Software Choice Group Tells DOD Not to Use Open Source 415
ducomputergeek writes "A group calling themselves the Initiative for Software Choice, backed by Microsoft and others, is recommending that the DOD drop plans for further adoption of Open Source software. This comes after MITRE, a defense contractor, published a report stating that not only does the Department of Defense use opensource, but is recommend on using it more. The article is at News.com and you can read it here."
Comptia (Score:2, Interesting)
Mark
Choice (Score:5, Interesting)
This would be the Henry Ford definition of choice then? "You can choose any supplier you like, so long as it's us."
Interesting choice of words (Score:5, Interesting)
"Not inherently less secure" is a strange way of advocating your position. Double-negatives like this usually betray a defensive mind set. Why didn't they have the conviction to say "we're *more* secure"?
heh (Score:1, Interesting)
That's kind of a contradiction in terms isn't it? Initiative for Software Choice recommending that we drop open source software.
Microsoft screw ups (Score:5, Interesting)
A quick search of slashdot digs up this:
navy unhappy with microsoft [slashdot.org]
Even the average man in the street thinks of windows as less secure. I can't believe something like this would really fool people...
Re:Microsoft at al? (Score:5, Interesting)
Indeed it does. The beauty of this is that every time a piece of FUD like this arrives, it adds mindshare of OpenSource to the equation.
It's like the old Monty Python sketch when in the cockpit of a plane John Cleese takes the microphone and informs the passenger that "There is no cause for alarm". When asked why he did that claiming the passengers now have to ponder "What is there no cause for alarm For!
This junk by MS almost ensures an invite for OpenSource to the party.
What about a GPL binary? (Score:1, Interesting)
I want to blow the whistle on these people really badly, just for matter of principle, and also because of a bit of revenge towards an arrogant vendor who doesn't understand the "customer is always right" principle and who has lied to us on numerous occasions and repeatedly refuses to follow our instructions and many of the terms of the contract. I think I'm going to wait until the project is complete and the system is in full production use before suddenly discovering this GPL license breach and blowing the whistle to the FSF. I think it will hurt the evil vendor the most then. Anyone have any further comments or advice here?
Re:Microsoft at al? (Score:5, Interesting)
Sarcasm Noted, but... (Score:5, Interesting)
The first thing it told me was, "You can introduce hostile code into your network by opening an E-Mail" and therefore intructs you not to open E-Mail from anyone you don't know. They go on to say that you can also compromise the company's security by reading your Yahoo or Hotmail mail at work. Later in the course it instructs you to keep your system up to date by installing the latest Microsoft security patches, which is ironic because a co-worker just trashed his system by installing a Microsoft security patch and is looking at 3 days downtime while the technicians reinstall the OS (Technicians have an 8 hour response time and due to the holiday they were pretty close to that time. They took his computer away but they won't be able to deliver it on Friday because no one's going to be there.)
Great. So we know we have a problem but instead of taking steps to solve the underlying problem, we're just going to tell everyone in the company to modify their behavior because if they don't, the company's network and billions of dollars of assets will be compromised. Does anyone else see a problem with this?
Frankly, with the company's assets at stake, it would be a damn good idea to roll your own client code just so you can audit the source code. I did some auditing with Data General for a while and they had it right. Every auditing test was extremely well documented and available on the network, along with the automated code generated to test each function (In the C Library in this case.) But if rolling your own clients makes sense, you could save yourself a lot of time and money by grabbing open source projects for the applicaitons you need and feeding those to your audit and programming teams. You save some money and the open source community gets free high quality auditing of their source code and any additional features you decide to add to it. Everyone wins.
not if but when (Score:3, Interesting)
With that said, I would bet that if push came to shove, intel would fall on the side of millions of cpu chips to desktops (trusted and see-cure microsoft yada yada) instead of thousands to servers (terrible open source linux that any al queda teenager can hack open in 2 minutes yada yada). Public perception and marketing and outright lying and word twisting and propogandaizing will prevail in the short term. Not long term but the short term. The pushing and shoving being mandated "by law" with snoopervision hard coded into the chip itself, probably to "fight software and music and movie piracy and to help stop terrorism and them e-vile hackerz
Really, just guessing though. Microsoft's alleged "punishment" was too wussy, I am guessing there's a sub tosa deal in place now between the government and microsoft, there will be a slew of trojans hidden in their software and only a matter of time before they are inside the chips. The government has stated quite clearly that their goal is TOTAL surveillance, I mean, how many more clues are needed now? Intel will play ball with this if they are forced to choose. So will AMD probably as well, and it never has to be made public, at least past the plausable deniability level.
Nothing stops MS from offering an OSS solution (Score:5, Interesting)
Open source software, the way it is marketed is perfect for DoD work simply because the software itself is tweakable. The IT people in govement departmenrs have a large degree of control over how software is used should they choose open source; they are not as reliant on MS's vision of how their software is used, nor should they be.
Should open source be required? I used to say yes, but then I realize, that is not choice. So of course no, but then neither should closed source be. It all comes down to what it will do for you. On one hand you get a product that MS does not warrent for any particular purpose, nor allow themselves to be held liable for any such use, versus a software product that does the same thing but at least allows the purchaser to to alter the code to suit their own preference, but retaining the decision as to whether to distribute it, under some liberal conditions.
Re:Intel a two faced demon? (Score:4, Interesting)
Re:I work for the DoD... (Score:3, Interesting)
<quote> "Because of politics, some things are being forced on us that without political pressure we might not do, like Windows NT," Redman said. "If it were up to me I probably would not have used Windows NT in this particular application. If we used Unix, we would have a system that has less of a tendency to go down." </quote>
Moving to Linux (Score:1, Interesting)
GPL claims are totally bogus. (Score:2, Interesting)
1) If the Government wants to modify GPL software for internal usage they are free to do so. As long as they do not distribute outside of the government they are clearly within the GPL.
2) The Government is GPL proof. If the Government wants to declare that they are void from the provisions of the GPL they have any number of options for avoiding the provisions.
a) claim national security
b) claim national provenince and take ownership
c) change copyright law
The real claims of the movement are that it will cut into proprietary software houses right to earn a buck. This are also useless claims based on continued extortion of government dollars. These companies wish to continue taking excessive amounts of money from the government.
The government should own the software it uses. Would you be happy if all the tanks owned by the government were actually owned by Laidlaw and were supplied to the government on contract? A contract that could be cancelled at any time. That software controlling the battleship-sub-airplane-tank is owned by Microsoft. Microsoft reserves the right to disable it at any time should the government not keep it happy. (See why other governments are moving away from Microsoft)
Also if the government has the code all contractors are on an equal starting point. This presents the most competition into the contracting and supply route and will get the government the best price.
The only way to do this is to make it that the government will have the rights to the source code for all software used in any government project. The GPL achieves this. All contracts the govenment puts out for supply and services of computing contracts should require that the source code be supplied with all rights to modify to the government.
Re:Microsoft at al? (Score:5, Interesting)
Bruce
Open Interfaces (Score:5, Interesting)
As we have seen with Microsoft's efforts to complicate other formats, the best way of wnsuring this is to demand source code. If Microsoft doesn't like it, well there is always OSS.
Palladium (Score:3, Interesting)
For example every security class A operating system for example is commercial (and presumably closed source). No open source has even gone for a high security certification though the NSA was going to build a high security version of Linux before they got stopped (nowhere near class A though). The issue though is that while there are excellent closed source secure systems Microsoft doesn't make any of them; vendors like IBM (with Z-OS) do.
However Palladium will move MSFT towards a capability system and these are substantially more secure (in practice) than systems based on file permissions (like Unixes). I wouldn't be so sure this is a permanent win for Linux rather than a short term victory based on:
a) Microsoft's poor execution on security
b) Services running with excessively high permissions
c) Security not being a focus of the company until recently.
Microsoft will fight it, but not hard. (Score:1, Interesting)
I don't expect them to fight this battle as hard as others though. Why? Open source would be fine with them - if it was required to adhere to the BSD-style of open source.
Frankly, I'm in the middleground. I'll fight to the bitter end to prevent the GPL from breaching the government in most cases. Why? The GPL does not stand for freedom.
I am a taxpayer. Most programmers are. So are corporations. In the case of specially-developed software paid for with my tax money, I expect the license to be a BSD variant. I want free and unlimited use. No restrictions, other than proper credit, which is arguably an ethically right thing to do.
I wouldn't care if Microsoft or Sun or Apple could then take that code and use it for profit - I'd be able to, too. I'm a tax payer, so are they. Anyone who pays taxes should have unlimited use of the code.
And, for the love of Bob, I'd pray that if the DoD considers any sort of open source licensing, they have legal attack dogs go over the license with ten fine toothed combs. The last thing we need is some jackass managing to snag targetting programs for ICBM's.
open source and Microsoft advocacy are different (Score:3, Interesting)
For a simple analogy, ask yourself: all things being equal, who do you trust more: the used car salesman making a pitch (Microsoft) or the common views of a dozen of his ex-customers (other open source users)?
Also, this isn't like the Coke-vs.-Pepsi debate--two more-or-less equivalent products, where one can debate endlessly which one is better. Open source and closed source software are profoundly different development models. I think open source really is better for most users, in a clearcut economic sense. I have concluded that, in contrast to many economic arguments for open source, Microsoft's arguments are mostly logically and economically unsound. You may reach different conclusions, but the point is that this is something one can think about and determine the truth of logically. Therefore, it is not a question of advocacy and bias but putting forward logical arguments and empirical proof.
Re:NEWS FLASH (Score:3, Interesting)
You could argue that if the source is open, a nasty cracker (133t, is that it?) might stumble upon a security hole (3xp101t?) and take advantage of it. But it wouldn't take long before the rest of the 'net (or whatever the fora) knew it as well, and some smart people at FAA would at that time probably pick up the information, and have patches from the community waiting for in-house auditing. It's a better scenario than if a cracker found a security hole (3XpL0itz?) in a closed source, and nobody would know but the cracker. Your airplane goes down just like the servers..
I dunno if this is my honest opinion. I'm just asking, trying to establish a position. If I'm wrong, enlighten me!
Re:Microsoft at al? (Score:3, Interesting)
I actually think their argument about OSS code not necessarily being more secure is valid, an OSS project can have security bugs introduced as features, and often they get found by external black box attacks rather than source code walk throughs. But OSS projects can roll out fixes faster, which meant if had a widespread and secure update mechanism we could get those fixes out the door faster too. Compare that to win2K which is still available in the shops in 'Code Red Ready' form.
Re:Interesting choice of words (Score:1, Interesting)
Has Linux been ported to HP processors/motherboards?
Re:Intel a two faced demon? (Score:3, Interesting)
Re:It may become illegal . . . (Score:2, Interesting)
RedHat, SuSe, etc are all commercial entities.