Slashdot Mirror
Richard Clarke on Microsoft security
hizzo writes "Richard Clarke, former White House cybersecurity and counterterrorism adviser, harshly critized Microsoft's security track record. 'Given their record in the security area, I don't know why anybody would buy from them.' He also called for some regulation of security for ISPs in addition to better industry self-regulation, such as disclosing QA practices and becoming more accountable for secure code. I wonder if anyone will finally start listening to him?"
With all the bribes Microsoft gives to politicians, it's no wonder why he is the former White House cybersecurity and counterterrorism adviser
Gates might have a little trouble calling this guy a communist.
http://www.thelung.org
A politician I actually like? It's just not like them to tell the truth.
It's amazing what will be said when people aren't afraid of being black-balled in the IT industry.
WURD!!
If people don't listen to their computers getting nuked or their info stolen or any other direct impact upon themselves, they're not going to listen to a pundit.
"none"
Sheesh, evil *and* a jerk. -- Jade
Given their record in the security area, I don't know why anybody would buy from them.
Maybe because people aren't aware of the alternatives that are out there (Mac and Linux) or simply resist change.
Richard Clarke is some kind of expert on computer security? Where are his credentials on the subject?
Just because a person is an expert in one area doesn't mean he knows jack about other areas.
Look at most nerds here. They're pretty smart about computers, but idiots about politics.
A story only a few hours ago on how Microsoft shines on security.
Fact: any box is as secure at the admin makes it.
Move along.
Windows is more secure than Linux! Right? No?!? It was all a sham? Oh, I see.
-- Microsoft is the most expensive commodity operating system and office suite vendor in the marketplace.
I believe after his book that many people in Washington stopped listening to him.
"the war is really hard, uh, you see and we, uh, we're trying to make them all free and ... Karl, what's the buzzing noise?"
"Ignore it Mr. President, that's just a reporter refering to something Richard Clarke said."
"Who?"
A feeling of having made the same mistake before: Deja Foobar
"I wonder if anyone will finally start listening to him?"
No. With all the spyware and worms and virii out there, people just won't switch. I just don't get it. I suppose they are just stuck in their ways, and don't want to learn anything else. I suppose for most people, it was enough of a trial to "learn" how to use Windows, so they would rather put up with the crashes, spyware, and everything Microsoft, and just call it the norm.
It's a shame. But people really are stupid and/or lazy. That's why they won't start listening to anyone about this stuff. If I were a customer of Microsoft, I'd be organizing class-action suits, writing letters, storming Redmond with torches in hand.... Why these people put up with it most likely can be put into two categories: 1) ignorance, and 2) laziness. Either they don't know there are viable options, or they are too lazy to actually pursue said options.
Just something off the top of my head. Agree? Disagree? Discuss.
--- witty signature
Clarke has talked about cyber security before. To the IEEE, in fact. Read it here.
Karma: Can there be a void?
.. -. - . .-. .-. --- -...
Clarke does deserve some kudos as the only responsible government official to apologize to the 9-11 victims's families.
You can't talk about Wikipedia's flaws on Wikipedia
Richard Clark is a smart guy, and his book, "Against All Enemies," is a very good read. Highly recommended by the HouseOfMisterE.
Treat me like a marketing stat, and I'll treat your movie like a series of ones and zeros
Oh come on, watch something other than Fox and read something other than NewsMax and FreeRepublic for once. :P
Lets take a wide gander here. You've never read his book. You didn't listen to his testimony - only selective excerpts and clips. Your knowlege of his history comes from one or two right-wing articles, without ever reading any counters.
I was (foolishly) hoping that this thread wouldn't get dragged into a left-right debate. I was wrong.
"Well, then fire it up and show me what this..." (sigh)
Yeah...buying an OS vulnerable to viruses and spyware and then buying anti-virus and anti-spyware programs is like shooting yourself in the foot and then running (limping) to the hospital for help.
And what's more...the hospital profits from lending you a gun and encouraging to shoot yourself in the foot.
An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
I watch his "Rockin' New Years Eve" program every year, and I expect lots of other people do too. I had no idea he was into computer security as well, though.
-3Suns
~~~~
The Revolution will be Slashdotted
...why should be listening to him? The call for government regulation of ISPs is scary. They will surely have to ask the ISP they want to regulate how to secure their own government systems that by their own accounting have shabby security.
And this is from the same guy who must have done such a great job advising on security matters for the government that most of the government agenecies just recently received an awesome security grade.
http://www.msnbc.msn.com/id/6981279/
Oh wait, that didn't happen!
Whether he didn't have the power to make the necessary changes or he's incompetent the government obviously needs to take some serious steps to increase cyber security soon!
From July 2003
From Feb 2001
Karma: Can there be a void?
.. -. - . .-. .-. --- -...
He's not a politician, he's a civil servant. There is a huge difference there.
Why these people put up with it most likely can be put into two categories: 1) ignorance, and 2) laziness. Either they don't know there are viable options, or they are too lazy to actually pursue said options.
:-)
My excuse for running Windows?
Half Life 2
Has Comcast disconnected your Internet account? Same here. You can read about it at http://comcastissue.blogspot.com
Lazy. When Linux (any flavor) is as easy to use as Windows (admittedly, Firefox and Open Office are installed on my boxes already), when Linux will run my games with the same "double-click the icon" ease, I'll switch - until then, I don't complain about windows because I know I chose it consciously.
I admit being lazy. Linux needs to earn my respect by catering to my laziness.
Take the 90-Day Challenge! http://rwmurker.bodybyvi.com/
Security issues are a wonderfull way to convince people that the government should regulate IT, but ironically it will actually play to the favor of Microsoft most of all. As soon as regulations start out, it will start increasing the bariers to entry in the IT space.
.... yeah ..... right.
This has happened in every industry it's been attempted in. Plumbing, electricity, telephones, auto-repair. Hell, you can't even sell a hot-dog without going thru 10-20 thousand dollars worth of regulation for it to be legal. Yeah, I know, don't say it. There is always a good sounding reason for these
"In a statement responding to Clarke's comments, Microsoft said it has formalized its internal security efforts by adopting an official life cycle that it uses to develop secure software,[...]"
Just what the hell is that supposed to mean?
The heat from below can burn your eyes out
The security problem really has to do with flaws in software. Most viruses and trojans take advantage of defects in operating systems and applications such as email and browser programs. Microsoft is being targeted because they have a monopoly but all software is at fault.
Software is bad, period. And, contrary to what Frederick Brooks and others continue to claim, unreliability is not an essential property of complex software systems. Unreliability stems from a custom that is as old as the computer: the practice of using the algorithm as the basis of software construction. Switch to a synchronous, signal-based approach and the problem will disappear. For an alternative approach to software construction, see link below.
A friend here at college was having a spyware/virus problem that she wanted help with. I offered to help her if she'd use firefox afterwards to prevent this from happening again. She refused because she "likes using Internet Explorer." Even when I told her she could still use it for certain sites, but that it's best not to use it for web browsing.
I guess some people are too set in their ways. She couldn't name anything she liked about IE, just that she did, in fact, like it.
That's my experience trying to spread Firefox to some people who might be in your categories 1 or 2. The other people I've introduced to Firefox have all loved it.
*shrugs* She found someone else to fix it without the condition that she try to use Firefox. I guess it would be interesting to find out if she gets reinfected.
And always works out SO well.
--And sektor spoke and said unto the people. Hey, buttwipe hand me the cheezeos.
The framework established for the Cold War is not suited to the current realities. But knowint that is different than moving the huge icebergs that government agencies become as they expand and atrophy.
Read the EFF's Fair Use FAQ
What about OSX? Noone's ever accused that of not being easy.
But people really are stupid and/or lazy
I work hard, and I'm not (very) stupid. The disruption in daily operations for me to cut 40 live web and db servers, along with all of the code, over to Linux from Win2003/SQL/IIS/ASP/VB would be: total budget killer.
Just changing my group's desktops (including the dev tools, custom apps, storage, file structures, user environments, etc) and ignoring the desktops: total budget killer.
Much better off to talk about the suitability of the Linux stack for new business units, operations, or totally-clean-slate start-up companies. Of course, many new business units are spun off by too-busy growing companies, using people that are already hip-deep in their existing IT framework. This is NOT like deciding that, at home, this weekend, maybe it's time to switch. Any real change would occupy a typical department's people for man-months at least. Very few operations of any kind have that kind of slop in their budgets, as we're coming out of a recession and an only just now loosening IT cost clamp down.
I'd be organizing class-action suits, writing letters, storming Redmond with torches in hand
Maybe I would, but... I've had a busy day doing things for which I collect money, and which help my customers to make money. And I spent that whole day using MS products, none of which crashed, none of which picked up any worms, and none of which required a busy team of people to totally grok a new operating system or try to guess where they'd ever come up with time to do that.
Why these people put up with it most likely can be put into two categories: 1) ignorance, and 2) laziness. Either they don't know there are viable options, or they are too lazy to actually pursue said options.
Don't work in a very competitive, time-stressed, low-margin business environment, do you? Or are you 1) too ignorant or 2) too intellectually lazy to imagine that there might be actual, practical barriers to the quick adoption of something that's completely different and which would require hiring, consultants, and substantial risks? It's called inertia, and in tight economic circumstances, bosses and investors don't like to hear: "It's OK, it's completely different, and no one that works here has ever needed to compile code in order to patch something, but we'll figure it out before anything bad happens! Plus, it's free, other than the huge disruption, support costs, and unknown impact on all of our software! Relax, boss - don't be ignorant and lazy. Certain people on Slashdot have a magic Linux wand that they can wave to make this totally painless, instant, and more or less free."
Don't disappoint your bird dog. Go to the range.
I was (foolishly) hoping that this thread wouldn't get dragged into a left-right debate. I was wrong.
Before resorting to foolish hopes I usually consider Fisher's Deduction:
"The more issues a person tries to artificially shoehorn down into a Liberal/Conservative dichotomy, the more certain you can be that the person is an American."
Then consider what percentage of Slashdot posters are from the US. Odds are if an article has any political aspects there will be a number of posters who feel the need to cast it into a false dichotomy. It's exactly this sort of situation that memes like Fisher's deduction were created to help alleviate. Do your part and spread the meme.
Jedidiah.
Craft Beer Programming T-shirts
People will not switch from Microsoft until an alternative system is compatible with all of their favorite spyware, adware and worms.
I'll see your senator, and I'll raise you two judges.
My knowledge of Clarke isn't very good, did he politicise himself or was he politicised by the Bush administration ?
Clarke was a civil servant/bureacrat during his time working in the US government. He never ran for office and his service was never a sinecure in exchange for political contributions. He served in various capacities under three Presidents (Bush the Elder, Clinton and Bush the Younger). It wasn't until he had spent time working for Bush the Younger that he began publicly criticizing anybody in the US government. He did so after resigning from government service.
Bush the Younger's entourage began to politicize Clarke and his work in an attempt to discredit him. It didn't work particularly well, although for some reason, US voters chose not to punish their President for his lousy track record on terror.
Anybody who has read Clarke's book can see for themselves that he is not some raving madman. He's a professional who has made a career out of imagining the worst, figuring out who's likely to do bad things, and then trying to get others to do what's necessary to prevent the bad things or capture/arrest/kill the bad people. His failure, if you can call it that, is that he was unable to get the current US President to take al Qaeda and the threat of International Terror seriously until after 9/11, and even then, the President was more worried about Saddam Hussein and Iraq than he was about Mullah Omar and Osama bin Laden.
No, I think it's just that people don't understand computer enough to make informed decisions about them on so many fronts that i'ts all they can do to just stick with what is most popular. I mean, to get people to switch to Linux, we have to start with explaining to most people what Linux is, and given how many times people told me their web browser was something like Word, Windows, or Google back when I was working tech support, I think you're going to find that to be difficult.
Much easier to suggest people switch to the Mac, on many levels. But to get people to seriously consider that, you have to get them to reconsider a whole host of things they've never really thought seriously about, such as:
-I need a fast CPU.
-Macs aren't compatible. (where compatible == 'the Platonic form for compatibility')
-Macs don't run the apps I need. (assume this means Word and a web browser)
-I have to play video games. A lot.
-Viruses are a serious problem for all computers.
-Spyware is a serious problem for all computers.
-Crashing is a serious problem for all computers.
-Constant headaches with system failures, bit rot, and software/hardware installation is a serious problem for all computers.
-Macs are too expensive. - cf.) "I need a fast CPU"
-etc.
Overall, I'd say most of this comes from ignorance born of laziness. I don't believe that it is difficult for most people to understand computers. I think most people are just too lazy to put out the effort to really learn how they work. I mean, Christ, my father - the guy who taught me how to edit config.sys and autoexec.bat files - now regularly calls me up to ask me to install new software (it's still shrink-wrapped when I get there) and how to do simple things once it's installed ("Hey, could you read this manual for me? I'm too lazy to do it myself.").
Well, no one in the Bush Whitehouse listened to him about the threat from Al Quaeda before the 9/11 attacks, so why would Microsoft bother to listen to him.
Here's an interesting interview with Clarke which discusses some of this history. It's part of the background material for the Frontline documentary "The Man Who Knew" which is also viewable online.
I happen to own a 12" 1 GHz PowerBook running OS X. It happens to start up, load applications, and play World of Warcraft better then my girlfriend's 2.5 GHz HP laptop or my father's similar 2.5 GHz Compaq machine (both running Windows)
But I must just be a dolt thinking I'm getting my money's worth on a machine that seems faster and less buggy from my perspective.
one of the interesting parts was that, "looking back", much of the world had switched to open source software because it was more secure.
pr0n - keeping monitor glass spotless since 1981.
"Most of the time when someone on the left starts getting a lot of publicity like that, it is really part of a media campaign to sell a book."
Richard Clark is a registered republician.
Where Macs Belong in the Living Room
Huh.
Yeah, it couldn't possibly be the fault of the Clinton and Bush administrations.
Good call.
Oh, wait - no - bad call.
I'm not saying he was an angel, I'm just saying that you've leapt to the conclusion that he was to blame, and two politicians who were absolutely detested by opposing sides of the country (Republicans hated Clinton, Democrats hate Bush) were blameless.
It's too bad really. Imagine all of the things that Clarke could have stopped if other people realized that they actually had to work with him.
Education is the silver bullet.
The U.S. needs more people like Clarke in public service. Not because he spins a good yarn, but because he has consistently offered lucid and nonpartisan analysis of the terrorist threat throughout his career. It is shameful that rather than responding to his arguments the Bush Administration went into attack mode, and even more shameful that the Democrats were unwilling to make Bush's failure in the war on terrorism a bigger campaign issue.
It is too bad that he waited till he was the FORMER White House blah blah blah cybersecurity dude to say something...
Why didn't he say these things when it counted, not after the fact.
Ah, he disagreed with Bush, he must not have credibility. I get it now! And as a Republican he's a Liberal!
Vote Quimby!
Yesterday, in a Manhattan Chamber of Commerce presentation, Microsoft's CIO Ron Markezich came out to take a Q&A. Most questions were softballs, but two really stuck out, showing Microsoft really is at least as out of touch as it is "evil".
Markezich had detailed how his IT department did more than just support 90K desktops worldwide. The were the first consumers of MS software - MS "eats its own dogfood", as Markezich said, and nothing gets released without Markezich's department signing off, after supporting it for months, if not years. A question from the audience asked "I've been using Internet Explorer for 4 or 5 years. It has so many issues, new ones all the time. So much so that when something like Firefox comes along, it knocks IE out of the leadership. What good is all your testing, if it can produce something as bad as IE"? While there are few good answers to that question, Markezich offered probably the worst possible: "I don't know, it works for me". He said he doesn't have IE problems, that they were surprised that it had all the problems in the field, that he doesn't have to install all the patches MS releases, because he doesn't have the problems they address. Astonishing. Remember, this is the CIO of Microsoft, responsible for all their IT globally, including release of their software "when it's ready".
Another question described, anecdotally, getting a black desktop and mysterious prompt warning that the computer had a security compromise, and the user should click to install important MS security updates. But the user wasn't sure the prompt was from Microsoft, though it claimed to be, and the next click could completely trash a compromised computer. Their question was "how can I tell that a warning and recommendation is from Microsoft, and trust it", considering scams like trojan horses and phishing messages. But Markezich laughed it off, treating it like a weird request for personal tech support - saying "call MS for tech support". I'd have thought that his IT department would be familiar with the scenario, and the issue, and that the question would easily trigger whatever was Markezich's stock response, like "Longhorn will make sure that if a window says "Microsoft" in the title bar, that it's a message only from MS software, or some other lie he made up on the spot. Instead, it's obvious that that kind of social engineering security hole is news to him, though it's been addressed in, say, Java, since day 1.
There is no Microsoft security. There is only spin control. The marketers, and their lawyer "quality control" agents, control the whole company. Even their CIO just takes their marching orders. Without their monopoly, they'd be a joke, game over. As it is, such performances as we got in midtown yesterday have the smell of a dying beast.
--
make install -not war
Viruses are a serious problem for all computers.
No, just some OSs. Never had a Linux virus.
Spyware is a serious problem for all computers.
Same thing here. What is this Spyware you talk about? Never seen it on Linux.
Crashing is a serious problem for all computers.
Okay, yes, my computers crash too. Sometimes more than once a year.
Constant headaches with system failures, bit rot, and software/hardware installation is a serious problem for all computers.
Bits can rot? System failures? Is that like crashes? Software/hardware installation is not a problem for my Linux systems. I once replaced a motherboard with a whole different motherboard in my RAID server and the system automaticly detected and configured my software RAID when I put the drives on different controllers and in a different order without me needing to edit a single file. It simply works. I plug in a new firewire card or whatever, chances are I have drivers for it already. Except those open source DRI drivers for some video equipment. But 2D always seems to work , sometimes with minor tweaks.
Macs are too expensive. - cf.) "I need a fast CPU"
Macs are too expensive. I need a fast CPU, too. I need a dual-core 3+ Ghz CPU today for under $200. *sigh*
But I think it all boils down to laziness for most people. I mean, who really wants to learn how these things work, besides me? But at least I offer my services for free to early Linux adopters.
Clarke said he would want to see government regulation of ISPs to ensure that they offer adequate levels of security to their customers.
He gave a speech at a Global Tech Summit back when he was the President's Cyber Security Advisor. Here's a link to it.
And let me give you a few select comments from that speech:
I think we need to decide that from now on IT security functionality will be built in to what we do, to the products that we bring to market.
TCPA, the Trusted Computing Platform Alliance, is an example of bringing hardware and software manufacturers together. But TCPA is not enough.
It is not beyond the wit of this industry to figure out a way of forcing down patches
ISPs and carriers can insist that when cable modems and DSL hookups are made, firewalls are installed. It is not enough for an ISP or carrier to say, oh, and by the way, you might want to think about a firewall.
A law to require ISP's to impose security on their customers. The security he means is TCPA, also known as Trusted Computing, TCG, Palladium, NEXUS, Longhorn and about 42 other names. And using this system they can "force down" operating system patches, whether you want them or not. Of course you can't get onling in the first place without an approved operating system (Trusted Linux is in the works, but you'd be screwed trying to use it). It can also scan what software you are running, in order to insist that you are running an approved firewall and/or virus scanner. And any other software they feel like making mandatory.
Of course it will be a few years before ISP's could do this, almost no one has a Trusted Computer yet. But as Clarke said, the system is to be built into all the products brought to market. Samsung announced a few months ago that they are now manufacturing nothing but Trusted systems. IBM, Dell, and pretty much any PC maker is already selling Trusted system and that will only increase. Microsoft has announced that only Trusted hardware will be properly compatible with the next Windows release, Longhorn. If Longhorn runs on non-Trusted hardware at all, it will only run in a crippled reduced graphics mode. So once Longhorn comes you you can be sure all new PCs will be sold Trusted compliant only. Give it a couple of years after than for the normal PC replacement cycle and *poof*, the majority of PC's out there will be Trusted compliant. And at that point ISPs could very well impose such a security system. And anyone with a non-Trusted computer would be unable to get on the internet. Anyone who did have a Trusted computer but who wanted to control his own computer and software would also be unable to get on an internet.
Clarke is no longer the President's Cyber Security Advisor, but there are still draft poposals in the government for forcing this through. There's really not much point in them doing anything publicly until more Trusted PCs ship. They'll probably wait for Longhorn to come out and start getting established.
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
Now that's good proactive security. Everyone will be receiving their message soon. Keep up the good work!
IE and Media Player run at user level privilege, so quit the FUD there.
The reason a hole in one brings the system down isn't because they are integrated, it's because most users run as admin. Firefox holes with the user as an admin will have the same result.
The problem is that you can't rip one out and replace it with something less buggier. Don't like Firefox? Replace it with Opera. Don't like IE? Tough luck.
"beware of folks who's version of what they call 'facts' develop over time, especially when they take a self serving direction."
Oh...you mean like the reasons the Bush administration gave as to why we're fighting a war in Iraq! I get it!
1. WMDs!
-then-
2. Fighting the terrorists!
-then-
3. Bringing democracy to the poor Iraqi people!
I'll be most careful to beware of both Mr. Clarke (a registered Republican) and Mr. Bush (also a registered Republican) in the future.
Thanks for helping me out. I've been having a really hard time being able to tell who was telling me the truth since Reagan was president. You've cleared it all up for me.
Boycott everything - they're all trying to fuck you one way or another
Anybody who has read Clarke's book can see for themselves that he is not some raving madman. He's a professional who has made a career out of imagining the worst, figuring out who's likely to do bad things, and then trying to get others to do what's necessary to prevent the bad things or capture/arrest/kill the bad people. His failure, if you can call it that, is that he was unable to get the current US President to take al Qaeda and the threat of International Terror seriously until after 9/11, and even then, the President was more worried about Saddam Hussein and Iraq than he was about Mullah Omar and Osama bin Laden.
It's a testament to the character of that man in that he was the first person to come forward and publicly apologize for 9/11.
I've read the book he wrote about the events before and after (as he saw them) and have followed articles about him. I get the distinct impression that he is the type of person who has 'what if i had have done X' thoughts tormenting him quite often.
This is not a dream, not a dream...we are transmitting from the year 1-9-9-9.
He left in disgust because the Bush administration is criminally incompetent to protect us, though it will instantly blame people like Clarke for its failures. The administration is very competent at media manipulation and killing the messenger. Look at Clarke's recently declassified 1/25/2001 memo warning Rice about al "Qida". He documented (for internal, secret consumption) the steps taken in the 1990s to stop bin Laden, and the steps necessary to stop him permanently. The month before al Qaeda had been documented as attacking the USS Cole, but even that escalation wasn't enough to keep them on anyone else's radar at Bush HQ. Clarke "covered his ass" because his ass was right, and everyone else ignored him. You're just repeating the neocon spin, blaming Clarke with a smokescreen designed to cover the rest of the "team's" failure to protect us, or even admit we'd failed.
--
make install -not war
She found someone else to fix it
You've just hit on the real reason people don't switch ... it's because they always find some geek they can sucker into cleaning up the mess each time, for free! Most people don't even have to lift a finger to keep their systems free of malware - there are geeks running around everywhere literally doing free maintenance - it doesn't even so much as inconvenience them, why would they change?
Why exactly are we all running around spending hours of our own weekends/evenings etc. cleaning up the mess Microsoft made for them for free? Is your time and expertise worth nothing? You feel "expected" to do it because it's a family member? Or some hot chick sweet-talked you into doing it by flirting a little? (We all know we've done that before). Utter nonsense ... start charging for it!
People will start considering alternatives when they realise it's going to cost them a tidy little packet every time their systems get jammed up with the latest MS malware.
I simply told my folks last time they bought a computer, if they buy Windows, I'm not supporting it for them, if they buy a Mac I'll support it for them. Don't expect me to spend my Saturday doing free support work for Microsoft.
I work hard, and I'm not (very) stupid. The disruption in daily operations for me to cut 40 live web and db servers, along with all of the code, over to Linux from Win2003/SQL/IIS/ASP/VB would be: total budget killer.
;-)
Ok, lesson in best practices:
1) Migrate gradually and without downtime. Start by migrating the applications to PHP or Perl with a database abstraction layer. This may be slow. Then you can switch out the OS for Linux with no downtime if you already have load balancing (and very little downtime if you don't). Then you can work on moving to PostgreSQL. Expect that this will take 5 years on average
Ok, so your company doesn't want to hire a full-time employee to do that? Push out the deadlines and migrate app by app and server by server over a longer time. I.e. migrate code first then servers.
Just changing my group's desktops (including the dev tools, custom apps, storage, file structures, user environments, etc) and ignoring the desktops: total budget killer.
Migrate tool by tool. Then you can switch the rest of the OS with little shock.
Note: My first thought about IBM's Linux desktop migration was "it is going to take much longer than the 2 years they are targetting." Again, this is not something you just switch. It is something that takes years.
LedgerSMB: Open source Accounting/ERP
"Linux was never about laziness." No, but computing and playing games *are* about laziness - computers are tools to help us do more faster: If I'm spending my time learning a new OS, that's time I'm not being productive. Or enjoying my recreation (games). Bash Windows all you want, until Linux can show real competitive advantage in ease-of-use, it will continue to be a minority on desktops. Do you drive an alternatively-fueled vehicle, or do you support the monopolistic petroleum industry? Do you live in an alternative-framed home, or do you support the monpolistic lumber industry? I use tools that I find useful. I have Firefox installed, I have Open Office installed, and I am s-l-o-w-l-y learning about Linux, as I want my next system to be a 64-bit AMD, run fast, without any windows on it at all. Want Linux picked up by more people sooner? Make it easier to use. Nobody has to *like* the 900 lb. gorilla known as american intellectual laziness, but it's where the *vast* majority of market share is. Personally, I'm thankful for it in others, it keeps me employed.
Take the 90-Day Challenge! http://rwmurker.bodybyvi.com/
As others have noted he's a republican, and not on the left.
... so shouldn't your comment more properly have been titled "*I* think Richard Clarke is a liar".
t rated
Apart from that, you call him a liar and yet provide no evidence. How exactly has he lied? He may have made mistakes with the benefit of hindsight, but then he's also apologised (has anyone else?) One of your damning pieces of evidence is that he "sounds like a guy who is BSing"
Personally I thought he was extremely eloquent and surprisingly honest when I watched him giving evidence. I was very impressed.
P.S.
naivety
ridiculous
acknowledges
orches
That is, until they acquired Sybari Software Inc. in order to fill this gaping need.
The acquisition itself proves MS had little to offer internally. They simply bought it from outside.
Is Sybari's stuff any good?
I support everything he's saying, but he's leaking credibility at an alarming rate.
Blanket statements like that don't help your credibility either. I've read his book, and he's a darling of the left wing media because he has by far heaped the most criticism on the Bush II administration. However, his praise and criticism of others did come off as fair and even-handed, and he names names everywhere. For example, praise for George HW Bush for the delicate diplomatic balancing act of holding together a coalition (a real one) containing many Arab countries in Gulf War I, and jeers to former FBI director Louis Freeh for incompetent micromanagement particularly in the '96 Atlanta Olympics bombing investigation. No way you'd ever see any right wing pundit criticize one of their own. Never.
This guy is a career Fed (I mean it in a positive way) who started in the State Dept. He's no liberal hippie. Given his background, some of his ideas on security may seem too authoritarian to many Slashdotters, but at least he's able to make reasonable arguments for their necessity. From his writing style he sounds like a reasonable, no-nonsense kind of guy who values competence over loyalty. These kinds of people tend to piss off other people who have the opposite priorities (loyalty over competence).
The only thing that Richard Clark [sic] ever did was approve flights for members of Osama bin LAden's family in the US out of the US and into Saudi Arabia shortly after the attacks.
Clarke's memo to Condoleezza Rice dated January 25, 2001 shows quite plainly that Clarke was urgently asking the White House to start moving on al Qaeda eight months before 9/11. Now that it has been declassified, you can see the actual memo here. [PDF link]
That doesn't look like "BS" to me. In fact, it suggests that "his record" shows a true concern in getting the Bush administration up to speed on what he felt was a huge threat. In the memo, he says "We urgently need such a Principals level review..." Rice finally held his requested meeting on September 4, 2001.
So what's the "only thing" he ever did, again?
I'm not trying to spread FUD but I do know that many MS users fall over all kinds of security issues that don't seem to affect non-MS users. And Apache should stand out as a light on the dark claim that MS gets hacked because they are more popular. And a final point: I have yet to come across a Linux distro that does not practically force you to create a user account and warn you against running as root; why doesn't MS do the same -- tell users that they should create a non-admin account and use it for everything except reconfiguring the computer. Further MS should explain in more detail the risks that are associated with running as Admin.
Restore America: Dr. Ron Paul for President!
Clarke was talking in thinly concealed terms about a Windows worm being theoretically put out by America's enemies, resulting in a shift towards open-source operating systems.
I wonder if some of the viruses that cause so much trouble are in fact backed by scumbags like bin Laden -- there have been a lot more dangerous Windows viruses since roundabouts 9/11, it seems to me, so I wonder if that's a function of an increase in terrorism, or just the suckage of Windows XP, which came out October 25, 2001. If 19-year-old Russians, the usual suspects, can do so much damage, imagine what people who will not hesitate at suicide can do -- it is frightening at best.
According to the DOD definition a "Trusted System" is a system with the ability to BREAK your security settings.
You (maybe are forced to) TRUST that the trusted system will do so only in your(?) best interests. You don't trust anyone else.
Trusted systems are not normally systems that have earned your trust from years of service to you, they are by nature, hierarchical systems to which you surrender your trust.
Is there anyone or anything you really trust that much?
There is not nearly enough love in the world, but there is far too much trust.
"The market is demanding security now, and that hard work is going forward already," said Amy Roberts, director of product management in Microsoft's Security Business and Technology Unit, in the statement.
Isn't security something we should expect and not have to demand?
What the hell are you talking about? Clarke had been fighting al Qaeda, and Bush demoted him to cyberterror because real terror wasn't important, and Clarke was too threatening to keeping it that way. It talked about the threat of al Qaeda, already well established, and asked for a meeting of the administration people to start specific actions aimed at stopping al Qaeda, rather than waiting for more threats. That request was ignored. And we were attacked, very specifically.
I didn't even mention anything that has to be "believed" about "Bush". You are an obvious, and sickly typical, Bush worshipper, who is so partisan that you come up with an attempt at an insult by calling me "progressive".
"No specific threats"... "terrorism sponsors like Iraq"... "disgruntled former employee"... NO ONE BELIEVES THAT BULLSHIT. Even Rice looks guiltier than Kissinger when she squeezes that crap out. Don't waste our time here with the talking points that lead to nowhere.
--
make install -not war
> The left in America (I'm sorry, the People's
> Republic of America) seem to love the guy, but for > the open minded who desire to learn more about him > I submit:
People's Republic of America. That's cute.
It's probably true that a great number of people who want to believe Clarke's account are anti-Bush, but that hardly means they're liberal. I know a great number of conservatives who have no love for Bush or his administration and their policies (foreign or domestic, take your pick).
Even as cosmetic details in Clarke's accounts of meetings with the President differed, the points he made are clearly valid. Even the people who don't like him and feel he's an opportunist agree with him on that account.
You can dress a cat up like a pirate, that doesn't change the fact that it's a cat.
P.S. I'm not sure what that last bit means, I just like the image.
my opinion is currently not wearing any pants.
this bio suggests that he worked for a total of five administrations, four at the cabinet level:a dministration_units/officeofcyberspacesecurity/spe cialassistanttothepresidentandchairpresidentscriti calinfrastructureboard/richardaclarke/a_index.shtm l
http://www.americanpresident.org/action/orgchart/
Now before I get modded down, I be to remind whoever might read this that what I am saying is FACT. - bogaboga
Under Clinton, we had one successful Al Qaeda Attack, which was the first one (and the first on the WTC) on our soil. It is known that there no less than 6 others (and possibly more), that was successfully stopped. One of the better well known, was for Y2K, over 300 FBI agents were sent to Seattle. It was to stop Al Qaeda. From what I have heard, it was the nearly the same Richard Clarke, CIA, NSA, and FBI that stopped this one, but failed just several years later. I am curious as to what you attribute this failure to? You really think that these groups under clinton did so well, but just hated GWB that they allowed this to happen? Likewise, many of these same people came out against GWB after 911 and said that he was ignoring everything that they were trying to do? If george tenet and richard clarke were so inept, we did GWB award them the medal of freedom?
Ummm, he was Counterterrorism Czar. In other words, he was in a position to represent the executive branch, and the executive branch had failed the public in the months leading up to 9/11. That's why he felt the obligation to apologize.
he quickly jumped on the "not me" wagon by trying to control the discussion
..".
Saying 'not me'? Quite the opposite I think. Perhaps you saw his testimony to Congress, when he
apologized to the country for not preventing 9/11 and said among other things ".. I failed you
Wow. Saying that out loud for the grieving 9/11 family members and the rest of the country took incredible courage. Contrast Clarke's plain speaking with the circumlocutions spouted by the Bush inner circle.
By the way, I read his book. It was excellent. Clarke's a straight talker who give a clear idea of life in government. (You might want to save the first chapter till the end though, it's easier to follow once you've digested the reset of the book.)
He's a liar? Let's see some backup on that. I believe that he didn't know how to make or defuse a bomb when he was terrorism czar. Every cyberterror chief, including him, and the one who came from Symantec, has quit in disgust. And our "cyber" infrastructure is a flammable house of cards. I'd say anyone who's stayed in that office is not fit to be quoted in anything, least of all their opinion of someone who was willing to quit and talk about their ridiculous performance over there. So you're just drinking the koolaid from the Bush fountain. Hope their happy talk is keeping you safe.
--
make install -not war
Yeah, Clinton was occupied by Congress trying to impeach him for a blowjob, stopping him from doing more to stop al Qaeda. When he tried to do more, like target bin Laden's mobile phone with a drone, the CIA and the Pentagon fought over passing the buck until it was too late. Behind the Republican-controlled Congressional Intelligence Committees smokescreens. The Cole was proven by Clinton's team to be al Qaeda after the 2000 election was over, and presented promptly to Bush as hard proof, but Bush did nothing. As usual, rightwing partisanship has twisted the blame exactly backwards.
--
make install -not war
"Of course you can't get online in the first place without an approved operating system"
From a geeks perspective I'd look upon this as a challenge. In particular would it be possible to create a Pirate Internet, along the lines of Pirate Radio. Use unregulated wireless and create a mesh network that covers the U.S., and links to the rest of the Internet through Canada and Mexico, or maybe shortwave. Would it be possible to create a alternate network for everyone that opts out of trusted computing and corporate and government control of their computers and the network.
To the extent that radio has turned totaly corporate and boring, I find college radio to often be much more interesting and I suspect pirate radio would be to if I could find some in the area. Would the same be true of the the pirate internet. Would all the really interesting and bold stuff move there and today's Internet would continue down the road to sterile corprate websites and subscription only content.
Another interesting question is if the U.S. tried to unilaterally force trusted computed would the rest of the world follow. I suspect not. I could see China going for trusted computing but only if their government controlled it and not Microsoft, Intel and the U.S. If the U.S. had one brand of trusted computing and China another the Internet would fragment and stop being the internet.
Its also possible the U.S. would try to force trusted computing and the rest of the world would just ignore it leading to two outcomes:
- The rest of the world ignores it, it fails and the U.S. ignores it too
- The rest of the world ignores it, the U.S. clings to it and uses oppressive government regulation to inflict it within its borders, and the U.S. would turn in to a black hole in the internet. The rest of the world would ignore it and potentially block U.S. access to the rest of the world in retaliation. I'm wondering if instead of economic sanctions in a future world we might see internet sanctions where a rogue nation is shut out of the rest of the world's Internet as a form of punishment for bad behavior.
In the later scenario could a Pirate Internet spring up in the U.S. and continue to connect to the rest of the world's Internet in defiance of government attempts to suppress it. It would be pretty hard especially when the FCC sends trucks, full of armed goons, around the country hunting down wireless network nodes. A pirate internet would need a lot of redundancy and nodes that are relatively elusive and transient.
@de_machina
During the show Frontline show you'll see Clarke using his a slick Powerbook G4. Its nice to know I'm in good company, using a platform that represents a small yet prominent minority. These days unless my users have a specific application(s) that only runs on Windowson, my usual recommendation because of all my frustration with Windows is for them to get a Mac. If they can't afford to upgrade their hardware to Apple yet, I point them to the most popular Linux distro sites (except Red Hat) or BSD flavors, but I do warn them that there is a little of bit of work involved to get their environment set up right. For those people who like to argue that Windows has more security issues because its more popular, I say that's baloney. Five to six years ago it was my SGI Irix machines that kept getting hacked into once or twice a year. SGIs representing the smallest Unix flavor we had at the time and significantly smaller than the Mac population. Over the past 3 years the number of Windows security issues has exploded exponentially where I can't in good conscience recommend it to most folks.
A Visit from the FBI Seems like FBI prefers Mac OSX as well.
If I tested my code like that, I'd never get another contract.
Justin.
You're only jealous cos the little penguins are talking to me.