Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Microsoft

'Think Tank' Issues Microsoft-Funded Troll 624

dlur (among many others) writes: "According to this ZDNet article, a Washington think tank known as the Alexis de Tocqueville Institution is soon to release a study stating that Open Source Software allows terrorists an easy time hacking into our systems. It's little suprise that this group takes money from Microsoft." The Register's story is good too. All the whoring reports in the world won't make open source any less secure. This same institute backed destabilizing, unworkable '80s missile defense and thinks Alexis de Tocqueville would have wanted the V-22 Osprey deathplane. Also, see what their coin-operated policy dispenser spat out for internet privacy (eat what you're fed) and antitrust (advantage of Microsoft monopoly: "manufacturers of computer hardware need to provide only one driver"). We weren't going to run this, but there were a lot of submissions, so ...
This discussion has been archived. No new comments can be posted.

'Think Tank' Issues Microsoft-Funded Troll

Comments Filter:
  • It seems to me that when software is created by "hackers" and made by "hackers" that they would as a team know what to do to make the software as hackerfree as possible. By making a product open source, it is only sensible that it is then open to be studied by hackers and exploited by malicious hackers but at the same time, just as genius "white-hat" hackers can quickly repair these security flaws thus keeping the software secure. So, how then can it be possible to say that Open Source is more hacker prone than proprietary software? Beats me
    • by yobbo ( 324595 ) on Tuesday June 04, 2002 @09:54PM (#3642578)
      Well, open source software is by far the easiest to hack, because the source code is actually available to you to hack with.

      If you're talking about open source software being easier to crack, that's a whole different story...
    • statements like this make me wish there was a +1 DUH! moderation.
  • "This same institute backed destabilizing, unworkable '80s missile defense and thinks Alexis de Tocqueville would have wanted the V-22 Osprey deathplane."
    Nice to see no politics being spouted here.
  • Hmm.. (Score:4, Funny)

    by FunkSoulBrother ( 140893 ) on Tuesday June 04, 2002 @09:43PM (#3642506)
    >i>from the insitute-and-prostitute-share-a-lot-of-letters dept.

    They share even more letters if you spell institute correctly.

  • by Animats ( 122034 ) on Tuesday June 04, 2002 @09:43PM (#3642508) Homepage
    Open source would have a much better security record if Sendmail were killed off.
    • Sendmail /DID/ have a bad record... but it barely rates a mention these days. Time to bring yourself into the current day rather than trying to suck the rotten marrow out of last century's carcass.
    • And MySQL.
      And OpenSSH.
      And Tomcat.
      And wu-ftpd.
      And PHP.
      And squid.
      And mod_ssl.
      ...

      You know, if we reduced it to just the kernel running on an isolated box locked in a secured meat locker, and you throw away the key.

      But, qmail is better =)
    • Open source would have a much better security record if Sendmail were killed off.

      No need. The neat thing about open source are the choices. I've used sendmail extensively in the past, but these days I'd use, say, postfix [postfix.org]. Sure, sendmail's security record is much better than it was, but I'd prefer the performance benefits of a late-model MTA, as well as the security plusses. The point is, whether we are talking about SMTP, HTTP, IMAP, POP, FTP, or whatever, there are secure servers that work great and I can use whichever one of them I please. That's a far cry from some more proprietary environments I've experienced in the past. I also like not having to wonder what gotchas are hidden in a some privileged binary I'm running.

      I think everyone's spam relay record would look better if folks'd turn off the MTA daemon on systems that don't need to accept mail, though...

      • Actually, sendmail is used to ... errrr ... SEND mail. My ISP does not relay, so I HAVE to run my own MTA because I don't connect to one of their IP blocks. I use exim at home rather than sendmail, but I administer about 100 Unix boxen at work that use sendmail for, among other things, remote security logging, availability monitoring (the hostwatcher e-mails my pager when a monitored host goes down), and just GOBS of other admin tasks. E-mail really IS the killer app of the internet.

        All that being said, if all you need is a client sendmail mailserver, DO NOT generate your sendmail.cf from the nullclient.mc file distributed with sendmail. It WILL create an open relay. I can't get to the m4 file I created to do the trick right now, but I will be happy to provide it to any sendmail admin who wants it if they e-mail me at cwilkin3-AT-egr-DOT-uh-DOT-edu. The file generates a sendmail.cf equivalent to what nullclient.mc creates, but without the relay enabled.

  • Loudest (Score:4, Interesting)

    by inflex ( 123318 ) on Tuesday June 04, 2002 @09:43PM (#3642515) Homepage Journal
    What I do not understand is why there aren't any similar groups for the OpenSource / non-Darkside avocations.

    If MS can fund groups such as these to spill forth what is obviously [then again, not much is obvious it seems to the 90% of the population] utter trash, surely we [ non-MS ] can do the same.

    If this group spills out such toxic waste words as these, why does it gain so much attention in the general public?

    Is there any reason why we cannot write an article stating "Microsoft Closed source enables Terrorists to easially render 90% of the information market paralized"... (after all, there is far more 'hard' evidence in the form of email-worms etc than there is behind what has been written in this article).

    • Okay, you fork up the few million so we can buy our own "think tank" and make our own report:)
    • by inerte ( 452992 ) on Tuesday June 04, 2002 @10:07PM (#3642649) Homepage Journal
      Yes, like geeks, we must use the tools we have.

      From: 8axxx0r l33t
      Subject: DESTROY PROPRIETARY SOFTWARE
      Message:

      First Post!

      Heya! Did you know Bill Gates' ASCII code number is 666? That he is the root of all evil?

      That there's an alternative to monopoly? And it's FREE (note: as in freedom AND as in beer).

      ACT NOW and access Slashdot's webpage, news for normal people, stuff that matter. NO pop-ups, neither pop-unders, ROTFLMAO... Insightful and funny bewolfed comments from all over the world!

      Thanks for your time,

      l33t.

      PS: This is not spam. I hate spams.
    • Re:Loudest (Score:4, Informative)

      by ninewands ( 105734 ) on Tuesday June 04, 2002 @11:15PM (#3642980)
      What I do not understand is why there aren't any similar groups for the OpenSource / non-Darkside avocations.

      You mean like This Article [crn.com]??

      Just in case CRN gets slashdotted, an excerpt speaking on the subject of Linux in the federal government:

      The software appears to be winning friends among military and intelligence agencies.


      A study completed for the Pentagon by the Mitre last week identified 249 U.S. government uses of open-source computer systems and tools, with Linux running on several Air Force computers, along with systems run by the Marine Corps, the Naval Research Laboratory and others.

      The report recommended further use of open-source computing systems, on the grounds that they were less vulnerable to cyberattacks and far cheaper.


      'Nuff said. I think I would believe a federally-funded study by Mitre Corp. (a scientific research organization that, among other things, hosts the CVE database) before I would buy into a study by a think tank 1) that lacks Mitre's technical muscle and, 2) has a history of whoring for inter alia Microsoft, the tobacco industry, and various egregious polluters. Remember Mindcraft?

    • Re:Loudest (Score:5, Insightful)

      by mrsam ( 12205 ) on Wednesday June 05, 2002 @12:16AM (#3643220) Homepage
      What I do not understand is why there aren't any similar groups for the OpenSource / non-Darkside [ advocacy ]

      I certainly hope there aren't any self-proclaimed Open Source/Free Software groups that pump out such logically-challenged, clue-free blather. I'd frankly be ashamed to see something on the same order, clue-wise, being used to promote the Open Source/Free Software philosophy.

      • Re:Loudest (Score:3, Funny)

        by charvolant ( 224858 )
        I certainly hope there aren't any self-proclaimed Open Source/Free Software groups that pump out such logically- challenged, clue-free blather.
        Umm. Slashdot, anyone?
    • Re:Loudest (Score:5, Insightful)

      by Ride-My-Rocket ( 96935 ) on Wednesday June 05, 2002 @12:51AM (#3643369) Homepage
      Honestly, I think the Linux community is better off without such a "darkside" group. The more effort that is spent on making actual progress, and NOT fighting the war of words that Microsoft so desperately wants to fight, the better off we'll be. Microsoft has been saying bad stuff about Linux for years -- they have endless supplies of cash to wage that war, and can neatly tie up the Linux community's resources that way.

      I would say that any and all "intellectual" aid -- legal, political, research / reporting, etc. should be directed towards loosening or removing Microsoft's grip on public education and government markets. Right now, we have two major entities -- Peru and Taiwan -- that have taken the plunge and are attempting to eliminate their reliance on Microsoft products. We have the US government questioning for the first time how to better secure their networks. And in a time of relative national crisis, shouldn't security at all levels be of paramount concern?

      MS has proven itself incapable of (or unwilling to?) improving the security of its code, despite its ubiquity. Open source can only get _more_ stable and secure as time passes, and users / white hats continue to help find bugs in the system. So why shouldn't we have people who are willing to evagenlize OpenSource do it, but to discredit MS by selling the idea behind using Linux et al?

      But maybe that's just me........
  • Big Deal (Score:3, Insightful)

    by DNS-and-BIND ( 461968 ) on Tuesday June 04, 2002 @09:44PM (#3642522) Homepage
    The Alexis de Tocqueville Institution is well-known as an organization that delivers what its sponsors pay for. Nothing new about that, there are thousands of such firms in and around Washington, D.C. It should at least come as a relief to slashdot readers that most of them don't describe themselves as "conservative".

    Wait another few months and there will be a similar study published by a different but equally prestigious organization, only with opposite conclusions. Watch for Ralph Nader to try and attach hitch his tattered wagon to anything linux-related.

  • by coats ( 1068 ) on Tuesday June 04, 2002 @09:45PM (#3642526) Homepage
    Rapidsite/Apa/1.3.20 (Unix), FrontPage/4.0.4.3, mod_ssl/2.8.4, and OpenSSL/0.9.6 on an IRIX machine, according to NetCraft's "What's that site running?" at http://uptime.netcraft.com/up/graph [netcraft.com]

    They're not running their touted monoculture on their own web servers!

  • by i_want_you_to_throw_ ( 559379 ) on Tuesday June 04, 2002 @09:45PM (#3642529) Journal
    I am a lone out post of open source in the military agency where I work. My solution, just show them the NSA funded SE Linux information [nsa.gov].

    Who are the green suiters going to trust? A bunch of paid "think tank" lackeys or the good ole spooks behind the triple fence?

    So far NSA's advocacy has been used to let me get away with all kinds of open source implementation.

    Of course, NSA has an agenda too I'm sure but that's between the military and NSA.
    • by Anonymous Coward

      So far NSA's advocacy has been used to let me get away with all kinds of open source implementation.

      And don't imagine that the folks in Redmond don't realize that. They've had their lawyers trying to pressure the DoD to stop the project (the usu arguments we've seen them use w/other gov'ts... it shows favoritism, etc.).

    • by Hard_Code ( 49548 ) on Tuesday June 04, 2002 @11:37PM (#3643086)
      "So far NSA's advocacy has been used to let me get away with all kinds of open source implementation."

      Perfect comrade! Next, send me the list of usernames and passw^W^W^W I mean, send me some completely arbitrary pornographic images for no apparent reason. Also, good idea to post here...nobody will ever discover our s3kr3t plan, nobody takes these Slashdotters seriously! (also, we have successfully planted agent code-name "Tom Ridge" high in the executive branch) Muahahaha!
  • This same institute backed destabilizing, unworkable '80s missile defense....

    You are aware, are you not, that the Reagan administration's emphasis on missile defense technology forced the Soviets to spend billions on research into their own missile defense systems? And that that level of unsustainable spending contributed directly to the collapse of the Soviet economy, and the eventual dissolution of the USSR as a political entity?

    Just spreading around a little knowledge.
    • I see, so you're saying the value of the destabilizing, unworkable '80s missile defense is that it's a great bluff that got Russia to try to build the same thing...hence Russia collapsed and we didn't.

      Hmm. This leads to two questions and a note-- (1) why are we still pushing to build it, and (2) if it was a bluff, why did we actually spend any money on it at all, and (3) you're basically saying that a wasteful, bloated, expensive defense system that won't do anything was loaded with features, not bugs.

      Next time, we should propose launching food into space, that'll really screw up them commies.
      W
      • by DNS-and-BIND ( 461968 ) on Tuesday June 04, 2002 @11:18PM (#3642994) Homepage
        In a remarkable tete-a-tete with a US journalist and former arms control official, Marshal Nikolai Ogarkov, First Deputy Defense Minister and Chief of the General Staff, interpreted the real meaning of SDI: "We cannot equal the quality of U.S. arms for a generation or two. Modern military power is based on technology, and technology is based on computers. In the US, small children play with computers.... Here, we don't even have computers in every office of the Defense Ministry. And for reasons you know well, we cannot make computers widely available in our society. We will never be able to catch up with you in modern arms until we have an economic revolution. And the question is whether we can have an economic revolution without a political revolution."

        Read the last sentence over, and over, and over.

    • No, SDI was one of many things that encouraged the Soviets to spend themselves into oblivion. At this point, it probably *is* possible, and with lunatics like the North Korean dictatorship able to shoot ICBMs (as of a few years ago), just for starters, missile defense is now a VERY good idea. If piss-poor third world nations think building ICBMs is worth the trouble, then we damn well better have a defense against them.

      Unless we invade and force a regime change, which I'm not necessarily against. Worked for National Socialist Germany and Imperial Japan, and the bad guys aren't exactly an even match today.

      It's not just for ICBMs either. Shorter range ballistic missiles, like the several hundred that China has pointed at Taiwan, could be defended against by ground-based interceptors. (Guess why China is all cranky about our pulling out of the ABM treaty with the Nation That No Longer Exists.)
    • Mutually Assured Destruction was "stable" only as far as retaliatory destruction was really assured. A limited missile defense system makes it impossible for your opponent to be sure that a first strike of theirs will destroy all of your missiles, and so makes MAD more stable, not less.
    • You are aware, are you not, that the Reagan administration's emphasis on missile defense technology forced the Soviets to spend billions on research into their own missile defense systems? And that that level of unsustainable spending contributed directly to the collapse of the Soviet economy, and the eventual dissolution of the USSR as a political entity?

      A theory that was only advanced as a strategy after the fact. There is no reason to believe that we were being lied to in the 1980s when we were told that NATO believed that it could only hold off a USSR invasion of Western Europe for 4 days before being forced to resort to nuclear weapons. The generals who I discussed the strategy with in the 1980s believed that they were acting to defend against a real threat, not to break an already beaten enemy.

      The theory is in any case bunk if you happen to look at Soviet economic history. To first order the Soviet economy never really recovered from the second world war. The economy was already stagnant when Breshniev took over. By the time start wars was proposed Gorbachev was already redirecting resources from the military economy to the civilian economy. The USSR never responded to star wars, therefore the theory that proposing star wars brought down the USSR is false.

      As for anyone having disolving the USSR as a political objective, I don't think that was ever a US policy objective of any kind (with the exception of the Baltic states). Better to have all those missiles under control rather than have a Balkan situation with nuclear weapons.

    • by LunaticLeo ( 3949 ) on Wednesday June 05, 2002 @12:06AM (#3643174) Homepage
      Disclaimer: I support a diverse set of missle defence systems. They are workable against a dozen lauches rather than several thousand. Defence against several thousand missile implausible in the extreme, and it only takes a few dozen multi-megaton bombs to end the world that I want to live in.

      However, there in NO EVIDENCE that the Regan Administrations increase in defence spending, or much less their spending on missile defence systems. Please, take a look at the CIA fact books. The military spending by the Soviet Union DECREASED from the late 70s on.

      Further, the time frame for this theory to be operative is between the first Regan budget for 1981 and Gorbachev(sp?) coming to power in 1984. Gorbi ended the cold war, and Gorbi ended the defacto Soviet Empire. The timing doesn't work, and the facts (from the above CIA factbooks) don't support that theory.

      BTW, the increase in US military spending began with that submarine captain's Presidentcy (James Carter for those of you weak in US history). Carter started the Seawolf submarine program and the B2 Bomber program and many other wepon systems attributed to the Regan Administration.

      I agree that the commentary that the Strategic Defense Initiative was destabilizing is LAME. However, what is being refered to is that in Game Theory if you have a defense against a mutually shared wepon with the power to mutually annihilate both combatants, you are more likely to feel you can use your wepon. A percieved protection by Star Wars Defense Shield, could fool stressed out people to "Go for it". But just think about what the US would be like if we did have 100% effectivity against Soviet missles, and the US successfully detonated a few dozen or hundreds of 10 megaton bombs on the Soviet Union. There was no victory scenario between the US and Soviet Union in a Nuclear exchange.
  • by NZheretic ( 23872 ) on Tuesday June 04, 2002 @09:48PM (#3642548) Homepage Journal
    To: kenbrown@adti.net

    Subject: "Opening the Open Source Debate"

    Date: 31 May 2002 15:45:59 +1200

    Some references you might wish to consider before publishing your article "Opening the Open Source Debate"

    http://www.businesswire.com/cgi-bin/f_headline.cgi ?bw.053002/221502375 [businesswire.com]

    Bruce Schneier, one of the recognized leading expert on computer security on Kerckhoffs' Principle and Secrecy, Security, and Obscurity of software.

    http://www.counterpane.com/crypto-gram-0205.html#1 [counterpane.com]

    Dr. Blaine Burnham, Director, Georgia Tech Information Security Center (GTISC) and previously with the National Security Agency (NSA), gives an keynote speech overview of current encryption and security technologies and outlines possible strategies for future defense.

    http://technetcast.ddj.com/tnc_play_stream.html?st ream_id=411 [ddj.com]

    Also you might wish to address the issue of Microsoft's disproportionately high number of open vulnerabilities in its Internet Explorer components. All of which where discovered without access to the source code.

    http://jscript.dk/unpatched/ [jscript.dk]

    Richard Purcell, Microsoft's director of corporate privacy, has recently stated that any major improvement in regard to the security of it's products may be at least "5, 10 years, maybe".

    http://www.businessweek.com/technology/content/may 2002/tc20020523_6029.htm [businessweek.com]

    As for the issue of Trojan horse injection into open source code, it is far from being an open source only issue.

    http://www.eeggs.com/ [eeggs.com]

    Or were all the "Easter Eggs" currently found in Microsoft's products officially authorized?

    If you are looking for a methodology for providing a suitably secure and hardened solution, start with a real world example.

    http://www.openbsd.org/security.html [openbsd.org]

    I welcome any open debate.

  • by vkg ( 158234 ) on Tuesday June 04, 2002 @09:48PM (#3642550) Homepage
    After all, we're now pretty well aware that people are not looking through open source code looking for bugs and back doors: yes, flaws get discovered, but it's usually through the "exploit-patch-fix" cycle, rather than pre-emptive security work.

    OpenBSD is, of course, not dead and a very notable exception.

    Sometimes secrecy is useful in security: ask the NSA; yes, in theory, all of their algorithms would stand if they were placed in the open.

    But they still keep them secret because it is one more obstacle for an intruder to have to overcome to compromise a system.

    Of course, none of this matters because we're talking about M$, those nice folks asking to keep with Windows source secret because it has security flaws large enough to be considered economic and national security risks.

    But, in theory, I think there are times when closes source might be the way to go.
  • Oh crap, my server's been trojan horsed.... Hold on a sec:
    rm -Rf /bin/laden


    mysql -u root -h localhost mysql < "update user set Password = PASSWORD('password') where Password = NULL; flush privileges"

    There, that's better! Those Dirty Hacker-Nazi-Arab-Commie-Terrorist Bastards can't get in now!

  • by Chmarr ( 18662 ) on Tuesday June 04, 2002 @09:49PM (#3642556)
    The final sentence of Punishing Winners Hurts the Marketplace [adti.net] reads:

    "We would be better off with more companies like Microsoft, not fewer."

    However, how can we have more companies like Microsoft when that very article is condoning a monolopy? Yes, I acknowledge that they're probably talking about 'one monopoly in each market'. However, we all know that Microsoft is trying to take over as many markets as possible. How far away is Microsoft-branded Vegemite? :)

    Stupid. Totally, absolutely stupid.

    • where the HELL can they say this? Especially if we're talking about viruses and hackers, diversity should be fairly obviously more secure than monopoly.

      Finding a way to exploit one OS lets you into every computer if there is only one OS.
    • How far away is Microsoft-branded Vegemite?

      Well let's see. Bill Gates started Microsoft with Paul Allen who owns the Portland Trail Blazers. Rasheed Wallace is a power forward for the Trail Blazers. Wallace played basketball at the University of North Carolina where Michael Jordan won a national championship his junior year before taking on the NBA himself. Jordan starred in Space Jam with Bill Murray who had an uncredited cameo in "She's Having a Baby" starring...Kevin Bacon.

  • by dimator ( 71399 ) on Tuesday June 04, 2002 @09:51PM (#3642564) Homepage Journal
    ... that we run it on our OWN damn servers:

    $ httptype www.adti.net
    Rapidsite/Apa/1.3.20 (Unix) FrontPage/4.0.4.3 mod_ssl/2.8.4 OpenSSL/0.9.6


    Who wants to place bets as to when Microsoft learns of this, and promptly switches their systems?

  • The purpose of Open Source projects is to offer technology in an open and cheaper manner than traditional vendors. If what ADTI is implying that because of Open Source anyone, including terrorists, can use computers for free then I guess it is true.

    What would be the contrary to this? Would the ADTI really have us believe that hacking with paid closed software is better than open? If Open Source projects can't expect or know the ultimate intent of the users of the software then why would any closed vendor would? It sounds like ADTI does! I guess they are brilliant. ;-)
  • As I said in an e-mail to Thomas Greene of The Register after reading his article on this earlier this evening.

    "How cruelly ironic, that the man who celebrated the spirit of volunteerism
    he found in communities all across the new nation he chronicled has his good
    name usurped and sullied by the likes of these."

    As for the Osprey, the most recent one to crash came down not too far (which is to say not far enough) from my backyard, so I checked out what they had to say about that, but to be fair, they wrote it 5 years ago, before anybody but the manufacturers had a chance to really test its airworthiness.

  • Hacker making software knowing more to stop hackers is such bullshit. Most hackers that use the term like that can't code their way out of a wet paper bag. Saying hackers would make better code is fine, but get a clue that when you use the term "Hacker" no matter how you mean it the mainstream media will always see it as "EVIL" period. No one but the people that profess that hacking is a cleaver way to solve a problem think that it means a way to solve a problem. So what is that 5% if your lucky? Hell they even get pissed when someone else says it if they are not "hackers".

    For the love of Pete, everyone else hears hackers making software know how to protect you from the hackers, err sorry crackers, er wackers, black hat, grey hat, white hat, red hat, tinky winky hat...ahh hell you know the "bad hackers" are going to do it also and make us pay. BAh...Your going to code a back door I know it. To push the point they will point to the C compiler...eww but the was to prove a point right?!

    Slashdot and the legions of ethical hackers need to learn that the word hacker will forever be seen in the eyes of 90% of the world as bad. Plus no one is going to believe that a bunch of people coding for free is going to not do something devious to make money, despite what you may really do. Those same 90% of the world that see hacking as a bad word also believe people don't work for free. I guess that guy that just loves to dig ditches because it is fun is shit out of luck, because really he is not scoping out anything to steal.

    -4 anti-karma whore, I will enjoy the mod-down as you just can't help but to hate the truth.

  • seems to me... (Score:2, Insightful)

    by csguy314 ( 559705 )
    that every 'think tank' I hear about has some particular groups best interests in mind. And those groups are usually big corporations. I guess they're the only ones that can afford to fund these think tanks and pay for their expensive reports.
    After all, thinking isn't free...
  • Why is it a lie? (Score:2, Insightful)

    by inerte ( 452992 )
    Don't you think that if your software has a bug and you have its source released to the crowd, people that want to take advantage of this will do it?

    It never crossed my mind that free software doesn't have any bugs at all. It's naive to think none will ever be able to crack your box, even if you run the latest versions and patches.

    What I do understand, is that in free software your bugs are discovered and fixed faster than in proprietary, because there are (potentially) more developers and users.

    Is it a lie? Hell no. It's manipulation of information? Perhaps. If you are an employe of any entity, be it the governament or a private company, and your boss asks you "With our source there for anyone to have a look, if they find a bug, can you swear that they won't crack us"?

    I wouldn't answer yes. I can't answer yes, it's impossible. It's almost impossible to have a bug-free software, since almost all software development efforts always have a reason to add more features, or to make it more compatible with new products.

    But, you can give good answers to this questions. Say, for example, that Linux has fewer bugs than Windows. Say that Apache, that runs most of the servers at the whole world, has caused LESS financial damage because of bugs than almost any IIS virus, worm, or whatever.

    The manipulation of information comes from this side. When some people can't address the Linux problem logically, they appeal to your emotion. They cite terrorists because that's the great evil of the moment. They touch deep into your fears, and without few 1 + 1 proof.

    So, attack with the same power. Say that while it's true that terrorists might have a chance to attack one server because they have found a bug, they won't spread the damages because system administrators can ,and a good one will, design or apply an already designed patch in hours. You don't have to wait for MS good will to serve your needs. Say that historically Linux has proved itself as a more secure option.

    What will they do, change the past?
  • [Apologies for this being slightly off-topic, but chrissy asked for it.]

    You should have gone with your initial impression. Not running this, I mean. Could you please try to stuff more leftist tripe in your next article summary?

    "destabilizing, unworkable '80s missile defense"? I'm sure most people didn't think anything like that laptop sitting on your desk was possible back in the early 1900's. The technology for reasonable missile defense may be in its infancy now, but that doesn't mean it always will be.

    For those who argue missile defense is just another unnecessary aggressive move on the USA's part, I'd say that defensive weapons are the least threatening because they are the ones least likely to get us involved in foreign entanglements: it's hard to send a stationary anti-ballistic missile launcher into a land war in Asia.

    And for those who argue it is unnecessary because terrorists will just ship a bomb over on a cargo freighter, I'd ask you if you keep your windows unlocked over vacation just because a thief is most likely to try the front door first. If we start covering our bases now, we won't be caught with our pants down when every rogue nation in the world has a long-range ballistic missile and a wacko with his finger on the button.

    As for "deathplane"...I'm not even sure I should touch that one. I'll just say that deathplanes like it are the very reason east coasters aren't speaking German and west coasters Japanese. As a libertarian, I believe it's your right to avoid compulsory service in the military, but you should at least have the decency to respect those who fought and died for your freedom.
    • There is nothing "leftist" about making a case for the fact that a missile defense system has a low probability of achieving its objectives. There are very strong arguments in favor of that position. There is also the issue that the Bush administration has had a fixation on missile defense. A case can be made that this fixation was partly responsible for a lack of focus on domestic security (see the Hart-Rudman domestic security report that was virtually ignored by the Bush administration.)

      Finally, as an ex-Boeing Helicopters employee, ex-chairman of the North Dakota Libertarian Party, and U.S. Air Force veteran, I find your remarks about the author's decency out of line. Look, the ability to critique the government is one of the most important rights and responsibilities we have. And this right is steadly being eroded as we speak. As a Libertarian, you should be speaking out about that.
    • For those who argue missile defense is just another unnecessary aggressive move on the USA's part, I'd say that defensive weapons are the least threatening because they are the ones least likely to get us involved in foreign entanglements:

      Okay, then develop your missile-shield technology and give it to every single damn country in the world - hey, it's defensive technology, isn't it? Then that wouldn't represent a security risk, but just make everyone safer, right?

      The problem with missile defense is that it upsets the balance of power. Which means that, to compete, nuclear powers have to build more missiles, in the hope of reaching equilibrium again (hoping that a few might get through). Why is nuclear equilibrium important? Because mutually assured destruction is the best deterrent against the use of nuclear weapons. Who cares, if the U.S. has a missile shield, you say? Well, even if that missile shield was effective (which it is not guaranteed to be, despite the gigantic cost), there is this little thing called "the rest of the world"...

      So, do you agree that the U.S. should share it's defensive, non-threatening missile defense technology with the rest of the world, then?
    • It isn't being called a deathplane because it's been used to drop napalm on villagers or something. It's notorious for killing test pilots. A couple of years ago it seemed like there was a story every month or two about an Osprey crash. Some background can be had here:

      http://www.verticraft.com/v22_crashes.htm

  • It's little suprise that this group takes money from Microsoft.

    I don't know. I guess I still think it's more likely that they just have their head up their ass... I'm usu kind of skeptical of the "they take money from so-and-so" dismissals. There are a number of people who thought the gov't antitrust thing was out of line and ended up becoming MS boosters (rather than just DoJ criticizers) in the process of defending them. Maybe this group was like that. Okay... I must admit that in this case the report sounds exceptionally crazy, but I'm enough of a misanthrope to not rule out stupidity yet. And I'll be very curious to see how they can make this particular case in the actual report. I hope it is at least entertaining... ;-)


    • Take a look at another [adti.net]
      one of their "studies", where they conclude that a MCSE certification
      is "perhaps more valuable than a college degree". Man, these people would
      make me laugh out loud if I didn't know that a whole bunch of idiots
      with a lot power, money and influence regularly listen to this sort of crap.

      Morel
  • Well, they're right-on about the drivers. It's great knowing that 99% of the time I can plug in my hardware and it will work with no problem on Win2K. I wish I could say the same for Linux, Solaris, etc.
  • by Anonymous Coward
    Who cares what a "Think Tank" says?

    Why does this organization get any press anyway? What exactly is a think tank, and what credentials does it have? I mean, is this anything more than an organization dedicated to producing biased press releases?

    The organization's mission statement [adti.net] is completely devoid of meaning.

    "Since 1988, the Alexis de tocqueville Instition has studied the spread and perfection of democracy around the world. In this, we follow the principles of Tocqueville himself... At the root, perhaps, is a populist belief in the basic goodness, perfectability, and nobility of mankind and of the human community...Operationally, adTI strives to emulate what one scholar has termed Tocqueville's 'omnicurious style of journalism."

    Say what? I mean, read the whole mission statement. It says absolutely nothing using a lot of jackoff big words. I don't get what any of it has to do w/de Tocqueville, a french author who reported on US culture a hundred fifty years ago.

    The fact that MS is funding this-- WHO ARE THESE GUYS?! I mean, why would anyone even CARE or bother reporting their opinion?

    Sometimes I think these organizations exist soley to have their representatives on talk shows and to have a semblance of a structure from which to spew their opinion.

  • This is gold. Frickin' gold. Quoting the Register:

    This could explain why a group purportedly devoted to the 'perfection of democracy' would, with a straight face, recommend the MCSE as a qualification for adult participation in a democratic economy superior to a university degree.

    "Effective participation in the American political economy has always been substantially dependent upon an education that goes beyond basic verbal and mathematical skills," the author of this 'study' intones.

    Nevertheless the author cheerfully reports that "87 per cent of Human Resource managers surveyed believed that MCSE's are equally or more successful than college graduates."

    Oh, we have the highest opinion of HR PHB's

  • Just tell me what you want to believe and I'll write you a report demonstrating it. Want proof that Windows is the best OS? Pay me $1E6 and I'll write the report. Want to prove that PGP offers the best security? Just $5E5 for that one. Yes sir! Just send me your questions and pay me 6 dollar sums of money and I'll demonstrate it for you.


    And that's not all! For an extra 25% I'll make a press release to a selection of the top 25 newspapers worldwide and for an extra 50% I'll submit the story to Slashdot.


    Get your reports here! Get your reports here!

  • by evilpaul13 ( 181626 ) on Tuesday June 04, 2002 @10:15PM (#3642687)
    "And don't forget Kerckhoff's assumption: If the strength of your new cryptosystem relies on the fact that the attacker does not know the algorithm's inner workings, you're sunk. If you believe that keeping the algorithm's insides secret improves the security of your cryptosystem more than letting the academic community analyze it, you're wrong. And if you think that someone won't disassemble your code and reverse-engineer your algorithm, you're naive. The best algorithms we have are ones that have been made public, have been attacked by the world's best cryptographers for years, and are still unbreakable."
    --Bruce Scheier; Applied Cryptography (Second Edition); page 7

    This seems to apply perfectly to this latest FUD about open source software.
  • secret source code? (Score:2, Interesting)

    by bigsexyjoe ( 581721 )
    I don't know if this true but I read in a recent ask slashdot that microsoft will show its source code to anyone who can afford it. The source code could easily get stolen and could eventually wind up in terrorist hands. So it would be no better than open source.
  • by waldoj ( 8229 ) <waldo@@@jaquith...org> on Tuesday June 04, 2002 @10:19PM (#3642712) Homepage Journal
    I'm sorry to be a party-pooper, but where's the evidence that they take money from Microsoft? The ZDNet [com.com] article says nothing about that, and the talkback comments (at least the few dozen that I read) provide no evidence along those lines, either. The Register says [theregister.co.uk] that Richard Smith [computerbytesman.com] says that they take money from Microsoft, though they present no evidence along those lines. Smith's a cool guy and all, and he's got a good track record, but I'm going to need a little more than a second-hand non-credited reference to believe this.

    I did a little poking around [mediatransparency.org] and a little Googling [google.com], but was unable to come up with any evidence on my own.

    So, please, could somebody enlighten me?

    -Waldo Jaquith
  • Google search for al qaeda and microsoft [google.com]

    Google search for al qaeda and linux [google.com]

    Those search results speak for themselves on who helps terrorists.

  • by elfdump ( 558474 ) on Tuesday June 04, 2002 @10:25PM (#3642737)
    This group also claimed, during Congressional probes into tobacco company fraud, that cigarettes and tobacco products were not harmful to your health. From this memo [smokefreeforhealth.org] by a director of the World Health Organization:

    "In addition to creating front groups and contributing funds to groups that have a mission broad enough to carry some of the tobacco industry's goals, the tobacco companies also use publications by allegedly independent think tanks, such as the Virginia-based Alexis De Tocqueville Institution. This group's 1994 report "Science, Economics, and Environmental Policy: A Critical Examination" criticizes the US Environmental Protection Agency's risk assessment methods in 4 areas: environmental tobacco smoke, radon, pesticides, and hazardous cleanup. It dismisses in its first chapter the agency's risk assessment of environmental tobacco smoke, using arguments similar to the tobacco industry's "junk science" arguments described by Ong and Glantz. "

    It seems Microsoft is making some strange bedfellows.

    Sources:
    http://www.smokefreeforhealth.org/studies/YachBial ous.htm [smokefreeforhealth.org]

    ZDNet Post [com.com]
  • Think critically for yourself. Don't trust think tanks, because "they must be smart" to work at a think tank. The only thing you're gauranteed to get from a think tank is too much thinking and clouded talk about obvious things. Think about what kind of person works at a think tank and why they are there.

    Anyone who has a life wouldn't waste their time in a think tank. Anyone worth their salt with the brains and skills will be at a research facility building stuff, not needlessly thinking about what they might like to consider inventing, if they weren't so busy thinking.

    The break throughs in the last two centuries WERE NOT made by people in "think tanks". They were created by "men of action" as Count Rugan would say from the Princess Bride. Look at men like benjamin franklin, edison, and the WOZ. Think tanks are for lazy people who would rather leach off society than get their hands dirty.

    The only thing the article reveals is how little news is news today from Zdnet.

  • that thinkthank is very pro-republican. very, very pro republican. Read more into the site, you'll see it, all the pro defense and pro bush comments. Or maybe i have selective sight(Not being sarcastic, i may actually only see what i want to)
  • by tweakt ( 325224 ) on Tuesday June 04, 2002 @10:28PM (#3642751) Homepage
    "The white paper, Opening the Open Source Debate, from the Alexis de
    Tocqueville Institution (ADTI) will suggest that open source opens the
    gates to hackers and terrorists."

    My $0.02:

    ... First of all, there ARE NO GATES! All software contains bugs,
    sometimes exploitable. .. closed source is NOT a "Gate" that blocks
    hacking... yes, exactly: nimda, codeRed, klez, iloveyou, and just about
    every other "virus" reported in the last two years... blah blah blah...
    ...shitty analogy...

    See: Publications and Accomplishments
    http://www.adti.net/pubsaccomps.h tml

    They don't exactly seem to be experts in any field of computers,
    networks, or security that I can tell. They did some reports for more
    traditional defense related topics several years ago, but thats it. They
    are however, very good at reporting on controversial issues, mainly
    politcal in nature. Hmmm..

    Here's a question. Of the total number of security problems reported
    regarding closed vs. open source products, what percentage were
    pre-emptive fixes reported by whitehats, v.s. those exploited and thus
    forced to be officially reported?

    My point is... a bug is a bug, but it's a hell of a lot better if it's
    patched before it's ever exploited. So it's totally wrong to look purely
    at # of reported security problems in product XYZ. I would expect an
    open source product to have a significantly higher # of reported
    problems. That's a good thing IMO, since that means there's less of them
    lurking.

    The bottom line: Everything has bugs. More eyes, less bugs. More secure.
    Simple. Now would someone try and explain that to these anti-open-source
    nitwits?

    Oh, and may I point out: (already reported)
    http://www.washingtonpost.com/wp-dyn/ar ticles/A600 50-2002May22.html
    http://www.nsa.gov/selinux/

    It seems like our .gov likes it just fine ;-)

    -Mark Renouf
  • Hey, can anyone provide any proof besides some guy's say-so that AdTI takes money from Microsoft?

    I'm looking for hard evidence here, not just "it stands to reason", and "of course they do - they support Microsoft".
  • Well, lets say we believe in them, so the day they publish their study we turn off all computers running any kind of open source software :)
  • Open Source Security (Score:2, Interesting)

    by hackus ( 159037 )
    Complete Bonk.

    Open Source is more secure as the problems are fixed faster than closed source, proprietary systems.

    All software, closed and open have vulnerabilities.

    However, you can't PROACTIVELY peer review and fix closed proprietary software continuously, unlike open source software.

    Since you cannot proactively secure closed software, who in God's name would believe such a completely ludicrous report?

    God help us ALL if anyone takes those sorts of arguments and so called "studies" seriously.

    -Hack

  • Suppose they're right, and OpenSource is easier to hack. Doesn't fixing the bugs count? Would you rather wait for MS to admit the bug, fix the bug, release the fix, etc. or let all the open source crowd fix it in an hour?

    (i submitted this story monday morning, and it was rejected....oh well ;-)
  • by Random Feature ( 84958 ) on Tuesday June 04, 2002 @11:06PM (#3642945) Homepage
    I mean, come on!

    This is like being surprised that the Tolly Group [tollygroup.com] gave a good report to a product.

    When you pay for a review or analysis, you get exactly what you want. This is no different than the Mindcraft [linuxtoday.com] "study" that was biased.

    When a reputable group/publication comes out with an unbiased study that says these same things then you should get upset. Until then, it's all smoke and mirrors, FUD and MUD.

    Nothing to see here.

  • by Veteran ( 203989 ) on Tuesday June 04, 2002 @11:13PM (#3642970)
    Suppose we ask ZDnet some inconvenient questions, and see how much they start squirming:

    • Who is ZDnet's source on the story?
    • Did the think tank leak the results of their own study?
    • Did the information for this story come from Microsoft - who already knew the results before they were published because they bought and paid for them?
    • What exactly qualifies the people at the think tank to have an opinion on computer security?
    • Does the think tank have a history of expertise in the field of computer security?
    • Are any of the people involved in the report even computer programmers?


    This story just might wind up biting Microsoft in the ass; if the rest of the sharks in the press start smelling blood in the water.

  • "What is the most important for democracy is not that great fortunes should not exist, but that great fortunes should not remain in the same hands."

    - Alexis de Tocqueville

  • by ozric2k1 ( 582395 ) on Tuesday June 04, 2002 @11:27PM (#3643040)
    These are the same people who say smoking is good for you.


    "In addition to creating front groups and contributing funds to groups that have a mission broad enough to carry some of the tobacco industry's goals, THE TOBACCO COMPANIES ALSO USE PUBLICATIONS BY ALLEGEDLY INDEPENDENT THINK TANKS, SUCH AS THE VIRGINIA-BASED ALEXIS DE TOCQUEVILLE INSTITUTION. This group's 1994 report "Science, Economics, and Environmental Policy: A Critical Examination"35 criticizes the US Environmental Protection Agency's risk assessment methods in 4 areas: environmental tobacco smoke, radon, pesticides, and hazardous cleanup. It dismisses in its first chapter the agency's risk assessment of environmental tobacco smoke, using arguments similar to the tobacco industry's "junk science" arguments described by Ong and Glantz. "


    The three biggest lies redux,
    smoking is good for you, windoze is secure, the check is in the mail
  • Here's my take (Score:3, Interesting)

    by Henry V .009 ( 518000 ) on Tuesday June 04, 2002 @11:33PM (#3643070) Journal
    This is more than just script kiddies. Open source is good against script kiddies. That may simply be its low radar profile more than anything, but it could be the open source community finding bugs as well.

    But when people are interested in more than general vandalism, it becomes a different story. If I need to hack something that is open source, I check out the source, and look for buffer overruns and what not. It's hard for the very popular stuff, but for most programs, a bug is easy to find. And even for the more popular stuff, there are always holes to be found if you expend enough effort looking.

    For very popular closed source programs, the first thing to try is the online community. Someone somewhere has something. For companies like Microsoft with poor security reputations, and lots of people trying to hack them, there is actually a lot.

    But if you have to figure out a bug yourself, it's time for buffer overflow testing, reverse engineering with a hex editor, and what not.

    So which is harder?

    I'd say hacking into popular open source programs is the hardest. However, hacking into unpopular open source programs is the easiest. There is a range of security considerations, and it is always possible for evil people to find your vulnerabilities if they have enough resources.

  • Makes me sick (Score:5, Interesting)

    by Sean Clifford ( 322444 ) on Wednesday June 05, 2002 @12:22AM (#3643249) Journal
    This just makes me sick. I've read Alexis de Toqueville's Democracy in America [virginia.edu] several times, it's one of my favorite books. He considered unchecked capitalism a serious threat to participatory democracy. How vile for an organization to sully his name with drivel like this report.
  • by tshak ( 173364 ) on Wednesday June 05, 2002 @02:12AM (#3643578) Homepage
    I'm no MCSD, MCSE, or MCDBA (yet!), but I'm very involved in the MS developer community - in particular the .NET community. I go to the Redmond campus at least once a month and know quite a few people that work there. What's interesting is most "MS Tech Geeks" aren't generally anti-OSS and many actually have experience with Linux and other OS's. Sure, there's also a large group that's feeds off of MS dogma but the rest aren't really all that bad. There really are a lot of smart people that either work for MS or primarily work with MS technology that get quite frustrated atMS's marketing FUD. We're all educated (in theory) enough to make our own decisions based on the MERIT OF THE TECHNOLOGY. We don't need restrictive licenses, stupid marketing FUD, or silly gimicks like 100 page color brochures sent to our houses every day. Marketing and PR types can make the image of a company, however, they generally break the image of a company in the eyes of techies which employ simple FUD avoidance algorithms.

    I have certain critiques about OSS, moreso GPL's based licenses and less so BSD based licenses, but I'm not about to agree to this "OSS will increase terrorism" BS. Come on MS (et all), STOP TREATING US LIKE IDIOTS!
  • by Fesh ( 112953 ) on Wednesday June 05, 2002 @10:04AM (#3644559) Homepage Journal
    'Scuse me... Please put down the bowl while I'm talking, 'K?

    Do you have any idea how many military aircraft the U.S. loses on an average month? Two, maybe three. The only reason you perceive a lack of reliability on the part of the V-22 is that the national news may pick up on it more readily. Now granted, it's still got some bugs to work out, but considering the fact that proven designs have a rather high mishap rate compared to airliners, I'd say it's not much worse. Hell, the entire fleet of any given type ends up being grounded once or twice a year due to some gizmo or another being out of whack and causing an accident. A while back the entire fleet of C-141s was taken offline because the wings were developing large cracks.

    I couldn't let that one pass. If you're going to blast someone else for spinning the facts, you'd better make damned sure you're not abusing language yourself if you want me to respect your argument.
  • Microsoft advocasy (Score:3, Informative)

    by magi ( 91730 ) on Wednesday June 05, 2002 @10:18AM (#3644647) Homepage Journal
    You might want to take a look at their technology pages [adti.net], especially the Anti-trust & Internet Regulation Program [adti.net] and Intellectual Property Program [adti.net] sections.

    Many of the headlines are quite revealing about their intentions. Many are about the importance of MCSE:
    • Inc. 500 Shops Value Certification Most (MCSE vs college degrees)
    • Familiarity Breeds Respect
      "Recruiters tend to hire MCSEs just as often, if not more so, than those with a four-year college degree."
    • Technology Trends: Program Provides Information For New Age

      "Eighty-seven percent of human resource managers surveyed believed that MCSE's are equally or more successful than college students."
    • The Impact of Technology Training Programs Case Study: MCSE Training
    And then there are numerous anti-trust criticism articles:
    • Break up Microsoft? Rest of world pooh-poohs the notion
    • Press Release: Japan, Switzerland, and the EU do NOT insist on breakup of Microsoft, unlike the U.S.
    • Fine Microsoft, use funds for new competition (anti-breakup)
    • Fine Microsoft and use funds to catalize new competition (anti-breakup)
    • Break-up Remedy for Microsoft Not Supported by Key Democrats
    • Technology and The Congressional Black Caucus (Microsoft anti-trust)
    • Breaking Windows Over Antitrust Dogma
    • Pause the Microsoft Case and Examine U.S. Anti-trust Policy
    • Punishing Winners Hurts the Marketplace
    • Suit Threatens U.S. Computer Dominance
    • Taking a Byte Out of Microsoft

    Etc. Also lots of articles about the precious intellectual property rights, although not specifically in relation to Microsloth.

He who has but four and spends five has no need for a wallet.

Working...