Microsoft Battles Free Software at Pentagon 716
Spirit of Ishmael writes "The May 22 Washington Post is running a story under the headline Microsoft Fights Free Software at Pentagon. According to the story: 'Microsoft Corp. is aggressively lobbying the Pentagon to squelch its growing use of freely distributed computer software and switch to proprietary systems such as those sold by the software giant, according to officials familiar with the campaign.'"
Nothing like drumming up business for yourself (Score:3, Insightful)
Actually.. (Score:4, Insightful)
And hey--isn't MS currently at court for being over-eager? Going after the gov't after that just seems like a little kid who's just gotten a spanking going right back to the cookie jar.
-Sara
Re:Actually.. (Score:3, Insightful)
Hmm, would that be the same closed source that apparently (although MSFT later denied it) leaked out to some foreign crackers that had infiltrated Microsoft's internal network for a couple of months last year?
Oh, wait, that was before the four weeks of "security related" bug fixing last February. Okay, everything's fine now. Just a small leak, really.
Re:Actually.. (Score:5, Insightful)
Not even the source code. They said that they couldn't reveal certain APIs and protocols even. That's fucking sad.
Re:Freedom Of Information Act (Score:3, Insightful)
Actually the programs are not the important thing, the data generated by them is. Just because a document is written in Abiword, it is not public domain. Neither is any set of calculations done with Octave automatically GPL'd. Most importantly all data stored on a Samba file server is not therefore Public Domain or GPL.
All of these are perfectly good uses for open source. In Addition, these programs (and an underlying Open Source OS) all also provide the benefit of being easily audited for security (and fixed). All upsides here...
Re:Nothing like drumming up business for yourself (Score:5, Informative)
Re:Nothing like drumming up business for yourself (Score:4, Informative)
What this means is that a large number of its employees have advanced degrees - especially Ph.Ds - in scientific fields, so they have probably done their share of academic research in various *nices. They're used to it, and it's definitely pervasive throughout the company - plenty of Linux machines as well as Solaris and others - because they know they can use it for research and they don't have to worry about government licensing and other paperwork when buying their own equipment. They're free to push these systems all they want because they know they work and they have plenty of freedoms that a normal government agency might not have.
Whose software? (Score:4, Interesting)
Jonathan Shapiro, who teaches computer science at Johns Hopkins University, said: "There is data that when the customer can inspect the code the vendor is more responsive. . . . Microsoft is in a very weak position to make this argument. Whose software is the largest, most consistent source of security flaws? It's Microsoft."
As ye sew, so shall ye reap, I guess.
This article was so full of typical Microsoft FUD, but it hit one or two points very clearly:
The Gub'ment is savin' your tax dollers by usin' that open source Linux thingy!
Re:Whose software? (Score:3, Insightful)
But, then, I am a little out of date.
Quote... (Score:2)
I wonder why?
MS vs National Security (Score:4, Informative)
"a senior Microsoft Corp. executive [who] told a federal court last week that sharing information with competitors could damage national security and even threaten the U.S. war effort in Afghanistan. He later acknowledged that some Microsoft code was so flawed it could not be safely disclosed."
Which would be a national security threat?
And they wonder why the Pentagon is Doubtful?
It certainly doiesn't sound like something worthy of milspec regulations.
Re:Quote... (Score:2)
last paragraph (Score:2)
Stenbit said the debate is academic and that what matters is how secure a given piece of software is. To that end, the Defense Department is now prohibited from purchasing any software that has not undergone security testing by the NSA. Stenbit said he is unaware of any open-source software that has been tested.
so they can use it because it wasn't purchased? talk about a loophole!
Re:last paragraph (Score:2)
Re:last paragraph (Score:2)
http://www.nsa.gov/selinux/download2.html
I believe that is a NSA link to a slew of Security Enhancements to Linux, hell even updated as far as 2.4.18
My guess behind the DOD push to rid most Win boxes is the Deceptive Duo giving a poke at the weak administration, servers, and default passwords left all over sensitive servers.
Re:last paragraph (Score:5, Insightful)
Microsoft is trying to get Windows 2000 approved under the new scheme, but hasn't succeeded yet.
Security Risk (Score:2, Funny)
Re:Security Risk (Score:3, Funny)
MS basically told the government "hey, you know that stuff we sold ya? it's CRAP! we pocketed the money! We ripped of you AND your country, and most of the world for that matter! but, we don't want to hurt your feelings, so we're gonna focus on fixing it, 'security is our top priority'....not really, we're just gonna 'start from scratch,' with the same old code and sell it to you for twice the price! muahahaha....wait, where are you going? nonono, open source is bad, remember!? Bad USA!....doh!!"
as my dad is fond of saying, "they just stepped on their own dick."
What are their selling points? (Score:5, Funny)
Re:What are their selling points? (Score:3, Interesting)
Re:What are their selling points? (Score:3, Interesting)
That particular piece of FUD was troubling to me, as it means that Microsoft thinks that the political climate is safe for them to say that publicly funded work should not be released to the public domain, but rather should be used to enrich a particular set of people (i.e., them).
It troubles me that people think they can make that claim in public, because it says to me that people are really buying this crap that in order to provide jobs for the middle class, you've got to mollify every little whim of the captains of industry. I don't think it's wise for government to alienate industry entirely, but it does need to make sure industry knows who's ultimately in charge. Time for some balance.
Re:What are their selling points? (Score:3, Interesting)
Re:What are their selling points? (Score:5, Insightful)
Of course I'm being sarcastic, but how far is that from some people's thinking?
Government managers pride themselves on how much they spend and how many people they command, not on how much they save. Keep in mind that they cannot turn a profit or even show a savings - that's suicide - much more so than having your project fail spectacularly.
Bureaucracies often need to be able to quantify their logic (to avoid actual thought?) - so perhaps Linux should just cost more up front? That would make it a lot easier to go over budget later...
Of course it doesn't help that there is no recognized equivalent to the MCSE program - how do you then justify who you hire? Slashdot karma? I know there is the Red Hat program, but does that really carry much weight in government hiring?
Cheers,
Jim in Tokyo
Re:What are their selling points? (Score:4, Insightful)
Nah - what you need is to sell the idea of a support team being cheaper than the propietary software. That way the empire builder manger types can justify enlarging their kindom of employees, and still claim to be saving money.
"Yes I hired more support staff, but I would have spent even more if I hadn't used Linux..."
-- This is not a
Re:What are their selling points? (Score:3, Insightful)
The comercial distros for things like HP-UX, the large IBM boxes/mainframes are not free. GPL, perhaps... but not free as in beer.
Whoa - no offense! (Score:3, Insightful)
What I was saying is that the MCSE program has way better brand recognition than anything Linux has to offer. Everybody's heard of it and frankly, outside of slashdot, it's rarely something to be ridiculed for.
My point was, there's a lot of people out there who are really qualified in Linux who are not certified in any manner. (Are RMS, Linus Torvalds and Alan Cox certified?)
Plus, making MCSEs into dogfood would be cruel. No dog deserves that...
Cheers,
Jim in Tokyo
Real people ridicule MCSEs (Score:5, Insightful)
I've been writing software in PHP for an employment agency for the last year. I have had to work closely with our employment consultants to see how they work, what they think is important to know about candidates, vacancies and companies. None of them read
When our IT staff hear about someone with an MCSE their immediate reaction is "Get to the back of the queue with all the others."
MCSE may have incredible brand recognition, but that works against it being useful to employers. Everyone knows about it, it's marketed as the must-have qualification, so a candidate spends the money, spends some time, and as long as they have a certain IQ level, an MCSE comes out of the 'certification' slot on the Microsoft machine. Result - millions of MCSEs.
The first thing employers care about is work experience. They can call your last employer and ask how good you were. In 30 seconds they can make a decision. The second most important facto they consider is your real tertiary qualifications.
Last and least are the one-day courses, the part-time courses, and the MCSEs.
Re:Real people ridicule MCSEs (Score:3, Funny)
I'm wondering... (Score:2, Interesting)
NSA's Security-Enhanced Linux (Score:2, Informative)
Re:I'm wondering... (Score:2)
So what? (Score:2, Insightful)
Microsoft Corp. is aggressively lobbying the Pentagon to squelch its growing use of freely distributed computer software and switch to proprietary systems such as those sold by the software giant, according to officials familiar with the campaign.
And in other news, Burger King is "aggressively lobbying" me to switch to eating Whoppers instead of Big Macs. What is the story here?
So what, Microsoft shouldn't even be allowed to market its product? It's somehow evil for them to try and make the case for their products being superior?
This article is just idiotic and inflammatory.
Missed the word BANNED (Score:3, Interesting)
I am not aware that BK is trying to make your intake of Whoppers conditional of not eating Big Macs anymore.
Re:So what? (Score:3)
1. Outright lying
2. Spreading FUD
But whats new?
None of that, the real news is that the government is weighing up the options of open-source and closed source, and its a great time for people to lobby the representatives about this sorta thing.
Besides, i would of though an article about which type of software is running the defense software would be interesting.
Re:So what? (Score:4, Interesting)
Nothing at all, of course! It is perfectly normal and acceptable for companies, especially in a troubled economy, to pare back and focus on their core competencies. The Post article is irresponsibly making a fuss over Microsoft leveraging two of its well-demonstrated core competencies: lying to the government and subverting democracy. These essential skills are central to Microsoft's operation, and it's an abuse of free speech to present them as something dangerous -- worse, it might panic the consumers!
Unquestionably, it is "idiotic and inflammatory", as you point out, for the newspaper of record in our nation's capital to report on these perfectly normal goings-on. The matter of which development efforts are funded by our tax monies has no bearing whatsoever on the public interest. It may be safely left up to our trusted government agencies and their staunch allies in large corporations and special interest groups.
After all, what would we commoners have to tell them? They're the experts, and should be left to run the military and the government without any bother from us civilians. And under our sacred and inviolable system of government, power vests in the State, its Employees, and its Contractors -- not in the unwashed masses. For a so-called "newspaper" to "inform" us about the government's activities is nothing short of treason.
the negotiation (Score:5, Funny)
Pentagon: But Window's isn't very secure
Microsoft: Security is our number one mission
Pentagon: Linux is free
Microsoft: It will cost you more in the long run, allow us to fly you over to Redmond to find out why.
Pentagon: Lunix is open source
Microsoft: Open source is EVIL
Pentagon: Microsoft is anticompetitive
Microsoft: That's the way of the ecosystem, the small fish eat the big fish. We just want to be free to innovate.
Pentagon: Ok, we are convinced. Here is an order for 100 million for all our 200,000 employees.
Microsoft: Make it 200 million and we will give you up to three seats per person.
Pentagon: Deal.
Ironic... (Score:2, Insightful)
Think about that for a second, really. I usually *try* to avoid blindly hating Microsoft, and fail miserably, probably because of things like this.
Well, I'm probably mistaken. Lemme know if I'm wrong.
any lawyers in the house? (Score:3, Insightful)
Can any lawyers tell us how in the hell this might even be remotely plausible? Is it possible that there might be *anything* to such a claim that using both free and non-free commercial software might violate the IP rights of the commercial vendor? This sounds like good old MS FUD, but usually there is some tiny scrap of reality at the base of their sand castle. I can't believe this might be true, but IANAL.
Comment removed (Score:4, Insightful)
No, no, and again, no (Score:5, Interesting)
I can make a derivative work with your posting and try to Open Content it, but all the means is that I had no right to Open Content your post in the first place. Nothing I do can aquire those rights by fiat. Nothing I do can obligate you without your consent.
This line from Microsoft angers me, because it goes beyond FUD, beyond number juggling, beyond threats, beyond monopolistic manipulation. It's not FUD, it's another three-letter word you may be familiar with: L I E . It's a flat-out lie. And they know it.
"Murky"? (Score:3, Interesting)
The only way I can think of that using Free Software would "violate [Microsoft's] intellectual property rights" would be if their EULA or contract with their customer prohibited it. But that's not even a matter of intellectual property rights[1], that would be contract law (in the case of an actual contract, or if we assume that EULAs are, in fact, legally binding).
Now, I understand why Microsoft is trying to muddy the waters, but why in the world is the DoD playing along?
[1]Remember, the all-encompassing phrase "intellectual property" covers three nebulously-related yet disparate parts of the law: trademarks, copyrights, and patents. It does not refer to contracts, in the common usage of the term.
Re:"Murky"? (Score:3, Funny)
Spoken like a man who was never in the military. As a veteran let me assure you that the DOD is playing along because they are profoundly stupid people. MS said something and they believed it. They are not used to questioning authority in the first place.
Tax $$ (Score:2)
I get very grumpy when I see my tax dollars wasted - especially on the local level, because I know of so many things here in my city that money could be going for. Then, to hear it being wasted on the federal level seems even more wasteful because I know its not in the hundred of thousands range but yet in the thousands of millions range.
Re:Tax $$ (Score:4, Interesting)
The fact that MS can lobby the pentagon (the *pentagon* for crissakes) speaks volumes about how much corporations run this country. The pentagon should tell MS to fuck off - if they want to whine about it, they can make an appeal to congress or some such. The military is supposed to be insulated to some extent from this kind of crap.
If I were running the pentagon, I'd kick those slick backstabbers out on their asses -- "we'll call you if we have any questions".
National Insecurity? (Score:5, Insightful)
Re:National Insecurity? (Score:5, Interesting)
One has to wonder how selling the Pentagon software with SEVERE, KNOWN FLAWS that threaten NATIONAL SECURITY is *not* treason... What ecaxtly could a spy sell to the U.S. that is worse than that?
Re:National Insecurity? (Score:3, Interesting)
Re:National Insecurity? (Score:3, Funny)
Re:National Insecurity? (Score:4, Funny)
Re:National Insecurity? (Score:4, Interesting)
Hello! The NSA has their own freaking linux distribution. I don't think you can get more undergone than that.
Free as in speech -- not beer (Score:3, Insightful)
People will often 'purchase' free software because they wish to support the work of those who are supporting it, or because they wish to access support or other special packages that the seller makes available with a purchase.
Some companies purchase 'free' software because it makes the accounting department happier.
Re:National Insecurity? (Score:4, Interesting)
(you might consider that absurd until you've seen some of the submissions made to the courts by Microsoft's lawyers)
Another bad business decision by MS (Score:2)
My personal experience with the Pentagon, the Hoffman Building (Army Personnel) and National Guard Bureau is: "if MS makes anything remotely like what you need we will buy MS". It amazes me that I have been told that Apache is not acceptable because it is free, so use IIS.
Anyway, you should all think the above statements are increadibly senseless, that just accentuates my old frustration. Bottom line, MS need not waste money on a sales crew for the Pentagon, the people in the building are beating down microsoft.com to purchase IIS and MS SQL crap with their government credit cards.
Post Article Does A Poor Job... (Score:2)
...of presenting the real issue: GPL vs. BSD and other licenses that allow proprietary forking. It's the GPL that MSFT really hates. If all I had was the article to go on, I'd get the impression that MSFT hates all free software and we know that isn't true.
what amazes me is... (Score:4, Insightful)
What has me truly amazed is that Microsoft is now fighting against the world. Think about it... most companies battle their competitors. Microsoft has become so big and rich that they no longer have any individual competitors. The "competition" consists of people who do good things, often for free. God forbid the government give money to people who do good things.
And, of course open source is un-American! In the sense that "American" implies elitist, exclusive, arrogant, and imperialistic.
DOD is actually a significant contributor (Score:3, Informative)
I highly hope that no nations nuclear missiles are controlled by windows (or wince)
Microsoft Battles Pentagon? (Score:5, Funny)
Unfortunately, the fighting skills of Voltron may be somewhat hindered by the tension between RMS and Linus re: who drives the black lion. Luckily Jeremy Allison & Miguel Icaza will be around to form the blazing sword...
The surprise for this battle will be the deadly form Microsoft takes to wage its evil aggression - hopefully it will be something more impressive (and less boringly obvious) than a Borg cube - a many-tentacled Ro-Beast (labelled Standard Oil^H^H^H OS) would be a good starting point.
But whatever the MS-Beast's final deadly form, we know it'll be ugly!
P.S.
Doesn't the government? (Score:5, Funny)
How does M$ expect to beat free?
Will the US follow Peru's lead? (Score:5, Insightful)
The Navy Loves Windows NT! (Score:5, Informative)
At least with an open source system, they could have patched the code and moved on. But with the closed source Windows NT system, the USS Yorktown had to be towed into harbor and let the boys from Redmond check under the hood.
Thank God it was peacetime..
Re:The Navy Loves Windows NT! (Score:4, Interesting)
The fact of the matter is that the Navy, like any other large beuracracy, has all sorts of mutually-antagonistic factions that love or hate various systems more for internal political reasons than for their inherent value.
My old group (the Marine Systems division of Lockheed Martin - great bunch of guys and gals...) developed and maintained the engine control systems for all of the Navy's guided-missile destroyers. This class of ship has been around for a while, so it was originally developed using technologies that are incredibly outdated by today's standards. The sensible thing to do with such a system is to slowily modernize things, with an eye towards longevity and maintainability.
You first have to realise that Naval systems have to be way more reliable than your average PC. The open ocean is not kind to electronics, and warfare certainly isn't. The shock and vibration requirements are unreal (like 100G's). The sailors might all die, but the engines would be just fine. I guess the ship would be puttering around in a big circle in the open ocean.
Also, you must realise that it is considered a disgrace for a captain to have his ship towed back to port. Thus naval engine control systems have to be very reliable, or captains are very unhappy with you. It was not unheard of for our engineers to get woken up in the middle of the night and flown to a diabled destroyer via heliocopter to fix a bug, rather than have it towed in. So a "tow-in" bug is even worse than it sounds to an uniformed civilian. Nasty things happen that a peon like me doesn't really want to think about.
For that reason, the natural and sensible route is to update these systems using Naval-standard COTS hardware (HP/UX based), and to develop all new software in Ada (the only language designed for use in "life-critical" applications), using accepted (and time-consuming) software development processes.
However, there was an R&D branch of the Navy that was investigating use of all sorts of new unproven technologies. In this case, they were using C++, expert systems, common 'PC's, and lassise-faire development processes. Experimenting is what R&D folks should be doing, so that's all good. But these technologies are notoriously bug-ridden, compared to what we were using in the actual fleet. We didn't bid on the R&D stuff, (I'm not sure why), so it went to a competitor of ours who I won't name. (But who's initials are CAE
Now of course the commander who has the R&D folks under his command wants to see his stuff used, as that will validate his R&D group, and of course give him a good reason for an increase in funding. So he fights hard to get us thrown off of all future contracts, and our competitors on. But the other Naval oganizations have a lot invested in our stuff, and the captains are understandably leery of massive changes. It probably didn't hurt us any that our competitor was a Canadian company too. So its a big hard political battle, with us mostly winning. I'd like to think this was a victory of reliability and proven techniques over fashion and flash, but I'm not that naieve.
However, apparently they did manage to get the R&D system put on one ship as a test case. Probably it had something to do with CAE having a better position in Crusiers than us. Imagine the captain's displeasure, and our secret delight, when that system failed in the middle of the ocean and the ship had to be towed back.
The moral of the story is that you can probably get something thrown together with whatever's considered "cool" today and that might make it an easier sell, but if you *need* reliablity, you use Unix and Ada, and good software development processes.
(disclaimer: I currently work for a competitor to CAE in a different market.)
Re:The Navy Loves Windows NT! (Score:3, Informative)
Actually Rational (the compiler and process folks) did an exhaustive study on this. Their findings were that they had about 2x the productivity in Ada than they did in C, and 1/4th the bugs. You can read the findings [rational.com] yourself
(Note: before you post replies with possible reasons why their results were wrong, read the study. Just about every flaw imagineable was looked into.)
Its very tough to do such studies, so there isn't a lot of other studies around for comparison. I'm aware of a couple of other informal ones with CS students, (which were interesting, but I wouldn't bet my project on) and that's about it. Rational just happened to have the data available and the expertise to study it. But even the infomal studies I've seen give Ada the nod for reliability. The only thing that seems to come close is Java.
This makes sense when you consider that Ada is the only language that was designed from the start for use in "life-critical" applications.
Most compiler vendors in general have gone out of business, so that really doesn't mean much. What is significant is that there are 4 (perhaps more I don't know about) Ada compiler vendors currently supporting Windows, which is more than can be said for C++ and Java.
As for Ada being a great OpenSource project you are right, but not for the reason you think. I guess you didn't realise that the Gnu Ada compiler not only exists, but is now in the official gcc baseline.
However, I've always had great support from my proprietary compiler vendors too. I'd love to see someone try to get the level of vendor support I recieve from GreenHills and Aonix from Microsoft for VC++.
ACT [gnat.com] is actually one of the very few Free Software commercial success stories, so you are quite likely to hear about them if you ever attend an RMS talk. I've seen no less than 3 transcripts where he mentioned them or their Gnu Ada compiler in reference to a question about commercial Free Software.
Re:The Navy Loves Windows NT! (Score:3, Informative)
See my reply to the parent of this post for the answer to this question. The exectutive summary is that it was a political, not technical decision. If it was technical, they would have been following their own policies, which would mean it would have been migrated (rather than developed from scratch) to HP/UX boxes using Ada (HP/UX was their standard OS at the time, and Ada their standard language), which together would have provided orders of magnitude more reliability.
Howitzering themselves in the foot... (Score:5, Insightful)
If any of you follow the link provided and read the article, you'll find that the DoD is giving MS's advice exactly the (lack of) credence it's due. So before you piss yourself about supposed Bush Administration / MS collusion, just read it.
Huzzah, and thank God the good folks at the DoD are relying on solid data to make good decisions about the software used to protect the nation, and Damn MSFT for looking for growth opportunities in degrading national security by harrying them for needless proprietary expenditures & vague allusions to "legal problems".
Corporate competition is one thing, but I don't think I can say it any simpler than Keep the Fuck off our Gov't with your FUD. When it comes to the DoD, there's more at stake than your option portfolios.
An error in the article (Score:3, Informative)
Public domain means that the copyright holders relinquish any claim that they might have.
Public domain is for those who think that the BDS licence is not free enough.
Extremely Secure Linux? A Great Software Project. (Score:4, Interesting)
From the article:
Among the most high-profile efforts is research funded by the National Security Agency to develop a more secure version of the open-source Linux operating system, which competes with Microsoft's Windows.
IANAProgrammer, but I think that if the good people working on the kernel would like to contribute in a huge, meaningful way to Linux AND to national security they could put their heads together and bang out an iron-clad version of Linux, contributing to the above project and developing a superior, open-source solution that could achieve three primary goals, all very desireable.
Re:Extremely Secure Linux? A Great Software Projec (Score:4, Interesting)
Linux isn't engineered, developers' scrath their itches, if lots of people care about really high end security, it will get done, otherwise it wont.
Provide our nation's defense infrastructure with an open-source secure OS. The DoD is a BIG customer - keep them happy.
While the more linux users the better, no developers care about specific countries or how big a user might be.
Less importantly, shame the fuck out of MSFT. Prove these dicks wrong while they're still patching IE security holes twice a month.
There have been more events than you can shake a stick at where MS screwed themselves over, Linux just needs to be good in order to make MS look like a fool.
Also I should advise you that 1) the NSA has their own version of linux is has extra security stuff, and two, don't forget about *BSD. OpenBSD hasn't had a remote root exploit in 4 years or something.
Re:Extremely Secure Linux? A Great Software Projec (Score:4, Funny)
I hear Al-queda is finally fed up with security leaks from their use of Microsoft software and are switching over to 100% open-source.
-
Am I the only one just a wee bit unnerved... (Score:4, Insightful)
Re:Am I the only one just a wee bit unnerved... (Score:3, Insightful)
"Microsoft, a convicted monopolist, today asked the government to ban purchases of rival software"
"Microsoft, producer of the world's buggiest and most insecure software, today criticized the NSA for developing a secure operating system which the NSA gave away free for others to improve upon"
"Microsoft, having recently declared that publishing its source code would bring to light serious and fundamental security flaws that are a threat to national security, today criticized software vendors who discover and fix security holes by publishing their source code."
"Microsoft, having recently declared that its code is a threat to national security, asked the government to use even more insecure software for their critical infrastructure"
Government funds competition - MS objects. (Score:4, Insightful)
And when they pay for software, the government isn't subsidizing the producer?
The government funded research on security is available to everyone - Microsoft included.
When they fund research on faster planes, only a few companies gain the benefit.
They aren't likely to stop doing either.
-- this is not a
Under GPL NSA must release source code? (Score:3, Interesting)
My question is, under the GPL [gnu.org], will they have to tell us what modifications they made?
From GPL [gnu.org]:
What could the NSA do to compel them to show us what modifications they made?
Re:Under GPL NSA must release source code? (Score:3, Informative)
Uhmmm ... you already answered your own question ... partially.
You are free to make modifications and use them privately, without ever releasing them.
and ...
But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the users, under the GPL.
So ... no release to the public, no need to mention what was secured.
Re:Under GPL NSA must release source code? (Score:5, Informative)
SELinux is not well understood. NSA has built a version of Linux with a mandatory security module. The idea is to allow people to experiment with a system that enforces mandatory security (which can be tough to live with) and to develop apps that can work within that model.
If you want to move things along, download SELinux and make some application work within a mandatory security model.
Steve Ballmer, unplugged. (Score:5, Insightful)
I do believe that Open Source software, and Linux specifically, are taking a bigger, and bigger chunk out of Microsoft's revenues. Not much, in fact it's rather piddly; but it's still noticeable. And it's growing. Although few people on
And I think they're getting scared.
That may be a bit self-serving or presumptious, and with 40 billion in the bank they clearly don't have much to worry about. Still, I think they have to have at least a mild case of indigestion.
There's nothing in this story that really should surprise anyway. So the feds, and the spooks, are using Linux, sometimes in a quite visible, and mission-critical way. So? That's nothing earth-shattering. And that's precisely what's giving Ballmer and Co the problem. Linux has traction. Not just the feds. Linux has traction in big corporate America. SIAC - the folks who run the networks for the stock exchanges, have cut over some mission-critical functionality over to Linux. Look at the classifieds ads in New York City, from big financial firms. There's a small trickle of open job reqs for hackers with Linux experience.
Gates, Ballmer, and Co, are seeing this as well as the next guy, and they just don't know what to do about it. That's what's scaring them. It's one thing when you have a well-defined opponent to do battle with. But how do you define the opponent here? Microsoft can't clearly define who their opponent here is. There's no single company to purchase, spread FUD about, or drag into court over some frivolous intellectual issue, in order to bleed them with legal fees.
So, all you can do is to try to FUD your way against Linux in general. But each time you'll try to go with a generic FUD campaign, your arguments can be easily shut down with a single, specific, counterexample of Linux's success in a mission-critical role. There's enough case history out there now to be able to point to, as a counterargument to FUD.
Microsoft is clearly struggling, trying to figure out a focused, targeted, anti-Linux campaign, and failing each time. Notice how they no longer claim that Linux isn't ready for mission-critical roles. That didn't work. Now they're claiming that using Linux puts your intellectual property in jeopardy. That can't last much longer. They still can't come up with a specific example, and only talk about in generalities; furthermore with Sun and HP putting Linux APIs into their respectives *nixes, the notion that Sun and HP have intentionally put their intellectual property in jeopardy is a bit difficult to swallow.
So, I don't think the intellectual property FUD has much more left in it, and it will slowly disappear over time. So, what's the next FUD attack? I don't know. Neither does Ballmer, or Gates. And that's what's scaring them.
Re:Steve Ballmer, unplugged. (Score:3, Interesting)
Microsoft has moved into the console market. Well, I think Linux should do the same. Start stealing away Microsofts marketshare with an opensource gaming console - the LBox.
It would be a huge hit. Buy an LBox, download the games for free!
-
More specifically Linux should move into the Xbox (Score:3, Interesting)
That only leaves to figure out what to use it for. The thing has an ethernet port, the gameports can probably be used as USB-ports given the right adapters, and there's Video/Audio out
Re:Steve Ballmer, unplugged. (Score:3, Funny)
Hey, buddy, that's the G/Box to you!
Re:Steve Ballmer, unplugged. (Score:5, Insightful)
And I think they're getting scared.
Microsoft is scared. But they're not scared that they're losing money to Linux.
In the section where I work, it's become common practice not to buy any software that does come with source. That includes database apps written specifically for what we do and marketted to a small niche, utility programs and development tools. The software doesn't have to be "Free" or Open Source - it can come with an NDA, but it must come with source code. Why, you ask? My management now understands the power of having source code. If there's a bug, we fix it. If we need a feature, we add it. We're less dependent on third parties to complete our jobs.
NB the ridicule against MS when they claimed that keeping their source code secret was a matter of security. The mainstream press (and perhaps mainstream America) is starting to understand what we techies mean by "security through obscurity." A few years ago, MS could get away with a move like this and most people wouldn't have given it much notice.
Look at the moves toward open standards, which MS is grudgingly accepting. Things like XML, documented networking protocols, standardized programming languages. People have always demanded interoperability, but they now understand that interoperability comes through open standards.
MS has $40 in the bank, and yet they're still making dumb moves against Linux - moves like that "national security" announcement a few days ago. These moves show that they're scared - they're making dumb moves which may hurt their image and their bottom line in the end, and in the business world, those dumb moves which hurt your bottom line are the dumbest dumb moves. But what are they scared of? Are they afraid that $40 billion will become $39 billion? Would you risk attacking Linux/Free software/Open Source so vehemently at the threat of losing one fortieth of your company's stockpile?
Microsoft is not afraid of losing money to Linux. They're afraid of an idea. When people demand source code in order to reduce vendor lock-in, fix bugs and add features, when the public recognizes the crap which MS is claiming as security, when business starts demanding open standards - when these things happen, that's a problem for MS. The MS executives are not foolish - they realize a few hundred million dollars is not such a huge problem for them at the moment. However, what could be a huge problem for them is the death of their business model. That's what they're afraid of.
Re:Steve Ballmer, unplugged. (Score:3, Interesting)
When I worked in SCADA (Supervisory Control And Data Acquisition) a few years back, it was more typical than not to get source to the system. Many contracts required it.
Why? Because these systems were specified and expected to serve for 20 or more years. Without source, you can't expect it to be supported that long.
Also, the customers really liked the flexibility to hire just anybody to fix problems.
SAP provides source (is it just ABAP code or do customers typically get all the source to SAP when they buy it?) for the same kinds of reasons, I believe.
I have no experience in this area, but Mainframe customers often get complete OS source too, I believe. I've known several OpenVMS customers who had source licenses, also.
Not many Windows customers get source, from what I've heard. I think that source distribution was far more common 20 years ago and it's only been in the era of shrinkwrap software that it's diminished. Maybe it's a good idea whose time has returned!
Re:Steve Ballmer, unplugged. (Score:3, Informative)
As one of the people who developed the ARTmail network at SIAC (The application running on linux), I can tell you that it is not mission critical.
The mission critical application run on MVS, Solaris, HP/UX, Tru64, and a few other obscure comerical unices but not Linux. Most of the mission critical apps actually run on MVS.
You're right - mostly (Score:3, Informative)
I was at the very first Perl conference a few years ago, when ESR presented CatB for the first (?) time. At that point, I wasn't really into the whole Free Software/Open Source thing; I just really liked Perl and was there to learn more about it.
Sitting there, listening to ESR, it hit me like a bolt of lightning; one of those ultra-rare flashes of "Eureka!" Commercial software, as embodied by Microsoft, was dead in the water. Open Source and the Internet had created - actually, had *evolved* - a new design method that would eventually supplant all commercial software development with mathematical certainty.
It's like when you're playing solitaire, and you get to the point in the game where you've won, and all the other moves are just the playing out of the algorithm.
Mind you, the time involved with the "playing out of the algorithm" as far as software development is concerned will still take years, but unless there is a dramatic change in the conditions under which software is developed and distributed, the Open Source/Free Software juggernaut is mathematically unstoppable.
Microsoft is the woolly mammoth eying the ice sheet creeping steadily southwards.
The people who run Microsoft, while they may be supremely arrogant, are not stupid. It may have taken them a little while to actually _believe_ that they were vulerable, but they seem to understand it now, and they have gotten religion in a big way.
They understand that they cannot possibly compete with Open Source on the merits - they lose on price (free vs $$) they lose on quality (given enough eyeballs, all bugs are shallow) and increasingly, they lose on response time as well (not even Microsoft can hope to employ as many developers as work on Open Source projects)
They can't even fall on the old Microsoft technique of last resort - buy the competitor's company - because Open Source is by definition decentralized. It cannot be killed, it can only be outcompeted.
(That's not to say Open Source as it exists today is perfect - it most definately has flaws. But as the ice sheet grinds southwards, these flaws tend to be (slowly) rectified. The number of niches where Microsoft can "beat" Open Source grows smaller every day.)
They only have themselves to blame for this. Microsoft has been the ultimate predator, culling the herd of lesser methods and companies, and in doing so, has forced the evolution of an even tougher force than itself.
What we're seeing now is a desparate attempt by Microsoft to try and change the conditions that allow the Open Source development method to work so well, because that it their only chance at mounting anything like a successful defence. Too bad that they made so many enemies on the way to the top; they are finding few allies.
I have to admit that it's nice to watch all the panic. Turnabout IS fair play.
DG
God bless the NSA (Score:3, Interesting)
For once I'm rather relieved that Big Brother is watching...and realizing the point, and even helping the cause. Go USA.
Studies and loopholes (Score:3, Interesting)
A couple of things spring to mind. First:
My first reaction to this was "Suuure." But then it occurred to me that the word "systematic" is key. Have there been any systematic studies of security in open- vs. closed-source programs? I mean academic quality research -- with control groups, a clearly defined method for testing the security, with the results published in a peer-reviewed journal.
Emphasis added.
So, the DoD can't purchase any untested software, hey? Well great! They can have all the open source stuff they want, no purchase necessary. Obviously the regulation is in place to keep the government from using untested software, but I'll bet it was written with the assumption that you can't legally use software you haven't paid for. Open source distribution schemes don't require payment, which opens up a loophole. I wonder, could that be why open source systems have come to play a "critical role" at the DoD, as the article mentioned?
Programming vs. Cooking (Score:3, Insightful)
Re:Programming vs. Cooking (Score:3, Interesting)
Losing battle....desperation (Score:4, Interesting)
The best way to respond to Microsoft when they are in this position is to ignore them. By that I mean don't communicate with them. Refuse to take their phone calls, ignore email messages, throw faxes into the circular file, assuming of course that you have the power and authority to do so. This will have the effect of demoralizing the Microsoft employees tasked with preventing you from using non-MS products. This in turn will inhibit their ability to do this to others as well. At the end of the day anything that causes a Microsoftie to do a bad job is a good thing.
Lee
Unamerican? (Score:3, Funny)
When did they employ the remains of Joe McCarthy for its marketing department?
"un-American" (Score:3)
Re:This gives new meaning to "software wars" (Score:2)
Jesus Christ.
Re:This gives new meaning to "software wars" (Score:4, Interesting)
A vigorous opposition doesn't mean you are not a monopoly, but it does mean that your days may be numbered.
Re:This gives new meaning to "software wars" (Score:3, Funny)
Re:What do you expect? (Score:5, Insightful)
If Lockheed and Boeing were in the midst of competing for a contract, one would not be suggesting the other be BANNED through legislation. Sure, the competition would be rough. Thing is, they would be competing on the merits of the product they were bidding on.
What is happening here is (to keep the metaphor a rolling) is Boeing is making the claim that Lockheed is making inferior products, and giving all the secrets to unfriendly nations. That to even consider doing business with Lockheed is equivalent to being an unAmerican communist. You're not for communism are you?
Despite what you make think, it is not a usual occurance to have one competitor try to get legislation passed to ban another. You require a special kind of arrogance to go that far.
Re:What do you expect? (Score:3, Insightful)
Re:Not tested? (Score:3, Redundant)
NSA's SE Linux is not audited (Score:4, Informative)
The NSA wanted to demonstrate and test "mandatory access controls". Linux was chosen because it was popular and had a "open development environment." Had the NSA chosen to modify NetBSD, for instance, it might not have attracted the attention of the mainstream press. And since, for various reasons (malicious worms/viruses, government's ability to use more COTS software) mandatory access controls would be a welcome addition to mainstream OSs, the NSA modified Linux, expecting that the computer press would at least make note of their experiments. Note that
Security-enhanced Linux has not been evaluated and there are no current plans to have it evaluated.
SE Linux Faq [nsa.gov]
Re:How to spot bias (Score:4, Informative)
Re:Dumb Windows v. Intelligent Linux Users (Score:3, Insightful)
Because then you, personally, are not so special? Do we list that under "cost" or "benefit"?
I generally support the use of Linux over Windows myself, so I know there are reasons to do so without bringing your misguided elitism into it.
Re:Dumb Windows v. Intelligent Linux Users (Score:3)
That's exactly the kind of crap that will keep Linux from achieving widespread popularity. Too many *nix people assume that anyone who uses MS (or learned on it) is some clueless troll.
I run Windows 98 SE as my primary operating system. Why? Because I play a lot of games, including a lot of wonderful old DOS games that can barely be made to run on a Windows box, let alone *nix. I use MS Word, IMHO a very good word processing program. Outlook has been burned off my machine, and I have email on a friend's Linux box. I have an old 486 with Linux on it serving as a router/firewall.
I can hear it now: why don't you have a Linux partition with Open Office? I used to. But really, consider the absurdity of it. Why would I run two different operating systems when one, and one alone, meets all my needs? What possible justification, other than Microsoft is evil, is there?
Disclaimer: I am a fan of Open Source/Free Software/Linux/GNU/et al. I admire everything they stand for. I admire their technical superiority to MS. However, they do not meet my needs. Nor do they meet the needs of John Q. Public. Until that time, this sort of thing should be expected. And countered.
Ugh, end rant.
~Chazzf
Re:National Security (Score:4, Funny)
Because it doesn't have Kirsten Dunst's nipples showing through a wet shirt silly.