[LWN Logo]
[LWN.net]

Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters
All in one big page

See also: last week's Letters page.

Letters to the editor


Letters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them.
June 7, 2001

   
From:	 "Michael Hunt" <michael.j.hunt@usa.net>
To:	 <letters@lwn.net>
Subject: Some positive thoughts on the Desktop section
Date:	 Thu, 31 May 2001 12:30:24 +0100

It seems lately that Hammel has been getting some flack over his writings
for LWN's Desktop section and while I can see the point of peoples claims
(i.e. that the feel of the writing is not in the tradition or spirit of LWN)
I do want to point out some positive points (since I am ever the optimist).

1. This weeks Desktop section was the best so far and I think much more in
line with what readers expect from LWN. Having read Michael's GIMP book the
expertise on Linux printing is to be expected and shows through and I wish
to applauded him for the quality of it.

2. His pointers to good resources on the subject of printing showed research
and allowed people who were interested in the topic to pursue it, while
leaving others free to move on.

3. Comment was concise and to the point. It was also stated in a "mater of
fact" way not a "I think this is right".

4. News coverage was to the point and not long winded.

I understand that any new direction that LWN takes is going to be meet with
challenges such as readership acceptance, maintaining of style, keeping your
core focus etc. So far the desktop section has not entirely meet all of
these satisfactorily but if this weeks edition is anything to go by you are
getting much closer.

Michael Hunt
An Aussie in Africa

P.S. As a GNOME user I have enough trouble just trying to stay up to date
with it let alone all the other desktops out there.
   
From:	 Hans-Peter Fischer <hp.fischer@heidenheim.com>
To:	 letters@lwn.net
Subject: On The Desktop
Date:	 Thu, 31 May 2001 19:10:51 +0200 (CEST)

Dear editor,

I am writing to you because I am somewhat appalled by the hostile reaction of
some of your readers to Michael J. Hammel's desktop column, especially Bret
Mogilefsky's arrogant "he's got to go" comment. Have all these self-made
desktop experts who can't stand witnessing somebody learning something
forgotten how to skip an article they don't like?

I have no intention to either install KDE or Gnome on my machine because I
don't see what they could possibly do for me that fvwm2 can't and because I
like all my applications look and behave differently, but I still enjoy reading
Mr. Hammel's column simply because it is well written, and sometimes also
informative.

What I find annoying about LWN is something totally different, namely that it
has become more and more "business-minded" over time, and apparently so without
any member of the "free" Linux community complaining.

So why not split LWN in two: one edition about Linux - in which there would
certainly be a place for Mr. Hammel - and one about stock quotes and business
with/on Linux?

Yours sincerely,

Hans-Peter Fischer

-- 
Visit http://www.hei-news.de/
   
From:	 Robert L Krawitz <rlk@alum.mit.edu>
To:	 letters@lwn.net
Subject: Printing
Date:	 Thu, 31 May 2001 21:05:19 -0400

I read the On The Desktop section of your May 31 edition with
considerable interest.  As the project lead for Gimp-Print, I'd like
to explain the relationship between Gimp-Print, the GIMP, CUPS, and
other printing systems.

Gimp-print has indeed seen a major overhaul.  It is no longer just the
Print plugin for the GIMP; it can be used with CUPS, Ghostscript,
Foomatic (http://www.linuxprinting.org/foomatic.html), and (via
Ghostscript) plain unadorned lpd and LPRng.  At the core, it's
organized as a set of dithering routines, color management (of a
sort, presently rather ad-hoc), and a collection of drivers for the
main families of printers we support (Epson, HP, Lexmark, and Canon).
In 4.1 (the current development mainline), this was organized into a
shared library that applications that need to generate printer output
link against.  The current clients of this library are the GIMP Print
plugin, a CUPS driver, and a Ghostscript driver (named "stp" when
compiled into Ghostscript).  Using this package directly through
Ghostscript is not recommended due to the large number of options;
it's much more convenient to use it with CUPS or Foomatic.

The GIMP plugin aside, the package is strictly a driver package.  We
leave spooling and rendering to people who are experts in that field,
and work with those people to ensure that the interfaces between
layers are appropriate for our needs.

The focus of this project (at least since I started working on it) has
always been on high quality output, comparable to or better than OEM
drivers in many cases.  Some of our developers have backgrounds in
color and dithering theory and practice, and this has been of enormous
value to the project.  We're working on supporting additional
printers, including high end professional devices such as the Epson
Stylus Pro series of printers.

I think that the name of the project, Gimp-Print, is confusing to many
people; it's easy to assume that it's just the GIMP plugin.  However,
we've never succeeded in coming up with a better name, and to be
perfectly honest, the association with the GIMP (the premier free
end-user graphics application) isn't anything to be ashamed of :-)

-- 
Robert Krawitz <rlk@alum.mit.edu>      http://www.tiac.net/users/rlk/

Tall Clubs International  --  http://www.tall.org/ or 1-888-IM-TALL-2
Member of the League for Programming Freedom -- mail lpf@uunet.uu.net
Project lead for Gimp Print/stp --  http://gimp-print.sourceforge.net

"Linux doesn't dictate how I work, I dictate how Linux works."
--Eric Crampton
   
From:	 "Kevin Postlewaite" <kevin.postlewaite@tumbleweed.com>
To:	 "'lwn@lwn.net'" <lwn@lwn.net>
Subject: Response to LWN's statement about Linux security costs
Date:	 Thu, 31 May 2001 12:25:25 -0700

In LWN's front page article about the relative security costs of Linux
versus Windows, you wrote:
"While it is nice to see a (hopefully) objective result that favors Linux,
it is also a little disappointing. 5-15% is a fairly small margin; we should
really be able to do better than that. It's a start, anyway. "

I used to work for PricewaterhouseCoopers auditing computer security of our
clients.  We would go in and try to penetrate our clients' systems (with
their permission, of course).  The main flaws that existed did not have to
do with the particular OS but depended on the skill and conscientousness of
the system administrators, as well as the computerl security education of
the company's employees.  The most successful penetrations were obtained
when some sysadmin would set the root password to root (or better yet, none
at all) or have the Windows Administrator password be Administrator.  Also,
a surprisingly high number of employees would gladly give out useful
information (including accounts and passwords) to people that they didn't
know over the phone.  People were the weakest link, not the OSes.  Thus, I
wouldn't expect that the underlying OS would affect the expected damages by
much.  Far more important than installing Linux is educating the users(not
that they shouldn't install Linux anyway :-) ).

-Kevin
   
From:	 "First Name Last Name" <spamalabasura@my-deja.com>
To:	 letters@lwn.net
Subject: Software Auditing
Date:	 Fri, 1 Jun 2001 13:39:32 -0700

Dear LWN editors,

I read your front page article on the auditing of free software. You make a
good point that not enough auditing is being done.

Your articles in LWN can play a very beneficial role in encouraging more
people to participate in the auditing process. Instead of describing
auditing as 'tedious' and auditors as 'obscure participants' you could
focus on successful code auditors. Probably the most active community in
the auditing scene of Free Operating Systems is OpenBSD, led by Theo
DeRaadt. For OpenBSD hackers, auditing is not tedious and auditors are
'star players'!

All areas of software can be interesting once you find the right
community. Some people say that writing installation packages is boring but
you can ask Debian developers and they'll give you a very different
perspective.

In future editorial articles on the state of Linux auditing, you could add
links to interviews to OpenBSD hackers on how fascinating code auditing can
be and also add some pointers on where to learn more about this subject.

Approach this subject with enthusiasm and you will encourage more people to
do something similar for Linux.

Best Regards,

Eusebio C Rufian-Zilbermann

------------------------------------------------------------
   
From:	 "Charles Hethcoat" <CHETHCOA@oss.oceaneering.com>
To:	 <lwn@lwn.net>
Subject: On the auditing of free software
Date:	 Fri, 01 Jun 2001 17:02:11 -0500

I think your outlook on auditing of code is a tad pessimistic.  Sure, code
may sit there for years, but I feel it probably gets the attention that it
warrants.  That is, if it gets little attention, then it's probably doing
its job pretty well.

The key condition, to me, is that the code is _there_, available for review
when necessary.  When some situation arises that triggers an widespread
audit, then a rapid period of bug squashing ensues.

Having open code helps assure that the number of bugs steadily approaches
zero over time.  The time scale may be hours, days, or years, but I find it
reassuring to know that it's headed in the right direction.

Compare this to the situation with closed code.  Here, you don't have any
assurance that anybody is doing anything, at least if you are not a part of
the organization that owns the code.  Look at how the immortal DOS and
Windows bugs remain a part of the landscape forever, even though they are
widely known to have caused all sorts of problems for people.

Charles Hethcoat
Oceaneering Space Systems
   
From:	 Mike Coleman <mkc@mathdogs.com>
To:	 letters@lwn.net
Subject: Re: The Boundaries of GPL
Date:	 Thu, 31 May 2001 23:29:14 -0500 (CDT)
Cc:	 "Chad C. Walstrom" <chewie@wookimus.net>

Chad C. Walstrom's suggestion that the Linux kernel licensing issues could
be solved by "unifying" the copyrights of code contributed to the kernel,
transferring "copyright control" to the FSF or a newly created non-profit
organization, begs the question.  The problem itself is that it is not
feasible to get all of the past contributors to agree to anything,
including any such transfer.  (Many would see this as good fortune rather
than a problem, in any case.)

I believe Mr. Walstrom's characterization of RMS and the FSF as
"Marxist-like" is a baseless attack.  If he feels that they are a bit too
left-leaning for his tastes, though, then he must be absolutely howling
with rage at those corporations and individuals who (pounding their shoes
on the podium) insist that those of us who GPL our software are obliged to
instead give our work away without compensation (i.e., by switching to a
non-GPL license).  Marxist indeed!

-- 
Mike Coleman, mkc@mathdogs.com
  http://www.mathdogs.com -- problem solving, expert software development
   
From:	 Fred Mobach <fred@mobach.nl>
To:	 Linux Weekly News <lwn@lwn.net>
Subject: Re: The Boundaries of GPL
Date:	 Sat, 02 Jun 2001 23:03:13 +0200

"Chad C. Walstrom" <chewie@wookimus.net> wrote :

 I highly doubt that all the Linux kernel developers could be convinced
 to sign over copyright control to their contributions to the FSF, as
 not too many people buy in to the Marxist-like views of RMS and the
 FSF.

It is still every time very offending to read about the "Marxist-like"
views of Richard Stallman. Mr. Walstrom should _prove_ why he states
this or he should shut up. A little bit of study on marxism and the FSF
might help him, although I'm not sure ;-).

Regards,

Fred
-- 
Fred Mobach - fred@mobach.nl - postmaster@mobach.nl
Systemhouse Mobach bv - The Netherlands - since 1976

The Free Transaction Processing Monitor project : http://www.ftpm.org/
   
From:	 "Chad C. Walstrom" <chewie@wookimus.net>
To:	 Mike Coleman <mkc@mathdogs.com>
Subject: Re: The Boundaries of GPL
Date:	 Fri, 01 Jun 2001 02:51:51 -0500
Cc:	 letters@lwn.net

To Mr. Mike Coleman:

Howling?  Baseless attack?  You misinterpret me quite wildly, and base
some far fetched assumptions about my character from that
misinterpretation.  My classification of FSF policies as Marxists is
not an attack at all.  To refute this classification, however, is in
most cases an amusing knee-jerk reaction to a "bad word".  I do not
place a value upon the policies the Free Software Foundation or of
Marxism in general, I simply pointed out a commonly accepted
observation that the FSF exemplifies many of the same principles.  The
question about my personal position has no bearing on the
conversation.

What we do agree on, to some extent, is that it may be difficult to
"sign over" control of the Linux kernel from each of its contributors
to the FSF or any other centralized foundation.  Organizing such a
move is no small task.

Regardless, these logistics are somewhat off-topic in reference to the
original article, which addressed the relationship between a GPL
software product and proprietary modules that interface with that
product.  It is a topic that relates to any similarily licensed
products, and one that needs further legal clarification.

--
Chad Walstrom <chewie@wookimus.net>                 | a.k.a. ^chewie
http://www.wookimus.net/                            | s.k.a. gunnarr
Key fingerprint = B4AB D627 9CBD 687E 7A31  1950 0CC7 0B18 206C 5AFD
   
From:	 Tres Melton <class5@pacbell.net>
To:	 letters@lwn.net, djb@cr.yp.to, rms@stallman.org, class5@pacbell.net
Subject: License trouble everywhere.
Date:	 Sat, 02 Jun 2001 02:41:57 -0600

Dear Editor,

	I realize that I'm a little late in addressing this issue as you
wrote about it in the 24 May 2001 issue.  But after reading Richard M
Stallman's speech and various other tidbits regarding the licensing of
ip_filter and tcp_wrappers
(http://bsdtoday.com/2001/June/Features496.html) I thought that this
issue might need to be re-examined.  Particularly in light of the other
article that you wrote regarding djbdns.

	You mentioned the license as not being free to modify and redistribute
djbdns (qmail, and ucspi-tcp).  The reasons for this are Mr. Bernstein's
and are related to security.  It seems that he doesn't want to have
modified versions that might have security problems running around the
Internet for people to download thinking that he has given them his
blessing.  I have been a programmer for many years but security is not
my forte.  I have audited his code (to the best of my abilities) and am
reasonably sure of its security; enough to be running his software on my
machines.  I find his code to be exceptionally clean and well thought
out. This is in stark contrast to some of the other servers (sendmail,
bind, etc.) that are distributed with the various GNU/Linux
distributions.  These programs seem to focus on features to the
detriment of security.

	Was it not a security flaw in sendmail that brought the Internet to its
knees in the 80's?  I believe the first time the major news outlets
covered the Internet was to say that it was being devasted by an unkown
problem and most of the major sites were pulling the plug to The 'Net
until they could fix it. Although that was a bit before my time I'm
currently very aware of the various bugs that have been exploited
recently in multiple BIND vulnerabilities to create a multitude of
migrains for various system administrators throughout the world.

	A great deal of software that I use that is considered free and/or open
and I enjoy tinkering with it. I also enjoy the new features that come
out on a regular basis.  Unfortunatly some of these features come out
without serious thought put into their security.  When it comes to
running these programs on my desktop, behind my firewall, with limited
local access, I can easily tolerate these mistakes in the name of
progress.  When it comes to a corporate server that is exposed to the
Wild, Wild, 'Net that is a different story.  In that case I'm very
thankful that programs written by Mr. Berstein have his seal of
approval; not to mention having survived the security bounty that he has
placed on these programs:

http://cr.yp.to/djbdns/guarantee.html
"I offer $500 to the first person to publicly report a verifiable
security hole in the latest version of djbdns"

I believe that qmail had a similair bounty for awhile too.

	I realize the difference between DJB's programs and ipfilter is that
ipfilter is embedded within an OS with its own license and not running
ontop of it as a service.  And I'm not sure how to address a license
that is a small part of a whole product with a different license, as in
the case of BSD and ipfilter.  I do know that I'm willing to accept
things like:

http://cr.yp.to/qmail/dist.html
If you want to distribute modified versions of qmail (including ports,
no
matter how minor the changes are) you'll have to get my approval. This
does not mean approval of your distribution method, your intentions,
your
e-mail address, your haircut, or any other irrelevant information. It
means a detailed review of the exact package that you want to
distribute.

if it means that I can be assured that the code has undergone a thorough
security audit by the author and has his/her seal of approval.  I know
that Linus keeps a tight leash on 'his' kernel: as distributed by
kernel.org but that it doesn't always get the review that it might
need.  The various forks of Linux are even more murky.  I would be in
favor of the firewalling code and other security portions of the kernel
either not being modified or having the modifications approved by the
authors.  I know that RMS might not agree but he has the expertise to
verify his own code.  Some of us do not.  The freedoms granted by the
GPL are very important to me but so is secure code.  There are certain
circumstances in which I would be willing to forgo
the third freedom of the FSF as RMS put it:

http://www.gnu.org/events/rms-nyu-2001-transcript.txt
(aprox 1/3 of the way down)
And Freedom Three is the freedom to help build your community by 
publishing an improved version so others can get the benefit of your
work.

The only places that I would forgo this freedom is in the area of
security.
Perhaps the solution is to change the license to include an author's
seal of approval and allow modification provided that the seal of
approval is removed.  

	Afterall what would happend to qmail if DJB got hit by a truck and
later a bug was discovered.  Could it never be fixed?  Would the
software fade away?  What if he gets hit before he migrates djbdns to
IPv6?

What would happen to these quality pieces of software?

Tres Melton
class5@pacbell.net
   
From:	 Richard Stallman <rms@gnu.org>
To:	 class5@pacbell.net
Subject: Re: License trouble everywhere.
Date:	 Sat, 2 Jun 2001 14:48:49 -0600 (MDT)
Cc:	 letters@lwn.net, djb@cr.yp.to, class5@pacbell.net

It is clear that your goals and values are very different from mine.
I don't think technical merit can make up for a lack of freedom to
distribute modified versions, any more than a capable despot who makes
the trains run on time can make up for a lack of democracy.
 

 

 
Eklektix, Inc. Linux powered! Copyright © 2001 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds