Weekly Edition
Return to the Letters page
| ||||||||||||||||
PLEASE do some real research before sounding off!
Dear John Quoting http://www.cio.com/archive/070103/et_pundit.html - > Second, a lot of the intellectual property in Linux is actually > owned by companies that never officially agreed to make it > available under an open-source license. I'd like to see it named. If it is *ever* named, I can promise you it will be replaced with dizzying speed. The SCO Group (TSG, they are not The Santa Cruz Operation) won't tell us which of the IP they claim as their own supposedly is contained in Linux. Mind you, TSG are claiming that everything since Babbage and Lovelace is conceptually included in their flavour of UNIX, which they have some licencing rights to (no patents, no trademark rights, and no official copyrights) and therefore they own everyone's OS, even Microsoft's. Please, since you're obviously clear on what IP is involved, identify it for us so that we can wash our hands of it! We play our cards with an open hand, John Parkinson. Everybody can see everything on our table. It makes no sense at all for us to steal code from anybody, because we know that it's out there for them to see, inspect, cross-reference, search, compare. If TSG had any real evidence of plagiarism, they need only show it to us and it's gone, rewritten in a flash. The fact that they have so totally sanitised the handful of "evidence" so far seen (under NDA) that it can't possibly be identified among the 3 or 4 million lines of code in Linux speaks volumes for the weakness of their case. I would expect TSG to sue people, and so should you - *if* you had done any serious research. Darl McBride has a history of being a suer, and The Canopy Group (the effective owners of TSG) are long-time suers too. If not Linux companies, then someone else. Their barratry is against IBM alone, not any other Linux company or user, and it's over contractual limitations, not over patents or copyrights. TSG are disputing software that they never wrote. > But there are others, including Microsoft, that could do the same > if they chose. Yes, Microsoft are certainly at liberty to sue - but over what? Microsoft's NT-series code-base is derived from MICA, a Vax/VMS variant so totally different to Linux even before it became MS-Windows that it would be much easier to write a new component from scratch than to try bending MS-Windows code to fit Linux. MS-Windows is alien to everything else. Linux, OS X, BeOS, Irix, FreeBSD all have more practices in common between them than MS-Windows has with anything else. It's worth noting that VMS features military-grade security which can be enabled with very little effort, but MS-Windows NT and derivatives are notorious for their lack of security (to say nothing of MS-Windows 9X). Many of my own customers asked me to install Linux for them specifically because they knew it was more secure and robust than the MS-Windows systems they had previously been using. > Open-source software is free in the sense of "free speech" > (which carries with it the connotations of certain rights > and obligations), not "free ride" (which implies something > for nothing). It can be both. The whole concept of price is a bit outdated when applied to Free/Open Source Software (FOSS). Someone who writes and releases FOSS can be "paid" in fame, in people improving his/her software for free, in people writing and improving related software for free, in work that was previously unavailable, in many ways. For the company employing FOSS, the up-front cost can make a significant difference, and despite the many other advantages of FOSS it is often cited as the primary reason for adoption. But the real advantages of FOSS lie elsewhere, and the bigger ones are implicit in not being owned by a company. Microsoft's software, for example, can never enjoy these benefits to the same degree. When a Microsoft employee writes software, it is Microsoft's software, not his/her own. When a FOSS programmer writes software, (s)he owns it. This one factor makes an enormous difference to the quality of product and responsiveness of support as viewed by the end user. When a program is FOSS, somebody else can audit it for security flaws or useability, and change things to see what effect it has. This is much more effective than a company doing its own auditing, since the auditor brings very little of the author's corporate culture to the table with them; they test things in different and unexpected ways and so find more flaws. When a program is FOSS, the authors are not as isolated from the end users as they are in a corporation. The feedback loop is so tight that it squeaks. When their program fails, the authors hear about it directly. They are often able to ask detailed questions on the spot that an ex-waiter with a tech-support knowledge base would never even think of. When a program is FOSS, there's no doubt or prevarication about how it achieves any particular task. As well as debug-and-trace on a program that you're trying to get interoperating with it, you have complete access to the FOSS program for step-by-step and fine-grained diagnoses. And of course no point in mystery protocols or proprietary barnacles like lumps of binary amid one's XML. If you want to learn about how a program, process or protocol works, you have a working practical real-world example before you to tweak and prod to your heart's content. Nobody can force you to upgrade a FOSS program or accept new, intrusive, insecure, unstable or dangerous features of it; the same cannot be said of software with something to hide. There are many, many ways besides the obvious ones in which FOSS saves you money, not just up front but also in TCO. Many of the TCO studies that I've seen do not even address these, yet time and time again I've seen an attribute peculiar to FOSS save an office several thousand dollars in consultancy time in ways that secret software could not. > By my count, Red Hat issued more critical patches to its Linux > distribution in 2002 than did Microsoft for the Windows 2000 > Server. Which of RedHat's many Linux distributions? Did you remember to also count the patches for MS-SQL Server, MS-Office, MS-Exchange, MS-Outlook, Microsoft's games and so on? Most modern Linux distributions include at least two each of SQL database servers, web servers, FTP servers, full-strength mail transfer agents, office suites, web browsers, email clients, instant messenger clients, multimedia players, integrated development environments, the list is endless. If Microsoft sold a CAD package, we'd even have something to compare patches with against with QCAD and friends. From Microsoft, you get Windows, from Linux distributors, you get a full house. If you're going to compare, it must be on an apples-to-apples basis. > The most successful open-source movement prior to Linux was the > hacker movement That statement is without rational meaning. There was no "hacker movement". People swapped recipes long before Richard Stallman was born; his GNU tools long predate Linux (many of them predate the GNU Manifesto you mention) and were in their time wildly successful. You mean "crackers" anyway, not "hackers". A cracker is malicious and destructive, a hacker is benign and constructive. Many crackers claim to be hackers, but they're mere wannabees. Hardware hackers basically invented computers, built the working implementations that led to what you sit in front of today. All crackers really do is write viruses, boast, and destroy stuff. Crackers are not predisposed to opening their sources, and often entertain themselves by burying unannounced back-doors in the closed-source "root kits" that they do release. Back Orifice, for example, is not Open Source. > not exactly the kind of folks that corporate decision-makers > want associated with their platform software What you have done here is create that association ex nihilo. Without careless, destructive and purportedly authoritative statements along these lines, no other association between crackers and the people making quality FOSS code exists or can exist. Have a look at the list of authors that contribute to a typical FOSS project: engineers, IT managers, scientists, system administrators. They are talented, constructive people. They exemplify the *enemies* of the destructive people you here claim sit in their places. Do you get both fresh water and salt from the same spring? Do car thieves suddenly turn around to tune your car, add a towbar and fix any scratches for free? To say that your assertion insults me as a FOSS developer is a gross understatement. > Some of these folks (reportedly from the fringes of the > open-source community) surfaced last week and shut down the > SCO website with a targeted denial-of-service attack that > used knowledge of Linux's innerworkings to improve its > effectiveness. And your evidence for that is...? Who reported that? Wouldn't it make more sense to assume that the attackers were black-hats glad to feel justified in doing something destructive? If you're going to badmouth people, John, at least have enough sense to be able to defend yourself against the libel charges when they arrive. > Is open source mature yet? Probably not-but it's certainly > getting closer. This statement is completely meaningless without comparison, and mostly meaningless with it. And do you use the software you damn with mixed praise? Would you really know what it's like? Is KMail more mature than virus-flypaper MS-Outlook? Yes. Is PostFix more mature than resource-hog management-nightmare MS-Exchange? Yes. Is Linux more mature than lets-shove-everything-in-slash-etc SCO? Yes. Is The GIMP more mature than PhotoShop? No, but it can do things that PhotoShop can't. Is Apache more mature than IIS? Yes. Is OpenOffice.org more mature than MS-Office? That depends on what you're doing with it. Software will never be "mature." There will always be more things you can do with it, more areas it can include and which it will be immature. You should be asking questions like "Is a FOSS product available to do X which is at least as functional, secure and reliable as its secret counterparts?" How does FOSS stack up on those terms? Web server? Check. FTP server? Check. SQL database? Check. File server? Check. Office suite? Check. Operating system? Check. VPN technology? Check. Mail application? Check. Web browser? Check. CD/DVD burner? Check. Development suite? Check. Sound editor? Check. Clustering? Check. Network management? Check. And so on. Pick a topic. Many of those are wildly more successful than most privately held counterparts, and/or have two or more candidates for the slot. For examples: Linux is pushing for the top seats in clustered computing, the same Linux that runs your workstation and maybe your router. The only other systems which seriously compete with it in the supercomputer arena are purpose-built Unices. Microsoft competes in TPC benchmarks only by using machines with twice the horsepower. Apache powers more than twice as many websites as IIS. Yes, "and so on". > Encouraging independent developers is an important part of the > innovation process in the software industry; and widely shared, > adequately protected intellectual property is a powerful > incentive for innovation. You're describing the GPL. It encourages independent development by adequately protecting the intellectual property of FOSS developers against poaching, and innovation by providing enough prerequisites that each innovator doesn't have to re-invent the wheel by themselves. But your article doesn't encourage independent development, it actively discourages it by undermining confidence in the very breed of software which is presently undergoing the most innovation. The bottom line is that the "issues" you raise are all phantoms, mostly wrong and often insulting. If you were trying to write a balanced article, you failed. If you were trying to cast destructive doubt upon Linux, you succeeded. Naysayers will be pointing to your article for years to come, not because they think it is in any way fair or balanced but because of the fear-inducing assertions in it. I'd very much appreciate you publishing a retraction. Cheers; Leon -- http://cyberknights.com.au/ Modern tools; traditional dedication http://plug.linux.org.au/ Committee Member, Perth Linux User Group http://slpwa.asn.au/ Committee Member, Linux Professionals WA http://linux.org.au/ Committee Member, Linux Australia (Log in to post comments)
selecting appropriate tone for FUD response Posted Jul 10, 2003 7:29 UTC (Thu) by simon_kitching (guest, #4874) [Link] Hi Leon,It's nice to see such a thorough rebuttal of the usual FUD, and written in such elegant prose too! What I'm wondering, though, is whether a slightly less -- ummm -- forthright tone may have been more productive in the end. You can't be expecting to change John Parkinson's opinion. So surely the point is to get this letter published on the CIO website. It would be a bold editor who would put your letter up as it stands (though perhaps as JP is a guest columnist rather than a regular one, there might be a chance). Of course I know what kind of letter the editors of CIO would be receiving from Microsoft's lawyers if an article appeared implying that Windows contained multiple copyright violations and that Microsoft-affiliated programmers were involved in attacking rivals' websites... Cheers, Simon
Sorry for the lag, getting into CIO was not the primary aim Posted Sep 24, 2003 9:07 UTC (Wed) by leonbrooks (guest, #1494) [Link] The primary aim was to work towards John Parkison never, ever doing something that stupid again. If he has to stick closer to real facts in his reporting, we come up looking roses, or at least rosier.I CC LWN on these things so that even if the magazine in question buries it, it'll probably get archived on the web, and the recipients can see that happening, which provides extra incentive for them to respond, at which point we're sailing and have some hope of steering a conversation. If I go too gently it simply gets ignored. IRL, most of what gets said against these maniacs gets ignored by them anyway. I also CC LWN so that others have answers in front of them if they search on the URL. If this makes a positive difference to one installation, it's probably worth writing 20 flames for. Finally, I CC LWN to encourage others to dust off their own prose. In terms of blowing chunks out of people's arguments I humbly bow to people like Jeff Waugh, who can usually achieve similar effects with less than a quarter of the verbiage, or John "maddog" Hall, also reknowned for cutting to the chase, cutting deep, and cutting out before it becomes laboured. Another honourable mention for Con Zymaris, who has a much better "political" approach but also deals with this kind of abuse. If they exist, how many others with latent surgical-flamethrower skills wait in the wings?
PLEASE do some real research before sounding off! Posted Jul 10, 2003 18:05 UTC (Thu) by shahms (subscriber, #8877) [Link] While I agree with a good portion of what you have to say, I just had a minor nit with your discussion of crackers: Back Orifice is not open source, but the updated-and-significantly-better BO2k by the same group (Cult of the Dead Cow) is GPL'd. I haven't looked into the latter tool in a while, but it can generally be seen as a full-fledged and secure remote administration tool for Windows. In fact, the CDC raised quite a stink a while ago when some commercial IDS added BO2k signatures to its warnings and I think they may have prevailed. I mostly object to your classification of the Cult of the Dead Cow as wholly "crackers." While not white-hat, the group does a good deal of security work that is released back to the community rather than horded in private and used to make "l33t crackz" and should probably be classified more of a "grey-hat" group.http://www.bo2k.com if you're curious.
Back at the orifice Posted Sep 24, 2003 9:03 UTC (Wed) by leonbrooks (guest, #1494) [Link] I mostly object to your classification of the Cult of the Dead Cow as wholly "crackers." Point taken, but nevertheless you can't call them white-hats either. I chose CDC for being well known.
PLEASE do some real research before sounding off! Posted Jul 10, 2003 21:08 UTC (Thu) by openhacker (subscriber, #1614) [Link] Leon,Very nice rebuttal...I encourage you to submit a rebuttal piece I can't believe he made a number of assertations like "he knows". He definitely is confusing "hackers" and "crackers" -- I agree open source has no intrinsic quality -- but comparing quantity of "critical patches" for redhat and windows 2000 -- this is so meaningless!! I've read about exploits in LWN and a lot are theoretical -- windows exploits are fixed after people start complaining!! (maybe). I haven't tried crashing windows machines recently, but for NT4 running netbios I had a surefire recipe to get BSOD -- try to log in, fail, send the next packet anyway!! I really don't understand what Parkinson means by "maturity" -- I used gcc/gdb in the late 80s and found it better than a number of commercial tools... I like software which works ;-) A lot of commercial software has a very
|
||||||||||||||||