Posted on 09/04/2003 2:16:53 PM PDT by Paleo Conservative
It happens all the time. The US Government is deeply involved in M$ code, and builds unique versions of Windows for things like running Aircraft Carriers:
http://www.fcw.com/fcw/articles/2000/0807/news-navy-08-07-00.asp
There are many new joint projects with DoD going on right now as well in the DC area. Got any other reasons why the US government should rely on code managed by a foreigner instead?
Because it does not have into be managed by a foreigner. The baseline Linux kernel can be modified at will to a US-government specific version.
BTW, that article doesn't actually have Microsoft modifying the Windows OS itself, or actually opening it up for inspection by the Navy. Instead, they're developing apps and doing systems integration. But they could do that for a Linux platform, too.
And given Microsoft's security problems (which are probably tied to extremely poor configuration management in the OS kernel and libraries, IMNHO), I think the USN is making a bad mistake. I would NOT trust Microsoft in this matter until they've actually had a substantial length of time between major security flaws getting exploited.
Not true, unless they maintain the code completely separate. Which may be an option for small discrete jobs, but not as a completely separate product for widescale use. There's just no way the government could keep their code up to date.
BTW, the NSA is working on a B1-rated Trusted Linux system.
Got any kind of link for this? The NSA's current "SE Linux" is nowhere near that rating, and I've not heard of it there or anywhere else.
But closed-source does NOT do a thing to improve system security--or have you forgotten about Blaster, Welchia, and SoBig.f?
All systems are vulnerable to attack, but closed source can improve system security. Some things are better off being withstricted from access, it's the whole purpose of the government's "classification" system. As a matter of fact you mentioned above about a possible NSA version that would remain closed, obviously for security reasons.
If you cannot see the difference between the Chicomms and Linus Torvalds, it is not use discussing the point with you. However, for others, Linus Torvalds has not killed 50 million people.
When discussion issues of national security it is more important that our efforts work solely towards making our OWN products equal if not eventually supperior. Not that Linux is superior in many if any ways at this point anyway.
Hackers are the ones to blame for computer attacks, no one else. And just recently Eric Raymond admitted some Linux people had recently launched denial of service attacks. Pretty obvious who is to blame in such incidents.
Lay off the crack. Security through obscurity never works, and I can give you five reasons right now.
Then there's no way they can manage a Microsoft shop, either.
Got any kind of link for this? The NSA's current "SE Linux" is nowhere near that rating, and I've not heard of it there or anywhere else.
This is different from SE Linux.
All systems are vulnerable to attack, but closed source can improve system security.
Then Microsoft Windows should be the most secure OS on the planet. (Chortle. Snicker.)
Some things are better off being withstricted from access, it's the whole purpose of the government's "classification" system.
I'm pointing out that closed-source does NOT do a thing to make a system more secure in reality. Either a system is secure, or it isn't.
As a matter of fact you mentioned above about a possible NSA version that would remain closed, obviously for security reasons.
No, they want it to remain closed so that it would be illegal to distribute it outside the US government. This would thus deny America's enemies access to a freeware B1 OS that the NSA would have a hard time cracking.
BTW, I am an MCSE. I do like Microsoft systems, but I understand that they have limitations, particularly in security.
Yes there is a difference, but there is also much that is the same. If Torvalds wants my respect, he should demand the Red Chinese release their source code changes per the GPL license requirements. You can bet he never will.
The problem is that the holes are there, and Microsoft has more than their share of them.
If Microsoft manages to go an extended period of time without hackers finding oodles of vulnerabilities, then I'd consider them for mission-critical military systems.
And just recently Eric Raymond admitted some Linux people had recently launched denial of service attacks. Pretty obvious who is to blame in such incidents.
DoS is one thing.
Actually penetrating system security to run malware and/or access information on the network is something else.
Not that you would even know.
But they have a lot more control over these projects, like security clearances for those working on them.
This is different from SE Linux.
Yes, as I said it would have to be, but do you have any proof this is actually happening.
Then Microsoft Windows should be the most secure OS on the planet. (Chortle. Snicker.)
That's quite a reach. How about addressing your previous statement that the supposed NSA code would be more secure if it was restricted, which I inquired?
I'm pointing out that closed-source does NOT do a thing to make a system more secure in reality. Either a system is secure, or it isn't.
I'm aware of your point, but it is incorrect. "Classification" of government information is a science of procedures whereby information is kept secret to reduce exposure and eventual duplication. Things like the security system of the US Capital would not be more secure if it was posted on the internet, likewise withholding immediate access to source code is a deterent to it's theft or exploitation.
BTW, I am an MCSE.
That's interesting, surprised you don't know more about M$/Government interaction. There are places in the government (not where I work) where "windows update" is the official policy. Those places get every patch before a hack has been posted, and rarely if ever get exploited whatsoever. Yes they expose themselves to possibly poorly designed patches, or adverse effects to applications, but where security is a high priority it this setup can work well.
Would Free Republic exist if it were not for Linux?
We may be more similar than you think. We are mostly a M$ shop now (with a history of VMS, Unix, Apple, Novell) but still have some critical Unix systems. Unix still has a place. I just don't support replacing it with Linux.
DoS is one thing. Actually penetrating system security to run malware and/or access information on the network is something else.
It's not that far of a reach at all. It's all crime, closely related by technology.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.