10.02.11

Gemini version available ♊︎

Bristol Council Claims it Chose Microsoft for ‘Security’

Posted in Europe, Free/Libre Software, Microsoft at 10:24 am by Dr. Roy Schestowitz

Bristol coat of arms

Summary: The laughing stock of the security world is said to have been favoured because it bought some expensive certifications

A FEW months ago we wrote about a bizarre dodge from Free software [1, 2], which happened after everything seemed finalised. No proper explanation was given and those involved were questioned about the sudden change of heart (with the suspicion that something nefarious had happened). Only months later, under persistent pressure from the public and from investigative journalists, we finally see this apparent excuse, which goes like this: “It has been considering a number of open source email solutions, but Bristol City Council confirmed to eWEEK Europe UK that none of them have the necessary government security accreditation to enable the council to use them.”

Is this the same reasoning which they gave to those companies? Is this an afterthought? An excuse? Being blessed by some expensive process (that carries no liability either) does not actually make the software more secure. It is not as though when Microsoft software gets cracked the certificate plays any role and somehow gives another target to point the finger at. This smells like dishonesty and since the White Houses uses Drupal and GNU/Linux, this claim holds no water, either.

There are many new examples of insecure proprietary software, one of which came last week from Novell on Windows. To quote:

“Unfortunately, a problem has been discovered with this file, which can potentially result in a system crash in certain circumstances.

The problem has been fixed, and the Client software has been re-released as Novell Client 2 SP1 for Windows (IR9a), available at:

http://download.novell.com/Download?buildid=rSUN_TTVSf0~

Please remove the (IR9) build, and use the (IR9a) version instead. We regret the inconvenience.

Thank you.”

How would certification have resolved such an issue? It wouldn’t have. In practice, Microsoft software and proprietary software are not secure, they are just more secretive and expensive.

The tale of Bristol has been followed quite closely by Mark Ballard, who writes about excuses such as the above (excluding all Free software in one fell swoop, pretending that Microsoft is the only secure option) in the following text:

Bristol City Council’s open source push has suffered another series of set-backs that point a finger of blame at CESG, the cyber security arm of government intelligence unit GCHQ.

Leaders at the local authority claim that the need for CESG security certification of e-mail systems effectively means the council has no choice but to buy Microsoft.

Senior Cabinet Office IT leaders have been asked to help as Bristol’s faltering open source strategy, still showing little progress after a year, highlighted problems besetting the coalition government’s own open source policy.

What a sham. As many other governments use Free software quite happily, this concern has little or no validity. It is a good excuse though — like one an employer uses to reject a candidate for reasons that are not technical/skills-related but qualifications-related.

In other news of interest, “U.K. Liberal Democrats urge open source,” but given the story of Bristol it seems like lip service. From the article:

The British government should ensure it owns all software code it pays for and should share that code for free within the public sector, says a policy paper adopted Sept. 20 by the Liberal Democrats party, the minority partner of the two-party ruling coalition forming the United Kingdom’s government.

In addition, the paper urges the British government to embrace collaborative software development along the lines of models on display at GitHub, an open source software project hosting website.

Someone should tell the Lib Dems that Bristol rejects British firms that offer Free software in favour of proprietary software from a foreign company with criminal history — software that the British public overpays for and has no control over.

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

A Single Comment

  1. Michael said,

    October 2, 2011 at 11:50 am

    Gravatar

    Oh no! Someone made a choice Roy does not like!

DecorWhat Else is New


  1. Links 26/01/2023: GNU poke 3.0 and PipeWire 0.3.65

    Links for the day



  2. IRC Proceedings: Wednesday, January 25, 2023

    IRC logs for Wednesday, January 25, 2023



  3. Companies Would Collapse Upon Abandoning Their Original Goals (That Attracted All the Productive Staff)

    Staff with technical skills won't stick around in companies that reject technical arguments and moreover move to proprietary software in a company that brands itself "Open Source"



  4. [Meme] Listen to Your Workers, Avert Disaster

    Companies that refuse to take input from staff are doomed to fail



  5. The ISO Delusion: When the Employer Doesn’t Understand the Company's Value Proposition (Building Systems) and Rejects Security

    Sirius ‘Open Source’ has failed to sell what it was actually good at; instead it hired unqualified people and outsourced almost everything



  6. Links 25/01/2023: NuTyX 23.01.1 and GNU Guile 3.0.9 Released

    Links for the day



  7. Links 25/01/2023: Stratis 3.5.0 and Many Political Links

    Links for the day



  8. New Record Low: Only One 'Linux' Article in ZDNet in More Than Two Weeks

    Only a few years ago ZDNet published about 3 “Linux” stories per day (mostly FUD pieces); now it’s a ghost town, painted in ‘alien green’; considering ZDNet’s agenda (and sponsors) maybe it’s better this way



  9. Links 25/01/2023: Pale Moon 32.0 and DXVK 2.1

    Links for the day



  10. IRC Proceedings: Tuesday, January 24, 2023

    IRC logs for Tuesday, January 24, 2023



  11. ISO Certification Hardly Tackles Any of the Real Issues

    The real-world threats faced by private companies or non-profit organisations aren't covered by the ISO certification mill; today we publish the last post on this topic before proceeding to some practical examples



  12. [Meme] Medical Data Sovereignty

    What happens when your medical records/data are accessible to a company based abroad after a mysterious NDA with the Gates Foundation? The International Organization for Standardization (ISO) does not mind.



  13. The ISO Delusion: Sirius Open Wash Ltd. and Medical Data/Projects at Risk/Peril

    Sirius ‘Open Source’ was good at gloating about “ISO” as in ISO certification (see our ISO wiki to understand what ISO truly is; ISO certification needs to be more widely condemned and exposed) while signing all sorts of dodgy deals and lying to clients (some, like the Gates Foundation, were never mentioned because of a mysterious NDA); security and privacy were systematically neglected and some qualified as criminal negligence (with fines/penalties likely an applicable liability if caught/reported)



  14. Links 24/01/2023: Wine 8.0 is Ready, FSF Bolsters Copyleft

    Links for the day



  15. Azure Has Layoffs Again, Microsoft Still Cutting

    Even supposed ‘growth’ areas at Microsoft are being culled (this growth is faked, it is a lie)



  16. Links 24/01/2023: Tails 5.9 and ArcoLinux v23.02

    Links for the day



  17. Links 24/01/2023: GStreamer 1.22 and Skrooge Gets New Site

    Links for the day



  18. IRC Proceedings: Monday, January 23, 2023

    IRC logs for Monday, January 23, 2023



  19. The Inside(r) Story of ISO 'Certification' Mills

    Based on my experiences inside Sirius ‘Open Source’ — as I was there for nearly 12 years — I finally tell what I’ve witnessed about ISO certification processes (see ISO wiki for prior experiences)



  20. [Meme] ISO Selling 'Reputation' to Small Businesses (for a Large Fee)

    As we’re hoping to demonstrate throughout the week, ISO certification is, in practice, worse than worthless (just a waste of small businesses’ resources, much like patents); call it the ‘ISO tax’, an artificial barrier to entry that boils down to money



  21. [Meme] ISO Certification for Paying for Certificates on Time

    ISO is a phony authority; it makes business by issuing mostly worthless paperwork that wastes people’s time and accomplishes nothing (except making ISO in rich Switzerland even richer)



  22. The ISO Train Wreck at Sirius 'Open Source'

    Before we proceed to showing how Sirius ‘Open Source’ blatantly ignored security and privacy we wish to show how ISO (see ISO wiki) basically ‘sold’ a certificate to Sirius — this is like a “diploma mill” but something that’s for businesses, not individuals



  23. Sirius Lying About ISO to Justify Giving the Technical Staff Some Classic 'Bullshit Jobs' While Censoring/Covering Up Incompetence

    Sirius ‘Open Source’ has long used “ISO” — and sometimes “GDPR” — as catch-all excuses for all sorts of nonsensical policies; does ISO realise the degree to which it is being misused by incompetent 'box tickers'?



  24. Links 23/01/2023: mozilla.org's 25th Anniversary and IceWM 3.3.1 Released

    Links for the day



  25. Report: The So-called 'Linux' Foundation is Reducing Focus on Linux

    The so-called ‘Linux’ Foundation is reducing its focus on Linux and is instead busy promoting Microsoft, Facebook, and other interests that GNU/Linux users strongly dislike



  26. Links 23/01/2023: Fwupd 1.8.10

    Links for the day



  27. IRC Proceedings: Sunday, January 22, 2023

    IRC logs for Sunday, January 22, 2023



  28. Links 23/01/2023: Many Pgpool-II Releases, risiOS 37 Reviewed

    Links for the day



  29. [Meme] Sirius is Not Open Source and Thugs Took Over the Company

    Despite its name, Sirius ‘Open Source’ actively replaces Open Source with proprietary software, even for its very own infrastructure (while almost all the “managers” use proprietary software)



  30. [Meme] Truth is Not Defamation

    The rogue employers like to frame everything that’s not convenient as “false” or even libelous/defamatory/slanderous; what’s actually libelous/defamatory/slanderous is those employers making such accusations against staff that says the truth (verifiable facts) in an effort to discredit such staff


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts