Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Microsoft

Microsoft Battles Free Software at Pentagon 716

Spirit of Ishmael writes "The May 22 Washington Post is running a story under the headline Microsoft Fights Free Software at Pentagon. According to the story: 'Microsoft Corp. is aggressively lobbying the Pentagon to squelch its growing use of freely distributed computer software and switch to proprietary systems such as those sold by the software giant, according to officials familiar with the campaign.'"
This discussion has been archived. No new comments can be posted.

Microsoft Battles Free Software at Pentagon

Comments Filter:
  • Mitre [mitre.org] may have a reason they want to encourage Linux in the gov't.
    • Actually.. (Score:4, Insightful)

      by neuroticia ( 557805 ) <neuroticia@@@yahoo...com> on Wednesday May 22, 2002 @11:54PM (#3570402) Journal
      I think the best reason to encourage Linux in the gov't is Microsoft's attempt to justify closed-source [slashdot.org] Yeahhh.. The software is so insecure that the source code must be kept top-secret, but it should absolutely be used in the government. I wonder if everyone in the government has to have a Passport account, too?

      And hey--isn't MS currently at court for being over-eager? Going after the gov't after that just seems like a little kid who's just gotten a spanking going right back to the cookie jar.

      -Sara
      • Re:Actually.. (Score:3, Insightful)

        by AJWM ( 19027 )
        Microsoft's attempt to justify closed-source ... so insecure that [it] must be kept top-secret

        Hmm, would that be the same closed source that apparently (although MSFT later denied it) leaked out to some foreign crackers that had infiltrated Microsoft's internal network for a couple of months last year?

        Oh, wait, that was before the four weeks of "security related" bug fixing last February. Okay, everything's fine now. Just a small leak, really.
      • Re:Actually.. (Score:5, Insightful)

        by Danse ( 1026 ) on Thursday May 23, 2002 @12:55AM (#3570595)

        Not even the source code. They said that they couldn't reveal certain APIs and protocols even. That's fucking sad.

    • Mitre has been tight with the government since just about the dawn of time. They were one of the origionators of what became the internet. At this point, I doubt Mitre has much difficulty getting contracts, especially from the DoD, since they have such a long-standing relationship. I think it is significant, however, that Mitre is pushing Linux. That, even more so than IBM's efforts, tells me that Linux has made it to the big time.

      • by Cowculator ( 513725 ) on Thursday May 23, 2002 @07:29AM (#3571512) Homepage
        As someone who has worked for MITRE, I know there's a reason that it "has been tight with the government since just about the dawn of time:" That's the company's purpose. It's a private company whose mission is to provide independent contracting for the government, so it has all the benefits of being able to do cool scientific research for DoD, DoE, the military, etc. with all the benefits of not actually being a government agency.

        What this means is that a large number of its employees have advanced degrees - especially Ph.Ds - in scientific fields, so they have probably done their share of academic research in various *nices. They're used to it, and it's definitely pervasive throughout the company - plenty of Linux machines as well as Solaris and others - because they know they can use it for research and they don't have to worry about government licensing and other paperwork when buying their own equipment. They're free to push these systems all they want because they know they work and they have plenty of freedoms that a normal government agency might not have.
  • Whose software? (Score:4, Interesting)

    by Bonker ( 243350 ) on Wednesday May 22, 2002 @11:22PM (#3570254)
    Quoth the article:

    Jonathan Shapiro, who teaches computer science at Johns Hopkins University, said: "There is data that when the customer can inspect the code the vendor is more responsive. . . . Microsoft is in a very weak position to make this argument. Whose software is the largest, most consistent source of security flaws? It's Microsoft."

    As ye sew, so shall ye reap, I guess.

    This article was so full of typical Microsoft FUD, but it hit one or two points very clearly:

    The Gub'ment is savin' your tax dollers by usin' that open source Linux thingy!
  • He also said Microsoft did not focus on potential security flaws.

    I wonder why? :)
    • by Alien54 ( 180860 ) on Thursday May 23, 2002 @12:02AM (#3570427) Journal
      Wasn't there an article [radiofreenation.net] the other day citing

      "a senior Microsoft Corp. executive [who] told a federal court last week that sharing information with competitors could damage national security and even threaten the U.S. war effort in Afghanistan. He later acknowledged that some Microsoft code was so flawed it could not be safely disclosed."

      Which would be a national security threat?

      And they wonder why the Pentagon is Doubtful?

      It certainly doiesn't sound like something worthy of milspec regulations.


  • Stenbit said the debate is academic and that what matters is how secure a given piece of software is. To that end, the Defense Department is now prohibited from purchasing any software that has not undergone security testing by the NSA. Stenbit said he is unaware of any open-source software that has been tested.


    so they can use it because it wasn't purchased? talk about a loophole!
    • No, they can't use it because it wasn't tested. I assume that they have tested some closed-source programs, but haven't tested any open-source due to the FUD flowing through, or they just haven't got around to it.
  • Didn't MS just say that thier software was a national security risk? Ah, forget it.
    • you actually make a good point- I woulnd't be suprised if EVERY branch of every government started looking for an alternative to MS right now.

      MS basically told the government "hey, you know that stuff we sold ya? it's CRAP! we pocketed the money! We ripped of you AND your country, and most of the world for that matter! but, we don't want to hurt your feelings, so we're gonna focus on fixing it, 'security is our top priority'....not really, we're just gonna 'start from scratch,' with the same old code and sell it to you for twice the price! muahahaha....wait, where are you going? nonono, open source is bad, remember!? Bad USA!....doh!!"

      as my dad is fond of saying, "they just stepped on their own dick."
  • by teslatug ( 543527 ) on Wednesday May 22, 2002 @11:26PM (#3570272)
    You have this software that you pay nothing for and that thousands of people around the world find bugs in, but you should BUY ours because we obscure our bugs and only we know how this software works...???
    • The selling point they are trying to use is simple American economics. I should say to begin with that I don't agree with MSFT's argument, but I do understand it. They are looking at open source as "free beer" and saying that is against the american way, and undermines the free market economy that we have so carefully built up. This was indicated by the article when they say MSFT is "in a long-running company assault on the open-source movement, which company officials have called "a cancer" and un-American". Of course that is not thier only argument, but in this case it seems to be the only one that actually is strait forward. The rest are the typical FUD, like the statement "some free-licensing regimes are antithetical to the government's stated policy that moneymaking applications should develop from government-funded research". Sure. I can't argue with that, that SOME free-licensing "regimes" are, but so are SOME proprietary software empires. Let's just pray that the people making the final decidions in the DOD are smart enough to listen to MSFT's admition that they are a threat to national security [slashdot.org].
      • some free-licensing regimes are antithetical to the government's stated policy that moneymaking applications should develop from government-funded research

        That particular piece of FUD was troubling to me, as it means that Microsoft thinks that the political climate is safe for them to say that publicly funded work should not be released to the public domain, but rather should be used to enrich a particular set of people (i.e., them).

        It troubles me that people think they can make that claim in public, because it says to me that people are really buying this crap that in order to provide jobs for the middle class, you've got to mollify every little whim of the captains of industry. I don't think it's wise for government to alienate industry entirely, but it does need to make sure industry knows who's ultimately in charge. Time for some balance.

    • by wirefarm ( 18470 ) <jim&mmdc,net> on Thursday May 23, 2002 @12:09AM (#3570445) Homepage
      "But if this Linux thing is so good, then why is it FREE? Can you answer me that?? Thought not. Microsoft must be better because it costs more."

      Of course I'm being sarcastic, but how far is that from some people's thinking?

      Government managers pride themselves on how much they spend and how many people they command, not on how much they save. Keep in mind that they cannot turn a profit or even show a savings - that's suicide - much more so than having your project fail spectacularly.

      Bureaucracies often need to be able to quantify their logic (to avoid actual thought?) - so perhaps Linux should just cost more up front? That would make it a lot easier to go over budget later...

      Of course it doesn't help that there is no recognized equivalent to the MCSE program - how do you then justify who you hire? Slashdot karma? I know there is the Red Hat program, but does that really carry much weight in government hiring?

      Cheers,
      Jim in Tokyo
      • by AnotherBlackHat ( 265897 ) on Thursday May 23, 2002 @12:38AM (#3570547) Homepage

        Government managers pride themselves on how much they spend and how many people they command, not on how much they save. Keep in mind that they cannot turn a profit or even show a savings - that's suicide - much more so than having your project fail spectacularly.

        Bureaucracies often need to be able to quantify their logic (to avoid actual thought?) - so perhaps Linux should just cost more up front? That would make it a lot easier to go over budget later...


        Nah - what you need is to sell the idea of a support team being cheaper than the propietary software. That way the empire builder manger types can justify enlarging their kindom of employees, and still claim to be saving money.

        "Yes I hired more support staff, but I would have spent even more if I hadn't used Linux..."

        -- This is not a .sig.
      • "But if this Linux thing is so good, then why is it FREE? Can you answer me that?? Thought not. Microsoft must be better because it costs more."


        Of course I'm being sarcastic, but how far is that from some people's thinking?


        The comercial distros for things like HP-UX, the large IBM boxes/mainframes are not free. GPL, perhaps... but not free as in beer.
  • I'm wondering... (Score:2, Interesting)

    by WebWiz ( 244386 )
    Why dosen't the US develop an OS strictly for secure governmental transactions/use? The country definatly has the resources. The outcome would be a system that no one could just "install at home" and discover weaknesses. I'm sure there are downsides (and feel free to let me know)..but in my mind no existing OS (be it free or not) is secure enough for what uncle sam wants to use it for.
  • So what? (Score:2, Insightful)

    Microsoft Corp. is aggressively lobbying the Pentagon to squelch its growing use of freely distributed computer software and switch to proprietary systems such as those sold by the software giant, according to officials familiar with the campaign.

    And in other news, Burger King is "aggressively lobbying" me to switch to eating Whoppers instead of Big Macs. What is the story here?

    So what, Microsoft shouldn't even be allowed to market its product? It's somehow evil for them to try and make the case for their products being superior?

    This article is just idiotic and inflammatory.

    • by bstadil ( 7110 )
      I think you missed the word Banned.

      I am not aware that BK is trying to make your intake of Whoppers conditional of not eating Big Macs anymore.
    • While Microsoft can lobby all they want, they are -

      1. Outright lying
      2. Spreading FUD

      But whats new?

      None of that, the real news is that the government is weighing up the options of open-source and closed source, and its a great time for people to lobby the representatives about this sorta thing.

      Besides, i would of though an article about which type of software is running the defense software would be interesting.
    • Re:So what? (Score:4, Interesting)

      by Frater 219 ( 1455 ) on Wednesday May 22, 2002 @11:43PM (#3570351) Journal
      And in other news, Burger King is "aggressively lobbying" me to switch to eating Whoppers instead of Big Macs. What is the story here?

      Nothing at all, of course! It is perfectly normal and acceptable for companies, especially in a troubled economy, to pare back and focus on their core competencies. The Post article is irresponsibly making a fuss over Microsoft leveraging two of its well-demonstrated core competencies: lying to the government and subverting democracy. These essential skills are central to Microsoft's operation, and it's an abuse of free speech to present them as something dangerous -- worse, it might panic the consumers!

      Unquestionably, it is "idiotic and inflammatory", as you point out, for the newspaper of record in our nation's capital to report on these perfectly normal goings-on. The matter of which development efforts are funded by our tax monies has no bearing whatsoever on the public interest. It may be safely left up to our trusted government agencies and their staunch allies in large corporations and special interest groups.

      After all, what would we commoners have to tell them? They're the experts, and should be left to run the military and the government without any bother from us civilians. And under our sacred and inviolable system of government, power vests in the State, its Employees, and its Contractors -- not in the unwashed masses. For a so-called "newspaper" to "inform" us about the government's activities is nothing short of treason.

  • by falsemover ( 190073 ) on Wednesday May 22, 2002 @11:28PM (#3570281)
    Microsoft: Linux will cause user problems
    Pentagon: But Window's isn't very secure
    Microsoft: Security is our number one mission
    Pentagon: Linux is free
    Microsoft: It will cost you more in the long run, allow us to fly you over to Redmond to find out why.
    Pentagon: Lunix is open source
    Microsoft: Open source is EVIL :- would you want all your internal top security documents on the web :- open source is a threat to national security
    Pentagon: Microsoft is anticompetitive
    Microsoft: That's the way of the ecosystem, the small fish eat the big fish. We just want to be free to innovate.
    Pentagon: Ok, we are convinced. Here is an order for 100 million for all our 200,000 employees.
    Microsoft: Make it 200 million and we will give you up to three seats per person.
    Pentagon: Deal.
  • Ironic... (Score:2, Insightful)

    by TheDanish ( 576008 )
    Ironic that they're doing this, considering they mentioned that their code is so flawed it's a matter of national security that they shouldn't be forced to give up their source.

    Think about that for a second, really. I usually *try* to avoid blindly hating Microsoft, and fail miserably, probably because of things like this.

    Well, I'm probably mistaken. Lemme know if I'm wrong.
  • by jnana ( 519059 ) on Wednesday May 22, 2002 @11:30PM (#3570287) Journal
    John Stenbit, an assistant secretary of defense and the Defense Department's chief information officer, said Microsoft has said using free software with commercial software might violate the intellectual-property rights of companies such as Microsoft. Stenbit said the issue is legally "murky."

    Can any lawyers tell us how in the hell this might even be remotely plausible? Is it possible that there might be *anything* to such a claim that using both free and non-free commercial software might violate the IP rights of the commercial vendor? This sounds like good old MS FUD, but usually there is some tiny scrap of reality at the base of their sand castle. I can't believe this might be true, but IANAL.

    • by danheskett ( 178529 ) <.moc.liamg. .ta. .tteksehnad.> on Thursday May 23, 2002 @12:02AM (#3570425)
      It is possible.

      For example, with many of MS's rather bland tools, they include C/C++ headers to access varous API's and whatnot. If you wanted to give an application a direct connection into say, MySQL or other database, you might take MySQL and compile it with various ADO (MS proprietary database access layer) headers, make a few modifications, and produce a binary. Then you produce an ADO provider for the modified version of MySQL, and that in turns get linked dynamically at runtime with some general data drive app. Sound okay so far? Lets say you did that all and you are programmer for the NSA or FBI or something, right? Let's say you want to give a copy of that app to some other government agency, say the CIA or DOD or someone like that. Does that count as distribution? If so, you have to release the source for the modifications. However, you dont have all the source, since the ADO headers from MS link to compiled binary code. Now you have a bit of a jam, as I see it.

      That's just one way though. There are all kinds of issues involving cross-compiling, use of development tools, etc. Plus, MS loves to play on the whole GPL is-untested thing. They love to get you thinking about it being invalid: like you develop some GPL software, put it out there, and a competitor takes it, forks, and keeps it closed. The question is what can you sue for? You havent suffered any damages (you were giving it away to start with!), and it is hard to prove anything actually even happened.

      Seriously, you might think its just typical FUD, and mostly is, but you really have to consider issues that are indeed best described as "murky". There are issues about the GPL going on all time - what is the status of the Lindows GPL violation? You know what I am saying? The GPL is pretty straightforward legally, but it isnt 100% crystal clear.
      • by Jerf ( 17166 ) on Thursday May 23, 2002 @12:36AM (#3570542) Journal
        Nothing a user of Microsoft software can do, developer or otherwise, can possibly obligate Microsoft in the slightest. It's impossible. As impossible as trying to come up with a scenario where I somehow create a legal obligation for you based on the posting you just created.

        I can make a derivative work with your posting and try to Open Content it, but all the means is that I had no right to Open Content your post in the first place. Nothing I do can aquire those rights by fiat. Nothing I do can obligate you without your consent.

        This line from Microsoft angers me, because it goes beyond FUD, beyond number juggling, beyond threats, beyond monopolistic manipulation. It's not FUD, it's another three-letter word you may be familiar with: L I E . It's a flat-out lie. And they know it.
  • "Murky"? (Score:3, Interesting)

    by Scooby Snacks ( 516469 ) on Wednesday May 22, 2002 @11:32PM (#3570291)
    John Stenbit, an assistant secretary of defense and the Defense Department's chief information officer, said Microsoft has said using free software with commercial software might violate the intellectual-property rights of companies such as Microsoft. Stenbit said the issue is legally "murky."
    How in blazes is anything "murky"? Is there anything that I, as a third party, can do that would undermine Disney Enterprises, Inc's copyright on one of their movies? Likewise, are their any rights that I can take away from Microsoft Corporation as a user of their software? Someone needs to put down the crackpipe, methinks.

    The only way I can think of that using Free Software would "violate [Microsoft's] intellectual property rights" would be if their EULA or contract with their customer prohibited it. But that's not even a matter of intellectual property rights[1], that would be contract law (in the case of an actual contract, or if we assume that EULAs are, in fact, legally binding).

    Now, I understand why Microsoft is trying to muddy the waters, but why in the world is the DoD playing along?

    [1]Remember, the all-encompassing phrase "intellectual property" covers three nebulously-related yet disparate parts of the law: trademarks, copyrights, and patents. It does not refer to contracts, in the common usage of the term.

    • Re:"Murky"? (Score:3, Funny)

      by Malcontent ( 40834 )
      "Now, I understand why Microsoft is trying to muddy the waters, but why in the world is the DoD playing along? "

      Spoken like a man who was never in the military. As a veteran let me assure you that the DOD is playing along because they are profoundly stupid people. MS said something and they believed it. They are not used to questioning authority in the first place.
  • Quite frankly I get really angry whenever I go into my County offices (recently for a name change, also for tags, and to pick up my W2s from the ocational County job I do) and see Windows XP running there. I know they are on the new Microsoft license that everyone is bitching about.

    I get very grumpy when I see my tax dollars wasted - especially on the local level, because I know of so many things here in my city that money could be going for. Then, to hear it being wasted on the federal level seems even more wasteful because I know its not in the hundred of thousands range but yet in the thousands of millions range.
    • Re:Tax $$ (Score:4, Interesting)

      by scotch ( 102596 ) on Thursday May 23, 2002 @01:29AM (#3570684) Homepage
      Have you been in a US post office lately? Last one I went into was plastered with Windows XP posters, and there were even some demo disks at one point.

      The fact that MS can lobby the pentagon (the *pentagon* for crissakes) speaks volumes about how much corporations run this country. The pentagon should tell MS to fuck off - if they want to whine about it, they can make an appeal to congress or some such. The military is supposed to be insulated to some extent from this kind of crap.

      If I were running the pentagon, I'd kick those slick backstabbers out on their asses -- "we'll call you if we have any questions".

  • by ThesQuid ( 86789 ) <a987.mac@com> on Wednesday May 22, 2002 @11:34PM (#3570305) Journal
    Good grief, was it not less than two days ago that Microsoft claimed they could never release the APIs for Windows out of fear for the damage it would do to National Security? I would like to think that the cryptanalysts at the Dept of Defense would be fully versed in the fallacy of Security through Obscurity, and would make their voices heard.
    • by gnovos ( 447128 ) <gnovos@chipped. n e t> on Thursday May 23, 2002 @01:19AM (#3570658) Homepage Journal
      Good grief, was it not less than two days ago that Microsoft claimed they could never release the APIs for Windows out of fear for the damage it would do to National Security?

      One has to wonder how selling the Pentagon software with SEVERE, KNOWN FLAWS that threaten NATIONAL SECURITY is *not* treason... What ecaxtly could a spy sell to the U.S. that is worse than that?
  • How the hell do these guys make so much money by wasting it like this article states?

    My personal experience with the Pentagon, the Hoffman Building (Army Personnel) and National Guard Bureau is: "if MS makes anything remotely like what you need we will buy MS". It amazes me that I have been told that Apache is not acceptable because it is free, so use IIS.

    Anyway, you should all think the above statements are increadibly senseless, that just accentuates my old frustration. Bottom line, MS need not waste money on a sales crew for the Pentagon, the people in the building are beating down microsoft.com to purchase IIS and MS SQL crap with their government credit cards.
  • ...of presenting the real issue: GPL vs. BSD and other licenses that allow proprietary forking. It's the GPL that MSFT really hates. If all I had was the article to go on, I'd get the impression that MSFT hates all free software and we know that isn't true.

  • by happyclam ( 564118 ) on Wednesday May 22, 2002 @11:39PM (#3570334)
    The company also complained that the Pentagon is funding research on making free software more secure, which in effect subsidizes Microsoft's open-source competitors, Stenbit said.

    Microsoft's push is a new front in a long-running company assault on the open-source movement, which company officials have called "a cancer" and un-American

    What has me truly amazed is that Microsoft is now fighting against the world. Think about it... most companies battle their competitors. Microsoft has become so big and rich that they no longer have any individual competitors. The "competition" consists of people who do good things, often for free. God forbid the government give money to people who do good things.

    And, of course open source is un-American! In the sense that "American" implies elitist, exclusive, arrogant, and imperialistic.

  • The DOD is actually a significant contributor to open source software. For example, Check out http://www.rtems.army.mil/ This is a very nice little real time OS that is open source from the US military. I note the name now stands for Real Time Executive for Multiprocessor systems - I seem to recall it used to be called the Real Time Executive for *Missile* Systems.

    I highly hope that no nations nuclear missiles are controlled by windows (or wince)

  • by jdbo ( 35629 ) on Wednesday May 22, 2002 @11:43PM (#3570354)
    Well, as the Pentagon is a structure composed of five major wings, it would be very appropriate (and patriotic!) for Free Software to battle in the form of (5 lions) Voltron, aka GNU/Voltron - you've never lived until you've heard Richard M. Stallman declare "I'll form the head!".

    Unfortunately, the fighting skills of Voltron may be somewhat hindered by the tension between RMS and Linus re: who drives the black lion. Luckily Jeremy Allison & Miguel Icaza will be around to form the blazing sword...

    The surprise for this battle will be the deadly form Microsoft takes to wage its evil aggression - hopefully it will be something more impressive (and less boringly obvious) than a Borg cube - a many-tentacled Ro-Beast (labelled Standard Oil^H^H^H OS) would be a good starting point.

    But whatever the MS-Beast's final deadly form, we know it'll be ugly!

    P.S. ...ESR drives Princess Allura's lion, of course...
  • by wbav ( 223901 ) <Guardian.Bob+Slashdot@gmail.com> on Wednesday May 22, 2002 @11:47PM (#3570375) Homepage Journal
    Go with the lowest bidder?

    How does M$ expect to beat free?
  • by Nate Enderle ( 579319 ) <hotstuff3181@@@hotmail...com> on Wednesday May 22, 2002 @11:57PM (#3570410)
    Not too long ago, slashdot posted this [slashdot.org] article concerning the campaign in Peru to switch the government to free software. It had a point by point by point analysis of Microsofts FUD. I hope that somebody in the US government takes the time to think through the issue, rather then just giving in to corporate pressure. What would be even better would be to see one of our own senators or high appointed officials show that they understand the issue as well as Peruvian Congressman David Villanueva Nuñez. One can hope.
  • by toupsie ( 88295 ) on Thursday May 23, 2002 @12:00AM (#3570420) Homepage
    The US Navy "Smart Ship" Yorktown was outfitted completely with Windows NT to run the ship's systems. Because of a Divide By Zero bug [info-sec.com], the Aegis missile cruiser became dead in the water in 1997 and had to be towed back to dock. Windows NT had frozen the propulsion systems.

    At least with an open source system, they could have patched the code and moved on. But with the closed source Windows NT system, the USS Yorktown had to be towed into harbor and let the boys from Redmond check under the hood.

    Thank God it was peacetime..

    • by T.E.D. ( 34228 ) on Thursday May 23, 2002 @09:59AM (#3572586)
      I know a little about that, since I used to work for the competitor to the contractor that developed that software.

      The fact of the matter is that the Navy, like any other large beuracracy, has all sorts of mutually-antagonistic factions that love or hate various systems more for internal political reasons than for their inherent value.

      My old group (the Marine Systems division of Lockheed Martin - great bunch of guys and gals...) developed and maintained the engine control systems for all of the Navy's guided-missile destroyers. This class of ship has been around for a while, so it was originally developed using technologies that are incredibly outdated by today's standards. The sensible thing to do with such a system is to slowily modernize things, with an eye towards longevity and maintainability.

      You first have to realise that Naval systems have to be way more reliable than your average PC. The open ocean is not kind to electronics, and warfare certainly isn't. The shock and vibration requirements are unreal (like 100G's). The sailors might all die, but the engines would be just fine. I guess the ship would be puttering around in a big circle in the open ocean. :-)

      Also, you must realise that it is considered a disgrace for a captain to have his ship towed back to port. Thus naval engine control systems have to be very reliable, or captains are very unhappy with you. It was not unheard of for our engineers to get woken up in the middle of the night and flown to a diabled destroyer via heliocopter to fix a bug, rather than have it towed in. So a "tow-in" bug is even worse than it sounds to an uniformed civilian. Nasty things happen that a peon like me doesn't really want to think about. :-(

      For that reason, the natural and sensible route is to update these systems using Naval-standard COTS hardware (HP/UX based), and to develop all new software in Ada (the only language designed for use in "life-critical" applications), using accepted (and time-consuming) software development processes.

      However, there was an R&D branch of the Navy that was investigating use of all sorts of new unproven technologies. In this case, they were using C++, expert systems, common 'PC's, and lassise-faire development processes. Experimenting is what R&D folks should be doing, so that's all good. But these technologies are notoriously bug-ridden, compared to what we were using in the actual fleet. We didn't bid on the R&D stuff, (I'm not sure why), so it went to a competitor of ours who I won't name. (But who's initials are CAE :-) ).

      Now of course the commander who has the R&D folks under his command wants to see his stuff used, as that will validate his R&D group, and of course give him a good reason for an increase in funding. So he fights hard to get us thrown off of all future contracts, and our competitors on. But the other Naval oganizations have a lot invested in our stuff, and the captains are understandably leery of massive changes. It probably didn't hurt us any that our competitor was a Canadian company too. So its a big hard political battle, with us mostly winning. I'd like to think this was a victory of reliability and proven techniques over fashion and flash, but I'm not that naieve.

      However, apparently they did manage to get the R&D system put on one ship as a test case. Probably it had something to do with CAE having a better position in Crusiers than us. Imagine the captain's displeasure, and our secret delight, when that system failed in the middle of the ocean and the ship had to be towed back. :-)

      The moral of the story is that you can probably get something thrown together with whatever's considered "cool" today and that might make it an easier sell, but if you *need* reliablity, you use Unix and Ada, and good software development processes.

      (disclaimer: I currently work for a competitor to CAE in a different market.)
  • by gdyas ( 240438 ) on Thursday May 23, 2002 @12:02AM (#3570426) Homepage

    If any of you follow the link provided and read the article, you'll find that the DoD is giving MS's advice exactly the (lack of) credence it's due. So before you piss yourself about supposed Bush Administration / MS collusion, just read it.

    Huzzah, and thank God the good folks at the DoD are relying on solid data to make good decisions about the software used to protect the nation, and Damn MSFT for looking for growth opportunities in degrading national security by harrying them for needless proprietary expenditures & vague allusions to "legal problems".

    Corporate competition is one thing, but I don't think I can say it any simpler than Keep the Fuck off our Gov't with your FUD. When it comes to the DoD, there's more at stake than your option portfolios.

  • by fava ( 513118 ) on Thursday May 23, 2002 @12:04AM (#3570434)
    A Quote.
    The theory is that by putting source code in the
    public domain, programmers worldwide can improve software by sharing one another's work.
    One thing that the GPL is NOT is public domain.

    Public domain means that the copyright holders relinquish any claim that they might have.

    Public domain is for those who think that the BDS licence is not free enough.

  • by gdyas ( 240438 ) on Thursday May 23, 2002 @12:15AM (#3570465) Homepage

    From the article:


    Among the most high-profile efforts is research funded by the National Security Agency to develop a more secure version of the open-source Linux operating system, which competes with Microsoft's Windows.

    IANAProgrammer, but I think that if the good people working on the kernel would like to contribute in a huge, meaningful way to Linux AND to national security they could put their heads together and bang out an iron-clad version of Linux, contributing to the above project and developing a superior, open-source solution that could achieve three primary goals, all very desireable.

    • Promote Linux as the premier OS for security. It's already good - make it damn near perfect.
    • Provide our nation's defense infrastructure with an open-source secure OS. The DoD is a BIG customer - keep them happy.
    • Less importantly, shame the fuck out of MSFT. Prove these dicks wrong while they're still patching IE security holes twice a month.
    • by Gaccm ( 80209 ) on Thursday May 23, 2002 @01:00AM (#3570614)
      Promote Linux as the premier OS for security. It's already good - make it damn near perfect.

      Linux isn't engineered, developers' scrath their itches, if lots of people care about really high end security, it will get done, otherwise it wont.

      Provide our nation's defense infrastructure with an open-source secure OS. The DoD is a BIG customer - keep them happy.

      While the more linux users the better, no developers care about specific countries or how big a user might be.

      Less importantly, shame the fuck out of MSFT. Prove these dicks wrong while they're still patching IE security holes twice a month.

      There have been more events than you can shake a stick at where MS screwed themselves over, Linux just needs to be good in order to make MS look like a fool.

      Also I should advise you that 1) the NSA has their own version of linux is has extra security stuff, and two, don't forget about *BSD. OpenBSD hasn't had a remote root exploit in 4 years or something.
  • by JeremyYoung ( 226040 ) on Thursday May 23, 2002 @12:31AM (#3570522) Homepage
    By Microsoft lobbying hard to keep the department of defense using MS software, from a socio-political point of view? I mean, what better way to lobby congress or the judicial system to protect Microsoft from the law than to ensure Windows is used in critical national security functions? In fact, what better way to control government period than to ensure they use your software for their classified, even critically secret operations?

    • Or the soundbytes:

      "Microsoft, a convicted monopolist, today asked the government to ban purchases of rival software"

      "Microsoft, producer of the world's buggiest and most insecure software, today criticized the NSA for developing a secure operating system which the NSA gave away free for others to improve upon"

      "Microsoft, having recently declared that publishing its source code would bring to light serious and fundamental security flaws that are a threat to national security, today criticized software vendors who discover and fix security holes by publishing their source code."

      "Microsoft, having recently declared that its code is a threat to national security, asked the government to use even more insecure software for their critical infrastructure"

  • by AnotherBlackHat ( 265897 ) on Thursday May 23, 2002 @12:32AM (#3570531) Homepage
    The company also complained that the Pentagon is funding research on making free software more secure, which in effect subsidizes Microsoft's open-source competitors, Stenbit said.


    And when they pay for software, the government isn't subsidizing the producer?

    The government funded research on security is available to everyone - Microsoft included.
    When they fund research on faster planes, only a few companies gain the benefit.
    They aren't likely to stop doing either.

    -- this is not a .sig
  • by scubacuda ( 411898 ) <scubacuda@gma i l .com> on Thursday May 23, 2002 @12:44AM (#3570561)
    According to the article,

    Among the most high-profile efforts is research funded by the National Security Agency to develop a more secure version of the open-source Linux operating system, which competes with Microsoft's Windows.


    My question is, under the GPL [gnu.org], will they have to tell us what modifications they made?

    From GPL [gnu.org]:

    The GPL does not require you to release your modified version. You are free to make modifications and use them privately, without ever releasing them. This applies to organizations (including companies), too; an organization can make a modified version and use it internally without ever releasing it outside the organization.


    But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the users, under the GPL.

    Thus, the GPL gives permission to release the modified program in certain ways, and not in other ways; but the decision of whether to release it is up to you.


    What could the NSA do to compel them to show us what modifications they made?

    • What could the NSA do to compel them to show us what modifications they made?

      Uhmmm ... you already answered your own question ... partially.

      You are free to make modifications and use them privately, without ever releasing them.

      and ...

      But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the users, under the GPL.

      So ... no release to the public, no need to mention what was secured.

    • by Animats ( 122034 ) on Thursday May 23, 2002 @01:11AM (#3570644) Homepage
      NSA does release the source code for Security-Enhanced Linux. [nsa.gov] Click on the above link for the project page and download.

      SELinux is not well understood. NSA has built a version of Linux with a mandatory security module. The idea is to allow people to experiment with a system that enforces mandatory security (which can be tough to live with) and to develop apps that can work within that model.

      If you want to move things along, download SELinux and make some application work within a mandatory security model.

  • by mrsam ( 12205 ) on Thursday May 23, 2002 @12:51AM (#3570582) Homepage
    Little news tidbits like these ones actually explain why there's been a steady trickle of those bizarre, off the wall, statements and comments, from Ballmer, Gates, and other senior Microsoft officers. You know -- the comments like open source being some demonic spawn of Vladimir Il'ich Lenin; or Richard Stallman invading your corporate vaults and stealing your company secrets, etc... etc... etc...

    I do believe that Open Source software, and Linux specifically, are taking a bigger, and bigger chunk out of Microsoft's revenues. Not much, in fact it's rather piddly; but it's still noticeable. And it's growing. Although few people on /. can actually put a monetary amount on how much it actually is, if there's anybody in the world who has a pretty good idea how much revenue Microsoft is losing because of Linux, it must be Gates, Ballmer, and the rest of Microsoft's upper echelon.

    And I think they're getting scared.

    That may be a bit self-serving or presumptious, and with 40 billion in the bank they clearly don't have much to worry about. Still, I think they have to have at least a mild case of indigestion.

    There's nothing in this story that really should surprise anyway. So the feds, and the spooks, are using Linux, sometimes in a quite visible, and mission-critical way. So? That's nothing earth-shattering. And that's precisely what's giving Ballmer and Co the problem. Linux has traction. Not just the feds. Linux has traction in big corporate America. SIAC - the folks who run the networks for the stock exchanges, have cut over some mission-critical functionality over to Linux. Look at the classifieds ads in New York City, from big financial firms. There's a small trickle of open job reqs for hackers with Linux experience.

    Gates, Ballmer, and Co, are seeing this as well as the next guy, and they just don't know what to do about it. That's what's scaring them. It's one thing when you have a well-defined opponent to do battle with. But how do you define the opponent here? Microsoft can't clearly define who their opponent here is. There's no single company to purchase, spread FUD about, or drag into court over some frivolous intellectual issue, in order to bleed them with legal fees.

    So, all you can do is to try to FUD your way against Linux in general. But each time you'll try to go with a generic FUD campaign, your arguments can be easily shut down with a single, specific, counterexample of Linux's success in a mission-critical role. There's enough case history out there now to be able to point to, as a counterargument to FUD.

    Microsoft is clearly struggling, trying to figure out a focused, targeted, anti-Linux campaign, and failing each time. Notice how they no longer claim that Linux isn't ready for mission-critical roles. That didn't work. Now they're claiming that using Linux puts your intellectual property in jeopardy. That can't last much longer. They still can't come up with a specific example, and only talk about in generalities; furthermore with Sun and HP putting Linux APIs into their respectives *nixes, the notion that Sun and HP have intentionally put their intellectual property in jeopardy is a bit difficult to swallow.

    So, I don't think the intellectual property FUD has much more left in it, and it will slowly disappear over time. So, what's the next FUD attack? I don't know. Neither does Ballmer, or Gates. And that's what's scaring them.
    • While reading your post, something just clicked...

      Microsoft has moved into the console market. Well, I think Linux should do the same. Start stealing away Microsofts marketshare with an opensource gaming console - the LBox.

      It would be a huge hit. Buy an LBox, download the games for free! :)

      -
      • Imagine buying that nice chunk of Hardware for $199 and being able to actually do something useful with it ... and the best part is, that MS is losing money on every sale. And that project is actually underway [xbox-linux.org].

        That only leaves to figure out what to use it for. The thing has an ethernet port, the gameports can probably be used as USB-ports given the right adapters, and there's Video/Audio out ...
      • Microsoft has moved into the console market. Well, I think Linux should do the same. Start stealing away Microsofts marketshare with an opensource gaming console - the LBox.

        Hey, buddy, that's the G/Box to you!

    • by Permission Denied ( 551645 ) on Thursday May 23, 2002 @07:49AM (#3571603) Journal
      if there's anybody in the world who has a pretty good idea how much revenue Microsoft is losing because of Linux, it must be Gates, Ballmer, and the rest of Microsoft's upper echelon.

      And I think they're getting scared.

      Microsoft is scared. But they're not scared that they're losing money to Linux.

      In the section where I work, it's become common practice not to buy any software that does come with source. That includes database apps written specifically for what we do and marketted to a small niche, utility programs and development tools. The software doesn't have to be "Free" or Open Source - it can come with an NDA, but it must come with source code. Why, you ask? My management now understands the power of having source code. If there's a bug, we fix it. If we need a feature, we add it. We're less dependent on third parties to complete our jobs.

      NB the ridicule against MS when they claimed that keeping their source code secret was a matter of security. The mainstream press (and perhaps mainstream America) is starting to understand what we techies mean by "security through obscurity." A few years ago, MS could get away with a move like this and most people wouldn't have given it much notice.

      Look at the moves toward open standards, which MS is grudgingly accepting. Things like XML, documented networking protocols, standardized programming languages. People have always demanded interoperability, but they now understand that interoperability comes through open standards.

      MS has $40 in the bank, and yet they're still making dumb moves against Linux - moves like that "national security" announcement a few days ago. These moves show that they're scared - they're making dumb moves which may hurt their image and their bottom line in the end, and in the business world, those dumb moves which hurt your bottom line are the dumbest dumb moves. But what are they scared of? Are they afraid that $40 billion will become $39 billion? Would you risk attacking Linux/Free software/Open Source so vehemently at the threat of losing one fortieth of your company's stockpile?

      Microsoft is not afraid of losing money to Linux. They're afraid of an idea. When people demand source code in order to reduce vendor lock-in, fix bugs and add features, when the public recognizes the crap which MS is claiming as security, when business starts demanding open standards - when these things happen, that's a problem for MS. The MS executives are not foolish - they realize a few hundred million dollars is not such a huge problem for them at the moment. However, what could be a huge problem for them is the death of their business model. That's what they're afraid of.

        • In the section where I work, it's become common practice not to buy any software that does come with source. That includes database apps written specifically for what we do and marketted to a small niche, utility programs and development tools. The software doesn't have to be "Free" or Open Source - it can come with an NDA, but it must come with source code. Why, you ask? My management now understands the power of having source code. If there's a bug, we fix it. If we need a feature, we add it. We're less dependent on third parties to complete our jobs.

        When I worked in SCADA (Supervisory Control And Data Acquisition) a few years back, it was more typical than not to get source to the system. Many contracts required it.

        Why? Because these systems were specified and expected to serve for 20 or more years. Without source, you can't expect it to be supported that long.

        Also, the customers really liked the flexibility to hire just anybody to fix problems.

        SAP provides source (is it just ABAP code or do customers typically get all the source to SAP when they buy it?) for the same kinds of reasons, I believe.

        I have no experience in this area, but Mainframe customers often get complete OS source too, I believe. I've known several OpenVMS customers who had source licenses, also.

        Not many Windows customers get source, from what I've heard. I think that source distribution was far more common 20 years ago and it's only been in the era of shrinkwrap software that it's diminished. Maybe it's a good idea whose time has returned!

    • SIAC - the folks who run the networks for the stock exchanges, have cut over some mission-critical functionality over to Linux.

      As one of the people who developed the ARTmail network at SIAC (The application running on linux), I can tell you that it is not mission critical.

      The mission critical application run on MVS, Solaris, HP/UX, Tru64, and a few other obscure comerical unices but not Linux. Most of the mission critical apps actually run on MVS.

    • by DG ( 989 )
      I don't think Microsoft is losing much actual money to Linux and Open Source just yet - but they can see the writing on the wall.

      I was at the very first Perl conference a few years ago, when ESR presented CatB for the first (?) time. At that point, I wasn't really into the whole Free Software/Open Source thing; I just really liked Perl and was there to learn more about it.

      Sitting there, listening to ESR, it hit me like a bolt of lightning; one of those ultra-rare flashes of "Eureka!" Commercial software, as embodied by Microsoft, was dead in the water. Open Source and the Internet had created - actually, had *evolved* - a new design method that would eventually supplant all commercial software development with mathematical certainty.

      It's like when you're playing solitaire, and you get to the point in the game where you've won, and all the other moves are just the playing out of the algorithm.

      Mind you, the time involved with the "playing out of the algorithm" as far as software development is concerned will still take years, but unless there is a dramatic change in the conditions under which software is developed and distributed, the Open Source/Free Software juggernaut is mathematically unstoppable.

      Microsoft is the woolly mammoth eying the ice sheet creeping steadily southwards.

      The people who run Microsoft, while they may be supremely arrogant, are not stupid. It may have taken them a little while to actually _believe_ that they were vulerable, but they seem to understand it now, and they have gotten religion in a big way.

      They understand that they cannot possibly compete with Open Source on the merits - they lose on price (free vs $$) they lose on quality (given enough eyeballs, all bugs are shallow) and increasingly, they lose on response time as well (not even Microsoft can hope to employ as many developers as work on Open Source projects)

      They can't even fall on the old Microsoft technique of last resort - buy the competitor's company - because Open Source is by definition decentralized. It cannot be killed, it can only be outcompeted.

      (That's not to say Open Source as it exists today is perfect - it most definately has flaws. But as the ice sheet grinds southwards, these flaws tend to be (slowly) rectified. The number of niches where Microsoft can "beat" Open Source grows smaller every day.)

      They only have themselves to blame for this. Microsoft has been the ultimate predator, culling the herd of lesser methods and companies, and in doing so, has forced the evolution of an even tougher force than itself.

      What we're seeing now is a desparate attempt by Microsoft to try and change the conditions that allow the Open Source development method to work so well, because that it their only chance at mounting anything like a successful defence. Too bad that they made so many enemies on the way to the top; they are finding few allies.

      I have to admit that it's nice to watch all the panic. Turnabout IS fair play.

      DG
  • God bless the NSA (Score:3, Interesting)

    by Tokerat ( 150341 ) on Thursday May 23, 2002 @01:24AM (#3570668) Journal
    There are many posts here about the NSA and testing software for security, and a few arguments about their Security-Enhanced Linux project. From the NSA's Security-Enhanced Linux FAQ [nsa.gov]:

    Why was Linux chosen as the base platform? [nsa.gov]

    Linux was chosen as the platform for the work because of its growing success and open development environment. Linux provides an excellent opportunity to demonstrate that this functionality can be successful in a mainstream operating system and, at the same time, contribute to the security of a widely used system. A Linux platform also offers an excellent opportunity for this work to receive the widest possible review and perhaps provide the foundation for additional security research by others.


    For once I'm rather relieved that Big Brother is watching...and realizing the point, and even helping the cause. Go USA.
  • by Selanit ( 192811 ) on Thursday May 23, 2002 @02:47AM (#3570863)

    A couple of things spring to mind. First:

    "I've never seen a systematic study that showed open source to be more secure," said Dorothy Denning, a professor of computer science at Georgetown University who specializes in information warfare.

    My first reaction to this was "Suuure." But then it occurred to me that the word "systematic" is key. Have there been any systematic studies of security in open- vs. closed-source programs? I mean academic quality research -- with control groups, a clearly defined method for testing the security, with the results published in a peer-reviewed journal.

    Stenbit said the debate is academic and that what matters is how secure a given piece of software is. To that end, the Defense Department is now
    prohibited from purchasing any software that has not undergone security testing by the NSA. Stenbit said he is unaware of any open-source software that has been tested.

    Emphasis added.

    So, the DoD can't purchase any untested software, hey? Well great! They can have all the open source stuff they want, no purchase necessary. Obviously the regulation is in place to keep the government from using untested software, but I'll bet it was written with the assumption that you can't legally use software you haven't paid for. Open source distribution schemes don't require payment, which opens up a loophole. I wonder, could that be why open source systems have come to play a "critical role" at the DoD, as the article mentioned?

  • by juliao ( 219156 ) on Thursday May 23, 2002 @05:26AM (#3571192) Homepage
    From the article:

    The company also complained that the Pentagon is funding research on making free software more secure, which in effect subsidizes Microsoft's open-source competitors, Stenbit said.
    This is wrong and ridiculous. Take a real world comparison:
    Publishing cooking books and sharing cooking tips effectively enables people to cook their own meals and enjoy meals cooked by friends, undermining the Commercial Restaurant Industry and subsidizing the Restaurant industry's competitors.
    Should the cooking book editors pay money to restaurants, for "damages"? Great idea, no?
    • The great thing about source code is that compiling is hella lot easier than mixing ingredients and baking/frying/whatever. Sometimes you can even get pre-compiled binaries. Let me see a cookbook do that =]
  • by leereyno ( 32197 ) on Thursday May 23, 2002 @09:15AM (#3572212) Homepage Journal
    When I read about stories like this the impression I get is that Microsoft is desperate and is fighting a war they cannot win.

    The best way to respond to Microsoft when they are in this position is to ignore them. By that I mean don't communicate with them. Refuse to take their phone calls, ignore email messages, throw faxes into the circular file, assuming of course that you have the power and authority to do so. This will have the effect of demoralizing the Microsoft employees tasked with preventing you from using non-MS products. This in turn will inhibit their ability to do this to others as well. At the end of the day anything that causes a Microsoftie to do a bad job is a good thing.

    Lee
  • Unamerican? (Score:3, Funny)

    by dacarr ( 562277 ) on Thursday May 23, 2002 @09:51AM (#3572505) Homepage Journal
    The Washington Post article says that M$ is calling open source unamerican.

    When did they employ the remains of Joe McCarthy for its marketing department?
  • by macdaddy ( 38372 ) on Thursday May 23, 2002 @11:26AM (#3573261) Homepage Journal
    Excuse me, but when has it ever been "un-American" to make some bigger, better, faster, and cheaper?

"I've finally learned what `upward compatible' means. It means we get to keep all our old mistakes." -- Dennie van Tassel

Working...