Princeton open-source hater a loose cannon

Boss distances Uni from small-fry geek

  • alert
  • submit to reddit

3 Big data security analytics techniques

By now most of us are acquainted with Microsoft CEO Steve Ballmer's recent PR rant at the Gartner Fall Symposium in Orlando, where he dismissed open-source developers as a lot of teenage hobbyists with questionable motives.

"The vulnerabilities are there [in open source software]. The fact that somebody in the middle of the night in China who you don't know, quote, 'patched' it and you don't know the quality of that. I mean, there's nothing per se that says there should be integrity that comes out of that process. At the end of the day, it's people who write software. We have a methodology; we have an approach; we have a testing process that we know can lead to a sustained and predictable level of quality."

Ballmer also tried to impugn Linux's security, throwing a few numbers carelessly about at the conference: "In the first 150 days of Windows 2000 we had seventeen critical vulnerabilities... The first 150 days of Red Hat 6 -- go check the number, just go check the number. It's five to ten times higher than what we are showing," he trilled.

Ballmer neglected to mention that each of the seventeen vulnerabilities he cited were critical security flaws in Windows itself, whereas the ones reported by Red Hat were spread among the thousand or so packages distributed along with the Linux kernel. If Windows and Linux were compared kernel-to-kernel, Ballmer would have been laughed off the stage. But he wasn't. No one in the audience bothered, or dared, to challenge him.

We're accustomed to this sort of Newspeak from a panicky salesman. What we don't expect is to get the same spiel from the academic world, where people are expected to have the intellectual chops to see through such trivia as marketing slogans, and to prefer clarity, accuracy and reason.

Nevertheless, in a recent column published in Syllabus Magazine, a tech journal for educators, Princeton University Technology Strategy and Outreach Manager Howard Strauss channelled the very soul of Steve Ballmer.

About a week after the Ballmer blather hit the Net, Strauss took up his pen in support. He pressed all the buttons, first by painting open-source developers as "a smattering of teenagers too young to work at Redmond, hackers, virus creators, and a menagerie of others."

He pressed the quality-is-always-expensive button as well: "we cannot avoid the high cost of high-quality IT," he warned, and equated open-source software with the famous Nigerian e-mail scam promising riches in exchange for modest investment. "While you are installing your free, open-source software you may want to write [Nigerian scammer] Mrs. Ahmed a check. Her $8.5 million will help pay for the real cost of that free software," he warbled.

Never mind that open source software is created by some of the most talented programmers in the world. The article is so palpably Ballmeresque that one has to suspect Strauss of having an interest here. And sure enough, he seems to have enjoyed at least a few perks from the Redmond lads.

A longtime friend of The Reg who would just as soon not see his name in the papers tipped us to some of Strauss' activities with an outfit called the Corporation for Research and Educational Networking (CREN), founders of the once-great academic WAN known as BITNET.

One of Strauss' regular duties as a CREN guy involved periodic 'Tech Talks' sponsored by Microsoft as this announcement and this other announcement mention. Whether Redmond's 'sponsorship' involved cash or other consideration is unclear. Certainly there would be nothing illegal in taking a little money and publicity from a vendor and then blowing their horn in public, though it is rather unseemly, and a bit beneath the standards we expect academic institutions to cleave to.

It seems Strauss' boss feels the same way. Last week, Princeton University Enterprise Infrastructure Services Director Daniel Oberst posted a statement making it clear that Strauss does not speak for the university, and further that Princeton is quite pleased with the open-source software it uses and hardly feels like the victim of a Nigerian scam.

According to Oberst: "The views expressed in the Syllabus article were that of the author and not those of Princeton University nor its Office of Information Technology. While the article might have led some to believe that Princeton University opposes and does not support the open source movement, in fact Princeton is an active participant in open source activities, while continuing to run many university services on vendor-supported commercial software."

Additionally, "Open source software is widely used at Princeton, including Apache Web server software (including the main www.princeton.edu web site), Linux servers for infrastructure services and desktop productivity, sendmail and spam assassin for mail processing, and a number of Beowulf (clustered Linux) servers for high performance computing," Oberst says.

Meanwhile, CREN has dissolved itself and been reconstituted in bits scattered among various Web venues, in part as a possession of Syllabus Magazine. Syllabus has acquired and archived the MS-sponsored CREN Tech Talks, in which Strauss held forth under Redmond's sponsorship.

Now CREN is no more. It certainly seems never to have been a major MS customer, having maintained its Web presence on Apache over Solaris until a year ago, when it switched to Apache over Debian, according to Netstat. Syllabus, on the other hand, has progressed from IIS-4 over NT-4, to IIS-5 over Win-2K, to IIS-5 over Windows Server 2003 over the past two years. Not that there's anything wrong with that.

The Register invited Strauss to clarify his involvement with CREN, Syllabus and Microsoft, and answer questions about the conflicts felt by a university employee with nifty little perk ties to Redmond, but he declined. Twice. Certainly he's not alone in benefiting from Microsoft's desire to colonize academic computing, but he is the first such person we've observed spitting anti-Linux poison on Redmond's behalf in public. One would hope he's the last. ®

SANS - Survey on application security programs

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
prev story


Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.