Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Linux History Letters All in one big page See also: last week's Letters page. |
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. |
January 3, 2002 |
From: craig@postnewspapers.com.au To: letters@lwn.net Subject: re: Galeon release announcement Date: Thu, 20 Dec 2001 17:36:51 +0800 While I know its been done to death, Mr Ashworth's letter about galeon's dependencies really annoyed me. Tell me, would you prefer it if the app developers built against old versions of libraries, without any of the new features or other improvements, so the app would install on old systems? Or would you like a faster, more reliable app that you have to update some libs to run? Perhaps the app developers should just never update their lib support so that the app can be compiled for Red Hat 1? You have to draw the line somewhere. I, personally, like "yesterday" because if you can download the app, you can download its deps too. There is no reason for an app developer to build against outdated libraries. If you want a version of galeon that will install seamlessly, wait 'till Red Hat package a version for Red Hat 6.2. Its not the Galeon developer's problem to support various distros, and especially not old versions of them. An upgrade to a newer version of a distro is largely painless. You don't have to pay for an "upgrade licence," you can just borrow the disks if you don't want to buy them. You don't even have to update the entire distro, you have the choice of just updating the required libs. Dependency management is (finially) making its way into RPM based distros anyway, so hopefully soon you'll be able to "apt-get install galeon". -- Craig Ringer IT Manager POST Newspapers http://www.postnewspapers.com.au/ http://oberthur.dyndns.org/~craig/ GPG Key Fingerprint: AF1C ABFE 7E64 E9C8 FC27 C16E D3CE CDC0 0E93 380D | ||
From: Peter Lawson <peter.w.lawson@noaa.gov> To: letters@lwn.net Subject: Installing applications Date: Thu, 20 Dec 2001 11:46:04 -0800 To the Community of Linux Developers -- Warning -- this is a rant. I have been using Linux since before the birth of RedHat, but I am not a sophisticated user. I am one of those who wants a stable, capable desktop that is easy to administer. At this point in my career I do not want to spend a lot of time learning the innards of my OS or tinkering to get things working, but I frequently do. Last month I took a full day to get my CD-ROM burner running because the HOW-TOs were out of date and the FAQ answers too terse. Someone with knowledge of the system could have written a configuration script that would have worked 95% of the time and saved a lot of users a lot of pain. Today I learned of a nifty software package that looks like it could make Linux more useful and reduce my lingering dependence on (shudder) windows for certain tasks. The problem is I can't get the damn thing to run, because I either do not have, or it can't find, certain libraries. I don't feel like I should have to muck around finding and installing new libraries, breaking dependencies, configuring PATHs, etc. until this wonderful package stops complaining and decides to run. Wash my mouth out with soap, but if I were using windows I would just double click on setup.exe and trust to the good will and competence of the author to cram his/her program onto my system without breaking it. Usually it works. Why can't it be that easy in Linux? If Linux wants to capture more than the recently reported 0.25% of the desktop market we, as a community, must find a way to make it simple to install new applications. Most people are not going to pound their heads against some obscure installation problem in Linux when they can do the same thing in windows and it *just works*. Linux will become popular on the street when it becomes easier to use than windows. -- Peter W. Lawson Fishery Biologist National Marine Fisheries Service | ||
From: "Bill Rugolsky Jr." <brugolsky@yahoo.com> To: letters@lwn.net Subject: Skylarov and bad US law. Date: Thu, 20 Dec 2001 09:07:32 -0500 In LWN for 011220, you wrote: "The end of the Sklyarov prosecution is the loss of, perhaps, the best opportunity to mount a powerful constitutional challenge to the DMCA. Some have criticized Dmitry for having accepted the agreement, saying it was his duty to resist to the end. That criticism does not stand up, however. Mr. Sklyarov was a Russian citizen facing 25 years of imprisonment in the U.S. To say that his duty to help the American people in fighting one of their bad laws overrides his duty to his family, or, indeed, to himself, is inappropriate. He did not choose this fight, and nobody has the right to tell him that he can not withdraw from it." Thank you for bringing some calm reason to the rantings of the self-righteous. Any U.S. citizen who wants to mount a constitutional challenge to the DMCA is welcome to do so, at the risk of his personal wealth and liberty. This is not a difficult task, requiring at most a few weekends worth of concentrated effort to break the vast majority of copy-protection schemes in use today. Regards, Bill Rugolsky | ||
From: Gareth Bowker <tgb96@aber.ac.uk> To: letters@lwn.net Subject: Re: Microsoft's security bugs (lwn daily pages 2001-12-21) Date: Fri, 21 Dec 2001 21:25:02 +0000 LWN wrote on 2001-12-21 re Microsoft's security bugs : > The thing that stands out to some of us, though, is that it took Microsoft > five weeks to get a fix out. Martin Schulze (in DWN) wrote: > On Fixing Security Critical Bugs. Javier Fernández-Sanguino Peña made > some [4]analysis regarding vulnerabilities detected and posted to the > Bugtraq list and those sent as [5]Debian Security Announcements > (DSAs). His analysis reveal that for the last year it has taken Debian > an average of 35 days to fix security-related vulnerabilites. Doesn't it seem a little hypocritical to be slating MS for their 35-day bugfix, when Debian's average is, er, 35 days? Cheers, Gareth (a Debian user) | ||
From: "Jay R. Ashworth" <jra@baylink.com> To: letters@lwn.net Subject: The General Public Virus Date: Tue, 25 Dec 2001 01:32:51 -0500 That's a popular snide comment to make about RMS's baby, the GPL. There is, as was noted in last weeks' LWN, much discussion, and no small amount of acrimony about the license. It's *my* considered opinion that we owe Linux to it -- at least, Linux as we see it today, where our plans for World Domination are proceeding precisely on schedule. But regardless of that, it's a completly different aspect of it's virulence I come to talk to you about today. How many copies of it do you have on your drive? Need an extra couple meg of free space? Try # find / -name COPYING -exec rm {} \; I got 2.6MB back. Think of it as my Christmas present to you all. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Baylink RFC 2100 The Suncoast Freenet The Things I Think Tampa Bay, Florida http://baylink.pitas.com +1 727 647 1274 "If you don't have a dream; how're you gonna have a dream come true?" -- Captain Sensible, The Damned (from South Pacific's "Happy Talk") | ||
From: Grant Bowman <grantbow@svpal.org> To: Larry Augustin <lma@valinux.com> Subject: Concerns about SourceForge Open Edition Date: Thu, 20 Dec 2001 16:13:58 -0800 Cc: Eric Raymond <esr@thyrsus.com>, Patrick Fossenier <pfossenier@valinux.com>, Eureka Endo <eureka@valinux.com>, Marla Kramer <mkramer@vasoftware.com>, Amit Chopra <amit.chopra@csfb.com>, James Byers <jbyers@valinux.com>, Patrick McGovern <pat@sourceforge.net>, Jacob Moorman <moorman@users.sourceforge.net>, Dan Bressler <db@valinux.com>, lwn@lwn.net, editors@newsforge.com, coopx@coopx.eu.org, Keith Backman <keith.backman@abnamro.com>, Prakesh Patel <prakesh.patel@wrhambrecht.com>, Betsy Schiffman <bschiffman@forbes.com>, Tish Williams <twilliams@thestreet.com>, Stephen Shankland <stephens@cnet.com>, Jack Bryar <jack_b@newsforge.com>, Jeff Bates <hemos@slashdot.org> Hello Mr. Augustin, I am writing this open letter <http://www.grantbow.com/letter.html> today regarding my concern for the lack of comprehensive response from VA and SourceForge staff to inquiries regarding the SourceForge Alexandria project and/or SourceForge Open Edition collaborative software development (CSD) software. A document now removed from your site indicated plans for the release of the Open Edition. My intent is to seek the status of present and future Alexandria/Open Edition source code. VA Software Corporation is a public leader in the efforts to legitimize business use of Open Source software and legitimize business plans promoting Open Source software. A lack of comment from any level of your company feels like something is being covered up or quietly dismissed as unimportant. I maintain that the license used by software that hosts so many of the Open Source community's projects (including one I develop) is highly relevant and needs to be addressed clearly. The projects hosted on SourceForge.net all rely on the functioning of the CSD services (each provided by Open Source components) that your company generously hosts on SourceForge.net. The hosted projects rely on the software which powers SourceForge.net. I feel an important premise is and has been that the base software running SourceForge.net will itself be available using an Open Source license. Proprietary extensions seem a separate matter. Good faith efforts to clarify the intentions for Alexandria and the Open Edition have been made by many people spanning weeks, yet none of them have received answers. This includes inquiries on the public forums of the Alexandria project. Several forked efforts based on the Alexandria 2.6.1 GPL version from earlier this year are presently under development due to a lack of guidance from VA and fear regarding the future actions or lack of action by VA and SourceForge staff. These and other actions the community has witnessed seem out of character for a company that was born from and has supported the Open Source community in so many other ways. In the spirit of this holiday season, I hope that this lack of clarity can be resolved. I hope you, someone within VA Software or an internal working group will address the licensing and related issues thoroughly and promptly. I have tried to send this and previous emails to people who I hope will be able to respond or who may be interested in this apparent change in your strategy. My intent is to seek the status of present and future Alexandria/Open Edition source code. Any help you can provide would be most appreciated. Regards, -- -- Grant Bowman <grantbow@svpal.org> | ||
From: Leon Brooks <leon@cyberknights.com.au> To: ukgovtalk@citu.gsi.gov.uk Subject: Open Source Software (1 of 2) Date: Tue, 1 Jan 2002 20:28:16 +0800 Cc: letters@lwn.net I commend the UK government for the courage and foresight to directly address new and vital technologies such as Open Source, when many other ``leading'' governments are fiddling about while their various IT Romes burn. I would like to encourage and support you in this effort. You have asked for constructive criticism, although it is labelled consultation, and I hope the following will be both useful and illustrative. The page http://www.govtalk.gov.uk/rfc/rfc_document.asp?docnum=429 has an obvious oversight in that both of the formats offered for download are proprietary, and the whole point of the document is to discuss avoiding proprietary software and associate file formats. To illustrate the Open Source attitude to such shortcomings - namely, fixing it is more helpful than whining and sitting back - following is a solution for this bug, namely attachments in a variety of different, non-proprietary formats. As well as encouraging you, I would encourage all Open Source advocates to respond in the spirit or co-operative helpfulness, rather than simply nitpicking, as is the general habit of the human race. The .html file should be pretty much self-explanatory, except that the missing characters are non-standard proprietary additions which fall within both the ISO-8859-1 and UniCode control character ranges, so have been deleted. The .gif and .png files are associated with it and were extracted from the Microsoft Word document using OpenOffice. The .sxw file is an OpenOffice 6 document, the .rtf is in Rich Text Format, and the .ps.gz file is compressed PostScript. All represent the same document. To further illustrate Open Source methods, and to demonstrate that Open Source software is able to interoperate with proprietary software if given a reasonable chance, I have also returned a patched version of your Microsoft Word file. You will note that the new document is about one third the size of the original, but lacks no significant information. It is also absolutely guaranteed to be free of Macro Viruses. This is achieved by reading it into OpenOffice and saving it back into the original format. OpenOffice takes care not to include your passwords, revision information and whatever other junk happened to have been sitting around in your computer's memory when Word last saved your document. This is one reason why very few lawyers use Word as a document interchange format. As to the content of the document: > starting to take a significant market share in some specific parts of > the software infrastructure market. NetCraft histories show that it has taken a significant market share of most parts of the software infrastructure market. Counting by dollars or unit sales is not at all relevant when the product is low-cost or free, and can be liberally and legally reinstalled, duplicated, handed on and otherwise multiplied without sales being documented. It would be fairly true to say that it has a significant share in practically every computer market except for ``desktop'' systems. It is also worth noting that much proprietary software (including, by way of a significant example, many components of Microsoft's Windows operating system) is based on Open Source software which follows the BSD licence style. > Contracts will be awarded on a value for money basis. This at first would seem to favour Open Source software, but in reality the major OSS cost benefits do not appear up front. They lie in reduced maintenance, upgrade and future licencing costs, the absence of licence management, and in costs more difficult to quantify which are associated with such abstract factors as the market culture associated with each type of system. For a concrete example of a hidden cost, there is generally no place on a tender form to specify negative costs for reboots which no longer happen, and virussed attachments which no longer clog mail servers, and nor are tenderers required to specify how much these things are likely to cost a purchaser. A further important justification appears to be missing. The authors of Open Source products often include citizens of the United Kingdom, and equivalents in members of the European Union, and use of OSS serves not only to support and encourage their efforts, but also to leave more of the available work in the hands of local tradesmen rather than sending it overseas to assist someone else's trade balance. Thank you for the opportunity to comment. Sincerely yours, Leon Brooks Director, CyberKnights Pty Ltd Western Australia | ||
From: Myrddin Ambrosius <imipak@yahoo.com> To: letters@lwn.net Subject: A commentary on O'Reilley's commentary Date: Sat, 29 Dec 2001 13:11:32 -0800 (PST) Hi, Here's a quick critique of O'Reilley's commentary on the "Future of the Internet" RFC. First, multi-protocol support exists, and has existed, on the Internet for some time. It's called "tunneling". Tunnels allow you to connect any two machines/networks in the world, and transport any protocol between them. Ok, this uses the IP layer as an underlying network protocol, but this is irrelevent as far as support for other protocols is concerned. If support is layered, parallel, or purple, it's still support. Second, DoS attacks (including distributed ones) are a pain, but hardly a killer. The Internet certainly has DoS-stoppers in place -- it's just a question of people using them. Let's start with flooding from a single source. For this, you want a firewall and a source-based queue. The firewall will block ICMP floods, and the source-based queue will kill off TCP flooding from a specific machine or network. (It also stops the router/firewall being killed by TCP flooding.) The queue should be set up to reject overly-large bursts outright. For distributed flooding, you add a CBQ (Class-Based Queue) + RED (Random Early Detection) layer AFTER the source-based queues. This will limit the overall traffic plus the traffic per class. Flooding simply falls off the class queue, or gets dumped to prevent network overload. Again, you configure the queue to reject overly-large bursts. Is there any other way to prevent DoS? Certainly. If you only allow connections from machines with IPSEC support and valid certificates, then you're not in any peril of connections from phantom machines (one big TCP DoS technique). The connection would never be established, as the IPSEC layer would reject it outright. Ok, you've done all of this, but someone finds some novel way to overload your poor server, even so. Is there anything you can do? Again, yes. Run MOSIX, or some other transparent clustering software, and turn a group of machines into a mega-server. You've now raised the bar, substantially. Because the Internet is a noisy place, at the best of times, packets are going to be lost in intermediate routers. Doubling the number of servers doubles your capacity, but doubling the number of attacking machines will less than double the number of packets that get through. Last, but by no means least, if the OSI standards are so dead, why is everyone using X.509 certificates, often served from an LDAP server? I'd check the pulse again, before burying anything. Jonathan Day | ||
From: Leon Brooks <leon@cclinic.com.au> To: letters@lwn.net Subject: Between the lines, drawing the lines: a call to action Date: Thu, 3 Jan 2002 09:39:21 +0800 There is a point to this commentary, and an important question at the end. >From http://www.theregister.co.uk/content/4/23518.html, Brian Valentine speaking: > We have the best d*mn sales force in the world backed by the best > engineers in the world The entire email is sales oriented, just as the entire company is sales oriented. Features like actual functionality, reliability, security and so on are largely irrelevent and don't rate a mention in the email at all. The attitude is ``we're gonna sell it - oh, and I suppose we'll support it too.'' The selling is what drives and controls everything. > they [Linux] are a competitor and we will compete. Paul Allen funded the PBS Evolution series, and between the lines we see the same attitude here. History is clear that ``compete with'' is Microsoft jargon for ``try really hard to exterminate.'' Do you remember ``DOS ain't done 'till Lotus won't run?'' > We need to be there when they are making these decisions and prove > to them the Windows platform is the best platform for them across any > aspect of their business. Note the absence of a case-by-case attitude. Windows is best for everything, they say, now let's figure out how to prove that to you and never mind whether this reflects reality or not. One-eyed Linux fans have a bad name for this kind of thing, but Microsoft are the professionals and the true leaders in the field of zealotry. > Oh -- and you can bet anyplace IBM is talking to your accounts, they > are saying Linux and switching to higher end non-pc systems. With the > current economic times we are living in, just about every customer is > looking into how they can get rid of those over-priced, legacy Unix > systems and ride the PC economics wave. Translation: induce people to stick with crappy PCs. Anything new, revolutionary, adventurous that you see: step on it, because we don't own that market. See if you can figure this out: IBM zSeries bad, Windows cluster good. Why? Because you have all your eggs in one basket, they say, never mind the 60 year MTBF, the frightening licencing cost of Microsoft's competing proposals, the need for a cluster to even compete on reliability grounds since the software is inherently unstable. If you can't do it right, you must do it over again, and a cluster of unreliable servers is basically a demonstration of this. > It's crucial that you get out there with your TSP/SE/MCS folks and do > actual walkthroughs in your accounts. Ask open ended questions; find > out what they're evaluating for both key projects as well as smaller, > more tactical projects. Ask about the 'connector' pieces -- you'll > potentially find Linux in these areas. In other words, poke your nose into your customers' business. > Much like the support "communities" that define the Linux experience, > the FCS team will strive to build a community to cooperate in winning > business against Linux. I wonder how often Microsoft will ``fire'' them as they did with their Most Valued Professionals (MVP) community? > The DH Brown report will be customer ready and will help your > customer understand just how competitive Microsoft is in this arena. Or else will vanish silently if it turns out that there's no way to fudge figures to say what Microsoft wants them to say. > ETA for this tool is in May and it will be a great tool to help you > sell the value of Windows solutions over Linux. It's pretty clear by now that these figures will be puppets, isn't it? > I want to give you folks all the information I can in a very open way. Which he hasn't done, listening to the doublespeak in this email. At first glance, this email looks like the ``same old same old'' but it seems to me that an important point could be missed. They're effectively expanding their Microsoft Consulting approach, which is to go in after a sale, focussing on specific issues to the exclusion of any important and real considerations that might speak against Microsoft's products and systems. With a database. To misquote a certain donkey, ``I've got a pack of lies and I'm not afraid to use it!'' While there are many Linux HOWTOs and advocacy FAQs and the like out there, and corporations like Mandrake are helping by actively pursuing positive case studies, there seems to be no direct equivalent to Microsoft's knowledge-base of tricks to winkle Windows in anywhere you want. Linux doesn't depend on sales for survival, as Microsoft do. But unless Linux and fellow travellers like FreeBSD maintain and extand their share of IT space, Microsoft will ``compete'' us into the ground. If a Microsoft lock-in inconveniences two percent of all computer users, nothing will be done. If it inconveniences 20%, something may be done. If it inconveniences 50%, something will be done. I don't have a suitable server to hand, or more specifically suitable bandwidth, to offer a weblog/wiki style service for building a how-to-defeat-Microsoft's-tricks knowledge base, but I believe that it is an important thing to do, and do soon. As Be discovered, and the US government appears reluctant to learn this, treating Microsoft as just another competitor - albeit a hard-ball player - is a lethal mistake. Let's not make it. We won't have a second chance, none of their vict^H^H^Hcompetitors ever do. Cheers; Leon | ||
|