Is Open Source Fertile Ground for Foul Play? 723
jsrjsr writes "In an article DevX.com entitled Open Source Is Fertile Ground for Foul Play, W. Russell Jones argues that open source software is bad stuff. He argues that open source software, because of its very openness, will inevitably lead to security concerns. He says that this makes adoption of open source software by governments particularly worrisome. In his words: 'An old adage that governments would be well-served to heed is: You get what you pay for. When you rely on free or low-cost products, you often get the shaft, and that, in my opinion, is exactly what governments are on track to get.'"
Wow (Score:5, Funny)
Ahhh.. (Score:5, Funny)
The whole thread that will light-up in response to this old chestnut!
PLOFIT! (Score:3, Funny)
2) Get a bazillion hits.
3) PLOFIT!
He might be right. (Score:3, Funny)
'You get what you pay for' (Score:5, Funny)
I wonder if he's getting what he paid for.
Re:Sounds like someone trying to by controversial. (Score:5, Funny)
This day will go down in history.
Whos to say what someone implements? (Score:2, Funny)
Re:Russell seems a bit dated (Score:1, Funny)
Holy crap. I thought 'no way could someone sum this up fast' but you did it in one sentence! Bravo!
Vulnerable? (Score:3, Funny)
He argues that open source software, because of its very openness, will inevitably lead to security concerns.
Well, thankfully Windows is closed-source, or else there'd be security issues wi-- oh, hang on a sec.
At least they seem to practice what they preach (Score:5, Funny)
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 Feb 2004 21:06:06 GMT
X-Powered-By: ASP.NET
In other news, the devx.com website was found lying in its own blood and excrement after being linked from Slashdot.ORG today.
Elequence personified (Score:3, Funny)
Aah, the sweet sweet tones of language in the hands of a master. What subtlety, what charm, what wit. Prithee kind sir, wherefore is thy prose, thy grasp upon the fundamentals comprising the very art of speech itself?
English Grade: C-, should learn not to use informal language when making a formal argument.
Cheers,
Ian
Hi I'm A. Russell Jones... (Score:4, Funny)
Mastering ASP
and...
How To Kill Penguins With Broken Shards of Windows.
*YAWN*
Re:Russell seems a bit dated (Score:3, Funny)
You get what you pay for? He's right... (Score:1, Funny)
Re:Um, yeah (Score:3, Funny)
If that is your real name. . .
Article is by A. Russell Jones (Score:4, Funny)
Re:Here's the article, site has been slashdotted (Score:4, Funny)
pure genious (Score:3, Funny)
you get what you pay for (Score:4, Funny)
I don't know whether to laugh or cry (Score:3, Funny)
FREEVBCODE.COM -- Get high-quality, FREE Visual Basic code
The real kicker is that I can already get free, high-quality Visual Basic code... Just open the wrong attachment in Outlook.
Re:Sounds like someone trying to by controversial. (Score:5, Funny)
No talent assclown.
Reading his article is free. (Score:5, Funny)
Re:Microsoft irony is not lost (Score:3, Funny)
http://neowin.net/comments.php?id=17509&categor
In other news .... (Score:5, Funny)
The new project entitled "Flaming Troll" was kicked off today with an article that would be very interesting and informative for your average Slashdot reader.
So far the project seems to be a success
Oops... (Score:3, Funny)
--
Evan "About to take down a Linux system running kernel 1.2.x for about 4 or 5 years and upgrade to SuSE 9.0"
Re:Wow (Score:1, Funny)
This is ground control to major troll...
Re:Sounds like someone trying to by controversial. (Score:5, Funny)
Re:Sounds like someone trying to by controversial. (Score:2, Funny)
(and this is nothing more than baseless speculation. I don't want to be sued by Intel)
Fairly Humorous (Score:2, Funny)
Plus, el supremo Jones fails to comprehend the concept of reverse engineering. Perhaps learning things is more difficult with that enormous wad of MicrosoftBucks that keeps showing up in his bank account.
Absolutely right (Score:3, Funny)
Just as well nobody is stupid enough to breathe the air in the atmosphere isn't it? I mean, who wouldn't go with cans of Ozone Friendly FreshAir(TM) Only $10 A Can?
And as for that wet stuff that comes out of clouds, nobody, surely, would be dim enough to think that was actually
Repeat after me, all consumers: Free = Wrong. Pay Corporation $$$$$ = Right. Have you supported your local fat cat today by buying something that is normally available for no cash whatsoever?
Re:Sounds like someone trying to by controversial. (Score:5, Funny)
Urinalist?
Re:Sounds like someone trying to by controversial. (Score:2, Funny)
Oh the irony! The very next slashdot story is about Windows NT and 2000 source code being leaked to the net.
Re:Sounds like someone trying to by controversial. (Score:1, Funny)
Re:Russell seems a bit dated (Score:5, Funny)
s/open source/Microsoft/g, get same article? (Score:2, Funny)
It's funny, but if you just make opposite words out of this article, you get something that sounds just as reasonable about Microsoft.. Try it out!
"In short, Microsoft's expensive and high-cost software products are likely to be widely adopted in governments, where spending public money for licenses is an easy justification. Inevitably, that choice will lead to security breaches that will cost those same governments (and ultimately you), huge amounts of money to rectify."
"Microsoft software goes through rigorous security testing, but such testing serves only to test known outside threats. The fact that security holes continue to appear should be enough to deter governments from jumping on this bandwagon, but won't be."
Man, this is fun! Nothing like reading Microsoft gimp droppings! drool.
Windows is open source too! (sorta) (Score:1, Funny)
It just lacks the advantage of peer review all these years.
Re:Sort of (Score:3, Funny)
(you did mean the lawsuit when referring to SCO's flagship product, right?)
Fixed Your Article (Score:1, Funny)
An old adage that governments would be well-served to heed is: Caveat Emptor. When you rely on proprietary products, you often get the shaft, and that, in my opinion, is exactly what governments are on track to get. Perhaps not today, nor even tomorrow, and not because closed source products are less capable or less efficient than open source products, but because sooner or later, governments that rely on proprietary software will put their country's and their citizens' data in harm's way. Eventually--and inevitably--an proprietary product will be found to contain a security breach--not one discovered by hackers, security personnel, or a CS student or professor. Instead, the security breach will be placed into the proprietary software from inside, by someone working on the project.
This will happen because the proprietary model, which hides the source from external audits, virtually guarantees that someone, somewhere, will insert malicious code into the source. Malevolent code can enter proprietary software at several levels. First, and least worrisome, is that the core project code could be compromised by inclusion of source disguised as a fix or extension. As the core Windows code is carefully scrutinized, that's not terribly likely. Much more likely is that versions will be created and advertised, or created with the express purpose of marketing them to governments at cut-rate pricing. It's not far-fetched to imagine a version subsidized and supported by organizations that may not have U.S. or other government interests at heart.
Third, an individual or group of IT insiders could target a single organization by obtaining a good copy of Windows, and then customizing it for an organization, including malevolent code as they do so. That version would then become the standard version for the organization. Given the prevalence of inter-corporation and inter-governmental spying, and the relatively large numbers of people in a position to accomplish such subterfuge, this last scenario is virtually certain to occur. Worse, these probabilities aren't limited to Windows itself, the same possibilities (and probabilities) exist for every proprietary software package installed and used on the machines.
How Can This Happen?
The products of the proprietary software development model have become increasingly entrenched in large organizations and governments, primarily in the form of Windows, an expensive proprietary operating system, the expensive and proprietary Internet Information Server, and proprietary office suites. There are several reasons that proprietary software--and Windows in particular--are seeing such a dramatic downtick in use, including IBM's extensive Linux support effort over the past several years, and the widespread perception that Linux is more secure than Windows, or at least that vulnerabilities are patched quicker.. (Use this link to see an example of how long Microsoft can take to fix a critical vulnerability, or this link to see what Gartner Group thinks about IIS and security.)
So far, major Linux distributions such as Debian and others have been able to discover and remedy attacks on their core source-code servers. The distributions point to the fact that they discovered and openly discussed these breaches as evidence that their security measures work. Call me paranoid, but such attacks, however well handled, serve to raise the question of whether other such attacks against proprietary software vendors have been more successful (in other words, undiscovered or unreported). Because so few people can audit the Windows source code, there's also a reasonably high risk that someone will create a modification specifically intended to subvert security. And how would anyone know?
Open source software advocates rightfully maintain that the sheer number of eyes looking at the source tends to rapidly find and repair problems as well as inefficiencies--and that those same ey
Mod the parent INSIGHTFUL. . . (Score:3, Funny)
Re:Sounds like someone trying to by controversial. (Score:3, Funny)
Re:Security problems? (Score:3, Funny)
yes, there is the issue of big name distros like Debian getting rooted. Yes, we heard about the attempt to corrupt Linux BKCVS (someone committed to the repository, disguised as Dave Miller). The OSS community as a whole found and corrected every case and the author of this article is looking for the time when we won't catch such a subversive change.
Developer trust on the Internet is typically done via PGP/GPG too. Numerous key signatures verifying someone's identity are not ultimate proof, but they assist in reassuring people that a person with that name exists and probably is fairly trustworthy. I've mostly found all of the OSS developers I've met to be forthcoming and truthful and wanting their programs to be rock solid and uncorrupt.
And only half tongue in cheek (considering the possibility that this is a fake)
But can you explain why there are traces of Code Red sitting in the zipfile of the alleged leaked Windows source code?
This just in! (Score:1, Funny)
4. Profit! (Score:2, Funny)
2. Grow desparate
3. Sell out to big corps by writing article
4. Profit!
Ironic slashdot ordering (Score:2, Funny)
Re:Sounds like someone trying to by controversial. (Score:1, Funny)
SOURCE CODE OMFG R0Xx0R!!!!1!!1!1111 (Score:2, Funny)
Re:Sounds like someone trying to by controversial. (Score:2, Funny)
Re:Closed source can be just as bad. (Score:3, Funny)
I pay for it every time I use it--in wasted time, in aggravation, etc.