Did MS Lobbying Stop NSA Work On SELinux? 674
inquisitive points to this CNET story on how George Wash Univ. may help Linux gain certification under the Common Criteria, certification required for software to be used in some sensitive government roles. In the same story, though, is an interesting quote from another effort at bringing GPL'd software to the public sector: "'We didn't fully understand the consequences of releasing software under the GPL (General Public License),' said Dick Schafer, deputy director of the NSA. 'We received a lot of loud complaints regarding our efforts with SE Linux.'" Sources familiar with events said that aggressive Microsoft lobbying efforts have contributed to a halt on any further work. 'Microsoft was worried that the NSA's releasing open-source software would compete with American proprietary software,' said a source familiar with the complaints against the NSA who asked not to be identified."
It's a new concept... (Score:5, Insightful)
'Microsoft was worried that the NSA's releasing open- source software would compete with American proprietary software,'
Apparantly MS is worried that it'll catch on.
Re:It's a new concept... (Score:5, Insightful)
The issue here that made the U.S. government listen is that the "open-source software would compete with American proprietary software." The article states clearly that "Many complaints criticized the agency for providing the fruits of research to everyone, not just U.S. companies, and thus hurting American business."
This is another example of American government's actions being fuelled by a desire to help American businesses to the detriment of individual freedom, similar to the DCMA.
Re:It's a new concept... (Score:2)
Cheers,
Slak
Re:It's a new concept... (Score:2, Insightful)
Wow, that's wildly inaccurate. I mean, you're astoundingly off-base.
You're just as free to sit down and work on a patch for the Linux kernal today as you were yesterday; the only difference right now is that the NSA has decided not to work on it with you.
When you think about it, the government's only real job is to defend the rights and freedoms of its citizens. Among those freedoms, at least here in America, is the right to start a business and engage in free enterprise. Therefore, when the government interferes with free enterprise, it's interfering with the rights of its citizens.
You can't have it both ways. The same laws that protect Microsoft's ability to sell software protect your right to give it away.
Re:It's a new concept... (Score:2, Interesting)
Wow, that's wildly inaccurate. I mean, you're astoundingly off-base.
You've got a point, there. I just meant that the U.S. gov't is partial to the needs of business, and doesn't really care about free software.
When you think about it, the government's only real job is to defend the rights and freedoms of its citizens.
So, you're saying that governments build roads to protect the mobility rights of citizens, for example? I think governments' jobs go much broader than that.
Among those freedoms, at least here in America, is the right to start a business and engage in free enterprise.
But rights must be balenced. If I may play the devil's advocate, one of the ideological underpinnings of the Free Software movement is that one's right to make money is less important than everyone's right to improve software, and your responsibility to help others.
The same laws that protect Microsoft's ability to sell software protect your right to give it away.
Well, the U.S. government does place restrictions on one's right to give software away (in the case of strong cryptography). Hence OpenBSD is based in Canada.
USA export regulations (Score:3, Informative)
Well, the U.S. government does place restrictions on one's right to give software away (in the case of strong cryptography). Hence OpenBSD is based in Canada.
But do these U.S. export restrictions apply to free software [gnu.org]? The current crypto export regulations [gpo.gov] (section 740.13(e)) seem to grant an export License Exception for publicly available source code and object code compiled from publicly available source code provided that the original publisher of such code notifies crypt@bis.doc.gov (cc: enc@ncsc.mil) of the code's public availability. (Notification seems not to be required for mirrors [mozilla.org].)
Hence Mozilla is based in the United States, where the only restriction on exporting OSI Certified(tm) open source encryption software is that it not implement a system primarily designed to restrict the fair use of a copyrighted work.
Re:It's a new concept... (Score:3, Insightful)
This means that they are difficult to comprehend and absorb for people not conversant in the technology itself.
That is a real danger.
It is dangerous not to understand what is happening here on an international scale.
In terms of censorship, social control and the relegation of individual populations to a second-class of citizenship, technology issues like this will have a more direct effect than tariffs or export laws.
What you are allowed read in books and watch on TV will be subject to its profit potential for large corporations. Read that again. Anything else will be Samizdat .
This will be enforced through agreements and laws like DMCA, UCITA, and the proposed SSSCA and CBDTP. Less is known by even informed people about these laws, than say -NAFTA.
Why? Because at a cursory glance, the subject matter is dismissed as being too technical, or "just something about TV."
When second-hand bookshops are being closed - for being unable to meet the minimum payments on 'royalties for redistribution of intellectual property,' everyone will wonder what happened. It started with Internet Audio Broadcasters. You think this is far-fetched, or satirical? Go ask SOMA-FM [somafm.com]
Libertarian Groupthink (Score:2)
Government's role is to promote the welfare of the people. Sometimes that means promoting business. Sometimes that means providing a social safety net. Sometimes that means providing for a common defense.
We the People (Score:3, Informative)
We the people of the United States, in order to form a more perfect union, establish justice, insure domestic tranquility, provide for the common defense, promote the general welfare, and secure the blessings of liberty to ourselves and our posterity, do ordain and establish this Constitution for the United States of America.
To serve and protect whom? (Score:5, Insightful)
But wasn't that *exactly* what the NSA was doing by working on Security-Enhanced Linux? Defending your rights and freedoms by making sure the computers on which they depend are more secure? Should they be entrusting this job to corporate America, instead?
Second thing: What should happen to software that the government creates? Should it never be released to the public, left to sit and wallow as a waste of our tax dollars? Aren't we better off by having more choices in the marketplace instead of less?
(Wow -- every sentence a question.)
Re:To serve and protect whom? (Score:5, Insightful)
Working on security is half the NSA's job. (The other half being working on encryption.) They chose to work on the security of Linux, because they use it. Because they want to see their changes incorperated into the kernel (So they don't have to keep updating it.), they gave it back to the community. They didn't just decide to start a computer programming business for no reason, they want security in their OSes and they use Linux. (Possibly because that's code they know doesn't have backdoors.)
This isn't the NSA trying to compete with MS, this is the NSA trying to make things simpler for itself by putting security, as default, in the OS it uses, so it doesn't have to patch the source each time, and more people will look at the code and find mistakes. (The NSA doesn't fall for security though obscurity. They are well aware the best way to make something security is to hand a copy to a million people and ask them to break it.)
Re:To serve and protect whom? (Score:3, Interesting)
I like the "share and share alike" aspects of the GPL too, and I wish I could figure out a way to defend the govt producing GPL code.
But I can't. Just like I'd be pissed if (and I bet they do this anyway) the govt hacked proprietary software and allowed the proprietary vendor to sell the code.
The government should never produce intellectual property. Since the public owns the government, the public should own the government's source. This means Microsoft should own it and this means you should own it.
Re:To serve and protect whom? (Score:3, Informative)
Not quite right.
Linux, for instance, is not all copyright Linus. In fact, most of Linux is not copyright Linus, because whenever someone else contributes a substantial portion, they own copyright on that portion (not Linus).
That's why folks writing GPLed software can't change the license (or offer an alternately-licensed version) if they accept other people's patches, unless they either rewrite all those patches themselves or require contributors to file a copyright assignment.
So the government can contribute to a GPLed project and still maintain their own, independant copyright. (That said, it makes more sense to release their patches into the public domain -- even if the derivative work, that being the patched product, must be GPLed).
Re:To serve and protect whom? (Score:3, Insightful)
If you've got existing infrastructure you can build on that's GPLed, you have one cost for building something new based on that and GPLing the result, and another (generally much higher) cost for rebuilding the whole thing ground-up.
Forcing folks to always do the latter, even when the former will accomplish the initial goal of providing the necessary component and at lower cost, is unreasonable.
Re:It's a new concept... (Score:3, Insightful)
If the government takes my money and makes something really useful with it, which provides more economic benefit to the country: giving it away so everyone can build on it and be more technologically advanced; or hiding it away so no one else can use it, and someone has to waste time building it a second time?
neither you or the guy you replied to gets it (Score:3, Insightful)
"Many complaints criticized the agency for providing the fruits of research to everyone, not just U.S. companies, and thus hurting American business."
which is all bullshit: open source stuff would promote more and better research; you have to learn how to do it better/faster/whatever when everyone just got access to the latest greatest way of doing it (whatever "it" happens to be).
anyway the good news is,
"Despite the intense battle surrounding the open source, the NSA will still fund research on secure operating systems based on Linux as well as work with U.S. companies to create better security in their own operating systems."
That was (Score:3, Insightful)
Now, did you actually say anything to refute the previous poster? I mean, you can't deny the fact that the government already has its hand in quite a lot of things, through academic grants, defense research, etc. etc.
How the government wields power in this arena is how it premits the fruits of that labor to be releasesd. Refusing to release code under the GPL, but simultaneously allowing vendors to appropriate code developed with public money, smacks of hypocrisy and shows a clear bias in how they approach this issue. It is obvious that they bowed to pressure from a few whiney corporations threatened by Linux.
So, either the government keeps its hands off industry entirely, or it should plays fair and impartially. You can't have it both ways, using the former argument to attack the latter.
infrastructure (Score:5, Insightful)
Therefore, when the government interferes with free enterprise, it's interfering with the rights of its citizens.
By providing a free operating system, the US govt. is NOT 'interfering with the rights of its citizens any more than:
1. The public libraries interfere with the private bookstores' rights.
2. Police officers interfere with private security firms' rights.
3. Public water fountains interfere with bottled water vendors' rights.
4. Free public skateparks [louky.org] threaten private Van's-owned parks.
I think it's high-time the US govt. supported an open-source OS project. Though backwards in its perspective on human rights, China is lightyears ahead in its thinking on this subject. If we had a national open-source OS that was used in every government office and available to citizens for free, it would be a dozen times more powerful of a punishment than any wrist-slapping the DOJ is going to give to MS for it's anti-trust crimes.
Seth
Re:It's a new concept... (Score:4, Insightful)
What Microsoft is mad about is that they don't want any competition. From anyone. They can't crush or buy out Linux, they can only seek to outlaw it. So when our government is using and improving software that competes with Microsoft, Microsoft gets angry and lobbies to make them stop. "It's all about choice," they say. Balls. It's about protecting Microsoft's revenue stream. They obviously don't care about choice when people don't choose Microsoft.
Re:It's a new concept... (Score:4, Insightful)
Evidently you don't think your trash should be collected, or your roads maintained, or restaurants inspected for cleanliness.
Among those freedoms, at least here in America,is the right to start a business and engage in free enterprise.
Where does the Constitution specify this? Quite the opposite, the Constitution explicity grants the government the right to control many forms of trade (e.g. interstate commerce). Not to mention, this issue is not a regulatory one - nobody's stopping any business from doing anything.
Therefore, when the government interferes with free enterprise, it's interfering with the rights of its citizens.
That absolutely does not follow: the government is absolutely obligated to intervene should your "free" enterprise involve stealing cigarettes and reselling them, or raising cattle on land you don't own. The government exists to broker compromises between people's varying needs and actions so that people can live dignified, free lives.
What's at stake here is when and how the government (federal, in this case) should treat products of its spending. What Microsoft is trying to outline is a conflict between two responsibilities of the government in this case:
a) in the US,we have a long-standing tradition that research done with public money is done "in the public interest", and therefore the public should have as much access as practically possible to the details and results of that research.
b) the government is also charged with looking out for the economic well being of its citizens. According to the argument by Microsoft, releasing open-source software that competes with American products that are strong sellers is against the public interest.
While I think b) might be important if the federal government had been secretly working on a competitors to Office, Java, and other major software platforms for 30 years and suddenly released it, causing a massive drop in the valuation of software companies, that would be counter to the public interest. But in this case, the point of the software development was to overcome limitations in the software available to the NSA by capitalizing on the open source nature of Linux to satisfy themselves their security requirements were being met. In other words, the work was not undertaken to undermine Microsoft, but rather for a specific security goal, determined by the NSA to be in the public's security interests.
The present arguments by companies like Microsoft come very close to demanding that the government make policy in order insulate these companies from changes in the business landscape, which is the opposite of free enterprise.
competition ok, but not from government (Score:2, Insightful)
That said, it is still a shame.
Re:competition ok, but not from government (Score:5, Insightful)
To Microsoft, sure, the competition (ANY competition) would be bad. But they're only one company. SELinux would help a hell of a lot more companies than it could possibly hurt.
Re:competition ok, but not from government (Score:2)
Yes, unfortunately those companies, even with combined effort, could never afford the level of lobbying that Microsoft can.
We really need to determine what legislator got tons of money to lean on the NSA. That individual needs a lesson in negative publicity.
Re:competition ok, but not from government (Score:2)
Re:competition ok, but not from government (Score:3, Insightful)
Re:competition ok, but not from government (Score:3, Interesting)
Where'd you get that idea? You'd better abolish the National Park system since it competes with private campgrounds. Your local parks are also competing with the local arcades.
Amtrak competes with busses and airlines. Your local library competes with book stores. PBS competes with commercial television. The Post Office competes with Fed Ex. Public Schools and Universities compete with private ones.
The internet, initially invested in by the government, today competes with television and newspapers.
The SBA gives grants to Small Businesses, not only competing with banks, but subsidizing companies that will compete with others!
> do their best to help everyone, without hurting anyone
The nature of the redistribution of wealth (welfare payments, etc) hurts one group (rich) to help another (poor). This is what governments do best.
If you want to help everyone without hurting anyone, you need a perfect Free Market (perfect defined as one with no externalities). Only in a free market are all decisions Pareto Optimal (no one made worse off). The nature of government is to to achieve solutions that are NOT Pareto Optimal.
Creating a secure environment for businesses is certainly within the realm of government behavior, especially when market forces have not yet achieved said environment.
Re:Damnit, why do I have to pay for this? (Score:3, Insightful)
Re:competition ok, but not from government (Score:5, Informative)
Were we in competition with existing software to run hospitals? Yep. Did they complain? Nope. Some of them even took the software we wrote and repackaged it. They were (are) allowed to under the FOIA.
Re:competition ok, but not from government (Score:4, Informative)
Re:competition ok, but not from government (Score:2)
The government is meant to *help* business? Whats this? An admission that capitalism doesn't actually work? That competition and a free-market isn't enough to keep things going; that you need democratically elected people to help and promote private interests who hold an accountability to only a small percentage of the country's population?
Pure-as-snow capitalism requires but one thing from government, and it aint to help business - its to protect your and my private property. Of course, pure-as-snow capitalism doesnt work, so the government does much more, but where people get the idea that the government is supposed to *help* businesses and *not* hurt them shows just how far the pendulum has swung.
Thats not to say that it doesnt happen - TWA etc get help from the government in the form of rapists and murders (aka prison inmates) to answer their phones for their booking phone lines, and Pillbury gets money from the government to pay for advertising in impovershed third world nations
Re:It's a new concept... (Score:2)
Re:It's a new concept... (Score:3, Insightful)
So long as a government organization uses computers, it is inevitable that it will end up somewhat of an influence on the marketplace, regardless of whether it produces it's own software, uses open software, or uses proprietary software. The "don't hurt businesses by chosing not to use their product" rule does not have the effect it was meant to. (Unless you want to get cynical and say that it was *meant* to be used to prop up businesses via government influence and the alleged reason for the rule was a sham.)
What really needs to happen... (Score:2, Interesting)
Think about it in laymans terms:
Open source means you release how stuff works. If we put this in security systems, people will understand how to crack in easier!!
Of course you and I know this is false, but the common man doesn't. This is the biggest thing that needs to go forward.
Government competition (Score:3, Insightful)
Re:Government competition (Score:2)
You're right, the government isn't there to compete with industry - it's here to run the country, and it's obvious that SELinux filled a necessary need, otherwise the government wouldn't have needed to subsidize it. Obviously the government felt that there was a need for a more secure operating system.
Re: Government competition (Score:2, Insightful)
> It's unfair, especially considering the fact that the government can subsidize any projects with tax money that comes from it's competitors.
In that case we know Microsoft won't be complaining.
No taxes; no dividends; sweet deal for Gates and his buddies.
Re:Government competition (Score:2, Interesting)
Mmm, but it's ok to use a Government funded (BSD) TCP/IP stack in the MS Operating Systems right?
The point is that SE-Linux is free for Microsoft or anyone else to use. It did not compete with Windows, it's a Unix.
Re:Government competition (Score:5, Insightful)
First - there is no product from Microsoft that is in direct competition. There will be no product for the forseeable future.
Second - The NSA would require the source code for whatever system in deploys. It would have to component test all of the subsystems, and ensure that no new bugs are introduced with new features. This flies in the face of the Upgrade Early, Upgrade Often mentalility an M$. (NASA users 486's in the space program, not to be cheap, but because they are a known quantity.)
Third - What the government produces, all competitors share equally. What microsoft produces, it keeps to itself.
Re:Government competition (Score:3, Informative)
pay much [prospect.org] in tax.
Government projects are paid for by taxpayers, mostly individuals and small-to-medium sized companies, and it would be in their interest to have an alternative to Microsoft.
Look at it this way, with their monopoly Microsoft is about the only entity that can reliably squeeze money out of large corporations.
My 2 cents,
Re:Licenses aren't compatible (Score:2)
I'm not sure about the distribution of the work as a whole, however.
That's scary (Score:4, Insightful)
We have Microsoft telling the NSA what to do. Shouldn't it be the other way around?
Or maybe it's one of Bill's minions I hear breathing over the phone line?
No. (Score:2)
No. On who pays the fiddler orders the tune..
Oh, you are saying its the tax payers who pay NSA, not Microsoft shareholders....
Bah..
Re:No. (Score:5, Interesting)
No.
Correct. The NSA shouldn't be telling anyone what to do. Their mandate is to collect information and provide security advice to other agencies and, where authorized, the private sector. They are not a governing body. Ditto on the last sentence for the FBI, the CIA, and various other black-op agencies running around grabbing people out of their homes in the middle of the night and confiscating their material wealth without due process in the name of the ongoing War on [insert your favorite cause here].
On who pays the fiddler orders the tune..
Only partially correct. If we truly believe in democracy and "one person, one vote", then the amount of influence we wield on our government should be proportional to the number of people we represent, not the amount of taxes we pay or, more commonly, the quantity of bribes, relabelled "campaign contributions" we stuff into the pockets of our so-called representatives.
But, even if it were 100% correct that the amount of taxes we pay should dictate the amoutn of influence we wield on our government, it should be pointed out that Microsoft almost never declares a profit on their tax returns (last year it was a 19 cent/share loss IIRC, as for tax purposes they do report those stock options which, conviniently, don't appear on the SEC filings), so Microsoft actually doesn't pay any taxes at all.
Given your reasoning, I should have much more influence on the NSA than Microsoft does. Unfortunately, that is not the case and one of the main reasons, perhaps the main reason, that democracy in the United States is falling to pieces.
Re: (Score:2)
Re:No. (Score:2, Funny)
Apparently, Bill is the one person with the vote.
Re:That's scary (Score:2)
Re:That's scary (Score:4, Interesting)
Agent: National Security Agency.
Martin: Oh, you're the guys I hear breathing on the other end of my phone.
Agent: No, that's the FBI. We're not chartered for domestic surveillance.
Martin: Oh, I see. You just overthrow governments; set up friendly dictators.
Agent: No, that's the CIA. We protect our government's communications. We try to break the other fella's codes. We're the good guys, Marty.
Martin: Gee, I can't tell you what a relief that is, Dick... You know, I could have joined the NSA, but they found out my parents were married.
Bear in mind that just because it's illegal for the NSA to spy on Americans doesn't mean they don't. Also, any technology released to commercial entities or the public in America is going to find its way to the rest of the world. Therefore, it is in the interest of the NSA to prevent Microsoft/Linux users/common people from securing their computers (the only computers the NSA is charged with protecting are the government's). However, it would be in the interest of the NSA to lead those groups to believe their computers are "so secure not even the NSA could get into them" when in fact they have easily-exploitable holes.
Ask yourself this question: why would the NSA release open source security software to the world?
Re:That's scary - NOT (Score:3, Informative)
Having worked there, I can tell you this: intercepting a US person is a SERIOUS infraction. Its not something you can do without running afoul of a lot of laws. The abuse done by the NSA during the Nixon years caused a lot of severe curbs (both open and classified) to be placed on the NSA, and those laws have serious teeth that will bite anyone violating them. As with the armed forces, there are a lot of very liberty minded folks working there to preserve your freedoms at the cost of their own. One example is that free speech is very limited once you hold certain accesses and clearances.
IMHO, you're in more danger from those folks at the FBI.
You really ought to do a seach on "USSID 18" [google.com]. I cant say anything confirming or denying, but there are some very interesting things that have been declassified out of Big Daddy DIRNSA's pockets.
Secondarily, its NSA/CSS. Ever hear of the CSS [nsa.gov] side of the house? I suggest you look it up before posting obvious biased off-base stuff thats based on a hokey movie [sneakers].
Most Secure Shops... (Score:2)
Re:Most Secure Shops... (Score:2, Informative)
-- M
Competition Must Be A Bad Thing Or.... (Score:2, Insightful)
or possibly their products are that bad.
yes.... (Score:4, Insightful)
Microsoft controlling the NSA? (Score:2, Insightful)
Translation...Complaints from Microsoft criticized the agency for providing the fruits of research to everyone, not just Microsoft, and thus hurting Microsoft's control over the world.
Thus...Bill slaps the NSA and says "Don't do that!", and the government quickly complies.
If I were a rich man..... (Score:5, Insightful)
Also what's with MS giving its software away for Free to a different government every week? Its a clear pattern designed to make sure noone can possibly compete. How are they even allowed to do this? I mean its not like they are some cash strapped competitor with no market share looking to get an edge. They are a convicted monopolist who somehow continues to walk between the raindrops and "get away with murder" right out in the open!
Re:If I were a rich man..... (Score:2)
Think "PR". I suspect that this is nothing more than a loss leader - M$ will make all their money back and more when they start demanding outrageous licensing and support fees down the road.
Individual Commercial Interests (Score:3, Insightful)
"Our interest is in helping to ensure that the government licenses its research in ways that take into account a stated goal of the U.S. government: to promote commercialization of public research."
As an American, i see the government to
- serve protect the people
above and beyond anything else. I include protector from other Americans, and other American Companies in this. The government was NOT made to serve commercial interests. The U.S. Gov't was made to keep individual freedoms, from the dammed British Stamps.I'm simply atonished by how a Company now has more power than an Individual. It was this way in the early 1900s and late 1800s, when de facto slavery of immigrants and whole families in factory towns led to the Union movements. Sadly, Unionization will not work in this day and age, not in these circumstances. Instead, sheer humanity must overcome evils like this, lead by initiatives like Open Source, which give the power back to the Individual, and letting him control his own destiny once more. Thank you programmers and hackers for letting OSS live on.
FSCK the man!
Re: (Score:2)
Microsoft: threat to national security (Score:4, Insightful)
I'm surprised they listened. Didn't Alchin, senior Microsoft executive, recently testify (in the anti-trust case, IIRC) that Microsoft software is so poorly designed and/or implemented that full disclosure of the API would inevitably result in the death of many Americans? (That is, after all, what "national security" ultimately comes down to.)
Maybe Microsoft has a point that the NSA's work with SELinux hurts the proprietary software manufacturers, but by Microsoft's own testimony it should be out of the running for all future contracts anyway. I don't care about certification, when a senior exec testifies in court that using his product poses a threat to national security I want the procurement officials to pay attention!
(On a related note, I WILL be asking the Congressional candidates this election cycle what they plan to do about the Federal software procurement cycle in light of senior Microsoft executives admitting that the quality is so poor that it threatens the national security. Microsoft has made it's values clear - $40 billion in the bank is more important than lives - and I want to make sure that my representatives make our values as a country clear. I don't want to force governments to only use OSS software, but I have no patience for excuses from companies sitting on cash reserves larger than the GDP of many nations!)
Re: (Score:3, Insightful)
And you'd like to replace that... (Score:3, Insightful)
Or will running SELinux and forgetting about those patches be different from running NT4 and forgetting to run well-publicized best practices checklists?
"American"? (Score:5, Interesting)
Somebody has to wake up.
Ahh New America (Score:2, Troll)
Welcome to hell.. The United Socialist States of America. I had hoped my kids whould have had the opportunity to grow up on the USA, looks like we lost the war for freedom.
Wait a minute... (Score:3, Insightful)
'Microsoft was worried that the NSA's releasing open- source software would compete with American proprietary software,'
Indeed. We ought not have the government funding university labs, because releasing medical research to the public domain might interfere with pharmaceutical company profits.
Not everything that's good for General Motors is good for the country, or its people, or its economy.
So much for non-Microsoft desktops for the DoD (Score:4, Insightful)
While there are lockdown procedures for Linux from what I understand, having an NSA secure version of linux would have gone a long way to validating the os from the information assurance people. I hate to be forced to use Winx for _security_ reasons.
Don
The end is near and wear a Microsoft logo (Score:2, Funny)
And it'll be Bill's fault that only cockroaches and ABIO roam the earth.
Re:The end is near and wear a Microsoft logo (Score:2)
Glass houses? (Score:2)
And with that, I release my excellent karma to the winds of change.
NSA should continue working on SE Linux (Score:3, Interesting)
Gee, imagine that -- the fruits of the research that the hard working taxpayers of America paid for is also provided to those very same citizens! Outrageous! It may be true that this research also benefits any other government or company in the world which may choose to use it; but more importantly, it can benefit any US citizen who chooses to implement it.
aggressive Microsoft lobbying efforts have contributed to a halt on any further work. "Microsoft was worried that the NSA's releasing open-source software would compete with American proprietary software," said a source familiar with the complaints against the NSA who asked not to be identified.
Gee, imagine that -- the taxpayers get can get free access to the fruits of the research which their tax dollars made possible. Lets not forget, MS can also get access to this research and implement it: either the exact implementation, which would need to be separated (at a hands length) from other components of MS' OS, or the idea and make their own implementation, which they could license under any scheme they wanted.
Microsoft would not comment directly on its lobbying efforts, but did stress that it wanted to ensure the government continued to fund commercial ventures. "The federal government plays an important ro7le in funding basic software research," said a Microsoft representative. "Our interest is in helping to ensure that the government licenses its research in ways that take into account a stated goal of the U.S. government: to promote commercialization of public research."
That's interesting. According to MS, the government has an obligation to make taxpayers pay twice for the what their tax-dollars funded. Come on. Research is publicly funded because it can help all of the US, not just corporations like MS. Gee, tough concept there -- everyone pays taxes to support research, thus everyone should benefit from it, not just MS. Again, MS can make use of this research internally, thus benefit, or even put it in their OS at a hands length, or develop their own implementation of it.
In addition, the Common Criteria process, run jointly by the NSA and the National Institute of Standards and Technology under the National Information Assurance Partnership (NIAP), is better suited to certify proprietary software coming from a single company. It's ill suited to deal with the myriad updates that the open-source community produces on a regular basis.
Then the solution is rather simple. We create a central organization of Linux volunteers to handle the mriad of updates, and they analyze and review those updates (quality-control), and submit them to the NSA and the NIAP.
Back to the government development of GPL'ed software. I think that whenever possible, the government should develop using the BSD-type license (actually, I think that the public domain should be redefined to be like the BSD-license, so that credit is always given and that the "source" of the originals are always distributed under that "license"). This is because the BSD-license allows all of the US taxpayers to implement the code in exactly the way they choose, even charge for it or make non-free modifications; but it also preserves the commons aspect of what was created by a public effort. In some cases, it may be necessary to develop under the GPL because that which your basing development off of is the GPL; such was the case in SE Linux.
Remaining anonymous (Score:2, Funny)
It has been my personal experience that people who promote propriety over government remain anonymous.
I was hoping someone farmiliar with the lobyists would post a URL explaining their POV, because I really don't see it.
What I find annoying here (Score:2)
The NSA has a large breadth of expertise to offer that should not benefit solely proprietary software. Has no-one bothered to propose to them the concept of dual-licensing? Surely if Microsoft was interested in a portion of their technology they could obtain that technology under a different license.
This whole escapade has the feel of ugly politics.
I know I found the idea of SE Linux extremely refreshing and encouraging.
Contradictions abound (Score:2)
In essence, we get to decide who makes the money.
Taxes and Public Ownership (Score:2)
The NSA had chosen to work on a product that will assist in making some of these systems more secure. They even did so in such a way that the conspiracy theorists out there can be satisfied without a doubt that there are no hidden NSA backdoors. And since they probably did so with the aim of using such software in house, at least to some extent, the lack of significant license expenses will result in less budget requirements, or at the very least, more efficient use of the current budget.
Microsoft may be upset over the double blow. One, because the NSA won't be purchasing as much of their software, and two because they'll be releasing their efforts back into the open source (read PUBLIC) community for no additional cost, therefore offering more competition to Microsoft. Of course, it's the very actions of companies like Microsoft that gave rise to the open source communities in the first place. Its a shame they feel the need to whine about it now.
-Restil
Why not BSD? (Score:2)
BSD or LGPL would be fine as far as I'm concerned.
Let's not be GPL integrist.
Too late, Tim. The process is already politicized. (Score:2)
All your IP are belong to us. (Score:2)
Microsoft would not comment directly on its lobbying efforts, but did stress that it wanted to ensure the government continued to fund commercial ventures. "Our interest is in helping to ensure that the government licenses its research in ways that take into account a stated goal of the U.S. government: to promote commercialization of public research."
Hmm, so let's get this straight, using tax-payers money to do useful research and then giving the results of the research out to the tax-payers, hurts companies, so instead the research should be handed over to a commercial company who will sell the IP at a huge profit ?
There is something wrong in American society where the needs of a few (or one) companies, outweighs the need of all the citizens, and the other 99.99% of companies, who would all benefit from the research being released into the public domain.
I suggest for the benefit of your country, you send a message of support to the Open Source now [redhat.com]bill, before your government is completely assimilated.
Compete with private industry my ass (Score:2)
Any corporation can benefit from this by using it within their infrastructure.
MS' claims are absurd. The US government has the responsibility to do what is best for all of its citizens (while respecting the constitution and the amendments), not just what is best for corporate America. Granted, corporate America is a part of the picture, but its not all of it. SE Linux is a great benefit to the public as a whole.
The government has no obligation to subsidize obsolete products by buying them when it can make superior ones and use them; this -- subsidizing and using inferior products regarding security -- is dangerous to the security of the nation.
Futhermore, the results of government research should be available to all to use, whenver possible. In this case, the government based it off of the GPL, so it had to be GPL'ed. Never-the-less, it is available for all to use, with one restriction in that any modifications of it must also be GPL'ed. But MS whine the same complaint if the government did SE BSD: its competing with private industry. Bullshit.
If MS doesn't like the fact that this is hurting their business, they should make a more secure OS. But don't expect MY tax dollars to go towards buying an INSECURE OBSOLETE operating system, thus subsidizing a private industry (i.e., MS) which can't make it on its own.
They have one point (Score:3, Insightful)
Should the Government Compete w/ Private Industry? (Score:4, Insightful)
GPL and choice (Score:3, Insightful)
This is absurd. GPL'd software can be used by anyone willing to abide by the terms of the license. If a company chooses to make proprietary software and not release the source, they are voluntarily choosing not to use GPL'd software. It is ridiculous to say that they "cannot" use the software; that is a choice they made based on their own business model.
That is MY money they are talking about! (Score:3, Insightful)
"The federal government plays an important role in funding basic software research," said a Microsoft representative.
As a US tax payer, that is MY MONEY they are talking about there. I have no objectisons to the federal goverment funding development for things they need, but Microsoft is talking as if it is their right to have the money. It is not a right. Software may not be a significant part of the US budget (though much of it is obscured in other items), but it still amounts to millions or even billions of dollars a YEAR! (I used to work from one company that was getting a couple million a year to develop software, combine that with a few other companies)
I pay taxes on the money I earn. I expect that money will be used as carefully as I take care of mine. (and I'm known as a frugral guy) That doesn't mean spend no money, but it means think twice before spending it.
It is NOT the job of the goverment to fund research. Microsoft has a large pile of money, it is their job to invest that money in research. It is the goverment's job to see where the goverment needs something (that may not even be useful to anyone else), and supply money to get the need filled quickly. Any other research is for universities, and should be public domain.
US Gov simply cannot release stuff under GPL. (Score:4, Informative)
To release source code under the GPL, you have to hold the copyright to the code.
The US Government (in this case represented by NSA) cannot hold a copyright, the law does not allow for it.
No copyright, no GPL, end of story.
But I have no doubt that M$ whined too.
Re:US Gov simply cannot release stuff under GPL. (Score:4, Informative)
17USC 105. Subject matter of copyright: United States Government works
Copyright protection under this title is not available for any work of the United States Government, but the United States Government is not precluded from receiving and holding copyrights transferred to it by assignment, bequest, or otherwise.
Re:US Gov simply cannot release stuff under GPL. (Score:3, Informative)
A 'Statement of Assurance' on SELinux patents (Score:3, Interesting)
Apparently, all of a sudden the NSA's partner, Secure Computing Corporation, came out and made a special exception from their Manditory Access Control Patents for SELinux. It may have been a desperate act to keep the NSA on board. It seems this company was deriving exclusive software patents from work partial completed/funded by the NSA. If I were a generally unaware politican told of this situation by a Microsoft birdie, I would see it a fraud/waste as well.
Although I cannot know for sure, from the basic facts availible to me, this seems to be a case of SCC's software patent greed biting them on their own ass. MSFT probably spun it as, "the govenment partially paid for labor leading to a patent for a competitor of ours, and it's not public domain.
Disclaimer: I hate software patents, as much as I would hate math patents if they existed. This may bias me against SCC.
Question (Score:3, Interesting)
But the question is, can the government do that? According to the GPL, no. But, the owner of a copyright can grant exceptions to the license. Thus, Torvalds could grant an exception to the NSA regarding SE Linux, which would be as such: the original source code of the kernel/Linux upon which you based your modifications must still be released under the GPL; however, the modifications or additions you made may be released into the public domain or under the BSD license.
Furthermore, such would give the GPL license legal credability, as the government would be asking for an exception (though the NSA already gave the GPL license legal credability by releasing their modifications under the GPL).
That said, perhaps there should be some modifications of the GPL to allow people to release modifications under alternate licenses (which would include the public domain and OSI-certified or OSS licenses), if they can't possibly (due to legal restrictions) release it under the GPL. After all, its better that the modifications be released under a BSD-like license or the public domain (as opposed to the GPL), than not be released at all (which would ocur if the authors of the modifications were prevented from releasing modifications under the GPL).
Re:Question (Score:3, Informative)
Does Torvalds own the copyright to the entire kernel? I wasn't aware that he had had all the contributers in the past send him copyright assignments (which is what the FSF does). I'm fairly sure different parts of the kernel are copyrighted by lots of different people.
And due to some of the wonderful properties of the GPL, you'd need to get every person who has contributed code into the kernel to agree to the exemption. Good luck.
Biased article? (Score:3, Insightful)
I have a problem with this statement:
Many complaints criticized the agency for providing the fruits of research to everyone, not just U.S. companies, and thus hurting American business.
This is pretty biased. Shouldn't it be more like 'Many complaints criticized the agency for providing the fruits of research to only free software developers, not to all software developers and companies, thus hurting American business.'
How would developing the security extensions in the public domain, or under a BSDish license keep them from being used by 'everyone'? Putting then in Linux (and consequently having them been covered by the GPL) does a much better job of keeping 'everyone' from using them than a more free license like BSD.
If the NSA were going to do something like this, they should have based it on one of the BSDs instead. By developing the extensions in Linux, they effectively made them useful only to Linux - putting them beyond reach of countless software companies. Of course, this has been the software industry's complaint to government funded research producing GPLed software from the start.
I remember when there was a USA (Score:3, Funny)
Then they added a new ammendment to the Contitution EULA that effectively invalidated the 13, 14, 15 ammendments of the old Constitution and made it legal for software companies (MS because by then there was only one) to literally own people and make them buy software whether they wanted to or not. Debtor's prisons came back online after over 200 years. The shortway around that was to simply become the nation and hire the entire country as cadres of MS employees. Everyone became a 'limited use MS employee licencee'.
Around 2014 was when DoubleplusXXXP+# was running the food distribution complex in east central Billtania (formerly called the "Midwest") and a major BSOD glitch caused 65 million people to starve to death. In order to make up market share MS tripled the food EULA charges on the survivors and then cut their wages by 30%. Which is when the mass suicides and infanticides began.
In 2018 Bill proclaimed himself God-Man and licenced the air we breathe now.
Not the whole story.... (Score:5, Interesting)
Yes I hate Microsoft, but this article is kind of ridiculous...it uses some vague quote to make microsoft look bad. This is not the way to win the war.
Mandatory Access Control (MAC) (Score:3, Insightful)
There was no competition (Score:3, Funny)
As we all should know by now, making secure systems is not Microsoft's business.
So...where is the competition?
It's the applications, stupid (Score:4, Informative)
Writing server-type apps to live within the constraints of a mandatory access policy is tough. (Look at how much crap runs as root because people can't make it live within the UNIX permission structure, which is far less restrictive.) But it's the only approach that works, because the applications aren't trusted.
If you want to help, make some major application, like a mail program, work under SELinux, with as little trusted code as possible. Somebody was doing this for an FTP server, but those are of limited use. A mail server on SELinux would actually be useful.
Foreign access to SELinux (Score:3, Interesting)
I think the line about anyone having access is telling, but not in the way many people seem to be taking it. The NSA isn't concerned with US citizens having access to SELinux, although I'm sure that some people within the NSA are. They are concerned that security technology developed by the NSA will be made available to other countries. The NSA is fighting the tide of knowledge. The Soviet Union used to do this, to an even more dramatic extent than our government does. Anything mailed or published outside the USSR was subject to censorship. Soviet scientists used to get around this in interesting ways. For example, a physics paper was published that started "Imagine the interior of a star .... ". The censor immediately decided that there was nothing of interest militarily and passed the paper through for publishing in Western Europe. The star described could not possibly exist, it was actually describing a third stage thermo-nuclear explosion and gave Western physicists insight into the sophistication of Soviet nuclear weapons technology.
Information and knowledge cannot be prevented from spreading, as the Catholic Church in the middle ages learned, as the Soviet Union learned, and as the NSA keeps trying to forget.
Microsoft undermines national security (Score:3, Interesting)
Fine.
But let's be sure to mention this next time Osama bin Ballmer starts foaming at the mouth about how Linux is un-American, and remind him that Linux developers have never undermined the safety of American citizens in order to line their pockets.
And while we're at it, let's consider what gigantic software monopoly distributes a flight simulator capable of accurately emulating passenger airliners, along with detailed scenery of American airports and major urban centers, complete with individual office towers.
Of course, having already crippled Naval warships, I shouldn't be surprised that Microsoft is now trying to cripple our chief intelligence agency.
Bad info? (Score:3, Interesting)
Dick Schafer is not the deputy director of the NSA. Per one of their press releases over two years ago, Bill Black is the Deputy Director:
http://www.nsa.gov/releases/newddir_071000.html [nsa.gov]
Also, SELinux was updated on July 3rd. Sounds like a bit of work for a dead project
http://www.nsa.gov/selinux/news.html [nsa.gov]
Now we've done it... (Score:3, Interesting)
At first I was surprised, but a Netcraft look-up explained it all.
"The site www.nsa.gov is running Microsoft-IIS/5.0 on Windows 2000."
That does NOT comfort me at all.
Open source, yes. GPL, no. (Score:3, Insightful)
Having the U.S. government develop open source is just fine. We, the people, are the ones paying for the work, and the results of the work belong to us. However, having the U.S. government develop under the (full) GPL results in software which is restricted, and not available to everyone. The appropriate result of government work is really the PUBLIC DOMAIN.
C//
Re:analogy (Score:2)
Re:analogy (Score:3, Insightful)
A better analogy:
Say you have a chain of lemonade stands and are selling weak, unsweetened lemonade for $199 a glass. The lemonade stand is your only source of income, so you want to protect it. You forbid anyone from sharing the lemonade they drink and if they drink your lemonade you forbid them from drinking anything else to slake their thirst.
The community deploys water fountains, a few people put down fruit trees and a few start selling different kinds of fruit juices.
You bribe public officials with "campaign contributions" to pull the water fountains and send hired goons to intimidate, buy out, or otherwise break up your competition.
That's a better analogy of what Microsoft is doing with regard to Linux.
And no, I wouldn't hire goons, grab an axe, or bribe officials. I'd start offering what people were asking for rather than crush the life out of them like an asshole.
Re:Why Linux sucks (Score:3, Interesting)
Which versions? Are you using standard (good) hardware or POS rummage stuffs?
>My windows box uses about 40 megs of ram to boot, Linux uses about 175 (and
Linux is a monolithic kernel)
I'm using 172 MB of memory (with all the nicieties ON). And about that "Monolithic kernel crap"..
modprobe idiot_slashdot_poster IQ=1
>Linux crashes much more often than windows, way more
How so? Windows freezes much more on me. Even hangs during INSTALL. I've never seen Linux hang like that.
>The few Apache/MySQL vs IIS/MS SQL tests I have seen have been won (sometimes dominated by) Windows
I dont care about those tests... However, I do remember some test that had really crappy hardware for Linux and a quad proc with Win. Wonder what won that...
X is a one size fits all poor implementation at a responsive display server (both Apple and MS are moving to hardware accelerated GUI)
>KDE is maybe the only thing on earth more intigrated than windows explorer, everything under the sun imbeded into konqueror, it makes it clunky as hell, Nautalus is nearly as bad
Damn straight. It crashes a lot over stupid stuff, and it does hog memory. Still, after it crashes It works OK.
>Ease of use for the newbie is not as important as ergonomics for powerusers, but Linux has yet to bring an environment to the table that I can efficiently get work done it.
If you like Windows interface, go use FVWM95. I'll stick to using KDE and Wmaker.
>WinXP Pro comes with a 480 meg CD, Mandrake is 3 CD's and SuSE is 7
That's all apps you can use. Only thing I need to download is a DVD/AVI app. Windows comes with garbage (MSNMessenger vs. Gaim , IE vs. Moz, Paint vs. Gimp, nothing vs GCC suite).
>NTFS is much more stable than any Linux file system, hard shut down in Linux and watch it fsck your box
Permissions on WinNT are much nicer to deal with. Still, XFS and Reiser are really good for Linux. Only a second or 2 to "check disk".
>Installing software on a Linux system is badly broken, often you end up fixing make files, chasing dependencies, or in situations where you can't update a library with out breaking other apps, many libraries are not very backwards compatable and someone still has yet to write an installer for Linux. Nullsofts SperPiMP installer for windows is only 498K but such a simple installer has yet to exist for Linux because it's design is funamentally flawed.
Even windows 3.11 had an installer and you can install the 32 bit libraries for it and still run binaries that were compiled on XP, lets see Linux do that
Creators dont care to package a nice installer like the one Loki used in UT install. Still, if you compile static LIBS inside your binaries, thye'll run on nearly any Linux X86 platform (if that's the arch you compiled them for). RPM's are OK, but you have different companies repackaging them and breaking them. Still, the best is AUTOCONF
>Developers will often use GPL just so they can avoid having to create and test seperate packages for the last 3 versionsof every major distro, GPL lets someone else do it.
Yep. Essentially they are lazy in a certain regard. If you'd undertsand, they make the app for themselves alone. If somebody else wants it, try it out. If it doesnt work (and you want it), you fix it and submit patches. That's part of the cost of using Linux stuff. It doesnt cost money... Just time.
>The exists no development environment more compelling than gcc and emacs, for this reason Linux apps will always be behind
QTdesigner, INTEL's cc, KDevelop... I'd say they're "nice". Still, that's a simple bitch comment.
>Would like feedback on this
>Thanks