Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page All in one big page See also: last week's Back page page. |
Linux links of the weekTake a break and laugh along with GNU. Here you'll find the Emacs Song, learn about the pasta theory of software, and meet the VAXorcist: SYSMGR: Maybe it's hibernating. The Wireless LAN resources for Linux page is a comprehensive collection of information on how to be on the net and unplugged at the same time. Section Editor: Jon Corbet |
February 17, 2000 |
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
Date: Thu, 10 Feb 2000 21:18:19 +0100 From: Laurent Guerby <guerby@acm.org> To: letters@lwn.net CC: guerby@acm.org Subject: SourceForge Hi, There is an easy way for the SourceForge people to clear the air and to be catastrophe-proof: encourage mirroring of SourceForge content. If there is a copy of major static data (CVS, mailing list archives, HTML pages) done every week on at least one remote (non-VA) computer (FSF, universities, other Free Software Companies or Organisations), there is no risk of anything bad happening. If it's too big, the mirroring organisations could split the projects between themselves. Cheap CDs could be sold. I don't know what VA reaction would be to this idea (and I didn't check their legal stuff about it as IANAL), or if there are any takers of the mirroring burden, but that's at least one solution if some people in the free software community are paranoid about putting all our eggs in the same bag. --LG | ||
Date: Thu, 10 Feb 2000 23:37:45 -0800 From: kenengel <kenengel@linuxstart.com> To: letters@lwn.net Subject: Re: Inclusion of JFS into kernel 2.4 I strongly discourage rushing the 2.4 kernel or IBM's JFS "out the door", even independently, much less together. The kernel development cycle does not operate by conventional commercial standards or shareholders' expectations. It would be foolish to start now. W2K is no longer an issue. The snowball is rolling *downhill* now. It's over, Johnny. Ken Engel - - - - - - - - - - - - - - "Subversion has always been our best tactic. It leaves the competition confused, and they don't know what to shoot at anymore." John Ludwig, Microsoft's vice president of Java development | ||
Date: Thu, 10 Feb 2000 17:00:25 -0800 From: Padraig O Mahony <Padraig.OMahony@sv.sc.philips.com> To: letters@lwn.net Subject: RE: Real-time Linux is patented. If anyone wants prior art, I did a very similar thing for Minix on my final year project way back in 1992. I remember looking at RT linux and thinking "wow my idea wasn't so bad after all!" I think I've the PS file somewhere and of course all the records are with the university... Padraig | ||
Date: Thu, 10 Feb 2000 14:56:26 -0500 From: Jay R Ashworth <use-reply-to@gte.net> To: editor@lwn.net, editor@computerworld.com, letters@cw.com, CC: nanog@merit.edu, cam@camworld.com, wesf@cs.utexas.edu, jacobs@genehack.org, Subject: Denial of Service attacks - a one step solution [ all editors: for pub. NANOGers: informational carbon. webloggers: this copy isn't on my log yet, in favor of the executive summary version. Look for it later today. Jerry: here's a rant, for mail. 10 pounds of frustration in a 5 pound bag, ask any network guy... ] Subject: Denial of Service attacks - a one step solution The problem, of course, is that the one step has to be undertaken by thousaands of people. Perhaps this week's events will solve the problem. As I wrote in a rant on my weblog (linked below) on Thursday, just before reading this week's Linux Weekly News, the problem here is that engineering, who _know_ how to stop these problems -- and have since _well_ before they started becoming _big_ problems -- can not get the support of management to spend the time and money necessary to solve the problem. Perhaps that will change now. The largest component of the problem is that _the sources of the attack cannot be traced_. Never mind the perp, you can't even find the compromised sites actually sending the packets. Why? Because their source addresses are forged. In this day and age, and indeed, for a couple of years now, routers and dialup terminal servers have had the facility (we call it a knob in the router biz) to drop incoming packets that have impossible source addresses in their headers. All you have to do is turn it on. Had this been done before now, on every router and terminal server where an untrusted machine is connected, last week's events very likely would not have happened at all. It's that simple. Yes, there are a lot of unprotected systems that need to get tightened up, quickly, but... With valid source addresses, target routers could have been quickly filtered to drop incoing trach packets while the source was traced, and _that_ router's operator notified to find and quash the source. But that knob was never turned. I have archived mail on a major network operations mailing list going back _two years_ on this topic. But _everyone_ has to do it. If your downstreams won't take this precautionary measure, *YOU HAVE TO CUT THEM OFF UNTIL THEY DO*. That's the only thing that will fix this. But no one has the balls. "There's too much money involved to shut them down for something this trivial", the suits say. Yeah. Right. Ask eBay. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Ashworth & Associates An Interdiscplinary Consultancy in Advanced Technology +1 727 804 5015 http://baylink.pitas.com | ||
Date: Sun, 13 Feb 2000 22:18:04 +0000 From: Richard Kay <rich@driveout.demon.co.uk> To: metcalfe@idg.net, letters@lwn.net Subject: Open Source: ideology or sound engineering ? It would seem, based on the above question Bob, that you're the one who just "isn't getting it". Never heard about the loss leader or give away the recipe and open a restraunt, or even give away the program and sell the book ? Even Microsoft plays at getting proofreading done for free in exchange for review copies. All of these strategies can make sound business sense given the right circumstances. If Open Source versus proprietary licensing were an ideological Cold War with only 2 irreconcilably opposed polarisations your recent column criticizing Linus and his employer for selling intellectual property might begin to make an ounce of sense. Is this really the position you're coming from ? As far as I, and just about everyone I know who is actually involved in writing code rather than writing about those who write code, OS is primarily about software engineering. Have you never heard of software re-use ? How are supposed to avoid rewriting software for the Nth time if it's always tied up with arbitrary restrictions ? And why should we advise our employers or clients to put their trust in the quality of something, the inner workings of which is not subject to peer review ? Do you really think there are enough of us to do all the wheel reinventing that failure to share code results in ? Have you actually read a shrink wrap license recently ? I'm a practical engineer Bob, and many of us are too busy writing and teaching software to have a lot of time for stuff that locks us into unproductive and restrictive obligations when there are better alternatives. As far as your personal attack on Linus is concerned this was particularly irrelevant given that he has never made (as far as I am aware) any ideologically based pronouncements against the general concept of intellectual property. His one comment on this which I recall is that "the person who writes the code gets to choose the license". Consequently your attack is out of order. Might I suggest your journalistic talents would be better employed in the field of politics, which you clearly seem to understand somewhat better than that of information technology in general and software engineering in particular ? Regards, Richard Kay Faculty of Engineering University of Central England | ||
Date: Mon, 14 Feb 2000 15:21:58 +0100 (MET) From: Bernd Paysan <bernd.paysan@gmx.de> To: letters@lwn.net Subject: Why Transmeta is Evil Bob Metcalf is right: Transmeta is evil. What do they produce? They produce a closed-source solution to run a closed-source OS. Windows. You don't need Crusoe to run Linux on a portable device (see for example Samsung's recently announced StrongARM-based Linux PDA - http://www.sem.samsung.co.kr/eng/product/digital/pda/index.htm). Heck, Microsoft was almost dead in the portable device area below notebooks; their WinCE is a flop. And SA-1110 is a much more integrated device with power consumption between 150 and 450 mW; that's significantly below Crusoe. I also don't think they wanted to create their own Linux distribution when they hired Linus. It's a customer-driven decision, they freely admit it; it just happend. Most of the points to have IA32 (x86) compatibility are moot when you create a Linux/Mozilla-based web-pad. Mozilla's plug-in interface AFAIK is designed around JVM. If ESR is right, Transmeta's business strategy doesn't make sense. Their processor is 2/3 software. They sell hardware. The only point to keep the software secret is "competitive advantage". HP has to do their own x86 translation software for McKinley, and already did one for PA-RISC on Merced. There is no competitive advantage if you fight against other companies with highly qualified engineers, it's just duplicated effort. Transmeta even has patents on their translating technology, ignoring that binary translation to emulate outdated/"standard" architectures has been used for decades. One of their patents looks like a textbook definition of the transaction log in claim 1. If there are bad bad patents (as Linus puts it), Transmeta's are among them. There's nothing wrong with companies being evil. That's how it works. Companies need to be evil to satisfy stock holders and investors. It's just wrong to call them "good" when they aren't. You accept some sort of wickedness if it pays your bill. I work for an evil company with hidden sources, too; I'm corrupt, yes. -- Bernd Paysan "If you want it done right, you have to do it yourself" http://www.jwdt.com/~paysan/ Sent through Global Message Exchange - http://www.gmx.net | ||
Date: Tue, 15 Feb 2000 09:04:54 -0500 From: Pat Eyler <p_eyler@hotmail.com> To: linux@zd.com, edit@compcurr.com, letters@lwn.net Subject: http://www.zdnet.com/pcweek/stories/linux/news/0,6423,2436770,00.html Dear sirs, I find it unfortunate that you have decided to run this[0] story. Last week, 'Computer Currents' fell prey to a related story (which also featured mis-information from MyCIO.com), and were embarassed to have to pull the article due to 'flagrant inaccuracies' (this terminology from the web page they replaced the story with). Please contact them[1] to verify this if you desire. Or see their retraction at http://www.currents.net/newstoday/00/02/11/news12.html?&_ref=1477639309 The particular point I find most problematic is that Solaris and Linux are singled out as having security flaws which allowed the DDoS attacks to succeed. In fact, any network connected computer is capable of carrying out such attacks, windows based computers would have the added vulnerablity that it would be harder for the user to detect or defend against virii or trojan horses carrying the code that would allow someone to carry out such attacks (e.g., a module for Back Orifice)[2]. To me, it seems that MyCIO.com is using the computer news media as a dupe in order to accomplish two ends: spreading pro-Microsoft FUD (attacking linux and solaris), and driving business for themselves. I would hope that you place a retraction of your articles (as Computer Currents has done), and take more care in your article selection in the future. Thanks, Pat Eyler, Network and Systems Administrator ps. Huzzah to Computer Currents and Robert Luhn for having the decency and courage to post the retraction that they did. [0] "German university pulls down 'zombie' server" [1] Robert Luhn Editor-in-Chief Computer Currents edit@compcurr.com Web Page: http://www.computercurrents.com [2] please see http://slashdot.org/article.pl?sid=00/02/10/1832210&mode=thread for more information | ||
Date: Thu, 10 Feb 2000 11:49:52 -0600 From: Michael Gerdts <gerdts@cae.wisc.edu> To: lwn@lwn.net Subject: Linux has put Sun on the treadmill Competition is good. For years Unix vendors have charged for their OS's on a per-user or a per-cpu basis. At the same time they have made specific efforts to differentiate their products making them incompatible with each other. At the risk of sounding amazingly pro-Sun, I have sent the following analysis of a recent product announcement from Sun. My intention is to highlight how the Open Source movement has had a tremendous effect on Sun's software strategy. This product release from Sun indicates to me that Linux has forced them to begin to change their ways. I say this for the following reasons: * Inclusion of various freeware products in the base Solaris (perl, apache, tcsh, bash, zsh, gzip, bzip, less) and in the companion CD (autoconf, gcc, ghostscript, samba, etc.) contributes quite a bit to the value of a Solaris installation. I have for a long time been annoyed by the fact that a Solaris installation is so "old-unixish" (or not like Linux) to be quite annoying. After installing Solaris I have typically been in a bad mood until I had gzip, bash, less, and gcc installed. * With Solaris 7 they started adding functionality between product releases through patches. This seems to be a response of the increased functionality that comes with updated kernels and other packages that happen between releases of Red Hat, SUSE, etc. * iPlanet. Seems as though they are concerned by the combination of Apache, openLDAP, IP Chains, Zope, etc. that are becoming standard parts of Linux distributions. * SPARC hardware is too expensive to attract Linux users. AMD, Intel, and (I think) Alpha and PowerPC solutions offer much better price to performance ratios. SPARC hardware is much more attractive to those that have an incentive to run Solaris. * If Sun adopts Linux, they admit that they were wrong. If they continue enhance SunOS (the kernel and other very base OS stuff) and make the Solaris operating enviroment (X, apache, perl, iPlanet, etc) look just like Linux, for a large part they gain the advantages of open source without admitting that it is the right way to go. Since Sun cannot continue to make money without giving people a strong incentive to buy SPARC hardware, they cannot admit that open source has a strong advantage over closed source. * Even if someone buys a SPARC box to run Linux on it, RedHat, Linux Care, or some similar company gets any support revenue. * Solaris 8 is a free (as in beer) product for all workstations and servers with up to 8 processors. A combination of a free (as in beer) core with significant enhancements brings Sun closer to being Linux. Sure they still have their own kernel and proprietary enhancements, but when most people say how great Linux is, they do not consider whether it is Linux (the kernel) or the rest (largley GNU utilities) that they are bragging about. The overriding theme in all of this is that Sun makes money from the following sources (I think that this is the right order): Hardware Service Software They are at the point of starting to sacrifice software revenues to protect their hardware and service revenue streams. Mike Mike Gerdts UNIX Systems Administrator Computer-Aided Engineering Center University of Wisconsin - Madison | ||
|