See also: last week's Letters page.

Letters to the editor

From:	 Dylan Thurston <dpt@math.harvard.edu>
To:	 editors@lwn.net
Subject: "The open source world"
Date:	 Thu, 20 Sep 2001 23:11:37 +0900

To the editors of LWN,

In the "On the Desktop" section of your September 20th issue, you write

   ... Somewhere out there, someone had found a business plan that
   worked. Somewhere, the realities of business hadn't crushed the
   genuine spirit and dedication found so often in the open source
   world. Somewhere, there is business success with Linux.

You then proceed to mention two companies, HancomLinux and The Tolis
Group.  HancomLinux (through theKompany) produces a few open source
applications, but their focus is clearly on their proprietary
products.  The Tolis Group, as far as I know, supports no open source
projects.  In this respect, these two companies are no different from,
say, Microsoft (which also supports some open source projects).
Neither company can be considered part of "the open source world".

Speaking for myself, I don't care about a "business success with
Linux".  I care about the success of free software.

Sincerely,
	Dylan Thurston

From:	 "Quick, Kevin" <Kevin.Quick@Surgient.com>
To:	 "'letters@lwn.net'" <letters@lwn.net>
Subject: FW: Project UDI status
Date:	 Thu, 20 Sep 2001 15:41:37 -0500


In regards to your "Linux History" article of 20 September 2001,
I'd like to borrow the time-honored words coined by Mark Twain:

The news of Project UDI's demise is greatly exaggerated!

Project UDI is still an active group, working on both specifications and
implementations.  These activities include maintaining a primary web site
at http://www.project-udi.org/, along with active code for Linux and other
platforms via a SourceForge-hosted project
(http://projectudi.sourceforge.net/).

More details on the Linux code port can be found at http://www.stg.com/udi.

We've published the 1.01 version of the specifications, which is the basis
of current implementations, and we are in the process of submitting it to a
formal standards body. UDI drivers and environments have been released from
several companies, and in fact have been bundled in the latest releases of
Caldera Open UNIX 8 and OpenServer.  Mail reflectors and teleconferences
are used regularly to advance both the specification and the development
code, and we have even held several interoperability events wherein UDI
developers tested functional UDI drivers.  Other activities have been
publicly mentioned as well: http://www.project-udi.org/press_releases.html.

While on the subject, I'd also like to comment on the quote that you
referenced.  Unfortunately, the brief subcontext represented by the quote
does not really communicate the message we were intending.  Project UDI
does not depend on the Linux community, and (obviously) neither is the
reverse true.  The conversation from which the quote was generated was a
discussion of the relationship between the Linux community and Project UDI
in which I was attempting to invite the Linux community to solve one of
their recurring issues (the availability of good device drivers for
whatever Linux kernel version was interesting to the sysadmin) by writing
UDI drivers, which would also provide Project UDI with a broader base of
existing drivers.  This was not an attempt to co-opt Linux developers to
provide device support for proprietary Unix solutions, but rather an
invitation for many of the developers to exhibit their proclaimed skills in
this area.  Any IHV or system vendor who is interested in UDI can develop
UDI driver solutions on their own (and several already have).  We also see
UDI as a vehicle to help other open source OS projects. For example, a
FreeBSD port is under way, which would allow them to leverage drivers
originally written for proprietary OSes or Linux (or vice versa).

While no code or project exists very well in a vacuum, the success of
Project UDI is not intrinsically linked to the success of or acceptance by
the Linux phenomenon.  Project UDI is, in fact, antithetical to the concept
that an API or development environment is dependent on one single OS and is
instead a focus on allowing drivers to drive devices and OS's to provide
system utilization without constraining or uniquifying either one.  We
certainly welcome the interest and assistance of the Linux community, and
we feel that we have much to offer in return.  It's also important to note
that several other OS environments have successful releases or in-progress
developments of UDI environments.

I'd invite you to download UDI for your Linux environment and to peruse our
specifications.  We are an open community and welcome anyone with valid
questions or an interest in working with us.

Regards,
Kevin Quick
Project UDI Editor (and former Chairman)

From:	 tom poe <tompoe@renonevada.net>
To:	 letters@lwn.net
Subject: Comment on "Pulling Back to IP"
Date:	 Fri, 21 Sep 2001 11:54:15 -0700
Cc:	 "DMCA" <dmca_discuss@lists.microshaft.org>

Hello:  Your intro to the DMCA issue seems to be somewhat understated in my 
humble opinion:
"The DMCA has stirred panic among some of our readers. While that bit of 
legislative muck isn't something to sneeze at, it isn't the cause of all 
changes to the open source world."  From: 9/20/2001 issue.

I suspect, after reading Pamela Samuelson's article at:
http://www.sciencemag.org/cgi/content/full/293/5537/2028

most people will not only be educated at the level necessary to appreciate 
the "shuddering and convulsing" that is occurring, but the importance of what 
is happening in our Free Country, and around the world, unlike anything 
before.  And while you're reading, I encourage everyone to take a moment, and 
imagine a world that begins with MS IPAQ devices, and ends with . . .   Well, 
I leave it to the readers to think about such a world.  A world made up of 
"approved" devices, Internet2, which carries only privileged information for 
governments and the chosen few, and ICANN domain controls yet to come.

Tom

From:	 Jarkko Santala <jake@iki.fi>
To:	 <letters@lwn.net>
Subject: Comment on 3D
Date:	 Fri, 21 Sep 2001 20:18:28 +0300 (EET DST)

Hi all,

Something came into my mind when I was reading the front page article
where 3D acceleration was mentioned. You pointed out that for the desktop
itself 3D is completely unrequired, which is true.

But think of this: a user has to choose between platforms A and B, where
platform A will run her desktop applications like word processing but 3D
acceleration which is need for games is not supported, whereas platform B
does an equally good job on the desktop and also supports all the latest
and fastest bleeding edge 3D graphics adapters.

Which one would you choose?

	-jake

ps. the movie industry and other professionals who need fast 3D in their
work are another story altogether...

-- 
Jarkko Santala <jake@iki.fi>       http://www.iki.fi/jake/
System Administrator               Cell. +358 40 720 4512

From:	 billy foss <fossinrtp@netscape.net>
To:	 letters@lwn.net
Subject: Digital Copyright Solutions
Date:	 Fri, 21 Sep 2001 01:52:49 -0400

Has the open source community presented an open alternative for digital
rights management?  It would seem that the open source community would
respect the licenses given by digital media creators.  We rely on
copyright law to keep the GPL freedoms.  

Given the failures of proprietary security methods maybe the MPAA,
Adobe, Disney, etc could be persuaded to consider an open solution.  An
open solution would provide the best oppertunity to fix any weaknesses
before a full implementation.  Of course, the content owners would have
to sponsor some company to design and implement a solution.  They should
also fund third-party studies of the algorithm and implementation to
ensure security.  If the digital media is important enough to sue any
possible threat, then it should be important enough to fund the research
to do it right.

The problem with the current approach of preventing research into
breaking encryption and digital rights management is that it only stops
the good guys looking for bugs to discover. It does not stop the bad
guys from looking for bugs to exploit.  Both will find the bugs, but
only one side will tell you about it nicely.

Billy Foss

From:	 sewalton@aep.com
To:	 netadmin@TechRepublic.com
Subject: Article comment
Date:	 Wed, 26 Sep 2001 15:52:30 -0400
Cc:	 lwn@lwn.net

John McCormick's article entitled "By the numbers: Comparing Windows
security to Linux" details some claims that don't add up.  First of all, he
does not include severities with the defects.  Severity is very important
for proper comparison.  Similarly, it's not clear that he's only looking at
vulnerabilities (not just bugs).  Vulnerabilities are the primary concern
to a net admin, security officer, and CIO.  Also, the numbers he getting do
not reflect the whole system on Windows.  Linux is a kernel, so you have to
evaluate an entire package or distribution for vulnerability.  If a Linux
system just had the kernel and no other tools (like as in a NAT firewall),
you would see far fewer vulnerabilities.  Windows, on the other hand,
breaks out many functions into tools and services.  So, to get the whole
picture, you have to search on the entire package, including both the OS
and the tools.

If you use the ICAT website (http://icat.nist.gov/icat.cfm), which draws
its info from several vulnerability databases, you get different numbers
than what Mr. McCormick presents:
|-----------+-----------+-----------+-----------+-----------+-----------|
| Platform  | Within 3  | Within 6  | Within 12 | Within 24 |    All    |
|(Severity) |  Months   |  Months   |  Months   |  Months   |           |
|-----------+-----------+-----------+-----------+-----------+-----------|
|  Microsoft|    20     |    26     |    58     |    95     |    130    |
|     (High)|           |           |           |           |           |
|-----------+-----------+-----------+-----------+-----------+-----------|
|  Microsoft|    29     |    38     |    84     |    163    |    229    |
|   (Medium)|           |           |           |           |           |
|-----------+-----------+-----------+-----------+-----------+-----------|
|      Linux|    12     |    13     |    44     |    96     |    146    |
|     (High)|           |           |           |           |           |
|-----------+-----------+-----------+-----------+-----------+-----------|
|      Linux|    11     |    15     |    50     |    86     |    124    |
|   (Medium)|           |           |           |           |           |
|-----------+-----------+-----------+-----------+-----------+-----------|



These numbers are cumulative and do not reflect the number of outstanding
defects.  The primary advantage of OpenSource is the very fast turn around
times -- days as compared to Microsoft's months.
----------------------------------------------
Sean Walton
Senior IT Consultant
Author of "Linux Socket Programming"
American Electric Power