Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page All in one big page See also: last week's Back page page. |
Linux links of the weekRed Hat's new news site has launched: see Wide Open News to see what can be done through the application of large amounts of money. The Open Source Remote Sensing Effort is a new page which has been set up to support free software in remote sensing and GIS applications. The site seems mostly oriented toward news items at the moment, but they are also working toward building a remote sensing code base. And they are seeking volunteers, of course... Section Editor: Jon Corbet |
November 11, 1999 |
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
Date: Mon, 8 Nov 1999 18:40:05 +1030 (CST) From: Michael.Davies@iagu.net To: letters@lwn.net Subject: DVD encryption >From Security:News and Editorials:The DVD Crack, lwn Nov 4, 1999: > Meanwhile, of course, the issue of keeping encryption algorithms > secret has been raised again. Some will argue that the algorithm > would not have been broken if it were not exposed. The rest of us > will argue that a public-review process would have prevented the > use of a weak algorithm and therefore prevented this fiasco for > the DVD industry. It's interesting that hidden algorithms are still touted as great for security. This crack would've occured eventually - the publishing of DeCSS only sped up the process! Open source encourages good security by public scrutiny. Viva Open Source! I think Schneier says it best in "Applied Cryptography. 2nd Ed.", where he says in the preface: "If I take a letter, lock it in a safe, hide the safe somewhere in New York, then tell you to read the letter, that's not security. That's obscurity. On the other hand, if I take a letter and lock it in a safe, and then give you the safe along with the design specifications of the safe and a hundred identical safes with their combinations so that you and the world's best safecrackers can study the locking mechanism - and you still can't open the safe and read the letter - that's security." Michael... | ||
Date: Mon, 8 Nov 1999 23:13:41 +0900 (JST) From: David Moles <deivu@tomigaya.shibuya.tokyo.jp> To: letters@lwn.net Subject: Cobalt IPO The coverage of the Cobalt Networks IPO seems to be focusing on the fact that Cobalt opened at more than five times its IPO price ($140 vs. $22), whereas by comparison RedHat opened at less than three times its IPO price ($46 vs. $14). Cobalt's IPO is therefore being heralded as the more successful. And as far as Cobalt and its original investors are concerned, I suppose it was -- after all, the purpose of an IPO is to raise money for those folks. But what about the poor saps that bought Cobalt after the IPO? Cobalt finished the day at $128, and never went lower than $120. Sure, that's still nearly five times the IPO price -- but if you didn't get in at $22, chances are you lost money. Compare RedHat, which finished a respectable $6 over its opening price and is still trading at nearly twice that opening price (after briefly hitting nearly three times the opening price a few weeks ago). Does anyone think that Cobalt will be trading at $250 in three months? -- David Moles | ||
To: mailroomuk@zd.com Subject: Re: http://www.zdnet.co.uk/news/1999/43/ns-11241.html Date: Fri, 05 Nov 1999 21:04:23 -0500 From: Tom Culliton <culliton@clark.net> I found one of the bullet points in the article about Stan Dormer's take on Linux security uterly mind boggling. "Freeware may contain bugs and is not as widely available as commercial software" A bit of thought about this paired assertion should be enough in and of itself to undermine his credibility. "Freeware may contain bugs" - and commercial software doesn't? Anyone who has ever read a shrink wrap license should burst into incredulous laughter at the mere thought. A basic tennet of the industry is that no software is perfect. You can get many '9's but never 100%. The critical difference is that at least with OSS you have a chance, and a very good one at that, of getting the problem fixed. After nearly two decades in the systems business and seeing lots of bugs in "commercial software", I can still count the number of times a vendor has ever provided a timely fix on one hand, and that only in a case where we had a very big stick indeed to wave at them. Most folks wouldn't need a single finger to count the positive responses. I've also seen cases where nasty bugs, that have been widely reported, in multiple versions of a commercial package, are never fixed. On the other hand the Free or OSS software world has fixed things in hours on more occasions than I can begin to count. This does NOT mean that I've seen a higher defect rate in OSS, rather that I use OSS by preference, and my preference is strongly tied to the high percentage of "positive resolutions" I've seen. There is common false perception of "look at all those fixes, there sure must be a lot of bugs in OSS" when the real case is that you're seeing things fixed and released as fast as they're found, which would linger in commercial packages for months or even years, possibly fixed in the next release many months down the line, possibly not, but they're not saying. Of course the real gem is, "and (free software) is not as widely available as commercial software". This is like saying that milk is less widely available than it used to be, because the milkman doesn't deliver it to your door any more. By it's very nature OSS is self service, get on the net, find it (which isn't much harder than finding the dairy aisle in the store these days), pick out what you need, and take it home. Oh and don't bother to stop at the counter and pay, it's on the house. Even if Mr. Dormer wants to claim that he meant something else like, "there's no free software equivalent of XYZ", he's probably wrong, and even if there isn't, there's probably someone working on it. As a long time, second generation (used "green bar" was my coloring paper), software/systems professional I'd claim that OSS is what software should be in terms of quality, availability, reliability, maintainability (I'm sure someone will point out why you wouldn't buy a car with the hood welded shut), and last of all price. | ||
From: DaiCorry@aol.com Date: Thu, 4 Nov 1999 12:56:41 EST Subject: Re "Windowing" To: letters@lwn.net Dear Sirs: I have read with interest your articles on the McDonnell-Douglas "windowing" patent. A personal note: I came up with this technique independently in 1983, and implemented it in an unreleased version of a database programming language called The Sensible Solution (long since defunct, and I doubt that any source survives). "Sensible" stored dates internally as Julian integers, but allowed entry in either YY or YYYY format. I called it "pivoting" (the trigger year being the "pivot" for a century-wide "see-saw"). My version also allowed you to pre-configure or programmatically set the base century as well: we had a customer who was tracking Civil War grave sites. I say this neither to brag nor to claim priority. I remember thinking that someone else MUST have thought of it already. At the time I thought it an elegant solution to a problem, but no more than that: just the sort of routine invention that every competent programmer does every day. It would never have occurred to me to patent it, and if the suggestion had been made I would have dismissed it as ludicrous. I still would. Sincerely, Davidson Corry | ||
From: Bruno Haible <haible@ilog.fr> Date: Thu, 4 Nov 1999 22:09:51 +0100 (MET) To: letters@lwn.net Subject: Re: "windowing" patent If you look up the patent's text [1], you see that it is about dates "stored in a database". As a consequence, the Linux kernel source is not violating that patent. And on the other hand, neither the Linux 1.2.13 kernel source nor the ANSI Common Lisp standard issued in 1994 [3] are prior art. Bruno [1] http://www.patents.ibm.com/details?pn=US05806063__ [2] http://www.harlequin.com/education/books/HyperSpec/Body/sec_25-1-4-1.html ObDisclaimer: When Gregor Samsa woke up that morning, he found himself in his bed transformed into a lawyer. | ||
Date: Thu, 04 Nov 1999 21:17:38 -0500 From: Terry Poston <tposton@ezonline.com> To: letters@lwn.net Subject: McDonnell Douglas Windowing Patent Another example of prior art is the Pick Operating system. This database stores its dates as an integer value representing the number of days after December 31, 1967. It also has a windowing mechanism that allows the system to decide whether a date is in the next millenium. This has been in place for as long as I've known about Pick, about 17 years. To make things even more interesting, McDonnell Douglas at one time had a licence to redistribute the Pick OS, which they did under the name Reality. Maybe that's where they got the idea.... Terry Poston (tposton@ezonline.com) | ||
Date: Fri, 05 Nov 1999 07:14:07 -0700 From: Alan Robertson <alanr@bell-labs.com> To: letters@lwn.net Subject: Windowing Patent Dear LWN: The earliest code which implements the "windowing patent" that I'm familiar with was released in special versions of DOS for AT&T's PC6300 computers (pre-Windows) in the early-mid 80's. These computers predated the PC/AT BIOS code, and had a 3 or 4-bit date in their hardware clocks, so they had the rollover problem every few years, and they used a similar technique for determining which year it was. In order to teach myself programming the "hot new PC environment", I had written a DOS program in Turbo C which called up NIST in Boulder and set the hardware clock from NIST time. Who knows, I *might* even be able to find it somewhere :-) -- Alan Robertson alanr@bell-labs.com | ||
|