Letters to the editor

Open Query: what replaces RedHat?

Yeah, I know; RedHat isn't really dying.
 
But I don't at all know how their Big New Idea is gonna work out, and I'm sure
I'm not the only guy building production customer boxes on RH7.3 because 8
was an orphan and I'm not completely comfortable with 9 yet (for servers;
it's pretty spiffy for the desktop).
 
Hell, AutoZone (mentioned in all the SCO fuss last week) is shipping RH7.2; I
saw a login prompt at a store recently.
 
So, what's a guy like me to do? Will there still be a frozen ISO of "the latest
RedHat distribution" that I can bang on, even in The New Environment? Do I
switch to Mandrake? (I'm a RedHat guy; the Debian layout leaves me cold,
alas.) Or do I go back to paying RedHat almost as much money as I always paid
SCO (sign of the cross) and switch to ES and AS, as they so clearly want me to?
 
Yeah, I need stability, but not as much as the people whom I read as their target
audience for AS and ES.
 
Cheers,
-- jra
--
Jay R. Ashworth jra@baylink.com

Member of the Technical Staff     Baylink                             RFC 2100
The Suncoast Freenet         The Things I Think
Tampa Bay, Florida        http://baylink.pitas.com             +1 727 647 1274
    OS X: Because making Unix user-friendly was easier than debugging Windows
        -- Simon Slavin, on a.f.c

Comments (8 posted)

Reply to Darl McBride's Open Letter to the Open Source Community

September 9, 2003
 
Open Letter to Darl McBride,
 
I would like to briefly respond to your open letter to the Open Source
Community, dated today. I consider myself to be a member of that community,
having developed Open Source software myself, although I do not claim to be
any kind of "leader", or to represent the views of other members of the
community.
 
Firstly, I would like to join you in condemning the Denial of Service
attacks that took place against your web servers. Using vandalism and
illegal tactics is not an appropriate way for people to respond, however
strongly they disagree with you or SCO's words or deeds. In your open
letter, you quoted Eric Raymond's reaction to the DoS attack, but you seemed
to suggest that he knows the identity of the perpetrator. I can't speak for
Mr Raymond, but I believe that in the letter you quoted from, he actually
said that he DID NOT know the perpetrator; it was an associate of the
perpetrator who contacted him. Do you have any evidence to suggest that Mr
Raymond is not co-operating with the authorities in helping them to bring
the perpetrator to justice?
 
The memory allocation code you mentioned, does, at first blush, appear to
have indeed been copied illegally by SGI, and perhaps SGI have got some
explaining to do. However, this is a very tiny part of Linux as a whole, and
the notion that "one million lines of UNIX System V protected code have been
contributed to Linux" is obviously based on an incredibly improbable reading
of copyright law in terms of what you consider to be "derivative works" (one
that if upheld, would turn copyright law on its head).
 
Contrary to what you suggest in your letter, in my experience members of the
Open Source community understand very well and fully respect copyright laws.
 
In fact, a very telling remark in you letter where you talk about
"transferring copyrights in contributed code to Open Source", leads me to
believe that we understand it better than you do Mr McBride. Open Source is
NOT THE SAME as Public Domain. Open Source software relies on Copyright Law
to protect the authors. There is no "transfer" to some nebulous Open Source
status. When I write a piece of software, I as the author, hold the
copyright on that work. When I choose to release it, I license it to my
customers using the GNU General Public License, the BSD license, or some
other Open Source license. My customers agree to the terms of the license.
If they violate the terms of the license (for example, they attempt to
sublicense my work in violation of the GPL), they are in breach of our
agreement, and they are misappropriating my work.
 
In your letter, you refer to "problems that exist in the current Linux
software development model". The Open Source development model, by its very
nature, is transparent. Any intellectual property problems can be quickly
identified and addressed because the code is out in the open. I contend that
there is absolutely no way for SCO to tell whether a closed-source system
such as Windows, AIX, etc. has code copied within it. You are holding the
Open Source community to a higher standard than the proprietary software
community.
 
Finally, I'd like to address the 5 points in your summary.
 
"1. Fair use applies to educational, public service and related applications
and does not justify commercial misappropriation."
 
I agree.
 
"2. Copyright attributions protect ownership and attribution rights-they
cannot simply be changed or stripped away."
 
Absolutely agree. Perhaps SGI have some explaining to do here. But also, I'd
like to hear your explanation of why the Regents of the University of
California attribution is missing from the Berkley Packet Filter that showed
up in your slides at the Las Vegas presentation?
 
"3. In copyright law, ownership cannot be transferred without express,
written authority of a copyright holder. Some have claimed that, because SCO
software code was present in software distributed under the GPL, SCO has
forfeited its rights to this code. Not so - SCO never gave permission, or
granted rights, for this to happen."
 
Again, I agree. And there certainly is nothing in the GPL that even mentions
the transferring of ownership of copyright to anybody. However, ANY TIME you
distribute Linux, which is the intellectual property of hundreds of authors,
you are BOUND, by Copyright Law, to the terms of the licenses granted to you
by those hundreds of individual copyright holders (the authors of Linux). So
if you were distributing Linux after you believed that there was tainted
code present in it, you were still bound by the license agreements with
those Linux authors.
 
Think about it Mr McBride. You are asking others to respect Intellectual
Property. Are you respecting the Intellectual Property of the authors of
Linux?
 
"4. Transfer of copyright ownership without express written authority of all
proper parties is null and void."
 
I agree again. Copyright is the property of the author, be it an individual,
IBM, HP, or whoever. I don't know how you can reconcile this statement,
which is clearly true, with your assertion that "one million lines of UNIX
System V protected code have been contributed to Linux"!
 
"5. One reason SCO sued IBM is due to our assertions that IBM has violated
the terms of the specific IBM/SCO license agreement through its handling of
derivative works. We believe our evidence is compelling on this issue."
 
I have not seen your agreement with IBM so I can't comment.
 
Regards,
Dafydd Walters
Open Source Developer.

Comments (1 posted)

Saving the earth from anarchy by eliminating the weakest link

 
This article is copyright free. Anyone is permitted to use, link
and publish it.
 
 
SAVING THE EARTH FROM ANARCHY BY ELIMINATING THE WEAKEST LINK
 
 
Finland, 2003-8-24
By Santeri Kannisto, SOT
 
 
The recent massive failure of the US electrical grid has got me thinking.
I've come to realize that our civilization is really quite vulnerable to
events that are completely beyond our control and influence. It didn't
make the international news, but the same kind of catastrophe happened
yesterday evening at an amusement park in Helsinki, Finland.
 
I was enjoying the fun-filled atmosphere with my 4 and 8 year old kids
when suddenly the electricity was cut off in Helsinki. In the space of
a few seconds, amusement rides became torture devices. Innocent kids and
adults hung upside-down, 10 meters in the air, without any means of
escape. What causes a failure of this magnitude?
 
Last week I lost my banking card on a hunting trip to northern Finland.
The cash machine accepted the card greedily, considered my transaction for
a disturbingly long time, and then decided to shut itself down...with my
card inside. Later, I learned from bank the reason: their cash machines
had become infected with a Windows virus. I couldn't help wondering what
effect this kind of thing might have had in the US, if it happened on
a larger scale, and for a longer time. No electricity, no cash --- it
could drive a country to anarchy! How is this sort of thing even possible
in the 21st century?
 
I've been working in the software industry for the last 12 years. I
started out as a software engineer, programming and designing various
systems. Then I moved on to managing projects and finally ended up running
a software house. One of realizations I have come to during my time is
that when it comes to software, problems will happen. It doesn't matter
how skilled people are, or what quality control processes are established.
 
Software problem can arise from so many causes --- from misunderstandings,
miscommunication, changing requirements, or simply because today's vast
and complicated computer systems are beyond the understanding of any
single human being. The basic weakness is people and the fault always
originates between the chair and keyboard. This is what makes it
impossible to achieve 100% fail-safe and foolproof software, despite
everything we do to reduce risks. Bug-ridden software is the weakest
point of modern society, posing a greater threat than even terrorism or
crime.
 
What can we do to shore up this weakness? Can we remove the danger
completely? No, unfortunately we can not. We have grown too reliant on
software, trusting it to control all aspects of our lives, even if we
know nothing about it. Airplanes fly with software, banks use software
for handling our money, power plants use software for configuring and
monitoring electric grid, hospitals need it to keeping people alive.
Isn't that scary! We use trust this thing called software to handle
matters of life and death.
 
We could reduce our vulnerability by employing armies of software
engineers, constantly on-call to deal with problems as they occurs.
We could subject software's source code to the scutiny of thousands of
eyes, alert for every possible flaw. We could ensure that systems are
designed with a thought for security. Are these ideas at all feasible?
How could they be implemented, and what would be the impact on
the software business?
 
The answer to these questions is Open Source. Open Source software
provides all these benefits and makes it possible for anyone to fix the
faults as fast as they are discovered. Open Source means that software is
being constantly examined by multitudes of people, letting us detect
faults before they risk lives. This new method of software engineering and
business makes customers and users independent of any particular company,
programming team or organization. It does this by giving anyone --- not
just the maker --- the right to fix faulty software. This reduces the risk
of bad software significantly. It's not enough just to be allowed to look
at the source code. What's the point of looking, if you're not allowed to
fix the problems you find?
 
It has been argued that Open Source will destroy the software industry,
because it makes software free (as in "free beer"). In reality, Open
Source just requires a different approach. It may well destroy or weaken
companies who cling to outdated models, but it creates opportunities for
new, forward-thinking companies who are willing to make the change for
the sake of humanity.
 
Here's the deal. You don't sell restrictive licenses and patent
everything in sight. Instead, you charge for tailoring software to
individual needs and you sell maintenance, support and development
services for the kind of software that is by nature risk-reducing.
 
From the business side of things, companies like ours are already
profitable, making nothing other than Open Source software. Whether
Open Source is a viable and sustainable business strategy is no longer
in question. It's just about having sane management, who understand
the concept of Open Source, and who don't expect too much, too quickly.
 
In my humble opinion I would feel much safer if I knew that the airplane
I fly with used Open Source software, if I knew that power plants relied
on systems they can review by themselves and that banks could fix
emerging security holes right away instead of waiting and hoping for
some third party update. It is my great hope that in the near future,
before it's too late, we will be able to eliminate modern society's
weakest link. We would be that much safer from anarchy caused by
innocent little software bugs.
 
 
 
Santeri Kannisto
tel. +358 440 833 982
e-mail sk@sot.com
 
[http://www.sot.com/en/press/2003-09-08_Article.txt]

Comments (5 posted)