with it.
No, I wouldn't. I'd explain to my employee that vilifying our biggest revenue source has caused him to become fired. I don't bullshit.
Hey, if certain other companies knew the real reasons they might not choose to do business with you in the future, right?
Which do you think is more likely:
a large corporation would like my company if my employees were on record saying negative things about my customers
a large corporation would like my company if employees who published papers disparaging my customers were fired
If you're a bend-over bitch for a company like Microsoft, there are companies who might want a more impartial vendor and/or researcher who may not use you if they know you're going to vet everything through a billg-filter.
Yeah, right. I'm sure companies would much rather give money to companies that insult them. That's a good one! You're funny. I'm sure there are companies out there like that, but I guarantee you none of them have the resources of Microsoft.
Yes, I realize that the world would be a better place if anyone could insult anyone else with no repercussions. The world would also be a better place if ambrosia flowed like water and I never had to talk about my feelings to get laid, but that doesn't change the real world.
http://xkcd.com/386/
"'The Venn diagram of facts doesn't intersect. The intersection of all of those statements is the null set,' Geer said."
Hey, Greer, we're humans here.
I like this point. The business itself changed. I am posting AC because I was co-founder a company, but one that for political reasons slowly morphed over time. With reputation comes power, and with power comes greed/corruption. In my case, the other owners' biggest concern was not how to best run the company, but how to expand their power. I wouldn't be surprised if the same thing happened here. They didn't want him any more...and found a 'good reason' to make their move and give him the final heave-ho.
The only unfair dismissals are found under EEOC, OSHA, etc... guidelines. An employer can fire you because they don't like the color of your hair. Believe me, this is not guessing, it's something I know very well, as I've written code for human resources departments for the last 9 years.
Saying Android is a family of phones is akin to saying Linux is a family of PCs.
I realize how someone of limited intelligence might come to that conclusion, however that was not at all what I was 'really saying'. Any employee of mine should feel free to speak only truth. I'd fire someone I caught lying. However, publishing a paper bashing your biggest source of revenue is NOT SMART. It wasn't the veracity of his comments that got him fired, it was at whom they were aimed. Should an employee of mine cause my customers to stop giving me revenue, with what would you propose I pay the rest of my employees? Righteous anger? Become self-employed if you don't wish to consider the consequences of your actions, or else you risk becoming unemployed.
I think you are missing a very important point, here. @Stake's sole product is security advice. If they cannot publish any papers critical of Microsoft, what good is their security advice?
A company whose business is to provide factual consulting information should ensure that that information is accurate and in fact the best advice they can provide their customers. If they are artificially limited in the advice they can give, that opens the doror for a situation in which they are providing bad advice to their customers, for a fee. Would you buy that?
And in this case by your own admission what Greer was saying was factually correct, and good advice to customers. He did not give this advice as a representative of @Stake, but you seem not to care about that hair so I will not split it here. If @Stake truly believes that going to a 100% Microsoft shop is the best advice for their customers (which would be the opposite of Greer's paper) despite all the scientific evidence to the contrary they are indeed lying to their customers and giving them bad advice for their money.
It is not smart for a consulting company to become biased in any way because their aim should be to provide the best solution for their customers, no matter what that solution is. It is also not smart for any company to ignore or suppress all criticism. Criticism is healthy and it is a way for companies to do better. Denying the truth is the way to ruin. Unfortunately for microsoft, this is the way they are headed. They refuse to understand or believe the probelsm with their model and OS design, so they will never fix them. Instead they will continue to try to force people to buy their products and therefore not have to improve them since they don't have to compete with anyone.
Slashdot makes a lot of revenue from Microsoft advertising. If you were Taco, would you ban posters critcal of Microsoft?
> Now, lets propose an experiment. Find a small isolated island and drop off a few hundred dogs of all different breeds. Every day we'll drop off food to make sure they get fed. Question is.... how many breeds will exist on the island after a hundred years? What you will find is that differences in species tend to get bred out unless the breeding is controlled. The number of breeds of dogs on the island will converge not diverge. This is one example of observations not supporting evolution. And yet in many places, discussion of these same facts could lead to a teacher getting fired.
Here's the curious part: your experiment actually goes a long way toward proving natural selection as a force for evolution, despite your presenting it as a refutation. It seems logical that the dogs would breed out until they were all the same, but that's only because your experiment removes the very mechanism by which evolution is purported to occur. If you provide the dogs with plentiful food (and presumably put them on an island that is neither so cold that they'd die of exposure if they slept outside nor so hot they'd die of heatstroke or thirst), there's no reason for the dogs to adapt to the environment at all, so any member can breed with any other member and the puppies will have about the same chance of surviving. Now, what if we did what you said, but put the food in ten foot long tubes that were only eight inches in diameter, to replicate an environment where the only food is burrowing small animals? Now how would your dogs fare, especially the ones that didn't fit in the tubes? Soon, you'd have an island full of dachshund-looking dogs, possibly with a second breed of dogs on the surface well adapted to hunting dachshunds. So you see, this does not constitute disproof of the mechanism of natural selection, but in reality it goes to prove it by showing that if there are no environmental pressures for different breeds, they disappear.
> For example, the fruit fly experiments have shown that aberations can occur to produce an extra set of wings. This seems to support evolution on the surface. However, if you look a little closer, you will find that there are no muscles behind those wings and that these mutations die off quickly when placed outside the controlled environment (laboratory). This results in a net gain of "0" on the evolutionary scale.
Again, you're misconsidering. The appearance of the second set of wings is not considered proof of evolution, it's proof of mutation. Second, the fact that two-wing mayflies die off while one-wing mayflies surivive indicates that one-wing mayflies are better adapted to their environment, so they survive while their two-wing brothers die off. That is specifically the mechanism of natural selection, which goes toward proving the theory of evolving life, not against it. After all, if natural selection didn't work, why wouldn't both the one- and two-wing models survive together?
> What ever happened to the scientific method being used in scientific experiments? Why aren't we allowed to question of the Theory of Evolution? What makes it different from every other area of science?
Um, an awful lot of people have questioned the theory of evolution, but as you can see from the problems presented above, there are many situations where something has been presented as disproof in a very unscientific manner, as your dogs-on-island theory, in which you propose only one experimental situation and no controls (like putting the dogs on another island without outside food) or changes (like the food in pipes that I suggest) and then concluding from the very unscientific experiment that the theory is invalidated. We are allowed to question the theory of evolution, just not by using limited or biased experiments, since that's not following the scientific method.
> If observations don't support the theory, you don't throw out the observations, you throw out the theory. And yet this is what we have in the sci
From Merriam-Webster Online:
fact: a piece of information presented as having objective reality
theory(1): the analysis of a set of facts in their relation to one another
theory(2): an unproved assumption
Evolution is a theory by the first definition. That I agree with absolutely. However, you are using the second definition of the word theory to incite argument. Evolution is a theory which is supported by the evidence. Have we witnessed monkeys evolving into humans? No. Have we witnessed evolution within a species? Yes, it's called selective breeding and people have been practising it for 10,000 years. You are correct that we need a longer timeframe to witness cross-species evolution, and our recorded history is too short.
The evidence for evolution is a collection of facts, not the theory which they support.
HBH"Smart is sexy." -- D. Scully ("War of the Coprophages")
Actually, it's both more and less strict than that.
If you copy someone else's words, and properly attribute them, then it isn't plagarism. (OK, that's a nit pick.)
But it's also plagarism to take someone's new idea and claim it as your own new idea.
OTOH, what is being claimed sounds more like research, with faulty footnoting. (But have you ever noticed how hard it is to find that web page you read that had that idea you wanted to reference. It likely isn't there any more.)
What is really being pointed out (or the valid core which is what should be being pointed out) is how difficult it is to properly cite internet sources. If they aren't retained by Google, they quickly vanish...except some of them.
I can agree that most of what I've seen reported as what he said strikes me as "obvious". And monoculture is a much better term for the causitive principle behind the problem than monopoly is. Monopoly has legal definitions that foul things up. Monoculture has biological definitions, and the analog to bilogical viruses act in and analogous way in the analog to biological monoculture YIELDS computer viruses in a computer OS monoculture will act like biological viruses in a biological monoculture. It seems reasonable. You need to check that the mechanisms for action properly survived the translation, and once you find that they did, it's an eminently plausible conjecture, sustained by informal observation. A formal proof would require much experimentation, most of which is currently illegal.
I think we've pushed this "anyone can grow up to be president" thing too far.
Slashdot makes a lot of revenue from Microsoft advertising. If you were Taco, would you ban posters critcal of Microsoft?
No. Nor is that comparable to what @stake did. Posters are not employees and Geer was not posting to an internet bulletin board. Ad revenue is not the same as 'largest customer of your product or service'. I would, as an employer, fire any employee who went on record insulting my biggest source of revenue. If I did not, I would expect my revenue to dry up, my business to go away, and *all* of my employees to be unemployed. Perhaps that wouldn't happen, and definitely it shouldn't, but as an employer I wouldn't take the chance. Fair? No. If you expect life to be fair, however, you've a disappointment coming.
http://xkcd.com/386/
Did he quote this? Do you know that he remembers ever having even read it?
I can easily accept that he reiterates common knowledge. Much of that common knowledge originates with him, and his associates. If he retrieves an analysis from his memory, why should he not think he did it himself? He's done many. Probably more than he's read.
And, for that matter, how original was that paper in 1998? I seem to recall the same basic idea, less well developed, circulating in the 1960s. And the idea is implicit in a science fiction story from the early 1950's (A nice little niche..Astounding..author? year?). You need to accept that independently acting computer programs are analogous to life, but once you do that, the conclusion is the point of the story. And the term "computer virus" explicitly acknowledges that analogy.
So just how much is new? Not bloody much. So what? People need to be reminded of things, or they forget them. This report was needed, because it expresses a truth that people keep forgetting. (We seem to have a difficulty remembering some kinds of things that we find nearly obvious when we think about them.)
I think we've pushed this "anyone can grow up to be president" thing too far.
With the termination of Geer, @Stake has shouted from the rooftops that they are NOT an unbiased source for information security.
When I write a security paper, I write it from the perspective of an independant auditor, which I am. Someone from the outside looking in. I don't CARE what someones intention was when they created an insecure system. If I found it to be insecure, I let them have it.
I just lambasted a luddite CEO of a major corporation for not making information security HIS #1 priority. I told him that the insecurity of his network was his problem, a management problem, not an IT problem. I railed on him for two hours in a meeting last monday... and he appreciated it. Was my report one-sided? Your damn right! I don't care what his intentions/perceptions are or were. What I told him was the pure, unadulterated and unvarnished truth. As painful as it was - it was true.
He's a good CEO and changes are being made. Now, if this same info were coming from an @Stake consultant: The information would now be suspect as being slanted in M$ favor, because 'they help pay our paychecks' and we can't speak out too strongly against them. @Stake now takes the side of Microsoft.
Was there any lies in what Geer wrote? No... Was it the painful truth, backed up by facts? Yes... Did the truth hurt? You bet. And it needed to be said.
I think that the political ramifications taken out on Geer has just signed the death warrant for @Stake.
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.
His argument was that he was surprised from the standpoint that he had said what the paper said in public many times before, and the company never had a problem with that.
And he also noted that a company as big as Microsoft didn't nessicarily have to pick up the phone to have an effect on his employment.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
While I'm not a fan of this action I think this is pretty much par for the course. Things to consider:
1) Dan Greer was the CTO. This means he is a director or officer and in business this means greater responsibility. This isn't the same as "@stake underling fired for bad mouthing Microsoft in IRC channel". He is a representative of the company and does speak/act on their behalf. He has the ability to sign documents on behalf of the company too.
2) @stake most likely didn't fire him, the Board of Directors did. BoD's are tough to deal with as they are usually more "investor" types. They see an action like this as a huge problem as MS probobly accounts for a large percentage of their biz revenue. Again I don't think this is right, but from a cold emotionless biz standpoint this makes a lot of sense. Please your revenue masters or go out of business.
3)Microsoft probobly didn't have any type of overt hand in this. It's likely the BoD was being proactive by firing them so MS didn't even have the opportunity to suggest firing him.
This was a corporation that's main business was security. Geer published a report critical of the security of Microsoft products. Much of the stuff in it has been proven as true by many studies. He wrote a paper scrutinising Microsoft's products' security. This happens to be part of his job, ie. providing information about internet security. They fired him because the facts didn't favor the provider of some of their funding.
read my blog
musings on politics and technol
Nor would Job have been afflicted. Unless the God they worship is a bit more complex than the god you deride.
Ooh, relish the smugness. You brave, bold pioneer who threw off all preformed belief systems and exposed yourself to the world of observation and reasoning, you. Given today's orthodoxies, it's quite possible that the person to whom you're replying is actually more open than you to data which contradict his theories.
"Belief" is childish, but it becomes unbearable when it takes on the patina of science. One who believes in a scientific theory (such as Evolution) with the fervor of religion disgraces science.
This is rich!
@Stake is just the new name of l0pht Heavy Industries (remember l0phtcrack anyone?). Only now they've gotten used to feeding at the corporate trough. They used to be a lean, mean, usefull, security (through hacking) machine, albeit a bit on the grey side of the law. At least then you could count on what came out of them to be unfettered by corporate sponsorship!
I don't care if Microsoft phoned them up or not. Geer's report was simply common sense. So much so, that I'm suprised it got released as a "paper". Maybe I'll release a paper that proclaims "it is better to breathe fresh air than car exhaust". How can a position like Greer's paper be "expressing 'values and opinions [of the report] not in line with @stake's views."?
@Stake has forgotten it's independent, anti-establishment roots. They have lost all credibility, IMO. The link to Microsoft over the firing (whether MS actually picked up the phone or not) is as obvious as the point of the paper in question.
Maybe their ought to be a new company formed: Greer, Lamo and Assoc. I'd trust what they said when it comes to security over anything @Stake says now.
[/RANT]
"terrorism" and "pedophilia" are the root passwords to the Constitution
This is a 5, if anyone bothers to read this, it shows what hypocrits they are.
Evo of @stake
1) l0pht - cool hacking group, white hat
2) @stake - cool security group, corporate
3) ms introduces their policy of nondisclosure and partnering with security firms who will agree to non disclose, @stake signs up, sells out
I was suprised that an @stake employee would sign on anything against MS, since I know that since #3, @stake has been on their payroll and stopped disclosure... no longer surprised
Freedom is like God
Often talked about but never seen
Subjected to invocation without result
Fought for but never won
God is the only thing with freedom,
we will all surrender to his will
Or since death only awaits us we could fight back!
Hmm starting to see old redeyes ideas...
Like, pardon me while I go and vomit?
Got time? Spend some of it coding or testing
Ak: Why are you building chapel?
Homer: Because you're all terrible sinners.
Q'Toktok: Since when?
Homer: Since I got here. Now either grab a stone or go to Hell.
-- "Missionary: Impossible"
I feel fantastic, and I'm still alive.
If so, would you please pass it on?
Thanks,
Thomas
Thomas J. Ackermann
interim CEO, Chairman of the Board, Founder - Melior, Inc.
iSecure - CyberWarfare Defense
www.dDoS.com
Thomas J. Ackermann interim CEO/Founder - Melior, Inc. iSecure - CyberWarfare Defense www.dDos.com thomas@ddos.com