--- Date: Wed, 5 Jun 2002 00:23:29 -0700 From: carey <careyat_private> To: declanat_private Subject: Re: FC: Terrorists could use open source software to wreak havoc! Declan, I thought this was mildly amusing when I saw it as well. I decided to go hit up Mr. Ken Brown who was listed as the President of ADTI and see what his answer to the funding question was. He sent me a rather cryptic, dodgy response. Especially strange is # 3. Also the tripe about 'true patriots' was a bit funny. What, true patriots don't use linux? -------------------------------------- From: "Ken Brown" <kenbrownat_private> Sent: Sunday, June 2, 2002 11:02 AM To: careyat_private Subject: RE: Quick and curious Our position is as follows: 1: No software is invulnerable. Thus all software inherently has security problems 2: Those with motivations to crack a software for bad reasons, etc. will do so, regardless whether the product is os or proprietary. 3: OS is a sound, credible approach for creating systems for the Internet, etc. however, its basis is upon sharing. While we understand that all OS does not have to be shared a majority of it whether it is commercial or non-commercial is shared. GPL and GPL licensed applications are over 80% of popular OS products today. GPL and LGPL stipulate that sharing must occur. 4. National security systems must be secret. Anything or anyone that poses any type of indiscreet sharing of intimate information about our government's IT infrastructure is an inherent threat. Therefore: Due to increased interest by bad people in our national security system's vulnerabilities, we should avoid use of systems that enable, require or mandate indiscreet sharing. Microsoft and people's hate for Microsoft is irrelevant. True patriots will come to grips with the reality that really bad people want more information about our nation's computer systems; and giving bad people indiscreetly any information about our systems is reckless. kb -----Original Message----- From: carey [mailto:careyat_private] Sent: Friday, May 31, 2002 5:12 PM To: kenbrownat_private Subject: Quick and curious I'm sure I -could- find this on the net already, but I'd figure I'd ask you first. Just curious, given your heavy coverage of Microsoft related issues, if you received any funding from a Microsoft-based group? Also, how long have you been in existence? I ran across an article today, and I was a bit curious. Thanks in advance, Carey Lening ===8<===========End of original message text=========== -- Best regards, carey mailto:careyat_private --- Date: Wed, 05 Jun 2002 17:57:42 +1000 From: Nathan Cochrane <ncochraneat_private> Reply-To: ncochraneat_private Organization: The Age newspaper To: declanat_private Subject: Re: FC: Terrorists could use open source software to wreak havoc! I just had a browse around the ADTI site and I think the institution suffers a weird form of cognitive dissonance that makes their stance on free software even more hard to reconcile with their mission. "Since 1988 the Alexis de Tocqueville Institution has studied the spread and perfection of democracy around the world. "Among these liberal ideals are civil liberty, political equality, and economic freedom and opportunity." How can a monopoly ever be considered preferable to a free and open marketplace, or the contributions of volunteers, freely given, in pursuit of an ideal, such as free software? I just don't get it. --- From: "Blane Warrene" <bwarreneat_private> To: declanat_private Subject: Re: FC: Terrorists could use open source software to wreak havoc! Date: Wed, 05 Jun 2002 10:01:01 -0400 How easily they overlooked the fact that one of the prime characteristics of open-source software is the ability to customize and re-compile a kernel or application (in essence make it proprietary for the individual or institution using the software), closing doors left open in the original source. This also changes the footprint of the application, making it much more difficult for an outsider to "find their way in" to your installation without your internal secured (we hope) documentation. We have done this with several servers - re-building them for internal use only, effectively changing the nature of the OS to meet our needs. --- Subject: Re: FC: Terrorists could use open source software to wreak havoc! From: Steve Stearns <sternoat_private> To: declanat_private Something came to mind recently that ties well into the white paper on open source security risks from the Alexis de Tocqueville Institute. Microsoft has openly admitted in court that there are significant security vulnerabilities in their products. Vulnerabilities so substantial that they believe it would be a national security threat to open up certain parts of the source code. What protections exist to keep that information out of terrorist hands? The security presumption in open source is that, yes, there will be bugs, but if everybody can see them, there is a chance for the "good guys" to find and solve those problems before the "bad guys" exploit them. The security presumption in proprietary code is that the vulnerabilities can't be found without access to the source code. That presumption is only as good as the security measures that are in place within the company that writes the software. So, how hard would it really be for terrorists or foreign agents to infiltrate Microsoft? To put the scope of this threat into some perspective, think about how many people within Microsoft had to be aware of these security problems in order for it to make its way to a company executive who could allude to it in court. How many layers of managers and development teams did that information pass through? The more people who become aware of the problem, the more risk that any one of those people is an infiltrator, or potentially corruptible. So how "confidential" is closed source software really? ---Steve --- Date: Wed, 5 Jun 2002 12:16:42 -0400 From: Jamie McCarthy <jamieat_private> Subject: Re: FC: Terrorists could use open source software to wreak havoc! To: declanat_private X-Priority: 3 declanat_private (Declan McCullagh) writes: > Just because an entity receives MS cash does not necessarily mean > MS dictates its opinions. Tell that to the Institution itself; they seemed eager to play "follow the money" back in 2000 (though this "study" they hinted at doesn't seem to actually have been released): http://www.adti.net/html_files/technology/pause_the_microsoft_case.htm An Alexis de Tocqueville Institution study to be published this spring, he said, is finding that a large number of major soft dollar donors to the Democratic Party over the last three election cycles are now plaintiffs, witnesses, or beneficiaries in U.S. anti-trust cases. Sure, maybe MS cash doesn't influence their opinions. Maybe they are just a bunch of guys who really like to sit around and write opinion piece after opinion piece, and do study after study, showing that Microsoft is the greatest company in the world: http://www.adti.net/html_files/technology/mcseStudyDraft.pdf in which we see that many top firms think the MCSE is a valuable certification http://www.adti.net/html_files/technology/Ebert_Microsoft.html the antitrust suit will destroy American tech leadership http://www.adti.net/html_files/technology/scarborough_microsoft.html Sept. 7, 1999: "if Microsoft actually is crushing competitors, then what accounts for those companies' rising stock? Since the federal government took Microsoft to court, Amazon.com is up 838 percent, AOL up 555 percent..." http://www.adti.net/html_files/thirdparty/clinchvalleytimes_agregory012000.html January 20, 2000: "The recently announced $350 billion merger between AOL and Time-Wamer, FFI says, is an indication that Netscape Navigator owner AOL has nor been crushed by Microsoft's 'monopoly,' else how could it participate in this deal, the biggest ever recorded?" http://www.adti.net/html_files/technology/pressrelease_ms10242000.html Japan, Switzerland, and the EU oppose Microsoft antitrust suit http://www.adti.net/html_files/technology/marketplace_rule.html Microsoft should be exempt from antitrust because "unlike oil and aluminum, ideas and innovative technology can be controlled by no company" -- that's a deep understanding of the issues And here's their pride and joy, a study showing that MCSEs (Microsoft Certified Systems Engineers) are really in demand, and they make good money! http://www.adti.net/html_files/technology/studymcse.PDF "A MCSE Introduction -- Training for the Digital Age" "Any advice for MCSE's?" "Stick with it. If you are under financial pressure it will be worth it to get certified and don't get discouraged because it will pay off." "[Getting MCSE certified] has made a huge transition. I have met a lot of new people and people respect me more... I know I will find a good job once I graduate." and a bushel of reprintings of their press release for that study -- the ATDI is just *so proud* that actual newspapers picked it up and ran blurbs on it: the Pennsboro News... <http://www.adti.net/html_files/technology/ pennsboro_news_techtrends022801.html> the Pelham Sun... <http://www.adti.net/html_files/technology/ pelham_sun_techtrends03801.html> the Pioneer Shopper... <http://www.adti.net/html_files/technology/ pioneershpr_techtrends013001.html> The Purple Squirrel... <http://www.adti.net/html_files/technology/ purpsquirrel_familiarity0201.html> ...and many others in their posse of pusillanimous pressmonkeys. I'd never heard of the ADTI before this, but after spending an hour or two crawling their site -- which by the way is hosted on unix by the open-source software Apache -- I think it's unlikely that there exists anywhere in the world a more toadying opinionfactory, begging to trade persuasion stamped "nonpartisan" for corporate cash. Most "think-tanks" have erected a much better facade. The ADTI's is balsa wood and refrigerator boxes. "In the United States, the majority undertakes to supply a multitude of ready-made opinions for the use of individuals, who are thus relieved from the necessity of forming opinions of their own." -- Alexis de Tocqueville --- From: "Thomas Leavitt" <thomasleavittat_private> To: declanat_private Subject: Re: FC: Terrorists could use open source software to wreak havoc! Date: Wed, 05 Jun 2002 08:56:59 -0700 The whole "open source software is insecure" argument is specious... you only have to look at the example of IRIX (SGI's proprietary version of Unix) to see that security exploit techniques that target common programming errors don't require access to source code. I remember seeing almost daily reports that one or more new buffer overrun exploits had been discovered at one point - and that is only one technique. Regards, Thomas Leavitt ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ ------------------------------------------------------------------------- Like Politech? Make a donation here: http://www.politechbot.com/donate/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Jun 05 2002 - 10:36:55 PDT