Slashdot Mirror
Geer Comments On Firing From @Stake
dwbryson writes "Last week Dan Geer, co-author of the CCIA Microsoft security report, was fired from @stake for expressing 'values and opinions [of the report] not in line with @stake's views.' Now Geer has been talking to eWeek and comments on his dismissal."
"The Venn diagram of facts doesn't intersect. The intersection of all of those statements is the null set," Geer said.
Ahhh, one of our own... :)
While it's true MS is a tad "forceful" diversification isn't the real solution to the problem.
.NET makes every XML transaction cost less [or whatever]....
Having sys-admins who do their jobs instead of whining about patching will fix *many* windows related problems.
I think it's a matter of using the right tools for the job. Secretaries shouldn't have to learn userland *nix just to type up a TPS cover sheet for their weekly memos.
Likewise some network admin shouldn't be forced to use WinXP just because the latest
That being said you can run GNU/Linux and get rooted just as easily as you could with Windows if you don't patch your system.
Tom
Someday, I'll have a real sig.
I guess Geer should read "The Surprising Benefits of Being Unemployed" from earlier. Perhaps it will help?
Microsoft deserves it's reputation if it fires people just for speaking out. This man did not deserve to be fired just for saying what everyone knows: that Microsoft is monopolistic.
RTFA
Microsoft didn't fire him, but they may have been involved.
And his paper didn't say that Microsoft is monopolistic, it said that lack of diversity is a bad thing, be it all MS or all Linux or whatever.
Let's get it right. This is not a 'free speech' issue. It is an corporate and scientific honesty issue. In fact, it was the employer excercising their rights to fire an employee for making statements they didn't like, and it affirms, rather than denies the Bill of Rights. You may not like that, but that's the way it is. The First Amendment restricts government, not employers. Therefore, Gere's employers were within their Constitutional rights to let him go for not toeing the company line. In doing so, they discredit themselves and the rest of us can exercise OUR rights to take anything they say with a grain of salt, realizing as we do that they're in a certain corporation's pocket. You can wave the Constitution in the face of private industry all you like...but it doesn't apply, and it just gets tiresome.
This one is going to pass just like every other Microsoft injustice.
I'm ashamed of our academics, as cited in the article. He apparently went to get 9 to sign onto that paper and all declined because of funding issues.
What's the point of tenured academics if they are going to be afraid of losing corporate grants and therefore are squelched?
Yet another reason I hate academia, besides that one class...
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
This shows once more that Microsoft has become too dominant. If even the security companies can no longer speak freely without endangering their existence (and that's why they fired Dan Gear) then what kind of free speech do you really have? Only the kind you can buy...
Irrespective of whether Microsoft had anything to do with the firing, a company such as @stake should stand by its employee and its own credibility...
Why should companies trust future research from @stake? Should existing employees be watching their backs? Bad smell all around!
We will probably see more cases as this as a higher percentage of scientists are funded directly (in companies) or indirectly (sponsored uni/gov-programs) by businesses.
As if anyone did not know about it; sustained publishing of controversial research funded by corporations is almost impossible.
Melius mori in libertate quam vivere in servitute.
unfair dismissal
While I don't really like the idea of someone getting let go for speaking their mind, what's unfair about it? His company clearly has ties to MS, and he jeopardized those ties with his statements. If it were his own company, he could have felt free to say anything about anyone he wanted to, and dealt with the aftermath of his comments on his own. But it was someone elses company... someone who was (yuck) concerned about their business relationship with Microsoft.
While the first amendment gives every American the freedom to express their beliefs/thoughts and guarantee no retribution from the government, it gives us no protection from employers.
Here's a proof. Go to your boss. Call that boss every foul word you can think of, and then say you were exercising your freedom of speech. Better yet, do it over an intercom at work, broadening your audience. You will probably be fired, but not wind up in court.
When you work for someone else, you have to play by their rules. Sometimes those rules allow for changes to be made by going through said company's proper channels, sometimes there is no room for discussion at all. Any way you look at it, they are the ones who have bestowed the job.... not the other way around.
I think the problem this guy ran into was the size of his audience. Maybe when he spoke at conferences about security and Windows (oxymoron that it is), his user base was a select group, and small by comparison. But in print, your audience can be unlimited, and so can the damages of your statement.
Saying Android is a family of phones is akin to saying Linux is a family of PCs.
You are exactly right on this. The only damage done here is to the credibility of @stake and to Microsoft, and that is self-inflicted.
Was it right for @stake to fire Geer? I don't think so. However, it's not illegal (as far as I know; IANAL).
What researcher doesn't have this problem? They can either tell their financial backers what they want to hear or lose funding.
It's the same way in the pharmaceutical industry isn't it?
If you read the article, Geer points out that he was normally paid for taking the lead at that company.
tasks(723) drafts(105) languages(484) examples(29106)
Even if everyone was the perfect patch-applying sysadmin, one vulnerability found in the majority of boxes could lead to millions of rooted boxes.
Especially if that vulnerability was initially discovered by a "black hat."
tasks(723) drafts(105) languages(484) examples(29106)
There's an old adage that says "If you take the king's shilling you become the king's man". @Stake has just loudly announced that they are little more than another Gartner. Why should anyone take any pronouncements they make seriously? Especially since we know they are adverse to offending MS. Someone last week put it best: "l0pht is getting s0pht."
Anyway, @Stake did not "bestow" the job on Geer. He was a founding member and it become politically incorrect for him to do something he had always been doing. He is correct in that we have a very large problem. When tenured academics scuttle about in fear of MS, we definitely have a problem.
What kind of wooly crap is this? I mean, if I criticise my biggest customer, or my company's profit base, I think I can expect my manager to have 'words' with me at least. This is just another MS-is-bad-and-I-don't-care-if-that's-true-or-not story.
If you claim to be security consultants who know security, rather than PR consultants who use words like "security" to help advertising, then you do very poorly for yourself by so obviously and publicaly squelching any appearance of having said something potentially negative about the security of one of your largest customers.
The point is that Microsoft's huge power in the industry appears to be making it impossible for real security firms to exist. As such, we should all be leary of any such's claims, and wonder if in fact they are really PR firms who use words like "security".
-Rob
His job is to spot the trends coming in the future - And his employer gags him for doing his job - I stand by my remarks in the previous thread on this topic - @Stake will have a very hard time attracting a decent replacement candidate, and their research will now always be suspect...
But should corporations have constitutional rights? Like individuals?
Considering that the avowed objective of any corporation is to make money, and no other purpose, they are by definition non-ethical. The individuals that comprise them may well be ethical, but the resulting "virtual entity" isn't. A human being has a conscience, may care about the consequences of his actions; moral, ethical, religious, or justicial. A corporation has no conscience, no morals, and should not be considered equal or superior to a human being, and be given equal rights.
If he explores all forms and substances Straight homeward to their symbol-essences; He shall not die.
Amen to this - I was about to post on the same lines.
In many ways the most sinister bit is towards the bottom, where he tried to get a number of academics to co-sign the paper with him. None felt able to. They all had tenure, which is supposed to allow academics to be free of the pressures that make employees keep quiet about problems, but they were afraid for their funding, which comes from industry and is not tenured. An academic who says the wrong thing may not be out on the street touting for work, but with no research funding in an expensive subject like CS, he is reduced to a schoolteacher.
This is a case where more non-commercial funding is needed. Which usually means goverment funding. But on secutiry issues, the government is also a very interested party and is likely to step on the "wrong sort" of research (e.g. research that might block loopholes used by NSA, but potentially usable by black hats).
Part of the problem is again the size of one giant customer. If the industry were more diviersified commercially (as opposed to technically), a small organisation could take the risk of offending a proportion of the market in order to be seen as frank an knowledgeable by the remainder. But with M$ being the slarges customer for just about anything, as well as the largest supplier, any profit-driven organisation has to think of its opinion.
Consciousness is an illusion caused by an excess of self consciousness.
Man gets fired for making 'false' claims that a company exploits its monopoly of the market, because his bosses dare not offend that company. Hmm.
"I Know You Are But What Am I?"
@stake used to be "l0pht heavy industries", a nifty little group of hackers toying around. (www.l0pht.com) Now they're all business. Lame. "What happened l0pht? You used to be cool."
You seem to be implying that the boss is doing a favour to the workers by giving them a job, rather than the way it really is. The workers' labour is worth more to the company than the company's wages are to the workers. As long as I've a hand on each arm and a head on my shoulders, I won't go short. A boss hasn't that luxury .....
It is still unfair dismissal. As long as his name was on the report, then the report is his words, not his employer's, and if someone can't understand, well, that's their problem. You cannot be dismissed from a job simply for disliking your boss, otherwise there would be many more on the dole than working.
In my last job, I made no secret what I thought of my boss. My co-workers {as, one by one, they left the company; some had nervous breakdowns, some got other jobs, some were desperate enough that they would forego six weeks' giro by leaving a job voluntarily; one went into what he described as a less stressful job - teaching!} felt the same way. In this job, I'm fortunate to have a boss I get on with really well. Even if I didn't, that would not be grounds for dismissal.
Also, there is a commonly-overlooked defence to libel, and that is that it was true.
Je fume. Tu fumes. Nous fûmes!
I am surprised that Dan has decided to publicly say anything. This would seem to indicate his relutcance to pursue the matter in court. Or maybe he just hasn't spoken to a lawyer yet. Or is this opening slavo?
Before the obvious referances are made let me just say (again) that what @stake has become is in no way related to what L0pht was. I think there is only one of us left (Weld), everyone else has seen the writing on the wall and moved on. I just hope Dan is able to put this behind him soon and move on as well.
- SRspacerog AT spacerogue DOT net
Well there is a lot of evidence pointing to the fact that the universe was created in 7 days. Doesn't the Big Bang theory pretty much line up with biblical accounts? The only missing piece of evidence left to find is evidence pointing to that "day of rest" thingy.
As an example of the kind of behind-the-scenes influence that large vendors have, Geer cited his efforts to find an academic security expert or two to sign on to the paper on software diversity. After contacting nine people and striking out each time, he gave up.
"All of them said it was too hot for their position," Geer said. "They enjoy the free speech benefits of tenure but not necessarily those of funding."
His experience is interesting; it shows just how there are limits, even in academia, to how far people are willing to go in their pursuit of the truth.
Microsoft might not have an irresponsible security record due to business practices, but the hypothesis put forward by Geer and the others should be examined carefully and openly both for where it might errors, and where their hypothesis fits the facts. That's the way all scientific progress is made.
And he's right, too, about a phone call not being necessary. Conditioning, and seeing what happens to people that take a stand in opposition to some powerful force, is enough to convince most people that self-censorship, if not the better part of valor, is certainly the better expedient for maintaining your comfort.
"Provided by the management for your protection."
The supervisors blamed the workers for being stupid and lazy. The supervisors of course hadn't done any real work in a couple of years. When I actually went to the line I saw processes that may have been good enough a few years ago, but were not now.
The problem was that the company needed more people to run the line, the line needed to run most of the time 24 hours a day seven days a week, and product needed to be shipped on a more exacting schedule. The two biggest problems were that certain steps which required some precision would have had to be made more fault tolerant so that people with less training could do them, and other steps had to be made more reliable because there wasn't time to go back and fix things after the line shut down.
Which is where I think MS is now. The update process is not suited to the current use patterns or the people using them. Take the current auto-update for home users. There are many home users that are on dial-up with a single phone line in their house. They log on for like 20 minutes a day to check email and load a web site or two. These people might not want to tie up the line for the hour it takes to do an update. They are precisely the people that would open an infected email, which would then have plenty of time to spam the victims address book.
Production updates are the same thing, especially at small companies with several computers, broadband, and a single paid low paid IT worker. Is this worker going to stay after work on the day of the update to fix all the computers. If the company is running a website locally, is the boss going to let that site go down for the hour it takes to update, or is the boss going to want to wait until the IT worker can come in late one weekend to do it? Is that worker going to be competant to deal with any other patching that might be needed after the upate?
Again, it is easy to complain the workers are lazy and stupid. It is much harder to take responsibility as a supervisor or manager and realize that it is your responsibility to create a structure in which certain things will happen. Most supervisors and managers are just as lazy as the workers, and so don't take this responsibility.
Of course, the issue is widespread. IIRC, the original article said the problem was MS was so dominant such attacks were possible. All I am saying is they need to get off their lazy asses, use some of the billions, and develop processes that allows the stupid and lazy production line programmer to create secure code. They obviously can do this, as they have created plenty of processes that allows the untrained programmer to create useful code.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
The article mentions the security consulting firm Geer started in the 90's. Geer knows how to start and run a company. By now, there are bound to be folks losing faith in their own tenure at @Stake. Perhaps this firing will be the birth of a new security firm, founded by Geer, former @Stake employees, and experts that declined to sign on to the security paper. With enough credibility, the new company might lure some of Microsoft's business away from @Stake.
Sometimes I worry that I'll develop Alzheimer's disease, but no one will notice.
I must disagree...
@Stake is supposed to be a security research and consulting firm. How is any research out of this company ever to have even one ounce of credibility again? I realize Mr. Geer's paper was not published as an "official" company report, but they were angry based on the fact that his paper might "appear" to be At Stake's opinion.
So if At Stake is so concerned about ruffling Microsoft's feathers that a report they DIDN'T EVEN WRITE causes the firing of a senior, uber-experienced employee with a vast repository of knowledge to draw on, how do we know their reports aren't already being slanted to avoid offending "partner" Microsoft?
His firing is tantamount to killing the messenger for a message they didn't like. Sorry, but as an employee I resent the idea that if I do something on my own time and dime that offends somebody inside some business partner's corporate structure, I could lose my job. In this economy, that is a pretty chilling statement, President Bush's assinine assertions that "Everything is okay!" aside...
Who did what now?
Non-sequitor. Going from Word2k to WordXP is at least as violent a change as it would be to go to OpenOffice, with the exception that OO interops better with Word2K.
That being said you can run GNU/Linux and get rooted just as easily as you could with Windows if you don't patch your system.Getting "rooted" (ie - having your system compromised by a real live human) isn't so much the problem. It's the worldwide worm of unbelievable scale, speed, and impact that poses a real problem. The ability to automate evil is a special and unique characteristic of Microsoft systems. There has been only one GNU/Linux worm, and it wasn't even a blip on the CodeRed/MSBlaster radar.
The problem is Microsoft.
who are those slashdot people? they swept over like Mongol-Tartars.
First of all, Geer just became a martyr of sorts. As he is practically the creator and one of the more important celebrities in the security field, he's not wanting for job offers or opportunities. He'll probably just make his own.
Whether or not Microsoft had anything to do with his firing, directly or not, is somewhat irrelevant. Sure it adds more fuel to the "we hate Microsoft" fire but outside of that it proves nothing except that @Stake is driven by their sponsors and not by the ideal of exposing the truth. This makes @Stake a security company that isn't secure in its convictions. Security you cannot trust.
Geer, on the other hand, has proven himself to be unshakeable from the pursuit of the truth. He is unshaken by political and financial forces and the industry will see that, like it or not, his opinions can be trusted.
Generally, this is a good thing for him and the business of security. The more high-profile these matters become, the more public opinion will influence commerce in these matters.
It is hard for the American heart to forgive even perceived violation of the free speech ethic. We believe we can say whatever we want whenever we want so long as it is the truth. The public perceives the "breech" of the free speech ethic as a bad thing. "Oh look honey, this bad company fired this man because he was doing what he was hired to do and they didn't like the truth." That's the message most people will receive in this case I believe.
They probably fired him because they knew they couldn't get him to retract anything he said.
>It's so funny when people get carried away by the
>expertise they possess in aparticular area, and think they
>can apply it for an another -especially, when they speak
>on behalf of their employer.
RTFAs.
1) Geer is both well known and well respected inside this field, he was speaking inside of his area of expertise.
2) He wasn't speaking "on behalf of [his] employer." The paper specifically states that the individuals who signed it represented themselves and not their companies.
3) From what he has said he has a long list of job offers already.
Integrate Keynote and LaTeX
Yes, they are both theories. There is nothing scientifically factual about evolution whatsoever.
Your post demonstrates your complete lack of knowledge about evolution and about science. While I don't have time to get into specifics (late for work), I will post some links:
A nice set of links at syacuse university
Coalition for Excellence in Science and Math Education
National Center for Science Education
God is imaginary
I read some of the above, and I say:
Whether @stake abd microsoft had the right to act as they did is beside the point. The point is that this sort of thing is really really bad for society because of the chilling effects. If it's risky to criticize the big boys, guess what, they get less criticism than they should have on account of their actions. They seem to be acting better than they really are - the mechanisms in a democracy that should prevent this sort of thing don't work, because people are afraid to speak up.
I don't know if this legally is a free speech issue, but it is in practice.
xkcd is not in the sudoers file. This incident will be reported.
Actually, CONGRESS SHALL MAKE NO LAW
if it isn't specifically outlined in the constitution, you can't pass a law against it. not a hard principle to understand.
There can be no rights that you obtain as an individual but are denied when you form a group. A group is merely a collection of individuals. Just the same, there are no rights you gain when you join a group and abdicate when you leave one. A corporation is a contract of individuals, who seek a common goal. There are leaders of a corporation who ultimately decide its fate. They have a right to fire and hire whomever they want depending on the charter of the company and the rules they set forth when they incorporate. That is a binding agreement that applies to future employees who are aware. A corporation, therefore, is the equivalent of a contract between individuals. They have a right to act within the contract , i.e. hire and fire, if they breach that contract they can be sued. but its never an issue of free speech.
Reason, free market capitalism, and individualism
For god's sake, I did Venn diagrams in junior high, and I wasn't a math geek. And he's not a "spokesperson" he is, or rather was, the Chief Technical Officer for @Stake.
Firing your CTO for using an eighth-grade math term is like firing your doctor because he insists on using technical words like "prescription" and "stethoscope."
But the timing is odd. Geer worked his last day on Tuesday, according to @stake. He co-published his paper on Wednesday. His dismissal was announced on Thursday. Unless @stake is saying that he dismissed himself by publishing, or that they had told him on Tuesday not to publish the paper if he wanted to stay with the company, then I think they may have problems with
(a) natural justice so he can defend himself; or
(b) the human perception that times flows forwards, not backwards or round in circles.
I think you're being a little over-picky here. The legal purpose of a corporation is to limit liability to its owners. This then assumes that its owners are non-management funders. The point of investing is to gain a return. Therefore the lowest common denominator of incorporation is that they exist to make money. The default rules governing directors of corporations make it clear that it is unethical for the directors to cause the company to do anything not in the best interests of the shareholders. The only common interest the diverse shareholders in any sizable company have is in maximizing the return on their shares.
Of course, in practice, these rules are bent, non-profit corporations exist, ethical considerations are considered essential to maximizing return, etc. But, I believe the poster is correct in stating that the LCD of corporations is making money. No other ethic can be universally applied.
Milo
well..
his job was to be right and say the truth, not to be a talking head that takes money and says what somebody other wants.
at least supposedly, so it gives a real fucklike view of @stake now. why would you consult them when they don't tell you what they really think is the right decision but the decision that suits them for various reasons including commitment to some other big $$$ firm? why wouldn't you go and just read the marketing material by that other firm straight and just skip using them as a middleman without anything on stake on the issue?
fuck, if i go to doctor i'd like to hear the TRUTH about my illness or possible risk factor, not what the doctors employer thinks i should hear.
world was created 5 seconds before this post as it is.
I wonder if Computer World will drop their rankings in the "Top 100 Places to Work in IT"
Computer World PDF?
A computer once beat me at chess, but it was no match for me at kick boxing. Emo Philips
Here's an idea that I don't think has been explored much... maybe the big problem was that he said the opinions were his own and not @stake's.
If I worked for Adobe, and then decided to release a photoshop clone in my spare time, and claimed that it was my own program, not Adobe's, I think that there would be some problems.
In his job as a security expert, I'm sure that he used @stake's resources and expertise in coming up with the paper. So technically he might not have the right to say that the paper is his own and has no affiliation with the company.
Perhaps if he had brought the paper to his employers and gotten their approval, they could have released it as part of a security report and sold it. Basically he took something that he made for his company and gave it away.
I don't know of a single religious zealot who wants to prevent Darwin's theory of evolution from being talked about
There have been teachers in US courts of law because they told their students about Darwin. That enough for you?
The problem the religious zealots have is that the Darwinian's are preventing creationist theories from being talked about.
Religious zealots do not like science, because there is no 'believing' involved. Also Darwinist, being scientists, do not have as extreme prejudice in discussions as religious zealots. Scientists change their pov when they are proven wrong, they do not run away with fingers in their ears like some others do. Has there ever been a creationist in a court of law for telling about the Adam & Eve story?
In an education environment, it's quite reasonable to expect that both theories be taught. (Yes, they are both theories. There is nothing scientifically factual about evolution whatsoever.)
Yes, and the earth existing for only 4000 years is also a theory? No. In no way. A theory is supported by evidence and/or objective reasoning and/or perceptions. Basically the only thing creationists have is: "Well, there are all these creatures, they _must_ have been created.". They never have a decent explanation for exinct creatures (did God make a mistake?), nor for the fact that species change over the course of many generations (God making a mistake again? His design was not perfect), nor for the fact that several million years ago the bio-diversity was much, much lower (God making a mistake again, not having created enough species).
Wenn ist das Nunstueck git und Slotermeyer? Ja! Beiherhund das Oder die Flipperwaldt gersput.
The biggest hit is to the credibility of the authors. The report was a baddly written crock. The only reason it is popular on slashdot is the choice of target. In terms of its arguments it is Matt Drudge or Michael Moore rather than Stephen Jay Gould.
I could not find a single original thought. You can find more interesting arguments in an average slashdot post.
It is not just the opinions stated in the report but the use made of them. Academics do not routinely brief the press over the papers they are releasing. Geer was clearly grinding an axe.
It is one thing to write a report that is critical of a customer's software. It is quite another to participate in a press call organized by the customer's competitors with the sole purpose of damaging the competitor.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
For many companies it -is- their credibility that brings money to their company. When the credibility of a company goes into question, the cash flow slows (or even stops on some occasions) and effectively does put their wallets on the line.
Maybe for you. Actually, I am quite nauseated by the sheer number of people who think this way and accept (and by omission, condone) the unethical behavior of their employers. What's interesting is that these are frequently the same people who frequently complain that corporations are "evil."
While I acknowledge that I've made my share of mistakes in previous jobs, my individuality and sense of free will (hallucinatory or otherwise) have enabled me to make conscious decisions about my choice of employer. For me, ethics has been a very important part of those decisions.
In fact, I was asked during an interview with a manager what was important to me in choosing a job: I told the interviewer flat-out that the most important thing was ethics. Well, when I had a follow-up with my recruiter, it turns out that the interviewer had been flabbergasted by that response. Nobody had ever given him such an answer before. And, as it turns out, not only did it make an impression, it also landed me the job.
Being ethical first does pay, contrary to the popular belief that money and ethics are mutually exclusive. Ask yourself this: would you be willing to accept a 5% pay cut if you knew that you could trust your employer? Hell, Microsoft, Enron, the Bush Administration, or the RIAA could offer me a job tomorrow promising to double my salary, and I would turn it down flat.
But then again, maybe most people are just too complacent to think a bit outside the box and realize that more conscionable options actually do exist.
It was pretty painful, but not like you'd think.
"For those who don't know, Geer wrote an article talking about the risks of monoculture that situations like we have with Microsoft expose."
Lets look at the article's title:
Does anyone see the word Monoculture in there? No, just monopoly. It's up there next to "Dominance", "Cost", and "Insecurity".
Somewhere along the lines, this paper jumped from technical analysis to political polemic, and Geer got the political response. Don't get me wrong: The vast majority of the conclusions reached in this article have way more than a grain of truth in them. But the degree to which Schneier backpedalled on the tone was pretty noticable, and stood in stark contrast to the near-rage of the paper itself.
Would Geer have kept his job if the paper was more objectively written? I don't know. But I sure note what I see reported on doesn't match what I read in that paper, and I have to wonder why.
Yours Truly,
Dan Kaminsky, CISSP
DoxPara Research
http://www.doxpara.com
You weren't paying attention last week. Yes, the report was critical of Microsoft's shoddy security record. But the main concern is that any software monoculture is dangerous. Geer's #1 recommendation is to use a mix of (non-Windows) systems, which Microsoft obviously can't approve (short of being broken up by antitrust).
Evolution is a scientifically proven fact.
Anyone who says evolution is a scientifically proven fact doesn't know anything about science.
In order for anything to be accepted by the scientific community as even a strong theory, it needs to have documented experiments showing very strong evidence, and a completely solid, reproducible experimental design.
This reproducibility is where evolution falls flat on it's face. Evolution is also the only field where this procedure is conveniently not required by the scientific community.
Since the theory of evolution states that everything evolved by pure chance without any intelligent design, the mere fact that a scientist designed the experiment to try to prove evolution denies the experiment the ability to prove the theory.
Then there's the fact that an experiment would have to be able to span billions of years, and be under constant observation for that length of time, to be able to prove, scientifically, that evolution is a fact.
Then I could go into the statistical likelihood of various proteins coming together by chance to form even the simplest form of what could be considered 'life', and the resulting calculation shows that it would take 1*10^139,000 years for it to happen. 1 with 139,000 zeroes is a pretty huge number, and that's just for the first blob of organic goo...not even a single cell.
"City hall" in German is "Rathaus" Kinda explains a few things......
This may be true -- I haven't read it.
But you think that on the basis of a slashdot discussion you have enough information to take on someone who did read it? The paper is online, it is not exactly hard to find.
There is absolutely zero reason for a paper intended to summarize problems with a company's products to contain "original ideas".
The title of the report claims to be addressing national security issues. The report itself only considers a single software vendor. The report is passing itself off in a false light.
As you point out the report does nothing but attack one vendor, that does not appear to me to be a constructive consideration of cybersecurity.
When you get inside the first thing you find is a lengthy discription of Moore's law, Metcalfs Law, pretty much everything appart from Sod's law. And at the end of it you find absolutely nothing to tell you why the enumeration of these laws has anything to do with cybersecrity in general or Microsoft code in particular.
That sets the pattern for the rest of the report. It reads like a sophomore's term paper that contains reference after reference to irrelevant material that only appears to have been thrown in for the purpose of demonstrating that the author has done the background reading.
Look, man. Come back to reality. He's working in the private sector. What the heck do you think *happens* in the private sector? Microsoft comes up with people funded to make Linux look bad all the time. Big companies do this all the time.
And if any of my employees went off and participated in a similar hit job against a major customer I would fire them as well.
You keep saying that the report is OK because it is business. Well in business you don't have academic tenure. A CTO is paid to be a PR representative for the company. You expect your CTO at least to stay on message.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
You're all idiots. There is no such thing as Darwin. He didn't even LIVE. It's a lie designed to steal GOD from society. Don't believe me, tell me this? Have you seen Darwin's corpse? Have you met any of his offspring. Surely the father of evolution would have created offspring.
But that's not all.
Not only was there no Darwin, but there surely is no such thing as evolution. It's about as real as global warming. And we know that's a load of horse excrement.
The world isn't warming, and even if it were, it's not due to green house gasses.
The world, by the way, isn't round either. If you believe that it is round, you're against GOD.
And the SUN revolves around the EARTH! The earth is the center of the universe, because the earth is where Chris lived. It says in the bible God created the earth, it doesn't say he made a solar system and the earth is the 3rd planet in that system.
So quit being such heathens and get with the FACTS as described in the Book of Truth.
Or go to hell! Literally.
because I have been enjoined by this Holy Office to abandon the false opinion which maintains that the Sun is the centre
It seems to be happening that matters which begin as purely technical/scientific become marketing and sales issues. Witness what happened to the Darpanet when it went public and became the Internet we know today. At the time I was studying CS in college and I recall academics and government types where wringing their hands over the inevitable "dumbing down" of the technology in favor commercial applications and services to the public. Read that as marketing and sales. And we can see where that got us; mom and pop on broadband but with "personal" technology never meant to leave the secure isolation of the living room.
Although viruses got their start on the floppy disk vector (recall boot sector viri?) they have come into their own throught the vector of the Internet. That machine could not have been better built to propogate malware even if one had set out to do so, but the only reason it can actualy do so to the degree it has is because of the brain dead operating systems (and rookie sysadmins) at the remote ends of the pipes. And the monoculture of both is at the heart of the problem. I use MacOSX on broadband, but do you seriously think I have to worry about any of this? No I do not.
Enter security. Now an entire industry has emerged to counterpoint the monoculture, an industry devoted to what would simply have been the day-to-day work of any competent sysadmin just 10 years ago, except that today there are few competent sysadmins. Rather there are hordes of desktop drones massaging M$-based networks across the planet, only incidently linked each to the other by an Internet of which they have no particular understanding nor much interest (a direct reflection of M$'s own utter indifference.) It has all become a dense, dry, sprawling monotypic tinder of light twigs and leaves awaiting the match. The security industry is built around that monoculture of neglect and ignorance, would have no purpose without it, and yet is directed at undoing what the monoculture has done to, and via, the Internet. And since M$ is just a marketing and sales juggernaut with its roots deep in the fertile manure of personal computing, should anyone be surprized that here again the network technology and science are falling under the tracks of the M$ Panzer divisions? I should hope not. M$ did not become a monopoly by being easily distracted with technical details.
I can see no solution but one. Government will not act because politicos are hip to marketing. Regulators will not act because they are afraid of the politicos and like their cushy jobs. And people will continue to select technology out of innocent ignorance. M$ spends freely, buys strategic friends, revises history, and builds outward seemingly oblivious to the coming train wreck because they know for a fact they will just walk away with profits intact; they are afterall about personal computers, and not much more. What is the Internet to M$ except a problem? They distribute their software on CDs and only security patches over the Internet to defend their CD-based software from Internet attack. I should think they would be twice-pleased if the Internet and everything associated with it, including OSS, simply vanished in a general conflagration.
The one solution? I propose we take a clue from Nature and let it burn. We don't need these weeds growing here anymore, burn them out and their seeds as well. The network will survive because the network is not the problem, while the strictly "personal" computers will burn to the ground at the ends of the pipes. Then perhaps something more robust will spring up where they were. It might even be that M$ has the very thing waiting in the wings, ready to roll out, "Windows ProSecure" or some silliness. Fine with me. But if they don't then they are fools and their undoing will be of their own devising.
=^..^= all your rodent are belong to us
With the termination of Geer, @Stake has shouted from the rooftops that they are NOT an unbiased source for information security.
When I write a security paper, I write it from the perspective of an independant auditor, which I am. Someone from the outside looking in. I don't CARE what someones intention was when they created an insecure system. If I found it to be insecure, I let them have it.
I just lambasted a luddite CEO of a major corporation for not making information security HIS #1 priority. I told him that the insecurity of his network was his problem, a management problem, not an IT problem. I railed on him for two hours in a meeting last monday... and he appreciated it. Was my report one-sided? Your damn right! I don't care what his intentions/perceptions are or were. What I told him was the pure, unadulterated and unvarnished truth. As painful as it was - it was true.
He's a good CEO and changes are being made. Now, if this same info were coming from an @Stake consultant: The information would now be suspect as being slanted in M$ favor, because 'they help pay our paychecks' and we can't speak out too strongly against them. @Stake now takes the side of Microsoft.
Was there any lies in what Geer wrote? No... Was it the painful truth, backed up by facts? Yes... Did the truth hurt? You bet. And it needed to be said.
I think that the political ramifications taken out on Geer has just signed the death warrant for @Stake.
Good security is based upon reality and common sense. Common sense is a function of having common knowledge.