Sections: Main page Security Kernel Distributions On the Desktop Development Commerce Linux in the news Announcements Linux History Letters All in one big page See also: last week's Letters page. |
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. |
September 27, 2001 |
From: Dylan Thurston <dpt@math.harvard.edu> To: editors@lwn.net Subject: "The open source world" Date: Thu, 20 Sep 2001 23:11:37 +0900 To the editors of LWN, In the "On the Desktop" section of your September 20th issue, you write ... Somewhere out there, someone had found a business plan that worked. Somewhere, the realities of business hadn't crushed the genuine spirit and dedication found so often in the open source world. Somewhere, there is business success with Linux. You then proceed to mention two companies, HancomLinux and The Tolis Group. HancomLinux (through theKompany) produces a few open source applications, but their focus is clearly on their proprietary products. The Tolis Group, as far as I know, supports no open source projects. In this respect, these two companies are no different from, say, Microsoft (which also supports some open source projects). Neither company can be considered part of "the open source world". Speaking for myself, I don't care about a "business success with Linux". I care about the success of free software. Sincerely, Dylan Thurston | ||
From: "Quick, Kevin" <Kevin.Quick@Surgient.com> To: "'letters@lwn.net'" <letters@lwn.net> Subject: FW: Project UDI status Date: Thu, 20 Sep 2001 15:41:37 -0500 In regards to your "Linux History" article of 20 September 2001, I'd like to borrow the time-honored words coined by Mark Twain: The news of Project UDI's demise is greatly exaggerated! Project UDI is still an active group, working on both specifications and implementations. These activities include maintaining a primary web site at http://www.project-udi.org/, along with active code for Linux and other platforms via a SourceForge-hosted project (http://projectudi.sourceforge.net/). More details on the Linux code port can be found at http://www.stg.com/udi. We've published the 1.01 version of the specifications, which is the basis of current implementations, and we are in the process of submitting it to a formal standards body. UDI drivers and environments have been released from several companies, and in fact have been bundled in the latest releases of Caldera Open UNIX 8 and OpenServer. Mail reflectors and teleconferences are used regularly to advance both the specification and the development code, and we have even held several interoperability events wherein UDI developers tested functional UDI drivers. Other activities have been publicly mentioned as well: http://www.project-udi.org/press_releases.html. While on the subject, I'd also like to comment on the quote that you referenced. Unfortunately, the brief subcontext represented by the quote does not really communicate the message we were intending. Project UDI does not depend on the Linux community, and (obviously) neither is the reverse true. The conversation from which the quote was generated was a discussion of the relationship between the Linux community and Project UDI in which I was attempting to invite the Linux community to solve one of their recurring issues (the availability of good device drivers for whatever Linux kernel version was interesting to the sysadmin) by writing UDI drivers, which would also provide Project UDI with a broader base of existing drivers. This was not an attempt to co-opt Linux developers to provide device support for proprietary Unix solutions, but rather an invitation for many of the developers to exhibit their proclaimed skills in this area. Any IHV or system vendor who is interested in UDI can develop UDI driver solutions on their own (and several already have). We also see UDI as a vehicle to help other open source OS projects. For example, a FreeBSD port is under way, which would allow them to leverage drivers originally written for proprietary OSes or Linux (or vice versa). While no code or project exists very well in a vacuum, the success of Project UDI is not intrinsically linked to the success of or acceptance by the Linux phenomenon. Project UDI is, in fact, antithetical to the concept that an API or development environment is dependent on one single OS and is instead a focus on allowing drivers to drive devices and OS's to provide system utilization without constraining or uniquifying either one. We certainly welcome the interest and assistance of the Linux community, and we feel that we have much to offer in return. It's also important to note that several other OS environments have successful releases or in-progress developments of UDI environments. I'd invite you to download UDI for your Linux environment and to peruse our specifications. We are an open community and welcome anyone with valid questions or an interest in working with us. Regards, Kevin Quick Project UDI Editor (and former Chairman) | ||
From: tom poe <tompoe@renonevada.net> To: letters@lwn.net Subject: Comment on "Pulling Back to IP" Date: Fri, 21 Sep 2001 11:54:15 -0700 Cc: "DMCA" <dmca_discuss@lists.microshaft.org> Hello: Your intro to the DMCA issue seems to be somewhat understated in my humble opinion: "The DMCA has stirred panic among some of our readers. While that bit of legislative muck isn't something to sneeze at, it isn't the cause of all changes to the open source world." From: 9/20/2001 issue. I suspect, after reading Pamela Samuelson's article at: http://www.sciencemag.org/cgi/content/full/293/5537/2028 most people will not only be educated at the level necessary to appreciate the "shuddering and convulsing" that is occurring, but the importance of what is happening in our Free Country, and around the world, unlike anything before. And while you're reading, I encourage everyone to take a moment, and imagine a world that begins with MS IPAQ devices, and ends with . . . Well, I leave it to the readers to think about such a world. A world made up of "approved" devices, Internet2, which carries only privileged information for governments and the chosen few, and ICANN domain controls yet to come. Tom | ||
From: Jarkko Santala <jake@iki.fi> To: <letters@lwn.net> Subject: Comment on 3D Date: Fri, 21 Sep 2001 20:18:28 +0300 (EET DST) Hi all, Something came into my mind when I was reading the front page article where 3D acceleration was mentioned. You pointed out that for the desktop itself 3D is completely unrequired, which is true. But think of this: a user has to choose between platforms A and B, where platform A will run her desktop applications like word processing but 3D acceleration which is need for games is not supported, whereas platform B does an equally good job on the desktop and also supports all the latest and fastest bleeding edge 3D graphics adapters. Which one would you choose? -jake ps. the movie industry and other professionals who need fast 3D in their work are another story altogether... -- Jarkko Santala <jake@iki.fi> http://www.iki.fi/jake/ System Administrator Cell. +358 40 720 4512 | ||
From: billy foss <fossinrtp@netscape.net> To: letters@lwn.net Subject: Digital Copyright Solutions Date: Fri, 21 Sep 2001 01:52:49 -0400 Has the open source community presented an open alternative for digital rights management? It would seem that the open source community would respect the licenses given by digital media creators. We rely on copyright law to keep the GPL freedoms. Given the failures of proprietary security methods maybe the MPAA, Adobe, Disney, etc could be persuaded to consider an open solution. An open solution would provide the best oppertunity to fix any weaknesses before a full implementation. Of course, the content owners would have to sponsor some company to design and implement a solution. They should also fund third-party studies of the algorithm and implementation to ensure security. If the digital media is important enough to sue any possible threat, then it should be important enough to fund the research to do it right. The problem with the current approach of preventing research into breaking encryption and digital rights management is that it only stops the good guys looking for bugs to discover. It does not stop the bad guys from looking for bugs to exploit. Both will find the bugs, but only one side will tell you about it nicely. Billy Foss | ||
From: sewalton@aep.com To: netadmin@TechRepublic.com Subject: Article comment Date: Wed, 26 Sep 2001 15:52:30 -0400 Cc: lwn@lwn.net John McCormick's article entitled "By the numbers: Comparing Windows security to Linux" details some claims that don't add up. First of all, he does not include severities with the defects. Severity is very important for proper comparison. Similarly, it's not clear that he's only looking at vulnerabilities (not just bugs). Vulnerabilities are the primary concern to a net admin, security officer, and CIO. Also, the numbers he getting do not reflect the whole system on Windows. Linux is a kernel, so you have to evaluate an entire package or distribution for vulnerability. If a Linux system just had the kernel and no other tools (like as in a NAT firewall), you would see far fewer vulnerabilities. Windows, on the other hand, breaks out many functions into tools and services. So, to get the whole picture, you have to search on the entire package, including both the OS and the tools. If you use the ICAT website (http://icat.nist.gov/icat.cfm), which draws its info from several vulnerability databases, you get different numbers than what Mr. McCormick presents: |-----------+-----------+-----------+-----------+-----------+-----------| | Platform | Within 3 | Within 6 | Within 12 | Within 24 | All | |(Severity) | Months | Months | Months | Months | | |-----------+-----------+-----------+-----------+-----------+-----------| | Microsoft| 20 | 26 | 58 | 95 | 130 | | (High)| | | | | | |-----------+-----------+-----------+-----------+-----------+-----------| | Microsoft| 29 | 38 | 84 | 163 | 229 | | (Medium)| | | | | | |-----------+-----------+-----------+-----------+-----------+-----------| | Linux| 12 | 13 | 44 | 96 | 146 | | (High)| | | | | | |-----------+-----------+-----------+-----------+-----------+-----------| | Linux| 11 | 15 | 50 | 86 | 124 | | (Medium)| | | | | | |-----------+-----------+-----------+-----------+-----------+-----------| These numbers are cumulative and do not reflect the number of outstanding defects. The primary advantage of OpenSource is the very fast turn around times -- days as compared to Microsoft's months. ---------------------------------------------- Sean Walton Senior IT Consultant Author of "Linux Socket Programming" American Electric Power | ||
|