[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [seul-edu] Advocacy: More to support Linux acceptance in schools...



I'd never heard of this Moody guy before tonight. Here is what he actually says:

             Federal Computer Week
             (fcw.com) reported on August 2 that
             Linux “fails to meet Common Criteria
             (CC) requirements — an international
             agreement and protocol regarding
             security criteria,” and thus is ineligible
             for deployment in federal-government
             systems. NT, it bears pointing out, does
             meet the requirements. 

Curious to see the context of this quote, I went to the cited URL. A search
on "Linux" turns up 147 matches, none dated August 2. I finally found the
article by searching on "Common Criteria"; it is (apparently) mis-indexed
under July 2, not August 2, and it appears to be a pickup from LinuxWorld
(the online magazine, not the expo). The URL is

        http://www.fcw.com/fcw/articles/2000/0731/web-linux-08-02-00.asp

The actual words that Mr Moody quotes appear in this paragraph:

                    The operating system also fails to meet
                    Common Criteria (CC) requirements — an
                    international agreement and protocol
                    regarding security criteria — according to
                    Linda Walsh, a member of Silicon Graphics
                    Inc.’s Trust Technology group. Walsh spoke
                    at the U.K. Unix User Group Linux 2000 Developers’
                    Conference held July 7-9 in London. 

In other words, he is quoting the opinion of an SGI employee, not a
government official. And the article says NOTHING WHATSOEVER that can fairly
be paraphrased as "ineligible for deployment in federal-government systems."
In fact, some of the other articles that the search turned up are about
deployment of Linux systems by government agencies, indicating that claims
it is "ineligible" for deployment are not well founded. Nor does the article
indicate whether or not NT meets these requirements.

Mr. Moody's actual point (when he is not simply spitting vitriol at the
Linux community ... and in fairness, it sounds like he was on the receiving
end of some of the stupidity that a subset of the Linux crowd seems to
specialize in) is that Linux has had a significant number of security holes. 

He bases this on a review of statistics at Bugtraq. He gives no more precise
citation is the article, so I have no way to check his interpretation ...
and given his misreporting of the content of the article I could check, I
wouldn't take his word for what another, uncited, report contained.

More to the immediate point, I would view his article as worthless for the
purpose of trying to get an honest sense of the extent to which Linux is
used in government.


At 10:32 PM 8/20/00 -0700, Joseph E. Arruda wrote:
>Moody is a gaping sieve of knowledge... ;) Well, he's a gaping
>something, I am sure of that. Gaping loudmouth who does not do any
>actual research into his writing is probably quite accurate.
>
>I do know that there is plenty of Linux use in government, but the only
>public use you will hear about is at the DOE level, with the national
>labs (I know that my enployer, VA Linux, has installations at almost if
>not all US National Labs, with the most prominent being Chiba City for
>Argonne, and The Wall at Brookhaven -- both are Beowulf style HPC
>clusters).  The problem with some of the general military/fed agencies
>is meeting either Orange or Red Book (C2, non-networked and networked)
>cert - this is a complex process and quite expensive, and anything but
>efficient (its well documented that NT 4.0 was being sold to the gov as
>a replacement for its predecessor long before it received a C2 rating --
>and that rating was for non-networked machines..its a bloody mess
>believe me).
>
>I know that numerous firms have 'entertained' the idea of getting Linux
>c2 cert, but as of yet, no real progress has been made.
>
>I *know* the NSA and CIA have been 'dabbling', as well as possibly the
>DISA, but nothing beyond anecdotal evidence exists (and for arguably
>*good* reason)
>
>z
>
>Ryan Booz wrote:
>> 
>> > The only thing that caught my eye was this snip....
>> > "Twenty-six percent (26%) of federal installations have reported use of
>> > the Linux
>> > operating system in their organization, as reported by IDC.  IDC also
>> > estimates
>> > that "most of the government's sophisticated, back-office computers will
>> > be running
>> > Linux by 2002.""
>> 
>> I was pointed to an article this week that said just the opposite of this
>> statement. (http://abcnews.go.com/sections/tech/FredMoody/moody.html)  The
>> article says that Linux is not approved by the government, and therefore
>> not used, for security reasons, making it a major set back for the
>> community.  I found it hard to believe that there were no Linux computers
>> in the Gov.  Now I realize that Moody is basically anti-Linux, but I was
>> wondering if anyone know who's telling the truth - because I agree with Ray
>> that this could be another argument to add to the list.
>> 
>> Just curious....
>> 
>> Ryan Booz
>> Tech Coordinator
>> Belleville Mennonite School
>
>

--
------------------------------------"Never tell me the odds!"---
Ray Olszewski                                        -- Han Solo
Palo Alto, CA           	 	         ray@comarre.com        
----------------------------------------------------------------