[LWN Logo]
[LWN.net]

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page
All in one big page

See also: last week's Back page page.

Linux links of the week


Red Hat's new news site has launched: see Wide Open News to see what can be done through the application of large amounts of money.

The Open Source Remote Sensing Effort is a new page which has been set up to support free software in remote sensing and GIS applications. The site seems mostly oriented toward news items at the moment, but they are also working toward building a remote sensing code base. And they are seeking volunteers, of course...

Section Editor: Jon Corbet


November 11, 1999

   

 

Letters to the editor


Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.
 
   
Date: Mon, 8 Nov 1999 18:40:05 +1030 (CST)
From: Michael.Davies@iagu.net
To: letters@lwn.net
Subject: DVD encryption


>From Security:News and Editorials:The DVD Crack, lwn Nov 4, 1999:
> Meanwhile, of course, the issue of keeping encryption algorithms 
> secret has been raised again. Some will argue that the algorithm 
> would not have been broken if it were not exposed. The rest of us 
> will argue that a public-review process would have prevented the
> use of a weak algorithm and therefore prevented this fiasco for 
> the DVD industry. 

It's interesting that hidden algorithms are still touted as great for 
security.  This crack would've occured eventually - the publishing of 
DeCSS only sped up the process!

Open source encourages good security by public scrutiny.  Viva Open Source!

I think Schneier says it best in "Applied Cryptography.  2nd Ed.", where 
he says in the preface:

"If I take a letter, lock it in a safe, hide the safe somewhere in New
 York, then tell you to read the letter, that's not security.  That's
 obscurity.  On the other hand, if I take a letter and lock it in a safe,
 and then give you the safe along with the design specifications of the
 safe and a hundred identical safes with their combinations so that you and
 the world's best safecrackers can study the locking mechanism - and you
 still can't open the safe and read the letter - that's security."

Michael...

   
Date: Mon, 8 Nov 1999 23:13:41 +0900 (JST)
From: David Moles <deivu@tomigaya.shibuya.tokyo.jp>
To: letters@lwn.net
Subject: Cobalt IPO

The coverage of the Cobalt Networks IPO seems to be focusing on the
fact that Cobalt opened at more than five times its IPO price ($140
vs.  $22), whereas by comparison RedHat opened at less than three
times its IPO price ($46 vs. $14). Cobalt's IPO is therefore being
heralded as the more successful. And as far as Cobalt and its original
investors are concerned, I suppose it was -- after all, the purpose of
an IPO is to raise money for those folks.

But what about the poor saps that bought Cobalt after the IPO? Cobalt
finished the day at $128, and never went lower than $120. Sure, that's
still nearly five times the IPO price -- but if you didn't get in at
$22, chances are you lost money. Compare RedHat, which finished a
respectable $6 over its opening price and is still trading at nearly
twice that opening price (after briefly hitting nearly three times the
opening price a few weeks ago). Does anyone think that Cobalt will be
trading at $250 in three months?

-- David Moles
   
To: mailroomuk@zd.com
Subject: Re: http://www.zdnet.co.uk/news/1999/43/ns-11241.html
Date: Fri, 05 Nov 1999 21:04:23 -0500
From: Tom Culliton <culliton@clark.net>

I found one of the bullet points in the article about Stan Dormer's
take on Linux security uterly mind boggling.

"Freeware may contain bugs and is not as widely available as
commercial software"

A bit of thought about this paired assertion should be enough in and
of itself to undermine his credibility.

"Freeware may contain bugs" - and commercial software doesn't?  Anyone
who has ever read a shrink wrap license should burst into incredulous
laughter at the mere thought.  A basic tennet of the industry is that
no software is perfect.  You can get many '9's but never 100%.

The critical difference is that at least with OSS you have a chance,
and a very good one at that, of getting the problem fixed.  After
nearly two decades in the systems business and seeing lots of bugs in
"commercial software", I can still count the number of times a vendor
has ever provided a timely fix on one hand, and that only in a case
where we had a very big stick indeed to wave at them.  Most folks
wouldn't need a single finger to count the positive responses.  I've
also seen cases where nasty bugs, that have been widely reported, in
multiple versions of a commercial package, are never fixed.

On the other hand the Free or OSS software world has fixed things in
hours on more occasions than I can begin to count.  This does NOT mean
that I've seen a higher defect rate in OSS, rather that I use OSS by
preference, and my preference is strongly tied to the high percentage
of "positive resolutions" I've seen.  There is common false perception
of "look at all those fixes, there sure must be a lot of bugs in OSS"
when the real case is that you're seeing things fixed and released as
fast as they're found, which would linger in commercial packages for
months or even years, possibly fixed in the next release many months
down the line, possibly not, but they're not saying.

Of course the real gem is, "and (free software) is not as widely
available as commercial software".  This is like saying that milk is
less widely available than it used to be, because the milkman doesn't
deliver it to your door any more.  By it's very nature OSS is self
service, get on the net, find it (which isn't much harder than finding
the dairy aisle in the store these days), pick out what you need, and
take it home.  Oh and don't bother to stop at the counter and pay,
it's on the house.  Even if Mr. Dormer wants to claim that he meant
something else like, "there's no free software equivalent of XYZ",
he's probably wrong, and even if there isn't, there's probably someone
working on it.

As a long time, second generation (used "green bar" was my coloring
paper), software/systems professional I'd claim that OSS is what
software should be in terms of quality, availability, reliability,
maintainability (I'm sure someone will point out why you wouldn't buy
a car with the hood welded shut), and last of all price.
   
From: DaiCorry@aol.com
Date: Thu, 4 Nov 1999 12:56:41 EST
Subject: Re "Windowing"
To: letters@lwn.net

Dear Sirs:

  I have read with interest your articles on the
McDonnell-Douglas "windowing" patent. 

  A personal note: I came up with this technique 
independently in 1983, and implemented it in an
unreleased version of a database programming
language called The Sensible Solution (long since
defunct, and I doubt that any source survives). 
"Sensible" stored dates internally as Julian integers, 
but allowed entry in either YY or YYYY format.

  I called it "pivoting" (the trigger year being 
the "pivot" for a century-wide "see-saw"). My version 
also allowed you to pre-configure or programmatically
set the base century as well: we had a customer who 
was tracking Civil War grave sites.

  I say this neither to brag nor to claim priority.
I remember thinking that someone else MUST have
thought of it already. At the time I thought it an 
elegant solution to a problem, but no more than that: 
just the sort of routine invention that every competent 
programmer does every day. 

  It would never have occurred to me to patent it, 
and if the suggestion had been made I would have 
dismissed it as ludicrous.

  I still would.

                          Sincerely,
                          Davidson Corry
   
From: Bruno Haible <haible@ilog.fr>
Date: Thu, 4 Nov 1999 22:09:51 +0100 (MET)
To: letters@lwn.net
Subject: Re: "windowing" patent


If you look up the patent's text [1], you see that it is about dates
"stored in a database". As a consequence, the Linux kernel source is not
violating that patent. And on the other hand, neither the Linux 1.2.13
kernel source nor the ANSI Common Lisp standard issued in 1994 [3] are
prior art.

              Bruno

[1] http://www.patents.ibm.com/details?pn=US05806063__
[2] http://www.harlequin.com/education/books/HyperSpec/Body/sec_25-1-4-1.html

ObDisclaimer: When Gregor Samsa woke up that morning, he found himself
in his bed transformed into a lawyer.
   
Date: Thu, 04 Nov 1999 21:17:38 -0500
From: Terry Poston <tposton@ezonline.com>
To: letters@lwn.net
Subject: McDonnell Douglas Windowing Patent


Another example of prior art is the Pick Operating system. This database
stores its dates as an integer value representing the number of days
after December 31, 1967. It also has a windowing mechanism that allows
the system to decide whether a date is in the next millenium. This has
been in place for as long as I've known about Pick, about 17 years.

To make things even more interesting, McDonnell Douglas at one time had
a licence to redistribute the Pick OS, which they did under the name
Reality.

Maybe that's where they got the idea....

Terry Poston (tposton@ezonline.com)

   
Date: Fri, 05 Nov 1999 07:14:07 -0700
From: Alan Robertson <alanr@bell-labs.com>
To: letters@lwn.net
Subject: Windowing Patent

Dear LWN:

The earliest code which implements the "windowing patent" that I'm familiar with
was released in special versions of DOS for AT&T's PC6300 computers
(pre-Windows) in the early-mid 80's.

These computers predated the PC/AT BIOS code, and had a 3 or 4-bit date in their
hardware clocks, so they had the rollover problem every few years, and they used
a similar technique for determining which year it was.

In order to teach myself programming the "hot new PC environment", I had written
a DOS program in Turbo C which called up NIST in Boulder and set the hardware
clock from NIST time.  Who knows, I *might* even be able to find it somewhere
:-)


	-- Alan Robertson
	   alanr@bell-labs.com
 

 

 
Eklektix, Inc. Linux powered! Copyright © 1999 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds