This of course has nothing to do with blogging, as you could replace "blogging" with "making phone calls" or "mailing letters" or "stalking people at the coffee maker". It should also be noted that JSC has a fairly reasonable policy towards personal use of IT resources. It's more or less the same thing with use of phones and mail. Personal use in an unto itself isn't an issue. Personal use becomes an issue when that use incurs a undo cost to the Government, interferes with work, supports a personal business, etc. So as has been pointed out, blogging is not itself the problem.
Being a Federal employee involves a lot of extra baggage folks aren't always aware of. I wouldn't be surprised if the person in question didn't realize what they were doing was an issue. However, I also wouldn't be surprised if they did. I know a few Civil Servants who avoid going out to lunch with a vendor simply to avoid the issue of gifts (even though such lunches tend to be very productive and common-place in the private, commercial world... and even quite legal in Government circles if you're mindful of the rules).
Why would they need ISO approval to add their own extensions to their implementation of the standard? Is this some clause in the rules of the ISO that I've missed? Microsoft's Active Directory implements Kerberos. The exact implementation is an exercise I'll leave to the reader.:)
Free speech is always important, but we always have limits. In a time of war, when we're asking young men and women to risk their right to life, is it too much to ask that we take away the free speech of people who are encouraging the killing of not only those men and women, but of ourselves and our friends? Ask yourself why these men and women are risking their lives. Part of the reason is in defense of the US Constitution. I say this because I believe it. I was Active Duty while (arguably) this mess began - the Gulf War, the bombing of Khobar Towers (Dharahn used to be the cushy TDY before that). And while I did what I did for money, family, and friends... I also swore to defend the US Constitution.
It irks me to no end when people wrap themselves in the flag while failing to uphold the very core values that makes the US great. Even worse is when they actively erode those values - work to undermine our basic rights - undo the US Constitution.
Remember though, that Windows got itself onto computers via SneakerNet, before the Internet. People used Windows at work because they used it at home. Everybody I knew who had a computer got their stuff from work. Amiga's weren't designed for businesses (sigh), and Apple II's didn't have decent wordprocessing and were already overpriced, so people got XT's.. then 286's with Windows 3.11, and so on. Everybody had a pirate copy of Word and Lotus 123 and whatever. And so it went on. Memory can be an interesting, if not a bit fuzzy, phenomenon. Mine doesn't quite sync with what you've noted. Let's compare notes.
We're talking the early '80s. The 286-based IBM AT doesn't come out until 1984 (queue Apple's Mac intro commercial). Even at that point, I'd hardly call the IBM hardware a bargain. And so what microcomputer you had at home really depended on exactly what you were looking for.
The only folks I knew who had a IBM PC at home were people who's introduction to microcomputers was the IBM at work. For these folks, their ideal "home computer" was something they could use when they brought work home with them. The IBM PC doesn't become competative to well after Compaq introduces the first legal and successful (not to mention better-bang-for-buck) clone. The Tandyl 1000 pushes prices down to the $1000 mark. Around that time is when you start seeing VGA cards and the SoundBlaster that opens the multimedia gates for the now-growing clone market. But that's later.
Back in the early '80s "home computers" consist largely of Commodore Vic-20 or 64, Atari 400 or 800, TRS-80 (various models), and Apple II. The Apple offering is far more expensive but very popular. Large scale adoption by the education market only helps drive that popularity. Atari's name in computer gaming (the venerable Atari 6400) and some flashy features gives it an edge. But Commodore's price point (an unheard of ~$500) and excellent offerings makes it a run-away success (the very impressive Amiga doesn't show up until 1985).
So what does all this mean? Microcomputers had a fairly short window to sneak in to business from the home. The platform that does this is the Apple II. It is the platform on which VisiCalc is initially developed and introduces the spreadsheet. This initial surprise success turns IBM's attention to the microcomputer market â" one it had previously dismissed. And along with IBM's offerings comes something that guarantees success â" the IBM name (and existing business relationships). Apple attempts to market towards business with the unsuccessful Apple III. Tandy also attempts to do the same with it's unsuccessful TRS-80 Model III.
After that point, if you had an IBM at home it was probably due to influence from the corporate world. The IBM PC platform offered medicore support for games and other "home computing" tasks but, due to it's install base, became the defacto platform for professional applications. It isn't until the late '80s when you see a sudden downward drive in clone market pricing ("the sub-$1000 PC") coupled with associated multimedia expansion options that really drive the "IBM PC" (fast becoming "Wintel") as the defacto home platform as well.
I don't quite understand this view that violating competition laws/regulations is somehow evil. At least here in Europe, firms violate competition policy all the time, and the executives often just see it as part of their job. Firms like Microsoft only stand out because they're so big. Morality is like that. Not everyone has the same principles. The executives obviously have no moral issue with these actions. Others do. Whether they are "evil" actions depends on your point of view.
One side comment - I occasionally make the claim that Microsoft (and associated officers) are "evil." Usually its a reference to intentional incompatibilities in Microsoft products. In my mind, that is the usual kind of evil that Microsoft does. I don't expect that everyone would agree with me.
One final comment - you're stuck on this concept that small infractions aren't "evil". This isn't the case. Evil is not an absolute. Maybe I didn't stress that enough in my post. A minor infraction can still be evil even if it doesn't measure up in any way, shape, or form to a more serious act of depravity. A lesser evil is still evil.
I would hesitate to call Icahn an investor. Here is is little more than a plunderer, attempting to force yahoo into a deal that gives him a short term financial gain. Unfortunately, that's the definition of investor on Wall Street. I understand, and generally agree with, what you're saying. But I can't help to note that investors have a long tradition of plunder.:)
None of that is evil. Deplorable, yes. Despicable, yes. Devoid of ethics, yes. Evil, no. Wait. What do you think "evil" means? You might check Webster's or even throw the word at Google real quick. In short, "devoid of ethics" would fit the definition rather well.
Does Microsoft and Gates fit in the pantheon of great evil in history? I don't think so. But that's a pretty monstrous measure to be judged by. Lesser evils are still evil.
Keep in mind that two evil acts are not always equally deplorable. Context is really important.
I just have a problem with people excluding software from the "open source" party simply because it doesn't guarantee things that I personally, and obviously Microsoft too, don't care about. Like the freedom to endlessly modify software and give it away for free. But these other things that you don't care about are part of the conversation. The "Open Source" term encompass numerous concepts. They're all important as they all have different impacts and weights depending on the individual / case.
When the whole "open source" term was starting to gain increased attention (sometime in the late 90s), there was a theory that Microsoft would try to scuttle the movement by hijacking the meaning of the phrase. Really, this whole topic is far from new as this territory has been covered before. If anything, it's something akin to claiming "they're up to their old tricks again." Little wonder there are people keen to exclude Microsoft from the "open source" party, as you put it.
I concur that the meanings behind the phrase hasn't always been consistent. Digging around other conversations on the subject casts some doubt over exactly who coined the phrase and the exact dates involved (I've even found some usenet references that imply a definition in line with yours). And as I noted, "open" in the IT industry has implied numerous meanings. But by the time the term was gaining widespread attention (and widespread use), the conversation was around the concepts defined in OSI's definition.
Even if OSI hijacked the term, it doesn't discount the idea that an entity (Microsoft include) isn't intent on hijacking it again... even if that act is an attempt to redefine the phrase to a previous definition.
There are licenses I and many others would completely consider open source because they satisfy the reasons I want access to source code, namely transparency, in that i can see what the code is supposed to be doing if it does something weird, lack of secret backdoors, and "eyes on the code". Simply having access to the source code satisfies all of these things, and I would argue these are actually the biggest strengths of open source, free software and the like, so I'm not in any big hurry to lump all these other conditions, especially things that have NOTHING to do with being open in the first place, into a term that clearly doesn't mean what the OSI wants it to mean. The problem again is that "open" means one thing to you and something else to others. It isn't as simple as you're insisting on trying to make it.
Transparency isn't the be-all, end-all when discussing "open source". It is one aspect of what makes something open. Access to source code is old hat. The conversations about "open source" go beyond that.
That's where OSI's definition comes in. With all the discussion about "open source" and value put in to the concept... the easiest way to derail the conversation is by shifting the meaning of the phrase. The OSI definition defines the context that most people use.
And again, the OSI definition of open sounds perfectly sane to me. Apparently it goes well beyond what you think it should. That's what I find interesting.
Did OSI choose the wrong words? Eh. Maybe. I have no idea what a better phrase would be. We could have the same argument over "free software." If we really wanted to play pedantic games, we could probably find other phrases made of common words with multiple meanings and argue about what those phrases mean as well.
The thing is, by the time OSI had published their definition, a general understanding of the phrase "open source" had taken form (although there were early attempts by marketing machines to redefine that conversation). OSI didn't just pick it out of nowhere. Today that definition is either exactly, or pretty close, to what most people mean when they talk about open source (others use the phrase without any real understanding what it means - but that's another issue).
Your view of what "open" means... or how "open" something needs to be might be completely different than mine or someone else's. But we're not going to get anywhere by looking up "open" in the dictionary.
You proved my point, an open house doesn't mean you can take the house and burn it down though, nor can you give the house away or recarpet the living room. OK. Sure. But you're talking realestate. We're talking software here. Open Source does not imply that the code is available for public perusal by potential buyers, as would an open house. Likewise its not ready for business (open business). Nor is it uncovered (open fire). Before we get caught up in the semantics of bad analogies, let's get back to the point.
Your contention is that "open" is obvious and self-evident. That is clearly not the case. Even in your provided analogy.
You may not agree with how OSI is defining the phrase. But that's another issue.
What Google defines as "open" which it claims is related to it's definition of open source. The interesting thing here is that these "definitions" come from actual use of the words. And while you may claim a certain meaning behind "open source" (as would those who have a need to market against it), it is commonly being used in a different way (even if some of those are wrong... i.e. "Software that is free from copyright and as a result, can be used and adjusted by everyone. An example of open source software is the operating system Linux.").
The problem is that "open" means different things based on context. Your house example is a perfect. You claim that having an open house doesn't mean people can walk inside. Yet if a real estate agent announces that your house is an "open house" it means they are inviting the public (prospective buyers) inside.
Likewise, "open" can have a completely different meaning within IT. We have "open protocols" as well as "open source." That doesn't mean that one can simply observe the protocol. It also implies an ability to understand and interact with it. Likewise, "open source" is more than just being able to see source code. Incidentally, Open Source as defined by the OSI definition isn't a free-for-all either. There's still licensing involved. And I do agree that the devil's in those details.
Physical security concepts do not always translate well in to Information Security. Sure, there's some overlap between the two realms. And sometimes it is convenient to use physical security analogies to describe information security concepts. But ultimately the two are very different.
These subtle and not-so-subtle differences seem to be lost on many who's understanding is based on physical security. They are often hell-bent on applying what they know to this new realm. And because of this, many of their actions are doomed to fail in subtle and not-so-subtle ways.
The fundamental difference between these two realms are the rules by which they work. The physical world is governed by the laws of physics â" or at least our understanding of them. Advancements in technology allow us access to capabilities that our adversaries might not even know are possible. But at best, that's a slight tweak to what is, ultimately, a fairly static reality.
Information security, however, exists in a world of protocols and environments that are entirely of our own choosing. There are market and functional pressures that impact those choices. But ultimately, if a protocol or environment fails, it can be replaced with a better protocol or environment. Or we simply turn it off.
Force is a necessity in the physical security world. It is the ultimate method to implementing one's will. In the physical world you apply force to prevent an adversary from going from Point A to Point B. The laws of physics otherwise allows your adversary free rein to go where they want. Within the information security realm, you change peering, protocols, platforms, etc. and your adversary has an entirely different set of rules to deal with.
With that in mind, I really wonder what the application of a military botnet would be. There are a lot more efficient ways of dealing with an attacker than launching a DoS attack against the target. The only useful scenario that comes to mind is if one is launching an attack at a C&C target.
Open Source is the opposite of Closed Source. Its quite clear english as far as I'm concerned.
However, the OSI and others step in and add conditions to an otherwise clear phrase. Open Source is open, but also you can do whatever you want with it, etc. What's interesting about this conversation is that people have such a distinct impression on what is clear and what isn't. So what exactly does "Open Source" and "Closed Source" mean? What makes them opposites?
Is visibility of source code the definition? Does that make all web-based applications "Open Source"? How about any other uncompiled script? If I have a special agreement with a software publisher that gets me access to source code, does it now become "Open Source"? Does seeing source code but not being able to use it conflict with the idea of being "open"? And if so - exactly what use does one expect before one is satisfied on openess?
You say OSI has added conditions to a clear phrase. It seems to me that they've clarified it.
Tune out what they say. Focus on what they are and what they do. Structure your involvement with them accordingly. End of story. If you aren't a part of the conversation, you get no say. People do listen to Microsoft even if you don't want to.
The OSI did not invent the term "Open Source". The phrase means only that you can get and use the source code, NOT that you can redistribute works based on it. We have a name for code with licenses like that already, it's called "Free Software". What makes "Free Software" and less ambiguous than "Open Source"? There's been plenty of discussion on that subject that covers the confusion of that phrase. Although I'd expect a fair amount of folks around these parts would associated "Free Software" with the Free Software Foundation and/or GNU project.
And that's the core of the issue. Who gets to define what a phrase means? Some phrases gain special meaning - even when they consist of common words. If the meaning of a phrase has certain value, you can expect people to make an effort to alter that meaning to meet their goals.
Who gets to define what "Open Source", "Free Software", "Windows", "Solaris", or "Apple" means? None of these phrases are really all that unique in the English language. Yet they all have very distinct meanings in the IT industry.
It's one thing to argue that the new laws were unnecessary, but are you really saying it's a bad thing to use them to solve other crimes? Yes, they may be trivial crimes listed, but they are still crimes. I believe the point is that these powers were sold as necissary to battle dire threats. If it turns out that they're only useful for solving petty crime then it raises the question of whether the trade of civil liberty was really worth it.
Sure - police using the tools they have available to deal with all manner of crime makes sense. Whether they should continue to have access to those tools is the question.
I wouldn't be so quick to dismiss the IP rights issue. Counterfeiting is all about IP rights. The law doesn't differentiate between you producing knock-off fashion items, work-alike network gear, or burning copies of a music album or movie. Expect these kinds of stories to show up more as pushes are made to put more teeth behind these laws. The same laws that most benefit hot-button topics for the Media industries.
Having said that - I would agree that counterfeit gear is a real issue with real potential impact.
Slashdot Mirror
Being a Federal employee involves a lot of extra baggage folks aren't always aware of. I wouldn't be surprised if the person in question didn't realize what they were doing was an issue. However, I also wouldn't be surprised if they did. I know a few Civil Servants who avoid going out to lunch with a vendor simply to avoid the issue of gifts (even though such lunches tend to be very productive and common-place in the private, commercial world... and even quite legal in Government circles if you're mindful of the rules).
That sounds like something a shark would say.
AKA the dancing pig problem.
That's because you just don't understand the magic system or how to manage aggro.
Microsoft Bob.
There's a "whale biologist" joke in here somewhere. But I'm too lazy to work it out. ...whale biologist?
It irks me to no end when people wrap themselves in the flag while failing to uphold the very core values that makes the US great. Even worse is when they actively erode those values - work to undermine our basic rights - undo the US Constitution.
We're talking the early '80s. The 286-based IBM AT doesn't come out until 1984 (queue Apple's Mac intro commercial). Even at that point, I'd hardly call the IBM hardware a bargain. And so what microcomputer you had at home really depended on exactly what you were looking for.
The only folks I knew who had a IBM PC at home were people who's introduction to microcomputers was the IBM at work. For these folks, their ideal "home computer" was something they could use when they brought work home with them. The IBM PC doesn't become competative to well after Compaq introduces the first legal and successful (not to mention better-bang-for-buck) clone. The Tandyl 1000 pushes prices down to the $1000 mark. Around that time is when you start seeing VGA cards and the SoundBlaster that opens the multimedia gates for the now-growing clone market. But that's later.
Back in the early '80s "home computers" consist largely of Commodore Vic-20 or 64, Atari 400 or 800, TRS-80 (various models), and Apple II. The Apple offering is far more expensive but very popular. Large scale adoption by the education market only helps drive that popularity. Atari's name in computer gaming (the venerable Atari 6400) and some flashy features gives it an edge. But Commodore's price point (an unheard of ~$500) and excellent offerings makes it a run-away success (the very impressive Amiga doesn't show up until 1985).
So what does all this mean? Microcomputers had a fairly short window to sneak in to business from the home. The platform that does this is the Apple II. It is the platform on which VisiCalc is initially developed and introduces the spreadsheet. This initial surprise success turns IBM's attention to the microcomputer market â" one it had previously dismissed. And along with IBM's offerings comes something that guarantees success â" the IBM name (and existing business relationships). Apple attempts to market towards business with the unsuccessful Apple III. Tandy also attempts to do the same with it's unsuccessful TRS-80 Model III.
After that point, if you had an IBM at home it was probably due to influence from the corporate world. The IBM PC platform offered medicore support for games and other "home computing" tasks but, due to it's install base, became the defacto platform for professional applications. It isn't until the late '80s when you see a sudden downward drive in clone market pricing ("the sub-$1000 PC") coupled with associated multimedia expansion options that really drive the "IBM PC" (fast becoming "Wintel") as the defacto home platform as well.
BTFB - buy the f'n book?
One side comment - I occasionally make the claim that Microsoft (and associated officers) are "evil." Usually its a reference to intentional incompatibilities in Microsoft products. In my mind, that is the usual kind of evil that Microsoft does. I don't expect that everyone would agree with me.
One final comment - you're stuck on this concept that small infractions aren't "evil". This isn't the case. Evil is not an absolute. Maybe I didn't stress that enough in my post. A minor infraction can still be evil even if it doesn't measure up in any way, shape, or form to a more serious act of depravity. A lesser evil is still evil.
Does Microsoft and Gates fit in the pantheon of great evil in history? I don't think so. But that's a pretty monstrous measure to be judged by. Lesser evils are still evil.
Keep in mind that two evil acts are not always equally deplorable. Context is really important.
When the whole "open source" term was starting to gain increased attention (sometime in the late 90s), there was a theory that Microsoft would try to scuttle the movement by hijacking the meaning of the phrase. Really, this whole topic is far from new as this territory has been covered before. If anything, it's something akin to claiming "they're up to their old tricks again." Little wonder there are people keen to exclude Microsoft from the "open source" party, as you put it.
I concur that the meanings behind the phrase hasn't always been consistent. Digging around other conversations on the subject casts some doubt over exactly who coined the phrase and the exact dates involved (I've even found some usenet references that imply a definition in line with yours). And as I noted, "open" in the IT industry has implied numerous meanings. But by the time the term was gaining widespread attention (and widespread use), the conversation was around the concepts defined in OSI's definition.
Even if OSI hijacked the term, it doesn't discount the idea that an entity (Microsoft include) isn't intent on hijacking it again... even if that act is an attempt to redefine the phrase to a previous definition.
Transparency isn't the be-all, end-all when discussing "open source". It is one aspect of what makes something open. Access to source code is old hat. The conversations about "open source" go beyond that.
That's where OSI's definition comes in. With all the discussion about "open source" and value put in to the concept... the easiest way to derail the conversation is by shifting the meaning of the phrase. The OSI definition defines the context that most people use.
And again, the OSI definition of open sounds perfectly sane to me. Apparently it goes well beyond what you think it should. That's what I find interesting.
Did OSI choose the wrong words? Eh. Maybe. I have no idea what a better phrase would be. We could have the same argument over "free software." If we really wanted to play pedantic games, we could probably find other phrases made of common words with multiple meanings and argue about what those phrases mean as well.
The thing is, by the time OSI had published their definition, a general understanding of the phrase "open source" had taken form (although there were early attempts by marketing machines to redefine that conversation). OSI didn't just pick it out of nowhere. Today that definition is either exactly, or pretty close, to what most people mean when they talk about open source (others use the phrase without any real understanding what it means - but that's another issue).
Your view of what "open" means... or how "open" something needs to be might be completely different than mine or someone else's. But we're not going to get anywhere by looking up "open" in the dictionary.
Your contention is that "open" is obvious and self-evident. That is clearly not the case. Even in your provided analogy.
You may not agree with how OSI is defining the phrase. But that's another issue.
What Google defines as "open" which it claims is related to it's definition of open source. The interesting thing here is that these "definitions" come from actual use of the words. And while you may claim a certain meaning behind "open source" (as would those who have a need to market against it), it is commonly being used in a different way (even if some of those are wrong... i.e. "Software that is free from copyright and as a result, can be used and adjusted by everyone. An example of open source software is the operating system Linux.").
The problem is that "open" means different things based on context. Your house example is a perfect. You claim that having an open house doesn't mean people can walk inside. Yet if a real estate agent announces that your house is an "open house" it means they are inviting the public (prospective buyers) inside.
Likewise, "open" can have a completely different meaning within IT. We have "open protocols" as well as "open source." That doesn't mean that one can simply observe the protocol. It also implies an ability to understand and interact with it. Likewise, "open source" is more than just being able to see source code. Incidentally, Open Source as defined by the OSI definition isn't a free-for-all either. There's still licensing involved. And I do agree that the devil's in those details.
Physical security concepts do not always translate well in to Information Security. Sure, there's some overlap between the two realms. And sometimes it is convenient to use physical security analogies to describe information security concepts. But ultimately the two are very different.
These subtle and not-so-subtle differences seem to be lost on many who's understanding is based on physical security. They are often hell-bent on applying what they know to this new realm. And because of this, many of their actions are doomed to fail in subtle and not-so-subtle ways.
The fundamental difference between these two realms are the rules by which they work. The physical world is governed by the laws of physics â" or at least our understanding of them. Advancements in technology allow us access to capabilities that our adversaries might not even know are possible. But at best, that's a slight tweak to what is, ultimately, a fairly static reality.
Information security, however, exists in a world of protocols and environments that are entirely of our own choosing. There are market and functional pressures that impact those choices. But ultimately, if a protocol or environment fails, it can be replaced with a better protocol or environment. Or we simply turn it off.
Force is a necessity in the physical security world. It is the ultimate method to implementing one's will. In the physical world you apply force to prevent an adversary from going from Point A to Point B. The laws of physics otherwise allows your adversary free rein to go where they want. Within the information security realm, you change peering, protocols, platforms, etc. and your adversary has an entirely different set of rules to deal with.
With that in mind, I really wonder what the application of a military botnet would be. There are a lot more efficient ways of dealing with an attacker than launching a DoS attack against the target. The only useful scenario that comes to mind is if one is launching an attack at a C&C target.
However, the OSI and others step in and add conditions to an otherwise clear phrase. Open Source is open, but also you can do whatever you want with it, etc. What's interesting about this conversation is that people have such a distinct impression on what is clear and what isn't. So what exactly does "Open Source" and "Closed Source" mean? What makes them opposites?
Is visibility of source code the definition? Does that make all web-based applications "Open Source"? How about any other uncompiled script? If I have a special agreement with a software publisher that gets me access to source code, does it now become "Open Source"? Does seeing source code but not being able to use it conflict with the idea of being "open"? And if so - exactly what use does one expect before one is satisfied on openess?
You say OSI has added conditions to a clear phrase. It seems to me that they've clarified it.
And that's the core of the issue. Who gets to define what a phrase means? Some phrases gain special meaning - even when they consist of common words. If the meaning of a phrase has certain value, you can expect people to make an effort to alter that meaning to meet their goals.
Who gets to define what "Open Source", "Free Software", "Windows", "Solaris", or "Apple" means? None of these phrases are really all that unique in the English language. Yet they all have very distinct meanings in the IT industry.
Sure - police using the tools they have available to deal with all manner of crime makes sense. Whether they should continue to have access to those tools is the question.
I wouldn't be so quick to dismiss the IP rights issue. Counterfeiting is all about IP rights. The law doesn't differentiate between you producing knock-off fashion items, work-alike network gear, or burning copies of a music album or movie. Expect these kinds of stories to show up more as pushes are made to put more teeth behind these laws. The same laws that most benefit hot-button topics for the Media industries.
Having said that - I would agree that counterfeit gear is a real issue with real potential impact.