| I had no idea that doing a study on MCSEs couldn't be undertaken by an organization unaffiliated with Microsoft.
Sorry, buddy, only you and the other Munchkins are gonna fall for this one; this outfit is for hire, and it's obvious. |
Posted on 05/31/2002 3:15:28 PM PDT by Bush2000
A conservative U.S. think tank suggests in an upcoming report that open-source software is inherently less secure than proprietary software, and warns governments against relying on it for national security.
The white paper, Opening the Open Source Debate, from the Alexis de Tocqueville Institution (ADTI) will suggest that open source opens the gates to hackers and terrorists.
"Terrorists trying to hack or disrupt U.S. computer networks might find it easier if the federal government attempts to switch to 'open source' as some groups propose," ADTI said in a statement released ahead of the report.
Open-source software is freely available for distribution and modification, as long as the modified software is itself available under open-source terms. The Linux operating system is the best-known example of open source, having become popular in the Web server market because of its stability and low cost.
Many researchers have also suggested that since a large community contributes to and scrutinizes open-source code, security holes are less likely to occur than in proprietary software, and can be caught and fixed more quickly.
The ADTI white paper, to be released next week, will take the opposite line, outlining "how open source might facilitate efforts to disrupt or sabotage electronic commerce, air traffic control or even sensitive surveillance systems," the institute said.
"Computer systems are the backbone to U.S. national security," said ADTI Chairman Gregory Fossedal. "Before the Pentagon and other federal agencies make uninformed decisions to alter the very foundation of computer security, they should study the potential consequences carefully."
| I had no idea that doing a study on MCSEs couldn't be undertaken by an organization unaffiliated with Microsoft.
Sorry, buddy, only you and the other Munchkins are gonna fall for this one; this outfit is for hire, and it's obvious. |
Just one minute later, in post 95, you get on my case for presenting guesswork as facts (which I didn't -- notice my phrase "usually presumed").
So I take it you know for a fact that NSA has better stuff? I trust, for the sake of our countries security, that you have no such knowledge.
He was warned several times, then when the moderator put his foot down and said to stop the personal insults or else, he threw one last insult calling the poster who complained to the moderator a whiner and vanished.
He was a sad case.
This reminds me of the thread I posted about .NET.
I said I liked the direction MS was going with .NET, and that .NET was a good first version, but that it needed some improvement before it was ready for mission-critical use.
You said I wasn't pro-.NET enough.
You clearly will not tolerate any criticism of MS.
Anyone criticising MS is a "bigot", you say? Odd how pretty much the only people who are not bigots in your estimation are the MS workers . . .
Wow, there sure are a lot of "bigots" out here, then.
He's been in trouble over and over again here. Had posts pulled, been warned, etc.
But I really think he's paid to post FUD, so I think he has to try and keep from crossing the line. You really have to threaten someone here on FR to get tossed, and he usually avoids direct threats. He'll say, "That is libel!" but won't actually threaten to sue.
So, you equate "best, and most secure" with "blowfish, RSA, PGP"? Yeah. That's why the NSA spends billions on new crypto because the commercial market is the best?
The only truely secure encryption is a one-time cipher, based on radioactive decay, which generates true random numbers. Blowfish, RSA, and PGP are "highly secure," based on the key length. If you don't have an unlimited government budget, like the NSA, you will have to make due with encryption like these. How do you feel about DES, and the way the government strong-armed IBM to shorten the key length when it was developed?
I hate to break it to you, but if you go up against a government, you're going to lose. Try not to forget, that not only do they have unlimited budgets, but they can also use deadly force.
Mark
January 15, 2002: Bill Gates outlines Microsoft's commitment to Trustworthy Computing
That makes me feel much better.
Apparently, from the similar reaction that both you and PatrioticAmerican had to this post, being a Microsoft shill harms ones ability to read. Or is it the other way around -- only people with reading disabilities are likely to become Microsoft shills?
Nevermind ... I don't care which.
That's an unprovable assertion, Mark, and you know it. While you may claim that anecdotally, it isn't a fact.
Of course it's anecdotal, because it's based on cases. It's very dificult to come up with a mathematical proof that one OS is more secure than another. What you do is look at a history of installations and configurations, and do a comparison from there:
OpenBSD works closely with BUGTRAQ, and as soon as a vulnerability is discovered, it is irradicated ASAP. OpenBSD is constantly audited (since 1996), and the project subscribes to the concept of full disclosure of security holes and exploits.
OpenBSD is configured to default to a "secure mode," with minimal services and daemons enabled by default. It's been 5 years since an exploit has been found in the default installation!
Steven J. Vaughan-Nichols seems to think that OpenBSD is relatively secure, far more so than any other commercial or open source OS.
NASA (at the Ames Research Center, NASA Advanced Supercomputing Divisions) uses OpenBSD as their firewalls: "In the NAS Division, all this is accomplished by an off-the-shelf PC running the OpenBSD operating system, an Apache web server, the Internet Software Consortium DHCP server, the IPF firewall software -- all freeware. Network and security team members Nicole Boscia and Derek Shaw developed the “glue” software to make the rest of the components work together -- in about 40 hours."
NetSec lists a number of government agencies that it supplies with security consulting services, and they use OpenBSD.
So, yes, saying that OpenBSD is one of the most "harden-able" and secure OS's around IS anecdotal, since a mathematical proof is almost impossible. On the other hand, it's easily provable that, in general, Microsoft's lackidasical attitude towards security, and their way of "passing the buck" when an exploit is found, leaves their OS and other products highly vulnerable.
Mark
That is precisely the reason that open source is no more (and possibly even less) secure than closed source.
Not at all, in fact, just the opposite! With closed source software, the end-user has no way of knowing what sort of back-doors have been inserted into the code. This is the reason that the DAS (I believe it's the DAS-the French Intel Services) refuses to use any Microsoft product!
Try not to forget the US Government's strong arm tactics against IBM when they were developing DES. It was originally slated to use a 64 bit key, but the feds pretty much told IBM that they'd never sell another computer to the government if the key was longer than 56 bits! I wonder why? In open source software, you can try to find back doors and holes in security.
But just because you have the code, doesn't mean that you're going to find every back door. I believe that it was Rob Pike who was giving an ACM lecture, and spoke about a back door that he had put into the login program on early versions of unix. Well, nearly all of the sysadmins there had found it, removed the code, and recompiled the module. He casually mentioned that not only had he written the login program, but he had also written the C compiler, and the C compiler checked for the code in the login program. If it was missing, it would reinsert the code before compiling the login program again.
Mark
From Reflections on Trusting Trust, by Ken Thompson:
What do you mean, no evidence? I provided full documentation, including scanned copies of the cancelled checks, proving that Microsoft commissioned the study.
but before you post "this study was bought and paid for by Microsoft", try providing some references ...
or be prepared to be labelled an idiot.
I can't connect them directly to the ADTI, but Microsoft does contribute to conservative think tanks. Its hardly idiotic to think that their efforts have influenced the think tanks.
To achieve its aims, Microsoft has done many of the things you'd expect. [...] It retained a dream team of outside federal lobbyists, including Haley Barbour, the former Republican Party chairman, and Jack Quinn, former White House counsel to President Clinton. It began contributing heavily to right-wing, free-market think tanks, such as the Cato Institute and the Heritage Foundation.
You two used to go round and round, but you both gave as good as you got - would you have demanded that he be tossed for what he said to you? (Did you?) And he was as hard on you as anyone at all. Yeah, DJ was over the top sometimes, but most people weren't thin-skinned enough to take it all that personally.
Of course, keep in mind that I was shaped by Usenet long before I landed here - DJ at his worst here was about half as bad as a good opening cheap shot from people who were just getting warmed up on Usenet, so maybe my perspective is skewed ;)
That's where I learned my lessons, too.
As you noticed, I too never took his personal attacks personally. I've never gone to the moderators about anyone here on FR. I wouldn't. I'd just leave if I wasn't enjoying it here anymore, there are too many other boards out there. DJ was completely over the top rude, and was filling these threads with a ton of noise, and was driving posters away from these tech threads.
But he should have respected the other poster and left him alone, in my opinion, and I understand why the moderators decided to step in.
Rats! I knew it was either Ken Thompson or Rob Pike! :-( Too many years since I read the article... Thanks for keeping me straight!
Mark
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.
This is what we like about you, Bushie: you're shameless. Here's a tax-exempt 501(c) that tells the IRS it exists "to promote freedom and democracy," and it churns out Microsoft FUD. A study promoting MCSE... gimme a break. Then there's the press release they sent out pouring mud on AOL's financials... as though they were stock market analysts. And now they don't like open source.