* Frans Pop <elen...@planet.nl> [2009-03-14 09:25-0400]: > On Saturday 14 March 2009, Leo 'costela' Antunes wrote: > > IMHO that's a false notion of "security through laziness" :). > > Black hats are lazy too. They go after easy targets for maximum profit. > Getting into Debian currently takes a certain amount of demonstrated > dedication to the project through actual hard work. You should not > underestimate that.
There are some companies that have had their 'bottom-line' demonstrably impacted in significant ways by open source and have undertaken various dubious mechanisms to destabilize and discredit open-source. Microsoft actually acknowledged to the SEC[0] in its required filing[1] that it may be forced to lower its prices as a result of the growth in open source, the popularization of the open-source movement continues to pose a significant challenge to its business model... Since the 1970s, the US now considers economic interests as vital for the protection of national security. Considering the economic role that Microsoft plays in the dwindling economy of the US, its not that too much of a conspiracy theory to consider the possibility that the free/opensource movement, and by extension Debian itself, as a significant economic threat to US national security. We have here a couple sufficiently well-funded adversaries, and the amount of money, time and skill to get into Debian is not that hard, especially if you are being paid to infiltrate (and potentially disrupt, c.f. COINTELPRO[2]) Every 24 hours microsoft makes 55 million dollars in pure profit. Apparantly, it takes Microsoft only 10 hours of business to exceed Red Hat's entire quarterly profits ($20.5 million), last I checked. Fortunately, Microsoft's net income seems to be rising[2], although I wonder when they might also need a 'bailout'. All of this is just fun wingnut ramblings, but I think serves to illustrate that the artificial barrier imposed by the arduous NM process is not that significant of a difficulty for getting inside Debian and we cannot use this as mechanism for making Debian "secure". micah 0. http://sec.gov 1. http://www.microsoft.com/msft/download/MSFTQ03-2_10-Q.doc 2. http://finance.yahoo.com/q/is?s=MSFT&annual 3. http://en.wikipedia.org/wiki/COINTELPRO
signature.asc
Description: Digital signature