Could Linux Be Too Open for Our Own Good?
There are times when things encountered can be unexpected and
surprising, and they can change the way you think about things ever
after. Kirkegaard -- that old funster -- said that once the Abyss has
been seen, it can't be unseen. It's like the first time that you go to
one particular Web site. It seems impossible, but there it is: naked
ladies reading the news. The anchor lady doing a strip while talking
about Iraq. The weather girl kicking up her heels about a forecast.
Literally. And it's free, everyday. Originating from Toronto every
Monday through Friday and operating for over a year, it's set up for
all popular Web video players and connection speeds. Makes you wonder
if Peter Jennings is wearing trousers under that desk. And you want
Lynn Russell of CNN Headline News to take her glasses off -- slowly.
That's sort of what I was feeling when I first saw that the National
Security Agency was releasing a secured version of Linux 2.2 into
the "open source" community, along with the background on the testing
models it used for verification. It was just too weird to be happening.
The people behind the triple fence in Fort Meade, Md. giving out
something? Sources to their code? Verification strategies with
annotations? The same folk who used to be able to make any cryptography
that they didn't like disappear forever? The sheer immense significance
of what this release of code implied was stunning, like a hard punch to
the gut.
Now, there had been previous calls for the NSA to change its
organization, how it did its business. The "New Enterprise Team" report
of October 1999 was all about changing the way the NSA should fulfill
its mission. The teams' recommendations included:
1. Update, complete and implement the vision and mission statements
and disseminate the information broadly.
2. Change the organization, the underlying funding model, and
management practices to enable accountability and empowerment of
individuals closest to mission execution -- the "mission
managers."
3. Charge responsible managers to invest in order to avoid
technical and mission obsolescence.
4. Develop and emphasize business planning, program management, and
systems engineering skills needed to meet changing environment.
5. Foster a new culture that emphasizes openness, flexibility, and
personal performance.
6. Acquire, develop and keep skills necessary for future success.
7. Influence, and be influenced by, the Agency's stakeholders.
8. Correct the promotion system and emphasize that promotion is
based on performance and job responsibility.
It's point number five, with its call for a new culture of openness
that stuck out to me when I read it. What was being recommended here
was the antithesis of everything the NSA was and had been.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
