back to article Microsoft scores nearly $1bn non-compete contract with US military

Satya Nadella’s team will be smiling today after the US Defense Information Systems Agency (DISA) – the IT wing of the Department of Defense (DoD) – awarded his firm a five-year $927m support contract. The deal will give the US military “access rights to Microsoft’s proprietary (closed-source) code” when it is “required to …

Silver badge

Might want to check...

all of it, line by line. But will they pass on the fixes to MS to be patched for the rest of us, or is this a map to vulns and back doors given as a present for our new president?

7
1
Silver badge

Re: Might want to check...

Good point. The DoD unlike the NSA (at least one wing of it) as far as I know has no responsibility to also share vulnerabilities with industry. I am afraid they haven't figured out what a two way sword that is either especially since a society doesn't get more vulnerable than the US.

3
0
Silver badge
Headmaster

Re: Might want to check...

BTW, the NSA is part of the DoD and officially part of the U.S. Navy, which is why an admiral is usually in charge at Fort Meade.

"Yeah MS, thanks for the source code. Can you forward all the Win 10 telemetry to us, strictly for anonymized data modeling purposes?"

4
2
Bronze badge

Re: Might want to check...

I'm curious is DOD is compiling the code or just glances over it.

0
0
Silver badge

Re: Might want to check...

"I'm curious is DOD is compiling the code or just glances over it."

Knowing how this sort of stuff tends to go, my bet would be neither.

8
0
Silver badge

Re: Might want to check...

Yeah wasn't real sure about the alphabet soup of agencies these days. Regardless my point about two edge sword stands which is going to burn these assholes real bad one of these days if they sit on zero days. Of course us proles will never know our own government did sit on it (got lucky one time with Snowden) and they will use it to their advantage.

2
0
Silver badge

My first reaction was that some "This is Microsoft" guy in India had finally hit the big time.

11
0
Silver badge
Trollface

Non-compete and Microsoft just belong in the same sentence don't they?

10
3

To: Trollface

"Non-compete and Microsoft just belong in the same sentence don't they?"

Yah! They could have given that contract to one of the other companies that wrote Windows!

Oh, wait.

8
2
Silver badge

Exactly. Its a good thing Microsoft never did anything dodgy to be that one company that owns Windows and Office.

5
1
Silver badge

"Non-compete and Microsoft just belong in the same sentence don't they?"

You left out 'up front payment in full'.

5
0

su&r

they call it the "shut up & reboot" program

3
0
Silver badge

Somehow I just feel this isn't going to end well.... 8" floppies and an old system are one thing as there's probably no hacker/cracker/miscreant can get to it. But MS and Windows... and whatever data gets shipped back to MS because some admin didn't disable all that telemetry...

5
1
Silver badge
Mushroom

Sure isn't

After all,, some unpatched hole in win 10 running the SAC main computers will show a nice result to an enterprising hacker

"Would you like to play a game?

A. Chess

B. Tic tac toe

C. Global thermo-nuclear war"

And anyone not wearing factor 3 million sunblock is going to have a really bad f***ing day ....

3
0
Bronze badge
Terminator

Microsoft Thermo Nuclear War ©

Obviously the Department of Defense is not to be taken seriously on any statements regarding 'cyber' security.

"the Government Accounting Office reported the protectors of America were keeping the ICBM targeting codes on eight-inch floppies."

Instead of an Azure app hosted on the Microsoft Nuclear Cloud ™ :o

5
0
Silver badge

Non-compete does not mean what you think it means

Unless Microsoft are being paid not to compete with the DoD (by not using their death star) that is a non-competition bid, not a non-compete agreement

6
0
Silver badge
Mushroom

I hope there is a new EULA

because the existing one absolved MS of any responsibility for anything.

"Mr President, Russia has launched a pre-emptive missile attack against us."

"That's Amazing, really Amazing. Won't that wall we just built keep them out?"

"No Mr President. We need to strike back. We have less than 5 minutes."

"No Shit. Ok Launch. I'll get Putin on the phone."

{two minutes later}

"Mr President, we can't launch any Missiles at Russia!"

"What? Were we hacked?"

"No. All the control computers were doing an operating system update. It is estimated that it will take another 30 minutes to compete."

"That's Amazing, really Amazing."

"mr President, you are mad."

"Yes I know. Don't I look good eh? Aren't I amazing? I'm really gonna make Amercia great, a great pile of Radioactive Junk. I'll bet Hillary couldn't have done this. Just Amazing."

Boom {see Icon}

9
1
Silver badge

Useless Movie Trivia Time:

As the article uses a picture from Kubrick's film Dr. Strangelove - the mainframe at Burpelson AFB in an IBM 7090/94.

4
0
Silver badge

"is"

1
0

This post has been deleted by its author

Gold badge
Coat

"Blue badge support"

In the UK that means they would all have disabled parking?

Seriously what an opportunity to run the whole thing through some major (but slow) analysis software and pick up any bad coding practices, bad security practices etc.

You know, the ones that seem to surface every few months due to a "buffer overflow" despite the claim it's a ground up rewrite, no old code pre Windows 7 or 8 and written after all the devs had security coding training.

I got some MS written code for an old support request. Its quality was underwhelming.

1
1
Bronze badge

Re: "Blue badge support"

MS runs a lot of automated code analysis as part of their security efforts - in fact, MS Research has some pretty state-of-the-art efforts when it comes to it.

And MS has certainly never claimed that Win7 or any other version was a complete rewrite. Quite the opposite in fact.

See for example https://channel9.msdn.com/shows/Going+Deep/Arun-Kishan-Farewell-to-the-Windows-Kernel-Dispatcher-Lock/ which details some of the efforts to improve (not rewrite) the Windows (NT) kernel (you know, the one first released in the early 90's) in Windows 7.

A complete rewrite wouldn't be a good idea for Windows, or any other comparable project. Especially not with those pesky real-world requirements like backwards compatibility.

You might be somehow confusing it with the switch of "consumer Windows" from the 95/98/Me lineage which meant an entirely different kernel and significantly, though not completely, different userland.

Wait, deja vu, I've posted this Before. Probably in a response to a similar post by you...

And finally - I have read a lot of MS source code. Like any big project spanning decades and thousands of developers, or even most significantly smaller ones, the overall quality is mixed, but with a decent average. And when it comes to the kernel (the one that has been in use all the way from the first release of NT to latest Win10 according to both MS marketing and reality), it's certainly a lot better structured and maintains a higher average quality than the kernel frequently held as the gold standard by rabid MS haters.

MS had significant issues with security in the early 2000's. They actually dealt with those, but some people's opinions persist. Nowadays if you actually compare vulnerability counts and severity between eg. IE/Edge and open source browsers they are at the very least comparable.

2
3
Bronze badge

Re: "Blue badge support"

Ms problems with security and the like are not caused by poor QA, its poor design.

The MS code base and install is too big and too interconnected.

I can strip down a Linux or BSD system to bare minimum; chuck all the stuff I dont want in it out. Christ I can even re-compile and use a different magic number in the ELF file, so the system will not run a binary that ive not built.

Cant get close to that with Windows.

3
0
Silver badge

The reason why they're using 56 year old mainframes and 8" floppies

Is because when they announce they're going to "modernize", they hold meetings to produce requirements and everyone throws in their pet features and the project inevitably sinks under its own weight.

They should instead have a project with the directive "replace exactly the functionality the current solution provides, nothing more, but be designed so that it can be incrementally extended with new functionality".

1
0
Vic
Silver badge

Re: The reason why they're using 56 year old mainframes and 8" floppies

"replace exactly the functionality the current solution provides, nothing more, but be designed so that it can be incrementally extended with new functionality".

"Nothing new, but something new". That's the sort of vague requirement that leaves the project undeliverable and yet still massively over-budget...

Vic.

0
0
Silver badge

Re: The reason why they're using 56 year old mainframes and 8" floppies

If you take an old mainframe program for which there's no source and replicate its functionality in a modern language on a modern system, it will automatically be extensible because you'll have source code and programmers who understand it (because they wrote it)

Same thing with replacing some ancient system using 8" floppies with a new one using USB (or maybe CDs would be better, since they can't be written) They probably can't add any functionality to the system using 8" floppies because it has only 32K RAM or something crazy like that. Put it on a modern system and that wouldn't be an issue.

But the first step in either case is "make it do exactly what the old system does". Then you can see what you want to add and start prioritizing. The project might go off the rails then if you try to do too much, but at least the modernization part will have been accomplished.

0
0
Anonymous Coward

Why would the IRS be using a 56 year old IBM mainframe? You can just buy a new one and get massively increased performance and storage (among many other benefits, like actual availability of support and spares). They are 100% backwards compatible with old software (even binaries) going all the way back.

Sounds like some hack think "mainframe" and/or "old software" means "ancient hardware".

0
0

The fact that System/360 was announced in the early 60's does not imply that every one using a z-Series system nowadays is "using a 56 year old mainframe".

The z-Series systems are based on high advanced hardware, https://en.wikipedia.org/wiki/IBM_z13_(microprocessor)

I guess that owners of modern Ford Mustangs or Dodge Challengers do not perceive their cars as being from the 60's or early 70's.

0
0

"A Microsoft spokesperson told The Reg Redmond has no comment on the matter"

that's because there are too busy counting all that money.

3
0

I guess ...

... they'll be trying to resurrect their Windows for Warships development program.

Before this, we hadn't had a ship disabled by a Zero since WWII

3
0
FAIL

I guess they need to find some new 0dayz since the NSA lost all their tools and everything got patched

2
0
Gold badge
WTF?

Wow, $1Bn up front.

Nice work if you can get it.

0
0

"...4 million windows 10 computers..."

Oh the pain, the pain......

0
0
Silver badge

Cash Cow Meets Fallen Idol ..... Flash Riots Begin Fiat Crashes and Market Crushes on Businesses

For its money the US is getting Blue Badge Cardholder support, meaning it gets first dibs on Microsoft code libraries, and technical support from actual Redmond employees instead of having to go through third-party suppliers – who typically wear orange badges when visiting the temple of St Bill.

When PAR for the course, is such a lock-in real news, Iain T, or much more a simple money churning exercise to keep an aged system from croaking online?

And should Microsoft be considered a titanic systemic risk and weapon graded for Wassenaar Arrangement inclusion. It ticks all the boxes with regard to practices …… http://forums.theregister.co.uk/forum/1/2016/12/21/wassenar_negotiations_fail/#c_3061289

Quite clearly is such thought and realised to be so here. And that is a catastrophically massive hole in defences to be filled and made good/properly safe and perfectly secure against both state and non-state actor exploitation.

One has to also accept the very real likelihood in an alternate way of working with Live Operational Virtual Environments of a catastrophically massive hole in defences to be filled and made good/properly safe and perfectly secure against both state and non-state actor exploitation, with both state and non-state actor exploitation to XSSXXXX Code Levels. Holes in defences are great business opportunities worth gazillions and quite naturally would IT invite all manner of interesting and interested parties to the attraction.

0
0
Silver badge
FAIL

waste, fraud, and abuse - no need to look further

seems to ME that this has been an example of 'waste, fraud, and abuse' rather than ensuring readiness. Micro-shaft's last-minute reward for contributing to OBAKA and Mrs. Clinton, perhaps?

As the old guard leaves the white house, they get in some last minute return of favors. "Corporate Welfare" indeed.

0
1

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017