[LWN Logo]
[LWN.net]

Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page
All in one big page

See also: last week's Back page page.

Linux links of the week


Take a break and laugh along with GNU. Here you'll find the Emacs Song, learn about the pasta theory of software, and meet the VAXorcist:
SYSMGR: Maybe it's hibernating.

VAXORCIST: Unlikely. It's probably trying to lure us into a false sense of security.

SYSMGR: Sounds like VMS alright. (VAXORCIST gives him a dirty look)

The Wireless LAN resources for Linux page is a comprehensive collection of information on how to be on the net and unplugged at the same time.

Section Editor: Jon Corbet


February 17, 2000

   

 

Letters to the editor


Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.
 
   
Date: Thu, 10 Feb 2000 21:18:19 +0100
From: Laurent Guerby <guerby@acm.org>
To: letters@lwn.net
CC: guerby@acm.org
Subject: SourceForge

Hi,

There is an easy way for the SourceForge people to clear the air and
to be catastrophe-proof: encourage mirroring of SourceForge
content. If there is a copy of major static data (CVS, mailing list
archives, HTML pages) done every week on at least one remote (non-VA)
computer (FSF, universities, other Free Software Companies or
Organisations), there is no risk of anything bad happening.  If it's
too big, the mirroring organisations could split the projects between
themselves. Cheap CDs could be sold.

I don't know what VA reaction would be to this idea (and I didn't
check their legal stuff about it as IANAL), or if there are any takers
of the mirroring burden, but that's at least one solution if some
people in the free software community are paranoid about putting all
our eggs in the same bag.

--LG
   
Date: Thu, 10 Feb 2000 23:37:45 -0800
From: kenengel <kenengel@linuxstart.com>
To: letters@lwn.net
Subject: Re: Inclusion of JFS into kernel 2.4


I strongly discourage rushing the 2.4 kernel or IBM's JFS "out the door",
even independently, much less together. The kernel development cycle does 
not operate by conventional commercial standards or shareholders'
expectations. It would be foolish to start now.

W2K is no longer an issue. The snowball is rolling *downhill* now.
It's over, Johnny.

Ken Engel
- - - - - - - - - - - - - -
"Subversion has always been our best tactic. It leaves the competition
confused, and they don't know what to shoot at anymore."
	John Ludwig, Microsoft's vice president of Java development

   
Date: Thu, 10 Feb 2000 17:00:25 -0800
From: Padraig O Mahony <Padraig.OMahony@sv.sc.philips.com>
To: letters@lwn.net
Subject: RE: Real-time Linux is patented.

If anyone wants prior art, I did a very similar thing for Minix on my
final year project way back in 1992.  I remember looking at RT linux and
thinking "wow my idea wasn't so bad after all!"  I think I've the PS
file somewhere and of course all the records are with the university...

Padraig
   
Date: Thu, 10 Feb 2000 14:56:26 -0500
From: Jay R Ashworth <use-reply-to@gte.net>
To: editor@lwn.net, editor@computerworld.com, letters@cw.com,
CC: nanog@merit.edu, cam@camworld.com, wesf@cs.utexas.edu, jacobs@genehack.org,
Subject: Denial of Service attacks - a one step solution

[ all editors: for pub.  NANOGers: informational carbon.  webloggers: this 
copy isn't on my log yet, in favor of the executive summary version.  Look for 
it later today.  Jerry: here's a rant, for mail.  

10 pounds of frustration in a 5 pound bag, ask any network guy... ]

Subject: Denial of Service attacks - a one step solution

The problem, of course, is that the one step has to be undertaken by 
thousaands of people.  Perhaps this week's events will solve the problem. 

As I wrote in a rant on my weblog (linked below) on Thursday, just before 
reading this week's Linux Weekly News, the problem here is that engineering, 
who _know_ how to stop these problems -- and have since _well_ before they 
started becoming _big_ problems -- can not get the support of management to 
spend the time and money necessary to solve the problem.  Perhaps that will 
change now.

The largest component of the problem is that _the sources of the attack cannot 
be traced_.  Never mind the perp, you can't even find the compromised sites 
actually sending the packets.  Why?  Because their source addresses are 
forged.

In this day and age, and indeed, for a couple of years now, routers and dialup 
terminal servers have had the facility (we call it a knob in the router biz) 
to drop incoming packets that have impossible source addresses in their 
headers.  

All you have to do is turn it on.

Had this been done before now, on every router and terminal server where an 
untrusted machine is connected, last week's events very likely would not have 
happened at all.  It's that simple.

Yes, there are a lot of unprotected systems that need to get tightened up, 
quickly, but...

With valid source addresses, target routers could have been quickly filtered 
to drop incoing trach packets while the source was traced, and _that_ router's 
operator notified to find and quash the source.

But that knob was never turned.

I have archived mail on a major network operations mailing list going back 
_two years_ on this topic.  But _everyone_ has to do it.  If your downstreams 
won't take this precautionary measure, *YOU HAVE TO CUT THEM OFF UNTIL THEY 
DO*.  That's the only thing that will fix this.

But no one has the balls.  "There's too much money involved to shut them down 
for something this trivial", the suits say.

Yeah.

Right.

Ask eBay.

Cheers,
-- jra
--
Jay R. Ashworth                                                jra@baylink.com
Ashworth & Associates
An Interdiscplinary Consultancy in Advanced Technology
+1 727 804 5015                                       http://baylink.pitas.com


   
Date: Sun, 13 Feb 2000 22:18:04 +0000
From: Richard Kay <rich@driveout.demon.co.uk>
To: metcalfe@idg.net, letters@lwn.net
Subject: Open Source: ideology or sound engineering ?

It would seem, based on the above question Bob, that you're the one who
just "isn't getting it". Never heard about the loss leader or give away the
recipe and open a restraunt, or even give away the program and sell the
book ?  Even Microsoft plays at getting proofreading done for free in
exchange for review copies. All of these strategies can make sound business
sense given the right circumstances.

If Open Source versus proprietary licensing were an ideological Cold War
with only 2 irreconcilably opposed polarisations your recent column
criticizing Linus and his employer for selling intellectual property might
begin to make an ounce of sense. Is this really the position you're coming
from ?

As far as I, and just about everyone I know who is actually involved in
writing code rather than writing about those who write code, OS is
primarily about software engineering. Have you never heard of software
re-use ? How are supposed to avoid rewriting software for the Nth time if
it's always tied up with arbitrary restrictions ? And why should we advise
our employers or clients to put their trust in the quality of something,
the inner workings of which is not subject to peer review ? Do you really
think there are enough of us to do all the wheel reinventing that failure
to share code results in ?

Have you actually read a shrink wrap license recently ? I'm a practical
engineer Bob, and many of us are too busy writing and teaching software to
have a lot of time for stuff that locks us into unproductive and
restrictive obligations when there are better alternatives.

As far as your personal attack on Linus is concerned this was particularly
irrelevant given that he has never made (as far as I am aware) any
ideologically based pronouncements against the general concept of
intellectual property. His one comment on this which I recall is that "the
person who writes the code gets to choose the license".  Consequently your
attack is out of order.

Might I suggest your journalistic talents would be better employed in the
field of politics, which you clearly seem to understand somewhat better
than that of information technology in general and software engineering in
particular ?

Regards,
Richard Kay
Faculty of Engineering
University of Central England

   
Date: Mon, 14 Feb 2000 15:21:58 +0100 (MET)
From: Bernd Paysan <bernd.paysan@gmx.de>
To: letters@lwn.net
Subject: Why Transmeta is Evil

Bob Metcalf is right: Transmeta is evil. What do they produce? They produce
a closed-source solution to run a closed-source OS. Windows. You don't need
Crusoe to run Linux on a portable device (see for example Samsung's
recently announced StrongARM-based Linux PDA -
http://www.sem.samsung.co.kr/eng/product/digital/pda/index.htm). Heck,
Microsoft was almost dead in the portable device area below notebooks;
their WinCE is a flop. And SA-1110 is a much more integrated device with
power consumption between 150 and 450 mW; that's significantly below
Crusoe.

I also don't think they wanted to create their own Linux distribution when
they hired Linus. It's a customer-driven decision, they freely admit it; it
just happend. Most of the points to have IA32 (x86) compatibility are moot
when you create a Linux/Mozilla-based web-pad. Mozilla's plug-in interface
AFAIK is designed around JVM.

If ESR is right, Transmeta's business strategy doesn't make sense. Their
processor is 2/3 software. They sell hardware. The only point to keep the
software secret is "competitive advantage". HP has to do their own x86
translation software for McKinley, and already did one for PA-RISC on
Merced. There is no competitive advantage if you fight against other
companies with highly qualified engineers, it's just duplicated effort.

Transmeta even has patents on their translating technology, ignoring that
binary translation to emulate outdated/"standard" architectures has been
used for decades. One of their patents looks like a textbook definition of
the transaction log in claim 1. If there are bad bad patents (as Linus puts
it), Transmeta's are among them.

There's nothing wrong with companies being evil. That's how it works.
Companies need to be evil to satisfy stock holders and investors. It's just
wrong to call them "good" when they aren't. You accept some sort of
wickedness if it pays your bill. I work for an evil company with hidden
sources, too; I'm corrupt, yes.

-- 
Bernd Paysan
"If you want it done right, you have to do it yourself"
http://www.jwdt.com/~paysan/

Sent through Global Message Exchange - http://www.gmx.net

   
Date: Tue, 15 Feb 2000 09:04:54 -0500
From: Pat Eyler <p_eyler@hotmail.com>
To: linux@zd.com, edit@compcurr.com, letters@lwn.net
Subject: http://www.zdnet.com/pcweek/stories/linux/news/0,6423,2436770,00.html

Dear sirs,
I find it unfortunate that you have decided to run this[0] story.  Last
week, 'Computer Currents' fell prey to a related story (which also
featured mis-information from MyCIO.com), and were embarassed to have to
pull the article due to 'flagrant inaccuracies' (this terminology from
the web page they replaced the story with).  Please contact them[1] to
verify this if you desire.  Or see their retraction at
http://www.currents.net/newstoday/00/02/11/news12.html?&_ref=1477639309

The particular point I find most problematic is that Solaris and Linux
are singled out as having security flaws which allowed the DDoS attacks
to succeed.  In fact, any network connected computer is capable of
carrying out such attacks, windows based computers would have the added
vulnerablity that it would be harder for the user to detect or defend
against virii or trojan horses carrying the code that would allow
someone to carry out such attacks (e.g., a module for Back Orifice)[2].

To me, it seems that MyCIO.com is using the computer news media as a
dupe in order to accomplish two ends:  spreading pro-Microsoft FUD
(attacking linux and solaris), and driving business for themselves.

I would hope that you place a retraction of your articles (as Computer
Currents has done), and take more care in your article selection in the
future.

Thanks,
Pat Eyler,
Network and Systems Administrator

ps.  Huzzah to Computer Currents and  Robert Luhn for having the decency
and courage to post the retraction that they did.

[0] "German university pulls down 'zombie' server"

[1]
Robert Luhn
Editor-in-Chief
Computer Currents
edit@compcurr.com
Web Page: http://www.computercurrents.com

[2] please see
http://slashdot.org/article.pl?sid=00/02/10/1832210&mode=thread
for more information




   
Date: Thu, 10 Feb 2000 11:49:52 -0600
From: Michael Gerdts <gerdts@cae.wisc.edu>
To: lwn@lwn.net
Subject: Linux has put Sun on the treadmill

Competition is good.

For years Unix vendors have charged for their OS's on a per-user or a
per-cpu basis.  At the same time they have made specific efforts to
differentiate their products making them incompatible with each other.
At the risk of sounding amazingly pro-Sun, I have sent the following
analysis of a recent product announcement from Sun.  My intention is to
highlight how the Open Source movement has had a tremendous effect on Sun's
software strategy.  

This product release from Sun indicates to me that Linux has forced them to
begin to change their ways.  I say this for the following reasons:

 *  Inclusion of various freeware products in the base Solaris (perl,
    apache, tcsh, bash, zsh, gzip, bzip, less) and in the companion CD
    (autoconf, gcc, ghostscript, samba, etc.) contributes quite a bit to
    the value of a Solaris installation.  I have for a long time been
    annoyed by the fact that a Solaris installation is so "old-unixish" (or
    not like Linux) to be quite annoying.  After installing Solaris I have
    typically been in a bad mood until I had gzip, bash, less, and gcc
    installed.

 *  With Solaris 7 they started adding functionality between product
    releases through patches.  This seems to be a response of the increased
    functionality that comes with updated kernels and other packages that
    happen between releases of Red Hat, SUSE, etc.

 *  iPlanet.  Seems as though they are concerned by the combination of
    Apache, openLDAP, IP Chains, Zope, etc. that are becoming standard
    parts of Linux distributions.  

 *  SPARC hardware is too expensive to attract Linux users.  AMD, Intel,
    and (I think) Alpha and PowerPC solutions offer much better price to
    performance ratios.  SPARC hardware is much more attractive to those
    that have an incentive to run Solaris.

 *  If Sun adopts Linux, they admit that they were wrong.  If they continue
    enhance SunOS (the kernel and other very base OS stuff) and make the
    Solaris operating enviroment (X, apache, perl, iPlanet, etc) look just
    like Linux, for a large part they gain the advantages of open source
    without admitting that it is the right way to go.  Since Sun cannot
    continue to make money without giving people a strong incentive to buy
    SPARC hardware, they cannot admit that open source has a strong
    advantage over closed source.

 *  Even if someone buys a SPARC box to run Linux on it, RedHat, Linux
    Care, or some similar company gets any support revenue.

 *  Solaris 8 is a free (as in beer) product for all workstations and
    servers with up to 8 processors.  A combination of a free (as in beer)
    core with significant enhancements brings Sun closer to being Linux.
    Sure they still have their own kernel and proprietary enhancements, but
    when most people say how great Linux is, they do not consider whether
    it is Linux (the kernel) or the rest (largley GNU utilities) that they
    are bragging about.

The overriding theme in all of this is that Sun makes money from the
following sources (I think that this is the right order):

    Hardware
    Service
    Software

They are at the point of starting to sacrifice software revenues to protect
their hardware and service revenue streams.

Mike

Mike Gerdts
UNIX Systems Administrator
Computer-Aided Engineering Center
University of Wisconsin - Madison
 

 

 
Eklektix, Inc. Linux powered! Copyright © 2000 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds