quote:
"...because 'it is inherently insecure, unreliable' and, what was their biggest argument, 'there is nobody in this country who could give you any support for Open Source', etc. Now hold on there! Didn't Steve Ballmer himself, just not too long ago, promise that the MS FUD campaign was over?(!) Didn't he give a speech wherein he promised that, from now on, MS was going to concentrate on "added value"?(!) So what were these sales reps doing here? What happened to Ballmer's promise?(!) (As if we didn't know )
But the general populace will never know, and therefore never call him a liar for breaking his promise -- and even if this incident did get into wide circulation, he could claim that the sales reps were not in line with corporate politics or whatever.
My favorite part is that "_"linux is inherently insecure and unreliable"_" -- but they completely abandonded that stance in front of the NSA when those great ol' American spooks released SELinux. Remember hearing about that? I finally re-found the article
here.
<<-excerpt->>
quote:
Microsoft vs. the NSA
SE Linux may be the NSA's last direct contribution to open-source security, however. Because of loud criticism, the NSA will have a far less direct role in the creation of more secure versions of open-source software.
"We didn't fully understand the consequences of releasing software under the GPL (General Public License)," said Dick Schafer, deputy director of the NSA. "We received a lot of loud complaints regarding our efforts with SE Linux."
Many complaints criticized the agency for providing the fruits of research to everyone, not just U.S. companies, and thus hurting American business.
While stressing that the agency received a loud chorus of support as well, the chagrined Schafer said that the issue was contentious enough that "we won't be doing anything like that again."
Sources familiar with events said that aggressive Microsoft lobbying efforts have contributed to a halt on any further work. "Microsoft was worried that the NSA's releasing open-source software would compete with American proprietary software," said a source familiar with the complaints against the NSA who asked not to be identified.
Microsoft would not comment directly on its lobbying efforts, but did stress that it wanted to ensure the government continued to fund commercial ventures. "The federal government plays an important role in funding basic software research," said a Microsoft representative. "Our interest is in helping to ensure that the government licenses its research in ways that take into account a stated goal of the U.S. government: to promote commercialization of public research."
Did you see that? M$ didn't want the NSA to stop working on SELinux because it is inherently less secure, but because contributing to GPL code directly hurts the sale of proprietary code. No mention of insecurities in Linux architecture, because coming from the spooks who
are security, Linux was the platform of choice (probably more due to it's higher profile than, say, OpenBSD which would have made a better choice purely in terms of security, methinks, but read the whole article for a discussion of a successful hack into SELinux....). Also, notice that M$ and the regular gang of corporate thugs didn't ask the NSA to contribute to making proprietary code more secure, but that they merely
fund American companies so that supposedly the Am. Companies will make thier own version of SE-O/S.
As a small aside, the NSA might have already made a SE-M$-Windows, but because they can't get the code legitimately, no one would trust them. Also, because they could not release the code afterwards, who is to say that the NSA didn't put a few back doors in for themselves...?
see this about the possibility of the NSA already having keys to the Window$ kingdom....
Just the fact that it might be likely spooks a lot of people (pun intended). But, under the terms of the GPL they must release modifications to GNU/Linux -- does anyone know where we can grab the source? -- and backdoors become extreemly unlikley. Not impossible because of the strange grey areas of the GPL, but unlikely.
Also, notice that the NSA didn't say they would stop working on SELinux, they would just stop releasing it to the public. I can garuntee you that they use Unices on thier internet interfaces; search the web about portscans of the NSA's internet machines -- the OS fingerprints change daily. I challenge anybody to make a windows machine look like Solaris, UNIX, Linux, OpenBSD, Windows 9x/NT4.0, etc etc. With the NetFilter Hack and iptables provided by Rusty Russel It is possible to modify the network stack and use a dynamic firewall to scramble the OS fingerprint -- see
the nmap site for a discussion of os fingerprinting. Under windows you would have to rewrite at least one entire network stack to get the same preformance. Quite possibly both the incoming and outgoing stacks, to ensure that the kernel doesn't kick back invalid packets before they could be handled by the OS-scrambler. Very little would have to be changed in the Net Filter Hack to ensure that all packets travers the "mangle POST-ROUTING" chain because iptables rests on the NetFilter Hack. Just search the net for additions to the NetFilter Hack. "perlipq" is the most prominent.
where was I?
maybe I should just
</ramble>
</transmission>
-t.
[ December 02, 2002: Message edited by: beltorak0 ]