Most comments here are unecessarily pessimistic about what could happen to Open Source.
First, anyone can sue anyone for anything already. Having a snowball's chance in hell of winning is another matter.
To sue successfully requires proving damages. You need to prove you lost something of value. Defendant can prove otherwise - and any attorney who views the case rationally (meaning "will I get paid out of this") will take this into account.
To lose a liability suit requires (usually) a finding of negligence. Negligance is measured according to standards of due care for the industry. Having a bug in software will not open you up to losses if you can show due care. You don't have to produce perfect software, you just have to follow accepted software engineering practices for making secure software.
Lastly, many independent professionals, small businesses, and non-profits are subject to neligance suits and still do just fine. You will need to buy professional liability insurance. Your rates will vary depending on how dangerous your software is (could it cause measurable conomic damage? Is it "mission critical"?) and how good/sloppy your development practices are ("due diligence"). Think about a "good coder" discount, like a "good driver" auto insurance discount.
Lastly, by any real standard of "due diligence" many Open Source products would fare very very well. The liability insurance for OpenBSD would likely be minimal.
The legal standard of negligance does not require perfection, but only application of generally accepted standards. A product developed using accepted software engineering practices wouldn't have to worry. Some open source products may meet this standard. Others might not.
Someone you still socialize with long after neither of you work for the same place.
At work you have professional associates. All previous mentioned issues about job politics are very true. I've found nothing more uncomfortable than a company "social event" where all the politics of the workplace are in full force.
It's who you still hang out with when you have long since parted ways with the company that makes a friend.
If you make a friend at work, you will not really know it until neither of you work together.
Would decrypted communications be accepted as evidence in court? Will the encryption back doors be subject to defense-counsel cross-examination? Will be backdoor decryption mechanism be described in court, so defendants can contest this evidence?
I doubt it. Decrypted communications would be presented at their face value. Defendants would not be able to interrogate this evidence. Juries would be required to accept it.
Do you think police agencies ever manufacture evidence to convict people? Do you know how many imprisoned individuals have been set free in Los Angeles due to this sort of corruption in the Rampart division? Did you know an anti-gang worker was deported simply because the LAPD did not like his conciliatory attitude towards gangs? (The LAPD set him up with the INS...)
What do you think will happen when police departments are able to manufacture "decrypted" messages? Do you still think you have nothing to fear because you are innocent? If the back doors in crypto are a "national security secret", do you think anyone convicted on the basis of this evidence will ever see the light of day.
So the war is against "all" terrorists - not just the governments and individuals responsible for this tragedy. Consider that "terrorist" covers a very broad spectrum of groups. Animal rights groups, "radical" environmentalists, anti-globalization groups have all been tagged as terrorist. Will members and sympathizers of these groups also be spied upon, detained without charges, etc.? WIll members of the NRA be considered "terrorists"?
Remeber a war against "terrorism" is not just Bin Laden and his sympathizers - the term "terrorist" has been used very broadly in the past to include many groups and individuals with unconventional views. Consider that we cannot depend on "anti terrorist forces" to have a broad minded tolerance and respect for first amendment rights. Will we see a return to the FBI's Cointelpro, where peaceful dissident groups were spied on and subverted in the name of national security.
The day some script kiddy can break Windows 2005 with a hack worth only $10 is the day Microsoft should be held liable for selling software not fit for its intended use.
And would you feel the same way if your parents/spouse/child were suddenly picked up by the FBI and sent to a detention camp? And if this were done based on an anonymous tip from a neighbor with a grudge? And if this were done under a sealed warrant and you had no right to hire an attorney to defend against this? This happened during WWII. It happened to my grandmother (a US citizen of German ancestry for 20 years at the time. The details including the neighbor with a grudge were revealed 40 years after the fact through a FOIA request.)
You people who advocate suspending civil liberties are the most dangerous terrorists of them all. More people have been murdered by governments in the name of "national security" than have been killed in all terrorist acts put together.
I saw Mummy Returns. Wonderful special effects. Miserable movie otherwise.
I appreciate hi-tech computer generated special effects. I am waiting for computer-generated plots, and computer-generated acting as well. Development of these advances in technology will advance the film making art tremedously.
OK, so software writer's are too individualistic to form a union, and besides unions are designed to bargain against big bad employers, and not pull their members up by their bootstraps.
Why not do what farmers in the 19th century did? They were an individualistic bunch, worked hard, believed they were the backbone of American society, and got screwed by railroad companies with a transport monopoly and banks with a finance monopoly.
They solution was to combine forces and form their own democratically owned distribution channel -- farmer's marketing cooperatives. Their combined financial resources and market clout were able to accomplish what they could not do individually. See www.cooperative.org for more info..
Computer Economics, at least approx. 5 years ago, was more a publishing house than a research firm. Most of the articles were freelanced, though the author is not credited with authorship (they wanted to give the impression of having a large in-house research staff). I would take anything out of here with a large grain of salt.
Is this number footnoted? Is an explanation of the methodology behind it explained? Is there an author listed for the article? If so, what is the author's credentials? Can you possibly contact the author and ask where this number came from?
Personally, I would try to find other sources for a number of this type. Open source principles apply to research as well as code. If people don't publish the "source", don't buy it!
The folks who hire consultants usually have no idea about technology - either as a product or as a process. Not having any technical means to evaluate a consultant, they will hire the one with the style and marketing pitch that makes them feel best. Also, many executives in larger companies have achieved their status not through any technical competence, but by playing company politics, playing golf with the right people, etc. These sort of folks of course respond well to the same approach if used by a consultant.
I wish I could say the marketplace weeds out the charlatans, but it actually seems to encourage them. Ultimately, the reasons for hiring a consultant are political - to justify a decision already made, to take the fall for difficult choices (e.g., inevitable layoffs), or to provide a scapegoat for a flawed internal process. Only when the political process goes awry does the consultant suffer.
Basically, the folks hiring the consultant wouldn't know a good technical product if they stepped on it, and even if they could distinguish technical quality, its not the reason they hired the consultant to begin with.
Recent stories in Wired & an article by Kevin Poulsen (forget where - SecurityFocus? ZDnet?) indicate Ashcroft may not be all bad for techies. He seems to have a good position on crypto controls and a healthy suspicion of carnivore. Of course this all may change once in office...
Also, as one distant from and critical of the Major Media Machines, he may be less eager to inflict/enforce onerous copyright laws in an overzealous manner.
BTW, I didn't vote for Bush either. There is sometimes good in the positions of folks I don't generally support, and often bad in the ones I do.
To what extent did you borrow from the Common Criteria for your project? Which protection profiles did you use? Have you found any of the Orange Book series to be useful as well?
A biger question - to what extent are these formal, committee-design secure systems criteria relevant to securing an open source product? What is good about them? What specifically do you find flawed or totally useless? What did you have to improvise because the methodology didn't cover it?
Not everyone has had a life as focused and correct as yours. A career in the Navy, followed by a sucessful academic track in Computer Science!
Unlike you, I have made many mistakes in my life. For one, I am glad my current employer has not investigated many jobs I held 15 or 20 years ago, where my performance and attitude were less than exemplary.
You may wish to consider that some people have, unlike yourself, not been born to always make the correct choices, but have sometimes had to make serious mistakes first. From these mistakes they must have the opportunity to make their lives right.
If my past mistakes will continue to penalize me, then I have no incentive to make the diffcult choice to right my path. If I am arrested for a DWI, why should I make the decision to correct my behavior, when I will be unable to find employment 10 years later regardless? If I am a foolish tennager who undertakes a bad debt, why should I even bother applying to college, knowing the debt will deny me the possibility of financial aid?
There are many, many good people around you who have at times make poor choices and managed to pull themselves out of it. People can even develop empathy, forgive other's mistakes, and give them another chance to prove themselves, if they put their minds to it.
NO! The US was founded on the principle that once your debts were paid, you were a free citizen. We do not have debtor's prison for that reason. We do not allow slavery or indentured servitude for that reason. There is no such thing as "joining" an underclass when you cannot ever "unjoin" it.
Again, having an entire class of people who cannot enjoy the fruits of liberty EVER, who cannot ever shake the yoke of a past indescretion, is what makes a slave society.
I must assume you do not hold to Christian beliefs, otherwise you would accept that people can redeem themselves through their own efforts. This belief is fundmental to democracy and a free society, whether you consider yourself Christian or not.
You are a very lucky person to have never done anything wrong in your life. To never have driven while intoxicated, to never naively fall for a scam ad for "free CDs", to never have a large animal rush in front of your moving vehicle, to never stupidly mismange money while a teenager. "Poor luck" is a normal consequence of taking risks, something normal people frequently do. Sometimes risks produce rewards, sometimes they turn out badly. You will only avoid events like this by avoiding all risks.
These individuals have all already paid their debt when they went through their troubling incident int the first place. Are they to be marked their entire life? Are we trying to frighten people into avoiding all risk in their life?
Since you applied a gratutitous dig against Al Gore, I will then say the essence of conservative Republicanism is to beat people when they are down. I have noticed a consistent pattern of this from folks on the right -- someone does something stupid or irresponsible, or meets with poor fortune, you take much glee out of depriving them of whatever other pleasure life may offer. You are in favor of risk taking only when it results in great wealth, never when it doesn't
We will end up with two classes of people, the elite with verifiable squeaky clean backgrounds, and a vast pool of marginally employable individuals with some flaw in their official record. We see this alredy in the frightening statistics about the number of young black males with felony arrests. Under current practices, these folks can never ever hope to have a reputable job. Increasing reliance on background checks threatens to expand the pool of "untouchables" to include those with credit problems, minor criminal offenses, medical or psychological conditions, etc.
The great thing about American society was supposedly your ability to remake yourself. You could, at any time, pull yourself up, and create a new life and a new career for yourself. Destroying this destroys an individual's incentive to right their lives, or even switch directions. Having an entire class of people denied these opportunities, rules by people who manage to pass the required background checks, is the negation of the democratic ideal.
I've worked with closed source scanners that have done some very strange things, such as scanning unauthorized IP address ranges. This can be a very dangerous thing to do in a customer environment. For the product in question, it took several days of vendor help desk contacts to determine that yes, this was a known bug with no fix available for the immediate future.
My company now uses open source scanners exclusively. We do, however have our own very competent programming staff capable of reviewing and possibly modifying the code. This gives us some assurance as to what the tool is doing, and the capability of fixing problems quickly if required.
Having a security scanner malfunction due to software error is much more serious than having your word processor freeze. Malfunctioning scanners can crash servers and in general wreck havoc in networks.
Unfortunately, you pretty much need to have a statement that employees have no expectation of privacy at work. Not that you are ethically entitled to snoop at will, but legally you could end up in a very bad situation if the worst happens (e.g. renegade employee threatens world destruction, etc.) and you have not done this.
The most enlightened policies will combine this with a specific list of cases where monitoring may occur (e.g., where suspicion of illegal activity exists, etc.) AND specify what authorization is required to snoop. Perhaps require two separate executive individuals to authorize, say the head of IS and HR together.
You want to assure your employee that they will be monitored only for good cause, not because some e-mail admin is really bored or some manager is paranoid.
CS will teach you the majot abstract concepts of problem solving. This background will allow you to more easily pick up the specifics of any particular system. CIS will tie you to implmentation detail - how does this language work? How to get a report out of this DBMS?
CS will teach problem solving techniques applicable far beyond building system software. You may never code a compiler, but there are a lot of business computing problems that "look like" a compiler. A lot of manufacturing planning, for example, is very similar to CS.
Don't forget your breadth. If you find CS too narrow, do a minor in something "soft" like social sciences, history, or a foreign language. Breadth is very important to CS folks. Lots of CS graduates can write awesome code, but cannot produce a coherent written document. Programming is really about supporting human systems. Humanities and Social Sciences teach many valuable things about how humans work, how they live, how they express themselves. Your programming will be better knowing about the culture and civilzation of which your are a part!
Besides, you are only young once. Get the education you really want now!! Take a year or too longer, take time off to work if you need to.
Slashdot Mirror
Most comments here are unecessarily pessimistic about what could happen to Open Source.
First, anyone can sue anyone for anything already. Having a snowball's chance in hell of winning is another matter.
To sue successfully requires proving damages. You need to prove you lost something of value. Defendant can prove otherwise - and any attorney who views the case rationally (meaning "will I get paid out of this") will take this into account.
To lose a liability suit requires (usually) a finding of negligence. Negligance is measured according to standards of due care for the industry. Having a bug in software will not open you up to losses if you can show due care. You don't have to produce perfect software, you just have to follow accepted software engineering practices for making secure software.
Lastly, many independent professionals, small businesses, and non-profits are subject to neligance suits and still do just fine. You will need to buy professional liability insurance. Your rates will vary depending on how dangerous your software is (could it cause measurable conomic damage? Is it "mission critical"?) and how good/sloppy your development practices are ("due diligence"). Think about a "good coder" discount, like a "good driver" auto insurance discount.
Lastly, by any real standard of "due diligence" many Open Source products would fare very very well. The liability insurance for OpenBSD would likely be minimal.
The legal standard of negligance does not require perfection, but only application of generally accepted standards. A product developed using accepted software engineering practices wouldn't have to worry. Some open source products may meet this standard. Others might not.
Someone you still socialize with long after neither of you work for the same place.
At work you have professional associates. All previous mentioned issues about job politics are very true. I've found nothing more uncomfortable than a company "social event" where all the politics of the workplace are in full force.
It's who you still hang out with when you have long since parted ways with the company that makes a friend.
If you make a friend at work, you will not really know it until neither of you work together.
Would decrypted communications be accepted as evidence in court? Will the encryption back doors be subject to defense-counsel cross-examination? Will be backdoor decryption mechanism be described in court, so defendants can contest this evidence?
I doubt it. Decrypted communications would be presented at their face value. Defendants would not be able to interrogate this evidence. Juries would be required to accept it.
Do you think police agencies ever manufacture evidence to convict people? Do you know how many imprisoned individuals have been set free in Los Angeles due to this sort of corruption in the Rampart division? Did you know an anti-gang worker was deported simply because the LAPD did not like his conciliatory attitude towards gangs? (The LAPD set him up with the INS...)
What do you think will happen when police departments are able to manufacture "decrypted" messages? Do you still think you have nothing to fear because you are innocent? If the back doors in crypto are a "national security secret", do you think anyone convicted on the basis of this evidence will ever see the light of day.
So the war is against "all" terrorists - not just the governments and individuals responsible for this tragedy. Consider that "terrorist" covers a very broad spectrum of groups. Animal rights groups, "radical" environmentalists, anti-globalization groups have all been tagged as terrorist. Will members and sympathizers of these groups also be spied upon, detained without charges, etc.? WIll members of the NRA be considered "terrorists"?
Remeber a war against "terrorism" is not just Bin Laden and his sympathizers - the term "terrorist" has been used very broadly in the past to include many groups and individuals with unconventional views. Consider that we cannot depend on "anti terrorist forces" to have a broad minded tolerance and respect for first amendment rights. Will we see a return to the FBI's Cointelpro, where peaceful dissident groups were spied on and subverted in the name of national security.
The day some script kiddy can break Windows 2005 with a hack worth only $10 is the day Microsoft should be held liable for selling software not fit for its intended use.
And would you feel the same way if your parents/spouse/child were suddenly picked up by the FBI and sent to a detention camp? And if this were done based on an anonymous tip from a neighbor with a grudge? And if this were done under a sealed warrant and you had no right to hire an attorney to defend against this? This happened during WWII. It happened to my grandmother (a US citizen of German ancestry for 20 years at the time. The details including the neighbor with a grudge were revealed 40 years after the fact through a FOIA request.)
You people who advocate suspending civil liberties are the most dangerous terrorists of them all. More people have been murdered by governments in the name of "national security" than have been killed in all terrorist acts put together.
She was traveleing through Europe, was supposed to get off the train at a particular spot and missed it.
When she got off a few stops later, she was confronted by the local authorities. It scared the crap out of her
This was in the DDR about 1979. The local authorities were referred to as the "Stasi"
Sounds like we could use a few of more those Stasi folks to keep our kids in line.
Fortunately, I went through high school long ago, and was able to read and think what I wanted. Even if my parent didn't approve of it.
I appreciate hi-tech computer generated special effects. I am waiting for computer-generated plots, and computer-generated acting as well. Development of these advances in technology will advance the film making art tremedously.
Why not do what farmers in the 19th century did? They were an individualistic bunch, worked hard, believed they were the backbone of American society, and got screwed by railroad companies with a transport monopoly and banks with a finance monopoly.
They solution was to combine forces and form their own democratically owned distribution channel -- farmer's marketing cooperatives. Their combined financial resources and market clout were able to accomplish what they could not do individually. See www.cooperative.org for more info..
Is this number footnoted? Is an explanation of the methodology behind it explained? Is there an author listed for the article? If so, what is the author's credentials? Can you possibly contact the author and ask where this number came from?
Personally, I would try to find other sources for a number of this type. Open source principles apply to research as well as code. If people don't publish the "source", don't buy it!
Who would ever get hired again with the stigma of having sued their former employer?
Are we there yet?
I wish I could say the marketplace weeds out the charlatans, but it actually seems to encourage them. Ultimately, the reasons for hiring a consultant are political - to justify a decision already made, to take the fall for difficult choices (e.g., inevitable layoffs), or to provide a scapegoat for a flawed internal process. Only when the political process goes awry does the consultant suffer.
Basically, the folks hiring the consultant wouldn't know a good technical product if they stepped on it, and even if they could distinguish technical quality, its not the reason they hired the consultant to begin with.
Also, as one distant from and critical of the Major Media Machines, he may be less eager to inflict/enforce onerous copyright laws in an overzealous manner.
BTW, I didn't vote for Bush either. There is sometimes good in the positions of folks I don't generally support, and often bad in the ones I do.
A biger question - to what extent are these formal, committee-design secure systems criteria relevant to securing an open source product? What is good about them? What specifically do you find flawed or totally useless? What did you have to improvise because the methodology didn't cover it?
Unlike you, I have made many mistakes in my life. For one, I am glad my current employer has not investigated many jobs I held 15 or 20 years ago, where my performance and attitude were less than exemplary.
You may wish to consider that some people have, unlike yourself, not been born to always make the correct choices, but have sometimes had to make serious mistakes first. From these mistakes they must have the opportunity to make their lives right.
If my past mistakes will continue to penalize me, then I have no incentive to make the diffcult choice to right my path. If I am arrested for a DWI, why should I make the decision to correct my behavior, when I will be unable to find employment 10 years later regardless? If I am a foolish tennager who undertakes a bad debt, why should I even bother applying to college, knowing the debt will deny me the possibility of financial aid?
There are many, many good people around you who have at times make poor choices and managed to pull themselves out of it. People can even develop empathy, forgive other's mistakes, and give them another chance to prove themselves, if they put their minds to it.
Again, having an entire class of people who cannot enjoy the fruits of liberty EVER, who cannot ever shake the yoke of a past indescretion, is what makes a slave society.
I must assume you do not hold to Christian beliefs, otherwise you would accept that people can redeem themselves through their own efforts. This belief is fundmental to democracy and a free society, whether you consider yourself Christian or not.
Is there a reason you posted this as AC? Like you don't want to take responsibility for your own words? And you accuse me of not having a clue?
These individuals have all already paid their debt when they went through their troubling incident int the first place. Are they to be marked their entire life? Are we trying to frighten people into avoiding all risk in their life?
Since you applied a gratutitous dig against Al Gore, I will then say the essence of conservative Republicanism is to beat people when they are down. I have noticed a consistent pattern of this from folks on the right -- someone does something stupid or irresponsible, or meets with poor fortune, you take much glee out of depriving them of whatever other pleasure life may offer. You are in favor of risk taking only when it results in great wealth, never when it doesn't
The great thing about American society was supposedly your ability to remake yourself. You could, at any time, pull yourself up, and create a new life and a new career for yourself. Destroying this destroys an individual's incentive to right their lives, or even switch directions. Having an entire class of people denied these opportunities, rules by people who manage to pass the required background checks, is the negation of the democratic ideal.
My company now uses open source scanners exclusively. We do, however have our own very competent programming staff capable of reviewing and possibly modifying the code. This gives us some assurance as to what the tool is doing, and the capability of fixing problems quickly if required.
Having a security scanner malfunction due to software error is much more serious than having your word processor freeze. Malfunctioning scanners can crash servers and in general wreck havoc in networks.
The most enlightened policies will combine this with a specific list of cases where monitoring may occur (e.g., where suspicion of illegal activity exists, etc.) AND specify what authorization is required to snoop. Perhaps require two separate executive individuals to authorize, say the head of IS and HR together.
You want to assure your employee that they will be monitored only for good cause, not because some e-mail admin is really bored or some manager is paranoid.
CS will teach problem solving techniques applicable far beyond building system software. You may never code a compiler, but there are a lot of business computing problems that "look like" a compiler. A lot of manufacturing planning, for example, is very similar to CS.
Don't forget your breadth. If you find CS too narrow, do a minor in something "soft" like social sciences, history, or a foreign language. Breadth is very important to CS folks. Lots of CS graduates can write awesome code, but cannot produce a coherent written document. Programming is really about supporting human systems. Humanities and Social Sciences teach many valuable things about how humans work, how they live, how they express themselves. Your programming will be better knowing about the culture and civilzation of which your are a part!
Besides, you are only young once. Get the education you really want now!! Take a year or too longer, take time off to work if you need to.