Software Choice Group Tells DOD Not to Use Open Source 415
ducomputergeek writes "A group calling themselves the Initiative for Software Choice, backed by Microsoft and others, is recommending that the DOD drop plans for further adoption of Open Source software. This comes after MITRE, a defense contractor, published a report stating that not only does the Department of Defense use opensource, but is recommend on using it more. The article is at News.com and you can read it here."
Microsoft at al? (Score:4, Insightful)
Re:Microsoft at al? (Score:2)
Re:Microsoft at al? (Score:5, Interesting)
Indeed it does. The beauty of this is that every time a piece of FUD like this arrives, it adds mindshare of OpenSource to the equation.
It's like the old Monty Python sketch when in the cockpit of a plane John Cleese takes the microphone and informs the passenger that "There is no cause for alarm". When asked why he did that claiming the passengers now have to ponder "What is there no cause for alarm For!
This junk by MS almost ensures an invite for OpenSource to the party.
Re:Microsoft at al? (Score:5, Interesting)
win EVERY battle? (Score:2, Insightful)
Agree totally. Interestingly you do not really need to win any battles, only make sure you will be around for the next skirmish.
MS lost every battle aganist DOJ but still won the war, the Vietcong hardly fought any battles let alone won one.
OpenSource will not go away, it can't as long as individual programmers are "scratching itches".
Re:Microsoft at al? (Score:5, Insightful)
I do not understand why you think that OpenSource is exempted from capitalist market forces. It is precisely the market forces that the OpenSource movement wants put into play and that MS et al is afraid of.
Re:Microsoft at al? (Score:5, Insightful)
Re:Microsoft at al? (Score:3, Insightful)
Interesting way to phrase this. Communist as defined by Soviet Union and China was a top down archetecture where one (or a small group of ppl) control what goes on. Also, they are the ones who have high profits. But anybody who supports them, will get some decent scrapes. It has lead to the down fall of all that support it.
In contrast, the democratic version is lead by votes where by one person is in power, but on a true sharing approach. Normally, there is plenty of opposition against that pperson with all sorts of ppl who have different ideas. They will routinely fire up their own stuff based on what the others were doing. In a normal democracy/capitalist society, you will find that competition encourages the best of the best to succeed. This would create a system that improves in various places through out the system. Sound familiar?
So I have been thinking long and hard about who would really be pushing MS systems which have high costs in terms of ppl and security. I have not doubt that MS would push it (high profits). I also have no doubts that the ppl who are feeding on the scrapes would also push it. But finally who might push it so that weak security is in place through out our government? Crackers and SKs do not have the money to buy politicians and/or be part of groups like comptia. It would take somebody who has billions, has shown enough intelligence to attack us before. Who indeed?
So commrade, are you with MS or Jihad?
Re:Microsoft at al? (Score:4, Insightful)
Bruce
open source and Microsoft advocacy are different (Score:3, Interesting)
For a simple analogy, ask yourself: all things being equal, who do you trust more: the used car salesman making a pitch (Microsoft) or the common views of a dozen of his ex-customers (other open source users)?
Also, this isn't like the Coke-vs.-Pepsi debate--two more-or-less equivalent products, where one can debate endlessly which one is better. Open source and closed source software are profoundly different development models. I think open source really is better for most users, in a clearcut economic sense. I have concluded that, in contrast to many economic arguments for open source, Microsoft's arguments are mostly logically and economically unsound. You may reach different conclusions, but the point is that this is something one can think about and determine the truth of logically. Therefore, it is not a question of advocacy and bias but putting forward logical arguments and empirical proof.
Re:Microsoft at al? (Score:4, Insightful)
(a) I don't see what their name has to do with this
(b) The name is pretty par for the choice for a lobbying group
(c) In this case, the name is actually deserved, as what they're fighting for is not to ban Open Source software from government contracts, but only to ensure that the US government not *require* Open Source, which would eliminate as an option most current closed software.
Re:Microsoft at al? (Score:5, Interesting)
Bruce
Re:Microsoft at al? (Score:3, Interesting)
I actually think their argument about OSS code not necessarily being more secure is valid, an OSS project can have security bugs introduced as features, and often they get found by external black box attacks rather than source code walk throughs. But OSS projects can roll out fixes faster, which meant if had a widespread and secure update mechanism we could get those fixes out the door faster too. Compare that to win2K which is still available in the shops in 'Code Red Ready' form.
Re:Microsoft at al? (Score:3, Insightful)
Well, there are currently zero OSS-only policies in the US among governmental organizations, but numerous MS-only policies at the operating system and office-suite level.
And now this "Initiative for Software Choice" starts fighting against policies that don't even exist (yet).
If they are serious about software choice, why don't they attack the numerous MS-only policies out there?
Re:Microsoft at al? (Score:5, Insightful)
See SincereChoice.org [sincerechoice.org] for a platform that really would give you choice.
Bruce
In other news today (Score:5, Funny)
Choices (Score:3, Insightful)
Re:Choices (Score:3, Funny)
Hey, be fair now. The Institute for Software Choice offers a much broader selection than just three versions of Windows (two of which are out of fashion [microsoft.com]):
- XP Home
- XP Pro
- XP Embedded
- XP Media Center
- XP Tablet PC
- .Net Server
- PocketPC
See? Isn't that enough choice for anybody?Not surprising... but the DOD is heading twds OSS (Score:5, Insightful)
Comptia (Score:2, Interesting)
Mark
Re:Comptia (Score:2)
Choice (Score:5, Interesting)
This would be the Henry Ford definition of choice then? "You can choose any supplier you like, so long as it's us."
Is trhis really news? (Score:5, Funny)
In other news, a group called "The Darkened Lung Group" (backed by R.J. Reynolds and Phillip Morris) are saying that smoking isn't that bad for you and it's not really addictive.
Re:Is trhis really news? (Score:5, Funny)
In this example it should be called the "Group for Health Alternatives".
Re: (Score:2)
This makes logical sense (Score:2)
Improve software choice by limiting the choice of options.
The same article at the register (Score:2, Informative)
Re:The same article at the register (Score:2)
I will leave the various conclusions to the slashdot readership... this out to be interesting
Interesting choice of words (Score:5, Interesting)
"Not inherently less secure" is a strange way of advocating your position. Double-negatives like this usually betray a defensive mind set. Why didn't they have the conviction to say "we're *more* secure"?
Re:Interesting choice of words (Score:2)
Re:Interesting choice of words (Score:2)
Re:Interesting choice of words (Score:5, Informative)
Not only is proprietary softare inherently insecure, it's inherently more expensive, inherently doesn't work as well, and inherently causes the government to be screwed if the company goes out of business or decides to stop supporting the software. In fact, the government got screwed by using HP-UX when HP decided not to make new versions of the OS backwards-compatible with the older HP processors being used in most of our submarines...now, wisely, half of the computers in the NEXT generation of subs are running Linux (the rest are running Solaris...)
Re:Interesting choice of words (Score:4, Informative)
Actually, the problem was that HP-UX ran only on HP processors. A brand new Navy nuclear submarine has a lifespan of 35-40 years, while a typical computer operating system becomes outdated in 5-7 years. The problem was that after about a year ago, HP stopped supporting the latest version of HP-UX that ran on those processors, stopped making patches for it, stopped adding support for new hardware, etc., etc. Thus, as the Navy's needs changed, their operating system couldn't change to meet the new needs. The options were to either upgrade all the hardware to all new HP processors and OSes (and probably get screwed again in the future), or move to something that was more likely to be supported, upgradeable, and backwards-compatible in the future. Since Linux is a relative newcomer, the choice was made at the time to use Sun Solaris, though the big push now is towards Linux.
Very precise choice of words (Score:2)
My guess would be that he wasn't saying they were more secure, just that they weren't necessarily less secure. The second later argument is true though misleading. Closed source can be at least as secure as open source even though it tends not to be in practice. Claiming that closed source in general is more secure however would be a very easy argument to shoot down because the results rather strongly show the opposite.
Anyway I don't read this as a double negative, just a very carefully chosen argument. I do think you are right though in that it probably reflects a defensive mindset.
Palladium (Score:3, Interesting)
For example every security class A operating system for example is commercial (and presumably closed source). No open source has even gone for a high security certification though the NSA was going to build a high security version of Linux before they got stopped (nowhere near class A though). The issue though is that while there are excellent closed source secure systems Microsoft doesn't make any of them; vendors like IBM (with Z-OS) do.
However Palladium will move MSFT towards a capability system and these are substantially more secure (in practice) than systems based on file permissions (like Unixes). I wouldn't be so sure this is a permanent win for Linux rather than a short term victory based on:
a) Microsoft's poor execution on security
b) Services running with excessively high permissions
c) Security not being a focus of the company until recently.
GPL FUD again? (Score:5, Insightful)
Fact: You have to open up all your code if you use GPL code in your software and then distribute it!
I don't think the DoD distributes very much of the software it writes, so why should it care if it uses GPL code? It shouldn't care! But let the FUD fly!
Re:GPL FUD again? (Score:2, Informative)
Re:GPL FUD again? (Score:3, Insightful)
Which means Army can give software to the Navy, and they'd only have to give the code to the Navy, not to the general public.
Re:GPL FUD again? (Score:5, Informative)
It's important to make clear the difference between:
1) using OSS code in your software
2) using OSS code to write your software, or to deploy your software, or to distribute your software, or to hang your software out to dry on your clothesline, etc...
Only #1 requires you to make your software open source.
(btw, I work as a contractor for the DOD. we do #2 constantly, and I can promise you it's the much more common activity)
Re:GPL FUD again? (Score:3, Informative)
That depends on what you mean by distribute. I would tend to think that distributing inside your company is still distributing, but it looks like I'm wrong.
(taken from gnu.org)
Does the GPL require that source code of modified versions be posted to the public?
The GPL does not require you to release your modified version. You are free to make modifications and use them privately, without ever releasing them. This applies to organizations (including companies), too; an organization can make a modified version and use it internally without ever releasing it outside the organization.
But if you release the modified version to the public in some way, the GPL requires you to make the modified source code available to the users, under the GPL.
Thus, the GPL gives permission to release the modified program in certain ways, and not in other ways; but the decision of whether to release it is up to you.
Re:GPL FUD again? (Score:2)
No it wouldn't. The GPL itself already explains what happens here. If any other contract conflicts with the GPL, you may not distribute the software at all.
Re:GPL FUD again? (Score:4, Informative)
The Free Software Foundation and Richard Stallman have both made this very, very clear.
Software kept within an organization is not considered to have been distributed. There is a very precise definitions of what distributed means, which the GPL, the FSF, etc. have made very clear. You can use as much GPLed code as you like with your in-house software, and as long as that software stays in-house it is not being distributed, and you are under no obligation to provide a single line of sourcecode to anyone. This has been made explicity clear by RMS and others.
Now, if you distribute the software outside of your organization, then you are obligated to provide the source code to that other organization.
So yes, the Army giving the Navy software would have to give them source code (and if the Navy wanted to give it to Joe Blow, the Army couldn't stop them). But having the source code distributed from Army Headquarters in the Pentagon to GI Jane in the field does not constitute distribution outside of the organization, and there is no obligation to either give Jane the code, nor to allow her to distribute it outside of the organization (in this case, the US military).
Re:GPL FUD again? (Score:3, Insightful)
Re:What about a GPL binary? (Score:3, Funny)
On Windows box I honestly don't know. If you could FTP (in binary mode!) to a *NIX box, you could just "md5 filename"
Sorry, my Windows skills are limited to playing games.
Personally, I'd resubmit the story; they repeat stories that ran just a day before, your odds of getting approved are pretty good, eh?
"Defending" my own computer (Score:2, Informative)
Boo on Moft... (Score:3, Informative)
Anyways, a funny highlight, one of their members is: "Open Solutions" =)
Summary... (Score:2)
In related new DoD announce "War is good".
Who makes the choice? (Score:3, Insightful)
As a community of Open Source users, there is often a "ram-it-down-your-throat" style of preaching your brand of OS religion. Sure, a free OS is great, but it's not for everyone. Ultimately, a group of knowledgable professionals within the DoD will make a choice. You can agree or disagree with that choice, but they are entitled to it. Besides, their criteria are different from yours, which are different from France's and Germany's.
Having said that, Microsoft, along with Cisco & Intel, have taken what I feel is the low road. It is one thing to advocate your product, but what they are essentially doing here is mudslinging. While this seems to be a fine tradition in American politics, I'm not sure that it's an ethical business practice, even for Microsoft (OK, I may have said that tongue-in-cheek).
Karma: Basking in the warm afterglow of post-coital whoring.
Intel a two faced demon? (Score:5, Insightful)
I can understand fully that it is in Intels best interest to have support from both camps but this is really something they should watch out for. It may well be that more OSS developers and users will buy the products of their competitors if these kind of things become normal practice for them.
Re:Intel a two faced demon? (Score:2)
It's a pitty to see Intel's name as one of the companies opposing OSS. Strangely they reach out at one side and then at the other side they slap you in the face. It is not that Intel should choose sides.
It's called hedging your bets. Intel really has no interest in what operating system you buy, as long as it runs on their hardware. Since both Microsoft and Linux run on Intel hardware (a fact which is not going to change), why shouldn't Intel support both sides? As long as one of them wins, Intel wins.
Re:Intel a two faced demon? (Score:2)
not if but when (Score:3, Interesting)
With that said, I would bet that if push came to shove, intel would fall on the side of millions of cpu chips to desktops (trusted and see-cure microsoft yada yada) instead of thousands to servers (terrible open source linux that any al queda teenager can hack open in 2 minutes yada yada). Public perception and marketing and outright lying and word twisting and propogandaizing will prevail in the short term. Not long term but the short term. The pushing and shoving being mandated "by law" with snoopervision hard coded into the chip itself, probably to "fight software and music and movie piracy and to help stop terrorism and them e-vile hackerz
Really, just guessing though. Microsoft's alleged "punishment" was too wussy, I am guessing there's a sub tosa deal in place now between the government and microsoft, there will be a slew of trojans hidden in their software and only a matter of time before they are inside the chips. The government has stated quite clearly that their goal is TOTAL surveillance, I mean, how many more clues are needed now? Intel will play ball with this if they are forced to choose. So will AMD probably as well, and it never has to be made public, at least past the plausable deniability level.
Re:Intel a two faced demon? (Score:4, Interesting)
Re:Intel a two faced demon? (Score:3, Insightful)
To get Linux running on a new processor, all that's needed is a new gcc, maybe a few modifications to the kernel, and within a week or two you have an operating system for your new processor. It may take longer, but with the full source code available you have a good chance.
To get a Microsoft OS running on a new processor would be much more difficult, nearly impossible. You can't do a direct source port, as Microsoft guards this like the Crown Jewels. You have emulation difficulty as well because Microsoft OSes have "undocumented" API calls. And of course emulation runs like a snail on Mogadon.
So it's no surprise to me that Intel would back Microsoft. If Linux wins, Intel loses a cosy monopoly as well.
Re:Intel a two faced demon? (Score:3, Interesting)
Thanksgiving... (Score:5, Funny)
The more they do this, the more exposure Open Source gains, and the more people are going to stop buying Microsoft products.
Seriously, though, imagine a PHB in those difficult times: you have to do more with less $$$. And right there and then, comes this PR FUD from Microsoft, saying: "Stop using this cheap Open Source! It's BAD for your health and for the environment!!".
PHB brain, of course, only registers the word cheap. He immediately goes to his techies and says: "Linux is cheap!! Start using it NOW to save money!".
*Collective sighs of relief from said techies*
Let us all give thanks for Microsoft Marketing, and for the FUD for which it stands. With upgrade paths and expensive licenses for all.
Amen.
(Yes, I am being sarcastic, people. Go back to your turkeys instead of pointing these flamethrowers at me now...)
Microsoft screw ups (Score:5, Interesting)
A quick search of slashdot digs up this:
navy unhappy with microsoft [slashdot.org]
Even the average man in the street thinks of windows as less secure. I can't believe something like this would really fool people...
Microsoft argues they are as good as open source (Score:2)
That emphasis is mine. Nothing in the article indicates that Microsoft said their products were better than open source. In this particular case... Microsoft is arguing that their software is as good as open source software.
I think its funny that Microsoft didn't say that their stuff is better. They can only argue that their stuff isn't worse.
Re:Microsoft argues they are as good as open sourc (Score:2)
> I think its funny that Microsoft didn't say that their stuff is better. They can only argue that their stuff isn't worse.
Yes, it is amusing to reflect on how far that goalpost has moved in the past five years.
On c.o.l.a. I've also seen "Linux is too hard to install" shift to "Windows is just as easy to install as Linux is".
Talking about OSS is what is important (Score:2)
The point is that the longer and more high profile the debate, the more people become aware of OSS and come to realise that it is not a flash in the pan. ``Gee, they are still talking about Linux, my M$/... salesman told me it would be forgotten by the Autumn. Hmmmm, maybe I ought to find out some more.''
To an extent, any publicity is good publicity.
The closed source vendors have a problem: they either shut up about Linux/OSS and have it gradually move into their territory; or they generate loud FUD and bring it to decision makers' attention.
Things will get really interesting when widespread adoption of OSS grows from operating systems, systems utilities and universal applications to business sector specific applications.
Too Late (Score:2)
Well gee... (Score:5, Insightful)
Oh and the GPL doesn't really stop the DoD at all, as you only have to release source code to those you provide with a binary. Unless DoD starts handing out binaries to others, they can keep every change to themselves (but I imagine they'd rather stay with the main branch than running their own solo run, but they are one of the few who could).
OSS is no magic cure against bugs though, and QA is important. In my experience bugs show up faster & get fixed faster in OSS, so in the short run you have more *known* bugs than commercial software, even if there aren't really any more bugs in it. In the long run though, if enough people use it and find bugs, it is more stable and bugfree.
Kjella
proprietary software can never be secure (Score:2)
OSS can't be used everywhere (Score:2, Insightful)
I was at a talk once where a guy from Lockheed was saying how they were using more and more commercial off-the-shelf systems to reduce costs. They were moving away from specialized systems custom developed for each plane, to a more general system that didn't need as much work.
He started out with an animation of someone punching bill gates, so that eased my fears. But he said that even though Linux would be great, they could not have a foreign national have control over their system. Sure, they could see exactly what they have, but any changes to the kernel would have to be checked out completely (expensive), so they would be right back at having a specialized system. Politics maybe, but they ended up with a proprietary OS.
I gotta say though, the redundancy systems they have on those things, amazing.
The lead-in is misleading. (Score:2, Insightful)
They do not recommend that "the DOD drop plans for further adoption of Open Source software". They are saying that all software, regardless of the developement model, should have equal consideration if it meets the criteria for a specific purpose.
"Public entities should procure the software that best meets their needs and should avoid any categorical preferences for open source software, commercial software, free software, or other software development models."
The article itself is also misleading.
"Proprietary software companies such as Microsoft have labeled open-source software as a serious threat and have begun to oppose its use by governments."
Whilst we know this to be true re: Microsoft, the Initiative for Software Choice (whom the article discusses) expresses no such opposition.
I work for the DoD... (Score:5, Informative)
Open Source, while not specifically targeted by the DoD, is the next logical step. Although the previous generation of nuclear submarines ran HP-UX, the next generation (due to be delivered starting 2006) will run about half Solaris, half Linux. So yes, open source is on the way in in the government. Slightly off-topic, but if you want a good example of why proprietary software is no good for mission-critical work, look up on Google the problems the USS Yorktown had with Windows NT about 5 years ago...
Re:I work for the DoD... (Score:3, Interesting)
<quote> "Because of politics, some things are being forced on us that without political pressure we might not do, like Windows NT," Redman said. "If it were up to me I probably would not have used Windows NT in this particular application. If we used Unix, we would have a system that has less of a tendency to go down." </quote>
Re:I work for the DoD... (Score:5, Informative)
It was very positive. I don't know if it was ever made public (I don't see why it wouldn't be) but I have a copy at home, and it made for pleasant reading. And here at work, Linux and open source is everywhere. When I was doing a demo of my project about a week ago, as I demoed it my boss was talking and he said "Oh yes, this is all done using only open source and free software" which got lots of approval from the customers and other project managers etc (in fact my brief was, do it with open source if possible). My boss uses windows but with cygwin and the Gimp. There are several Linux workstations in my small dept alone. They are big into open source here. This reflects into the next generation of technologies for the military
I think it must just be a government/civil service thing, but they seem to have a soft side for it. One thing I do think is dumb is that if the US DoD has made up its mind on open source that Microsoft amongst others should be telling them they are wrong, and denying choice. Uh, what? So people can no longer choose products based on what they think, in case it's "discrimination" or something? Hmmm.
In related news... (Score:2, Funny)
DrinkOrDie? (Score:4, Funny)
I thought the warez group Drink Or Die already used Open Source software to distribute their stuff...
big freaking surprise (Score:4, Insightful)
In the end, it is up to those who want their government to "choose" other software to let their voices be heard. This will work as long as politicians listen to the populace they supposedly represent, instead of listening with their wallets to companies from other states.
Of course, it may be that both the People and the "Software Choice" group of mega-corps both favor the use of proprietary software in government. My vote happens to be that our tax money which buys the software that runs our infrastructure should not be used to place our infrastructure under the control of a proprietary software vendor.
That's odd (Score:2)
Hey I agree... (Score:2, Funny)
Many interests involveds (Score:2)
American Security and Justice Departments are world wide know for their secret investigations among themselves.
Of course that keeping computers not as secure as they could get is very interesting if you want information "secure" enough to avoid a regular hacker to access it, but to enable a power hacker to access with the correct tools obtained with privileged information.
Don't worry about this, you can keep using your free software and keep you own privacy. Unfortunately we can't say the same about your information stored at DoD. :oP
Nothing stops MS from offering an OSS solution (Score:5, Interesting)
Open source software, the way it is marketed is perfect for DoD work simply because the software itself is tweakable. The IT people in govement departmenrs have a large degree of control over how software is used should they choose open source; they are not as reliant on MS's vision of how their software is used, nor should they be.
Should open source be required? I used to say yes, but then I realize, that is not choice. So of course no, but then neither should closed source be. It all comes down to what it will do for you. On one hand you get a product that MS does not warrent for any particular purpose, nor allow themselves to be held liable for any such use, versus a software product that does the same thing but at least allows the purchaser to to alter the code to suit their own preference, but retaining the decision as to whether to distribute it, under some liberal conditions.
Et tu Cisco? (Score:2)
A better idea? (Score:2, Funny)
Oh, wait... strike that...
qz
Built by the cheapest bidder ? (Score:3)
Now the cheapest bidders can be even cheaper, by not having to include liscensing fees in it's quotation.
Of course MS will freak out. This is going directly for their main artery. If I was in business, I'd try to fight it. It might not be "socially" correct, but it makes good business sense to try and counter the competition.
Now, let's just hope that the DoD will not fold to commercial power.MITRE Is Not Just Another Contractor (Score:5, Informative)
> published a report stating that not only does the
> Department of Defense use opensource, but is
> recommend on using it more.
MITRE is one hell of a lot more than just another defense contractor. Look into it's history and you'll see that DoD will value its opinion far above that of some Microsoft lobbiest.
DoD Security Policy 8500.1 (Score:5, Informative)
The part that I wonder about is "other software products with limited or no warranty, such as those commonly known as freeware or shareware". I wonder if this was meant to indicate Open Source Software? IANAL, but I've never seen a EULA for software that didn't indicate a limited warranty. In fact, from my layman's point of view, all the standard EULAs seem to indicate that the software has no warranty, since they seem to claim that the software doesn't have to do anything at all...
Nat actually what the art (Score:5, Insightful)
a) The choice of open source vs. closed source be made on a project by project basis and not be a matter of policy. In particular the DoD should not adobt a preferential policy favoring open source over closed source when possible,
b) While BSD licenses are OK using GPL licenses violate congressional norms (in particular they make commercial software impossible)
In addition things not mentioned in the summary
a) DoD is far and away the largest user of open source in the government
b) Security issues are ambigious with regard open source vs. closed source
c) A great deal of open source software violates all sorts of other government regulations and the government would end up having to bring these systems into compliance.
Yes the comments were hostile to open source particularly GPL they certainly where nowhere near the summary though.
Re:Nat actually what the art (Score:3, Funny)
now that's a classy oxymoron..
Re:Nat actually what the art (Score:3, Insightful)
Re:NEWS FLASH (Score:5, Insightful)
You can be paid to have them, or you can have them due to some deeply held beliefs with religious fervor, or you can arrive at your opinion through a process of reasoning.
On the other hand, reasoning that it's better to move to an open source product just because said OS product is currently attacked less, is fallacious.
Re:NEWS FLASH (Score:5, Insightful)
you can have them due to some deeply held beliefs with religious fervor, or you can arrive at your opinion through a process of reasoning.
It's my experience that people first tend to form their opinions based on deeply held beliefs (or otherwise) and later use reasoning to give justification to their beliefs. It is extremely rare for someone to start without preconceptions and use reasoning to develop an objective opinion. It is even rarer for someone to start with a deeply held belief and change their mind based on reasoning.
For example, do most people who share files have liberal views on intellectual property because it justifies swapping copyrighted files, or do most people who swap copyrighted files do so because it validates their predeveloped liberal views on intellectual property?
Re:NEWS FLASH (Score:3, Insightful)
The argument is roughly analogous to reasoning it's better to move to a given neighborhood just because said neighborhood currently has a lower crime rate.
As a parent and homeowner, that logic sounds pretty good to me.
Re:NEWS FLASH (Score:3, Insightful)
In a sense, yes, but that's not the point... Moving to an open source product because it is attacked less, means that you are at less risk from skiddie and worms. But a real attacker won't be randomly trying machines for known exploits, (s)he'll be attacking just the box/site that he wants access to.
To keep with the neighbourhood analogy, it's like moving to a safer neighbourhood when a hit-man's after you, it doesn't really matter how many petty criminals are in the area, there's still a goddamn hitman!
Re:NEWS FLASH (Score:3, Insightful)
Sure it's not perfectly secure and some criminals will overcome the defensive measures.
But it's better than the tent (=Windows) you had before, so I don't see why this move should be wrong.
Re:NEWS FLASH (Score:2)
Re:NEWS FLASH (Score:3, Interesting)
You could argue that if the source is open, a nasty cracker (133t, is that it?) might stumble upon a security hole (3xp101t?) and take advantage of it. But it wouldn't take long before the rest of the 'net (or whatever the fora) knew it as well, and some smart people at FAA would at that time probably pick up the information, and have patches from the community waiting for in-house auditing. It's a better scenario than if a cracker found a security hole (3XpL0itz?) in a closed source, and nobody would know but the cracker. Your airplane goes down just like the servers..
I dunno if this is my honest opinion. I'm just asking, trying to establish a position. If I'm wrong, enlighten me!
ignoring proprietary software (Score:5, Insightful)
One way to ensure that safety is through the use of open source software. There are undoubtedly other ways, such as Microsoft could provide source licenses only to the government for software the government buys, etc.
However one of the main factors into considering open source software is the rising cost of software licenses. Since our tax money is used to buy this software, I for one would prefer we don't have to pay year after year for what amounts to yearly abandonware.
Open Interfaces (Score:5, Interesting)
As we have seen with Microsoft's efforts to complicate other formats, the best way of wnsuring this is to demand source code. If Microsoft doesn't like it, well there is always OSS.
Re:big brother (Score:4, Funny)
--The grammar police.
Re:Surprise (Score:2, Funny)
I suspect that there is a noticable difference between the most secure operating system and Microsoft's most secure operating system.
Sarcasm Noted, but... (Score:5, Interesting)
The first thing it told me was, "You can introduce hostile code into your network by opening an E-Mail" and therefore intructs you not to open E-Mail from anyone you don't know. They go on to say that you can also compromise the company's security by reading your Yahoo or Hotmail mail at work. Later in the course it instructs you to keep your system up to date by installing the latest Microsoft security patches, which is ironic because a co-worker just trashed his system by installing a Microsoft security patch and is looking at 3 days downtime while the technicians reinstall the OS (Technicians have an 8 hour response time and due to the holiday they were pretty close to that time. They took his computer away but they won't be able to deliver it on Friday because no one's going to be there.)
Great. So we know we have a problem but instead of taking steps to solve the underlying problem, we're just going to tell everyone in the company to modify their behavior because if they don't, the company's network and billions of dollars of assets will be compromised. Does anyone else see a problem with this?
Frankly, with the company's assets at stake, it would be a damn good idea to roll your own client code just so you can audit the source code. I did some auditing with Data General for a while and they had it right. Every auditing test was extremely well documented and available on the network, along with the automated code generated to test each function (In the C Library in this case.) But if rolling your own clients makes sense, you could save yourself a lot of time and money by grabbing open source projects for the applicaitons you need and feeding those to your audit and programming teams. You save some money and the open source community gets free high quality auditing of their source code and any additional features you decide to add to it. Everyone wins.
Re:Sarcasm Noted, but... (Score:3, Insightful)
We're always hearing on the news that poor IT security is costing the country billions of dollars each year. So what's it going to take to get people to take IT security seriously? They're certianly not doing so right now. An audit team would be a small price to pay to be able to have a reasonable level of faith that day to day operation of your applications will most likely not compromise your system or your network.
There's no sense in re-inventing the wheel either. Distributing an open source package (assuming it was GPLish) would require you to share your audit results back with the project. This would be a good idea anyway since you wouldn't have to re-patch in your diffs every time the authors published an upgrade. If your bank looks over the audit results from my company's audit of blargmail and decide that we know what we're doing, you can reasonably comfortably use blargmail without having to go to the trouble yourselves. If you read the audit docs and say "Hey! They weren't looking for buffer overflows at all" you can either audit it yourselves or go with some other package.
Either way you look at it, Good IT security or the results of having poor security are a cost of doing business. You'll pay the price either way. Over time, the cost of having good security should be far less than what could happen if your security is not so good. Would you want to put your money in your bank if you think it's not secure? How would you feel if your hospital were run like (you seem to indicate) your bank is? Your power grid? Your water supply?
Re:My take (Score:2)
You can not do this. The license does not exist in a vacuum relative to the problem that the SW is trying to solve.
Re:My take (Score:3)
Perhaps not on purpose... (Score:2)
Re:It may become illegal . . . (Score:4, Informative)
Page 323 Line 15.