LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

LWN Weekly Edition

Front page
Security
Kernel development
Distributions
Development
Linux in Business
Linux in the news
Announcements
Letters to the editor
->One big page

 

This page

Previous week
Following week

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

openSUSE and the distribution of proprietary software

LPC: What's happening with webcams

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

LWN.net Weekly Edition for October 17, 2002

The Eldred v. Ashcroft arguments

Eldred v. Ashcroft, the copyright case described on this page two weeks ago, was argued before the U.S. Supreme Court on October 9. This case remains interesting because it asks a fundamental question: are there constitutional limits on the monopoly rights that the Congress can grant to copyright holders? A 20-year extension on copyrights is not, itself, that important to the free software community - by the time 70-year-old software might pass into the public domain, most users are likely to have upgraded to something else, libc5 die-hards excepted. But the question of limits on Congressional power bears directly on issues like the DMCA, the CBDTPA, and others. This case matters.

We're going to have to wait some months to find out how it went, though. The Supreme Court doesn't rush into these things. Until then, the definitive commentary on how the arguments went has to be Lawrence Lessig's weblog:

The Court clearly got it. Though the other side had written literally 300 pages trying to show all the good CTEA did (and pronounce it like it is a disease -- sateeeya), the Court hadn't bought any of it. Congress was not acting to promote progress, it was acting to reward "court favorites." The only question the Court was struggling with is whether it has the power to do anything about it.

Go read the whole thing, it's worth it. Lawrence Lessig and all those who have worked on the Eldred case over the last few years deserve our thanks for taking on this fight. Let's hope they get some sleep soon.

Comments (5 posted)

Monocultures and software security

A vulnerability which allows a cracker to break into a computer is, in general, a bad news. But a vulnerability which exposes a large percentage of the entire network can be catastrophic. There will come a day when a truly malicious individual or group finds a hole first and makes use of it to trash as many machines as possible; how can one, reading the headlines, doubt that claim? We have been lucky that it has not happened yet.

When that time comes, our biggest problem will be the "monocultural" aspect of much of the software landscape. If everybody is running the same software, it only takes a single vulnerability to expose all systems. Unfortunately, that is exactly the situation we find ourselves in with a number of security-critical applications. Consider Apache, OpenSSH, Bind, and Sendmail for starters. Each accounts for well over half the installed systems in its class. A vulnerability in any of these programs puts a large portion of the net at risk.

Of course, it is easy to point out that this situation is going to bite us. It is harder to suggest things to be done about it.

The free software community produces a great diversity of products. There are, seemingly, almost as many editors available as users to run them. We have multiple desktops, numerous mail clients, a wealth of scripting languages, etc. But the core infrastructural components tend to narrow down to a small number of choices. We have many shells, but only one secure shell protocol and implementation worthy of note. When a free infrastructure component achieve dominance, it seems a waste of time to work on (or use) a competitor. That is a perception that, perhaps, needs to change.

If we can improve the diversity of our network ecosystem, we will all be better off as a result. A wide choice of distributions (and operating systems), along with multiple machine architectures, is a good start; exploits tend to be specific to a particular distribution and processor. But we really need a wealth of choices for the individual software components as well. In some areas (i.e. mail transfer agents) that range of choices exists now. But in others it does not: where are the viable, free alternatives to OpenSSH and Bind? We will all be better off when popular alternatives to those programs emerge - even if we do not run them ourselves.

Comments (24 posted)

LWN Status Update

As of this writing, there are just under 2000 subscribers to LWN.net. As we had expected, the rate of new subscriptions has dropped off; we are going to have to work harder to attract more subscriptions at this point.

Nonetheless, we have as a goal the doubling of our subscriber count in the next few months. If we can do that, we'll have a stable base upon which to build the LWN for the next five years. We're still working on just how we'll pull that off; if any of you have suggestions on ways to attract more subscribers, we would love to hear them at lwn@lwn.net, or as comments posted to this article.

We sure would like to see some more corporate subscriptions as well; the response from Linux-oriented companies (and others) has, so far, been below our expectations.

Meanwhile, we will begin making some other changes to help LWN live within the means available to it. One step in that direction will be the elimination of the "Linux in Business" page starting next week. We will continue to watch press releases for relevant news, and the really interesting ones will show up on the Announcements page. but the big, categorized press release section will be going away.

In the long term, it hard to imagine how we can get to where we want to be without top-quality business coverage. But LWN does not have that now, and maintaining a page marked "Linux in Business" does not change things. Readership of that page has been low for years. We are determined that the Linux in Business page will return when we are able to do a high-quality job of it. But, for now, we'll do without. We will also probably be dropping the Linux stocks page; it is a maintenance hassle, and, as traffic on the page shows, Linux stocks just aren't all that interesting these days.

We are doing everything we can to maintain and improve our development, legal, and security coverage. There is no end of interesting stuff going on in the free software community, and we want to do an ever-better job of bringing it to you. Stay tuned.

Comments (63 posted)

Page editor: Jonathan Corbet

Inside this week's LWN.net Weekly Edition

  • Security: LinSec stable release; new vulnerabilities in dvips, heartbeat, and syslog-ng
  • Kernel: The volume manager choice; kiobufs gone; Xbox patches; LSM network hooks
  • Distributions: Openwall GNU/*/Linux (Owl) 1.0 release; Linux Distributions - Facts and Figures (DistroWatch)
  • Development: PIKT 1.16.0, MySQL 3.23.53, OpenSSH 3.5, mnoGoSearch 3.2.7, Phoenix 0.3, KDE 3.0.4, Quanta HTML editor, PHP 4.3.0pre1, Python 2.2.2 First Alpha of KDevelop 3.0.
  • Commerce: Progeny launches 'Platform Services'; SuSE Linux Openexchange Server announced
  • Press: MIT releases courseware, DMCA critics get an ear, UnitedLinux desktop, Rethinking the GUI, Eldred v. Ashcroft.
  • Announcements: UK Free Software Network, LyX Quickstart, Open Source conference in Washington, DC.
  • Letters: BitKeeper license; prioritizing LWN content
Next page: Security>>

Copyright © 2002, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds