Jane's Intelligence Review Lauds Slashdot Readers as Cyberterrorism Experts 195
Open source meets open source
What happens when you throw together open source intelligence (intelligence from non-classified sources) and the online open source movement? Jane's Intelligence Review (JIR), a leading specialist security analysis did just this, and the results were an eye-opener for all parties concerned. Writes Johan J Ingles-le Nobel, JIR Deputy Editor:
When you're confronted with a prospective article about cyberterrorism, as a journalist you know this is a massive emerging topic and that it will make a great story. After all, you've got to be both blind and deaf to have missed the unprecedented emergence of this thing known as the Internet, and that the day will come when, like anything else, it comes to be seen as a tool in the armoury of those that seek to harm and terrorise. Yet the very nature and vocabulary of the subject precludes a thorough understanding unless you're a programmer in the first place. Buffer overflows, denial of service, CGI, 128 bit encryption - such words are all anathma to the layman, yet crucial to a good article on the issue.
"JIR's choice at this point, upon receiving the article, was tough. It's great to get copy from someone you know to be very good on terrorism on this subject, but upon reading the article left me with more questions than answers - and questions that only qualified people could answer properly. I'm not referring to shallow 'such and so defaced a website' type of answers, but thoughtful responses metered with specialist knowledge. So what better way to find answers than to go online, to seek out expertise on the subject?
Unfortunately, finding good information online is not nearly as easy as it should be. Thankfully, months earlier I'd noticed a link to Slashdot posted on a web-hosting service owned by a friend of mine, and having followed the link, bookmarked it a long time ago. Thus, upon receiving the article and personally researching cyberterrorism to find out a bit more on the subject and having been alerted to the fact that a) Linux is the best 'programmer's' o/s environment, b) many webservers use Linux and c) you're looking at expertise in both these areas for sensible answers, there was really no choice but to ask the guys that actually do this stuff for advice.
In retrospect, I'm delighted that I did. 250+ comments and 35 emails from psychologists to network analysts, and from Sun engineers to Cambridge Dons later, The responses have been insightful and knowledgable, with many excellent points made. I've even had a lot of 'thank-you' type letters from computer security professionals for trying this approach. Of course, when you ask for feedback you get feedback - and since roughly 99% of the posters slammed the article, even saying things like 'we'd expect better from Jane's', I've informed the author that we're not going to run with it. Instead I'm going to cull your comments together and make a better, sharper feature out of it - I'll be getting in touch with several of you for more specific details or for more clarification. The article will thus go into December issue (published middle of November), I'll arrange to have it put onto the free section of the Jane's Intelligence Review website (yes, you do all get to see it, of course), and if you find your comments included, contact me at johan.ingles@janes.co.uk for payment at our usual lineage rates (yes, of course you get paid - after all, we are gentlemen).
In summary: wherever you may be and whatever you may do, a big 'thanks, guys' comes your way from just south of London, England.
Johan J Ingles-le Nobel,
Johan.ingles@janes.co.uk,
Jane's Intelligence Review.
um... (Score:4)
Very classy (Score:2)
--
Respect (Score:2)
How many of us have taken part in "Crack this Machine" contests? Granted most of us didn't win, but we all had good ideas about security that needed to be tested.
LK
Sheesh (Score:1)
It's kind of odd that you're looking to slashdot for this sort of thing about cyber terrorism, I mean theres really not that much of a story behind it and quite frankly I don't see how theres a story here at all, it's like the "cyberwar" between Pakistan and India, it has an effect but it's negligable if one side does anything.
-[ World domination - rains.net ]-
Re:sdfgs (Score:5)
Community Editing/Writing. (Score:5)
Perhaps a section of slashdot for proposed stories to be discussed, with actual stories being a summary of comments, etc..
"From the Community, FOR the community"
AC $$$$ (Score:5)
How will this work? (Score:1)
It might not be a bad idea to put together a web resource of of the quality information available on electronic terrorism and countermeasures.
Well done, Jane's - will we see more of the same? (Score:1)
I didn't post on the cyberterrorism thread because by the time I got there all my points had already been made. Several times. B-> But congratulations to those who will be quoted in Jane's.
It will be interesting to see if this starts a trend. But on the other hand, they used to say "Go not to the USENET for counsel, for they will say both no, and yes, and `That's already answered in the FAQ, and..." (Or something like that.) And that was pre-AOL, pre-spam, pre-The-September-That-Never-Ended.
But, on the gripping hand (wow, Tolkein and Niven/Pournelle refs in the same post!), /.'s moderation would seem to help the best, most informative posts bubble to the top in such a discussion.
It would be interesting to set up a consulting organization along these lines. Or maybe even use the existing /. infrastructure.
Open source journalism (Score:5)
We are journalists, in a strange twisted way. We report what we know to educate others. Doing it in this sort of fashion, I beleive, is an amazing idea and concept.
I am begining to think that having this be open sourced is even more important than having open source software. Software completes tasks, but it does not shape and form our views on a subject. I t is about time that a place takes recognition of the importance of the community effort. People can not pull the wool over the eyes of many, not without a fight.
May the open source movement migrate into and improve all things.
Slashdot Press, Inc. (Score:3)
Of course, every piece produced would have to have the obligatory yea linux, down with microsoft, anything but open source sucks comments somewhere.
Great... (Score:3)
Look how far Slashdot has come (Score:3)
The future will only bring more of this type of group editing to the forefront of the media. I look forward to being part of it.
Kudos to Jane's for having the balls to do this and congrats to the REAL experts gettting some recognition.
jas
Can you say 'cred'? (Score:2)
If you contributed (I regret I did not) then slap yourself on the back and treat yourself to a beer. Hell of a good job, humans.
A plea (Score:3)
Now that Slashdot has helped you out, do you suppose you could talk to Electronic Arts and get them to release Janes' Fighter's Anthology and Janes' Israeli Air Force for Linux?
Sincerely,
Patrick Draper - a big fan
Oooops.... missed out the first time around (Score:3)
About CT, though- the main problem is that the general public at large uses Windows, and by it's nature Windows is insecure. For example, (and I konw that this was cited in the original, after reading the comments) Back Orifice. Yes, most of us here wouldn't touch it (at least, I doubt that most of you would) but the idea behind BO (and BO2K) is that it was written using STANDARD API's in Windows. Under UNIX, without any kind of user access, it is (AFAIK) exremely difficult to have a program installed in user-space (the BOserver) and through that program, remotely control the system without having any user access. If you can dupe the user into running any kind of trojan or the server itself (come on, imagination- if an email came from "techsupport@microsoft.com" with a heading "Security update for " and an attachment (the BOserver), how many clueless windows users would download and run it without thinking?
The idea that it was implemented with standard API's and from user space (giving the remote user even more control than the local user has) scares me. Good thing I don't run Windows... lots of lamers at school use BO for fun. But imagine MS's plan in full execution- WinNT or Win2000 (whatever they're calling it now) on EVERY DESKTOP IN EVERY ORGANIZATION. There are ways of remotely executing code, you know. And this tool (BO2K) is one of the reasons that governments worldwide don't use Windows. Period.
Group Authoring (Score:4)
Kudos to Jane's. It's not only good that they asked for comments, and are taking note of what they received, but also that they're offering to reward those whose contributions are being published. Has anyone published an article in this way before? It's the first of its kind that I've encountered. I wonder what threshold Johan J Ingles-le Nobel had his preferences set to, or whether the comments were summarised for him.
Several points about the method come to mind. Firstly, how are they intending to honour payment to people who made particular points or comments, when their points may be rephrased (and hence made unrecognisable, even if the point is still understandable) for editorial reasons, or when several people may have made the same point?
Hmm, I remember articles a while back about how to properly distribute books, essays and monologues electronically, and still receive payment for them. It's a shame this method can't be used more frequently - it relies too much on simple honesty.
Can an article still have coherency, and a clear point, when the person collating all the points may not have as much expertise in the subject area as those that submitted the information? It's not easy to create a coherent article if the subject isn't your own, even if you have a series of excellent references. I'm not knocking the people at Jane's, I just see it as a difficult task to form the mass of /. comments into a single article that would fit in magazine format.
Good effort.
S.Re:Respect (Score:1)
Good, it's about time... (Score:4)
Still, after having read the original article now, and all the comments, I'm glad someone is at least doing it right.
We read all these articles (usually by big name news sources) that get posted to
The best thing about
Truly the future of journalism.
---
OK, now what about the payment ? (Score:2)
I don't mind malda giving out the actual email addresses, however I hope malda knows what comes next.
However, yes, I am very delighted to know something like this happened, and hope that the magazine also sends some contribution to malda for the website
rkt
Slashdot (Score:2)
....
>having been alerted to the fact that a) Linux is the best 'programmer's' o/s environment, b) many webservers use Linux and c) you're looking at expertise in both these areas for sensible answers, there was really no choice but to ask the guys that actually do this stuff for advice.
Really? I like slashdot not because of Linux and webservers but because of;
1. Low noise to signal
2. Get my Karma up to boost my ego.
3. To vote for "Hemos/JarJar Sux".
Oh, and thank you for asking for my/our opinion.
If they use my comments, (Score:3)
then "Cited as computer security expert by Jane's Intelligence Review" is going right on my resume. That has got to impress some perspective employers...
-
Re:um... (Score:1)
payment? (Score:2)
If this becomes a regular thing, which I'm all for, and as some are suggestiong, this does bring up a different issue. That can be addressed later though.
What about other articles? (Score:5)
A quick slashdot search for cyberterrorism yields:
FIDNET, Cyberwarfare, and Reality [slashdot.org]
CIA Considering Cyberwarfare [slashdot.org]
[slashdot.org]
Pentagon Cyber Wars
Hackers Against LoU Cyberwarfare [slashdot.org]
They need a nice big picture. For example, interesting information on what is going on in the hacker community could come from the "Hackers Against LoU" article.
And wasn't there an article somewhere about the US Military running a massive test crack against themselves last summer? If I remember correctly, one of their teams managed to get into the systems of a Navy Destroyer?
"You want to kiss the sky? Better learn how to kneel." - U2
"It was like trying to herd cats..." - Robert A. Heinlein
Slashdot profits. (Score:1)
I'm glad
Seriously, I would like to echo everyone elses support for Jane's approach. I think this article will be very informative and demonstrate the type of knowledge
~afniv
"Man könnte froh sein, wenn die Luft so rein wäre wie das Bier"
Re:A plea (Score:1)
Re:sdfgs (Score:1)
Oh really... (Score:1)
Parallel between journalism and the web? (Score:5)
Journalism it seems has to go down a smiliar path. Speed matters for a story, but accuracy and research count highly. Previously, you had journalists who were experts in their own field, and you had a breathing space to do research before the story went to the printing press. In this day and age, with news sites on line, stories break at "internet speed". Hence, reasearch needs to be as quick. Also, with the amount of new developments it's impossible to keep up to date with everything. Result? do an "Ask slashdot" for info, and you'll get a very quick response from several people that know what they are talking about, several revelent links to the subject matter, and a general view of how the topic is viewed on the ground.
It's an excellent method and a lot better than reissuing the same myths that seem to propagate. I think Janes should be commended on a big step in the right direction.
--
Re:What about other articles? (Score:1)
A colloquy ensued,... (Score:1)
Re:Sheesh (Score:1)
>at all, it's like the "cyberwar" between Pakistan
>and India, it has an effect but it's negligable if
>one side does anything.
I dunno. What if the Indians or the Pakistani knocked out the central banking infrastructure of the other country? Or disrupted central communications? A cyberwar could be quite effective.
-awc
Re:OK, now what about the payment ? (Score:1)
--
Re:Good, it's about time... (Score:5)
For example, I always read at moderation level 2 just to cut down on how much there is to read. I find that about 90 percent of the comments have a very distinct slant. I attribute this to the fact that most slashdot readers have that slant and consequently most good comments are slanted.
On top of that, the moderators are also biased towards the prevailing slashdot outlook, and that means that the scarce moderation points are more likely to be spent on comments supporting the general slashdot opinion.
In short, I think that slashdot does a great job of providing the slashdot position on a subject, but does not give a complete picture of most subjects.
We need a better term (Score:2)
"Open source" grates on me when it is used like that - it implies a "source" that is more accessible than the final product. This makes perfect sense in software, where there is human-readable source and then there are machine-readable instructions. Opening the source lets people see the inner workings and change them around.
What we have here is a great new way of putting minds together to make an accurate, insightful document. In this case though, it is more about the new ease with which outside opinions can be solicited and incorporated than with the "open" nature of it. After all, anyone that sees the final product also sees the "source" - they are one and the same.
--
grappler
Re:Respect (Score:2)
YMMV.
Cathedral scaffolding needed first (Score:1)
I think doing the article this way is asking for excessive digression -- at this stage. Take a look at the comments posted already. The best way (in my opinion--feel free to disregard this) to approach this is to **first** provide an editorial structure, or scaffolding, if you will, of topics in this area you want to consider. Then ask Slashdotters their opinions on the subject areas. If you don't provide at least **some** editorial guidance your job will be made a hell of a lot harder.
Just my devalued two cents' Canadian
twilight
(yah, I know my sig's screwed up!)
Re:payment? (Score:1)
Re:OK, now what about the payment ? (Score:1)
BitPoet
The morons at Ziff Davis should be reading this. (Score:3)
Define irony (Score:1)
to vivify.. (Score:1)
So, they're writing an article about cyberterrorism using the
(and of how close I get to being kicked out at times, I'll imagine.
But seriously, that would be interesting; for
just my penny for the day
Re:We need a better term (Score:1)
I just wanted to point out that like any open source project this one wasn't entirely the product of slashdot. Most open source projects start out with the vision of one person who gets something working and then gives it to the public to improve.
Similarly, the original article however poor it was, is what generated enough discussion to produce the final improved article.
Wow! (Score:1)
Clearly, Jane is top of their field for a good reason. They know how to innovate and pick up their source from new, yet very pertinent origins.
I sincerely hope that other companies follow this trend. Slashdot is a watering hole for many experts on various subjects, and that, and not prestige or visibility is what determines the validity of an opinion!
How many can claim to pay for good information, even if it comes from someone posting as "Anonymous Coward" on a public bulletin board?
I applaud this, and hope we see more of it in the future.
"There is no surer way to ruin a good discussion than to contaminate it with the facts."
Re:AC $$$$ (Score:1)
Maybe it could be earmarked specifically for security software...
Re:A colloquy ensued,... (Score:1)
--
Re:Group Authoring (Score:1)
along with that, his threshold was set to at least '1' (some of the posts he responded to were score '1' at the time.
my guess is that his threshold was set to '0,'...i doubt anyone told 'im about the moderation system.
Re:OK, now what about the payment ? (Score:2)
For starters:
"All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster"
On the bottom of every slashdot page. Shouldn't THEY be contacting the authors BEFORE running with their comments?
Please read more carefully. (Score:1)
Note the line: if you find your comments included, contact me at ...
No one is going to be giving out anyone's email address. It is up to you to claim responsiblity for your comments, should you find them in use.
I hope no one abuses Jane's generocity; they are acting in a very responsible and classy manner, as far as I'm concerned.
--Xar
Re:Oooops.... missed out the first time around (Score:2)
I've never run BO so forgive me if I'm wrong, but this is what I understand.
Someone executes BO on a Windows machine (either a user who downloaded it, or someone who has had access to the machine). Very similar to PC Anywhere.
When you're using Windows 95/98, you are the administrator. You have complete access to the machine, much like root has on a UNIX box.
Why can't this same exact thing happen on a UNIX box running under 'root'?
Another point...
For the most part only more "computer literate" people use Linux. As it grows in popularity, someday, it too will have the idiotic user that receives email from "techsupport@linux.com" telling them to run the Security Update.
Believe me, there are idiots using Linux today. I worked at a large company where an idiot who always logged on as root, delete his harddrive 3 times by mistake. You'd think he'd use 'rm -i *' after the second time.
Re:We need a better term (Score:2)
Since all of this material is available to be read on
Additionally, Open Source is a term that people are coming to understand. It could and should be applied to other areas, as long as the term is used accurately. In this case I think it is.
"Spoon!!!" -The Tick
Drake42
Kudos (Score:2)
I am personally delighted that Jane's refused to contribute to the general FUD campaign that the mainstream media. It is refreshing to be able to find a publication that is willing to go to the source (pun intended) tp get it's information.
I can only hope the Znet, Dvorak, CNN and [insert FUD factory here] take notice and try to make a new trend.
Somebody Should tell CNN (Score:2)
^.
Newspaper - editors + 50k reporters = /. (Score:1)
Re:Good, it's about time... (Score:3)
/. is an impressive forum, where some of the neatest, coolest people I know hang out and discuss all kinds of ideas relevant to Linux and technology in general. It's a nerd's paradise for me, and I'm glad to see that Jane's (and others in the mass media, I hope) are realising what a tremendous resource the /. community is.
However, I want to respond to one particular part of Otto's post. He says:
While we certainly have some amazing, wonderfully talented and creative people in the /. community, I don't think we can consider ourselves "one of the largest collection of intelligent people on the planet." This egotistical view feels good, I'm sure, but I think we equate our knowledge of computers, the net, and linux too often to that of intelligence.
I'm not egalitarian by nature, but I'm rooting against /. becoming a place for the "techno-snobs" to hang out, to the exclusion of others. With such a great community of users, we should be reaching out and using our resources to teach others about our passions.
The article in Jane is certainly a good starting point for how /. can reach out past the confines of all of us Technically Elites and help the general population (or, at least another subset) learn about issues that matter to us. Let's keep using our speciality to contribute to projects like this.
Re:sdfgs (Score:1)
Re:A plea (Score:2)
Worthy as it is, the Linux market will have to hit 10% or more of all gaming platforms before it even gets a sniff. Heck, PC sales are 30% of all games sales and Linux is a fraction of that. We regularly get Playstation titles selling x10 what the PC SKU does.
Darn those confounded consumers!
- Robin Green, Bullfrog Productions Ltd, UK.
Re:A plea (Score:1)
Feh.
>
Re:What about other articles? (Score:1)
Personally, any ship with its main purpose being war should not be run with an OS that is a primary target for viruses. Just imagine the problems that they would of had with their BIOS wiped out. Furthermore, these could knock out their backup and triary systems too.
I do understand that this is probably a minor risk, however, when you add all of the risks together, I doubt that you're ever going to have more than 95% uptime. The last thing they need is more room for exposure.
Also, at one point in time, wasn't NT thrown out from just about everything else in the Navy except for clerical office work? If I recall, it was because it wasn't stable and failed to perform as promised.
Re:AC $$$$ (Score:2)
I hope I speak for a lot of people when I say "What the smurf!?!?"
I don't see how this follows. If anything, these people deserve more money, because they contributed altruistically. When one expects to be paid for a job, one generally puts into it only enough to be sufficient to be paid, unless this person also really likes the job. But when a person does a job not expecting money, he does it from the heart. The results are generally better. Which one more deserves to be paid?
Infinite Loop Warning! (Score:2)
Slashdot consists mainly of references to news stories and commentary upon those stories. If people start writing news stories based on the commentary found on Slashdot, the whole world of journalism could implode.
-
<SIG>
"I am not trying to prove that I am right... I am only trying to find out whether." -Bertolt Brecht
Re:Good, it's about time... (Score:3)
Now this is cool... (Score:1)
Perhaps the
-- Moondog
Re:AC $$$$ (Score:1)
Hmm, we may have to put this to a vote....
Actually... (Score:1)
hehe.. Seriously though, a VERY classy move by Jane's.
Re:OK, now what about the payment ? (Score:3)
Second, anyone who posted to the original article should have known that their comments could show up in the Jane's article. That was, after all, the whole idea of soliciting comments from slashdot. As the gentleman from Jane's states in the original slashdot article:
If you didn't want to "risk your privacy" then you should've posted as AC.
--
Re:If they use my comments, (Score:1)
Re:AC $$$$ (Score:1)
At least you speak for me.
-
Clarification (Score:2)
So the point I was trying to make is that by standard API's a remote user can have administrator status while the local one can't, under NT (which is rated C2 network secure! Remember? Oh, wait- that was NT3.51, and it was disconnected from a network.......) And you are absolutely right, that under Win9x the user is given admin access. More bad security. Tsk tsk tsk on M$... but ah well, not my problem. The thing is, normal Joe Linux User (if using the system, not administering it; i.e., logged in as 'joe' and not 'root') would not be able to cripple the entire system or open it up to remote vulnerability by simply downloading/executing the security update.
Re:We need a better term (Score:1)
So if they want to use their version of the term to describe this article, who are we to argue?
-Mars
Re:Community Editing/Writing. (Score:1)
--jeff
Possible deception: identify "experts" (Score:1)
cyberterrorist.
1) Appeal to there need to "set the record straight."
2) Offer some money to expert contributers, but require personal info to "deliver" it.
3) Compile list and submit to CIA, FBI, and cyberterrorism headhunters. (There has got to be some out there, and who better to know them than Jane's)
Re:selling out to the man (Score:2)
Re:Sheesh (Score:1)
I'll just go for 1, it's cruder but alot more effective. 2) could just be fixed with a simple contengency but it's far too surgical. To knock down the network you have to knock out the maintainers, otherwise you'll have a rather negligable effect, if Pakistan shut down India's banking network it would hurt them just as much as it hurt India simply because of how close they are geographically, even if they don't trade with each other, there are middle men in 3rd party countries to the conflict that would be hurt causing a ripple down effect of damage. As for bringing down communications there are just so many sources of it that although it would be possible to damage, the damage would need to be physical, not via the 'net.
Basically knocking down communications or banking infastructure wouldnt' be done over the internet.
-[ World domination - rains.net ]-
Factual Content, It's Their Style (Score:5)
Slashdot needs a publicist (Score:1)
They should send AC lineage to /. (Score:1)
_______________________________
One small problem for Jane's.... (Score:1)
This probably means they'll get
____________________
Charity (Score:2)
As well as encourage any claimers who don't need to money to throw it into the pot. Would be a great thing to do. Definate opportunity for a slashdot poll!!!
(fairly) respected? (Score:1)
Don Negro
QNX for the Military (Score:1)
However, for military hardware (e.g. battleships), I suggest that a microkernel imbedded O/S, such as QNX or VxWorks, would be the proper solution.
The beauty of a microkernel O/S is that it is made up of small modules, each of which can be independently verified to work perfectly.
Now, Linux offers similarly high levels of security, and reliability, through Open Source, and the intense review of thousands of developers. The military, on the other hand, will most certainly want to keep their source to themselves (wisely or not), and will want to do their own reviews.
The other advantage of a microkernel imbedded O/S, for military applications, is that it's better suited to real-time guaranteed-response systems, whereas a more monolithic O/S such as Linux may offer better peak performance, as is generally required by a PC user.
Cringely (Score:4)
"Maybe this was in the minds of the folks at Jane's, the British publisher of defense information, who this week threw their cyber terrorism research at the nerds who read Slashdot, hoping for some inexpensive proofreading to keep Jane's from making their own big mistakes. This is an interesting idea but ultimately flawed, I think. The only way to write the news is to write the news. You have to do it the best that you can then take the heat, because the censorship of the nerderati is still censorship. That's why newspapers make corrections."
Obviously he wasn't aware that Jane decided to publish the
Censorship? Nobody told Jane's they *couldn't* post that crap, we simply informed them of it being such a bad idea
http://www.pbs.org/cringely/pulpit/pulpit199910
Re:Respect (Score:1)
I think it is best that everyone have access to these ideas, rather than a select few, or even just those who will use it for good ends. It seems that the widest possible spread of ideas is the best policy. There are bad side effects of such policies (i.e. those who use these ideas to oppress others), but I think the good effects (i.e. everyone who is interested knowing as much as possible) far outweigh the bad.
Suggesting that they should be kept in the dark also suggests that if they aren't told, they won't figure it out. I imagine that if they (I'm talking about the sort of people who have the resources to actually suppress people AND use computers as a part of that) are really interested in knowing these things, they probably already know it (how did you learn these things. Now ask yourself if you really believe that the aforementioned (really determined) people would be unable to learn (or have people learn for them) in the same ways that you did).
One parting thought: Regardless of how much information about computer security third world dictators (or anyone for that matter) possess, there will always be ways to hack into their systems. There may come a time when social engineering is easier (or when significantly different hacks become easier), but there will ALWAYS be a way around any barrier that is put up. I very much doubt that there really is such a thing as an impervious computer system (just ones that are hellishly tough to crack).
Re:Respect (Score:5)
In the world of online security, it is better to have a publicly known weakness then to hide the weakness. If the weakness is hidden, then the Bad Guys share it among themselves and we don't know. If the weakness is known, we can post the moral equivalent of guards until somebody fixes the weakness.
Something like this should end up on sysadmins' desks pronto: they are our first defense against cyberterrorism. Fortunately, we here at Slashdot heard about it before publishing, and that means that a lot of sysadmins will know about this and be ready for it.
For anyone working at Jane's, I suggest that this article be target marketed to sysadmins. This would be a service to those people who keep our systems secure. This also would also increase circulation: rather than being targeted at a centralized military market, this is targeted at a decentralized computer security market. Unlike other forms of attack, this one cannot be defended by the military: cyberterrorism is best fought by a networked militia of private citizens and organizations.
Incentive for more thoughtful posts? (Score:1)
Re:Charity (Score:1)
Re:QNX for the Military (Score:1)
However, for military hardware (e.g. battleships), I suggest that a microkernel imbedded O/S, such as QNX or VxWorks, would be the proper solution.
The beauty of a microkernel O/S is that it is made up of small modules, each of which can be independently verified to work perfectly.
Now, Linux offers similarly high levels of security, and reliability, through Open Source, and the intense review of thousands of developers. The military, on the other hand, will most certainly want to keep their source to themselves (wisely or not), and will want to do their own reviews.
The other advantage of a microkernel imbedded O/S, for military applications, is that it's better suited to real-time guaranteed-response systems, whereas a more monolithic O/S such as Linux may offer better peak performance, as is generally required by a PC user.
I'm the resident Geek for a manufacturing plant and here if we have down time we lose money out the yang. We use QNX on our ciritical production systems such as packing equipment and mailing systems. It is extremely stable and very easy to work with once you learn it. It's enough like Unix/Linux to make the transition pretty painless. I would definately second this recommendation for military usage, though since that part of our system isn't connected to the 'outside' I can't say anything for its security.
Kintanon
The poor author... (Score:3)
Maybe this is a sign that Slashdot is what journalism will be like in the future.
Payment from Jane's (Score:1)
*begin rant *
The attitude expressed by the Slashdot community is now at an all time high hypocrisy level.
Usually
Now with this Jane's article, these same readers are all about "GIMME THE MONEY!!!" It seems to me that they have totally forgotten about their roots in the open source community, and especially about the roots of Slashdot in Open Source. CmdrTaco and the rest of the
Now when Jane's is offering to pay, everybody forgets about the altruism of this community and are only looking out for themselves..
If the readers of Slashdot were more concerned about the OpenSource Community than their own pocketbooks, they would either refuse to be paid for their contributions or ask that it be donated to a OpenSource/FreeSoftware committee/foundation/company/group.
I am not a true hacker by any means, and I probably don't get paid anywhere near what a good programmer gets paid (I am a lowly word processor), but I would ask that my share of money go to some group that needs it more than I.
*end rant*
I implore all
Jane's didn't have a choice (Score:1)
Re:They should send AC lineage to /. (Score:2)
/. doesn't need the money anymore.
D
----
Re:Kudos (Score:2)
Re:Payment from Jane's (Score:3)
Open source isn't about free beer though. It's about open access to the source for verification and modification. Freedom to innovate, as Microsoft would say. Nothing in the GPL prohibits charging for software, though obviously it makes it more difficult.
This confusion, that money is evil, and charging for software (or writing) a sin, is damaging. Hiding software bugs, leveraging protocols for monetary gain, those are evil, not money paid for honest work.
People have to live you know. I've been selling software for nearly 20 years. If you expect me to start giving it away to corporations and flipping hamburgers for a living soon, please think again.
Someday, when everyone's basic needs are all automatically supplied by self-repairing machines, you can rant against paying for value. Until then open source needs to remain a *gift* economy - things are freely given as and when the giver desires, not on demand.
The Slashdot Group (Score:3)
About to make your next corporate strategic decision?
Want to get ahead of your compeitors?
Looking to improve your corporate image?
Look no further. Call on:
* Insert slashing sound *
-- THE SLASHDOT GROUP --
We can help make your next decision a snap. We are free source finanical group ready to help you make those hard decisions. Our expert team of anaylsts are online 24 hours a day, and are up to date on all the lastest technologies and trends.
Your business in trouble? Don't wait! Call the
* Insert slashing sound *
-- THE SLASHDOT GROUP --
(OSF/FSF equal opportunity member. Some restrictions apply, Batteries not included. Price does not include plates title or tax. Some restrictions apply, see your local geek for details)
* TV ad mode OFF *
Government != Clueful (Score:2)
I worked (as a contractor) for DARPA for a while... That's the US Defense Advanced Research Projects Agency, yes, those guys who invented the internet. Guess what they standardized on? M$. We were constantly fighting with them because their (idiotic) MIS guy was a total borg. Nothing but NT, IIS, and ASP shall grace DARPA's network. And these are the guys who are supposed to know what they're doing.
So I don't know about worldwide governments, but here in the good ol' U S of A, we're still a pack of idiots.
There have been encouraging signs from certain US Gov't agencies recently however. Maybe the times are changing. But it's still, currently, rare to see a government office with anything but wintel boxen, as far as the eye can see.
----
We all take pink lemonade for granted.
Slashdot Bias (Score:2)
Janes is a very well respected publisher, and their decision to use Slashdot as an "open source" on this topic is a great endorsement of the benefits of the Slashdot model. I think a little self back slapping on the
Anyone who reads
I my self have been often moderated up and Im no OSS-zealot by any means! Im certainly not against it but I use a proprietary OS as my main OS (BeOS) and I don't beleive that OSS, despite its important contributions, will take over the world and have said so more than once in this forum. Ive even got a permanent score 2 rating, which I suppose is in part due to realtively frequent
+ve moderation.
The fact that the bias here is an open one, and that it does not completely drown out dissenting opinion (at least in many topics) shows that Janes was right in very carefully using this forum as a source for a topic that maybe
HOWTO: Community Editing/Writing (Score:5)
Few issues:
Who would do the compiling? Would lots of people make them, and then moderators (possibly those with highest scores on comments?) would vote on them? Would the moderators themselves do that? Would the slashdot admins compile them? Would each comment's outline contain an identifier for each specific point he or she makes (Slashdot HTML tags?) and then would those clearly defined points be voted on?
Lack of sources. (Not to be confused with source code.) For a formal report to be compiled, saying things like "NT only gets C2 classification when not connected to a network." require specific proofs. Where did this information come from? All that stuff needs to have links to its original source whether it be AP Newswire, a Bugtraq report, or just a few steps of math to show what 99.9% annual uptime is. Even saying that 2 GB has been the swap file size limit should have a link to a man page somewhere (so it can be immediatly victimized by The Slashdot Effect).
Time. This compiling will take time. (Until AI Beowulf clusters of a thousand Linux boxes do it for us.) Will we care about this issue by the time we have a publication. Should we vote on which issues to pubish?
Rob's Ego. Should we let him bask in his own creation's glory? Should we have him keep a skull on his desk like Shakespeare did to remind him he is only mortal? Should he be required to take psychoactive medications? Should he, like the Pope (Pontifex Maximus (; ), be required to bequeeth all his worldly possessions to his orginization to keep him humble? (Dibs on server.)
Also, no doubt this change would effect our beloved Slashdot. I can see a few possible effects:
Reduction of stupid unneccassary, unintelligent comments due to motivations to have part of his comment cited in Compilation. I'm capitalizing it now... exiting!.(i.e., the writer would know that "Micr0$oft Sucks!" wouldn't be considered for publication.).
Community recognition. If we had such Compilations with citations and such, notable media would start refering to Slashdot Compilations for information and viewpoints on topics. (More often then they are now, even.) Slashdot's notoriety would grow, and so would its user base.
Slashdot Compilation Archives cds could be sold to accomodate the larger user base and traffic. We would need Rob to make his taxes public so we could make sure he isn't spending the Compilation Archives cds on his well-known crack habit.
In closing, I believe Community Writing could really enhance Slashdot as a whole. LOTS of places would have discussions forums, and Slashdot still would be. People would still debate, flame, respond, email and DoS each other based on their posted opinions. But Slashdot being the first to actually produce such valuable publications based on the knowledge base of its user would be a very first. [It is really too damn late and I have too damn much to do for school, etc. so I have not grammar/spell/content checked this. Deal with it.]
Kspett
Ahh, but consider the alternative (Score:2)
But is that really the case? Do you accept that self-assessment? For one thing, who ever said that each issue has only two sides? Who came up with that? Seems a little simplistic to me.
I for one don't buy it. Every little thing you say and do betrays bias, even if subconsciously. You mention this and not that -- why not? You cite this source but not that one -- how come? You talk a lot about this but seldom about that -- why?
Bias-free media is a myth.
Think about where your news comes from. All of the major news & media outlets in the western world are owned by about half a dozen conglomerates. They each run advertisements for their own products, and by so doing try to mold you to their veiw of how the world should be. ("Television shows are a tool to get people to watch more ads than the would ordinarily.") It might not be an explicit plan to manipulate things -- there may not be men in black suits & skinny ties saying who can say what about whatever -- but the people that find their way on screen or into print have demonstrated a willingness to play by the rules of their superiors. And in that way, the tone of the media is molded to the interests of those controlling the top of the pyramid.
That is what I love about Slashdot. There is no central control, or not much anyhow, and anyone from ESR to AC can speak their mind about anything. Is it perfect? No. Is it biased? Yes. But it's democratic -- we control it, not Rupert Murdoch, not General Electric. You and me. We control it. And the bias is not concealed -- we love Linux, we love open source, we want it to spread far and wide. First we had open source software, and it was great. Now, what is this? Open source news media? Hey alright, sounds good to me. We don't cringe from these things.
In my mind, this is the more honest and egalitarian model for the news media to follow. I love it. My only wish is that it wasn't so confined to technical matters -- or rather that there was, say, a kindred site with an emphasis on general news, international affiars, politics, the economy, whatever. As it happens, there is only one Slashdot, and it's all about nerddom. So be it.
May it blaze a shining trail for others to follow.
Two points: Altruism and anonymity. (Score:2)
Yeah, sure, in a way...
But if they are so altruistic, it's not *too* far-fetched to think that they might want to donate the money to charity, too, is it? IOW, to turn your argument around: Did they only do it "from the heart" as long as there were no monetary earnings in the picture -- but as soon as such a possibility emerges, they *do* want to get paid? What the heck kind of "altruism" is that?!?
The other point is that since these guys (probably very few, if any, gals) posted as Anonymous Cowards, they probably *wanted* to be exactly that -- Anonymous! Someone suggested using Web logs (and cookies, not that I'm sure how that would work) to track them down; and while that might be technically feasible, I wonder whether most ACs would think it was worth it. If
Especially since this probably isn't a fortune we're talking about, here. First of all, mr Ingles-le Nobel or somebody will have to edit all the comments into a coherent whole, and that person will then probably stand as the main auhor from Janes' point of view. You could perhaps even say that any payment to
I would guess that for each quote -- a line or two apiece, perhaps a short paragraph, out of x pages? -- an appropriate remuneration, calculated as a corresponding percentage of the compiling author's reward (minus something for him alone, for the compiling and editing!) would come down to a few quid, perhaps a tenner or two. And I know that if I had contributed an anonymous comment out of the sheer goodness of my heart, then I would CERTAINLY rank the altruistic buzz of having the money donated to charity in my name (eh... non-name?
Christian R. Conrad
MY opinions, not my employer's - Hedengren, Finland.