|
ru.linux
- RU.LINUX ---------------------------------------------------------------------
From : Sergey Lentsov 2:4615/71.10 30 May 2002 16:15:15
To : All
Subject : URL: http://www.lwn.net/2002/0523/
--------------------------------------------------------------------------------
[1][LWN Logo]
[LWN.net]
Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all
interests
Sections:
Main page
[2]Security
[3]Kernel
[4]Distributions
[5]Development
[6]Commerce
[7]Linux in the news
[8]Announcements
[9]Letters
[10]All in one big page
Other LWN stuff:
[11]Daily Updates
[12]Calendar
[13]Linux Stocks Page
[14]Book reviews
[15]Penguin Gallery
[16]Archives/search
[17]Use LWN headlines
[18]Advertise here
[19]Donate to LWN
[20]LWN Supporters
[21]Contact us
Recent features:
- [22]RMS Interview
- [23]2001 Timeline
- [24]O'Reilly Open Source Conference
- [25]OLS 2001
- [26]Gael Duval
- [27]Kernel Summit
- [28]Singapore Linux Conference
- [29]djbdns
Here is the [30]permanent site for this page.
See also: [31]last week's LWN.
Leading items and editorials
The war requires closed source? Consider, for a moment, [32]this eWeek
article, which covers Microsoft VP Jim Allchin's testimony at the
antitrust trial:
A senior Microsoft Corp. executive told a federal court last week
that sharing information with competitors could damage national
security and even threaten the U.S. war effort in Afghanistan.
Mr. Allchin, of course, is worried about the technical disclosure
requirements that the nine dissident states are trying to work into
the antitrust settlement.
A high-profile, upstanding, public company like Microsoft would
certainly never dream of using the war in Afganistan just to avoid
some commercial discomfort, so one concludes that this threat must be
real. The national security of the United States, it would seem, is
dependent on the continued security-through-obscurity of closed source
code.
Of course, there is no way, really, to know if that claim is true or
not. The code is closed, so we will never know where the problems
might be until somebody breaks it. The public does not know, the
government does not know. There is no way to verify the security of
code that is running in truly mission critical situations. Not cool.
The time for entrusting one's security to closed code has certainly
passed. That time has passed whether the system in question is used by
the kids to play games, is a corporate web server, is used by the CEO
to play games, or is used by a general to run a military operation. If
you cannot look at your software, you are depending entirely on the
"trust me" claims of a corporation which has its own interests at
heart. That is not a good position to be in, and it is increasingly
unnecessary. The sooner that free software finds its way into "mission
critical" applications, the safer we will all be.
Software and warranties. Software is a strange business, in that it
manages to escape the consequences of its mistakes in a way that few
other industries can manage. If your disk drive explodes, your car's
wheels fall off, your toaster catches fire, or your beer fails to make
you attractive to the opposite sex, you can sue the manufacturer for
damages. Well, maybe the brewer will get away with it. But, in
general, vendors cannot escape liability for the things they sell -
except for software vendors.
There is a rumbling in the distance, however, that suggests that
pressure for change is increasing. The National Academy of Sciences
has called for software vendors to be liable for defects in their
products. Bruce Schneier has also [33]called for liability as a way of
reducing security problems:
If we expect software vendors to reduce features, lengthen
development cycles, and invest in secure software development
processes, they must be liable for security vulnerabilities in
their products.
No doubt liability would change life for software vendors; they would
be forced to concentrate far more attention on reliability and
security. The cost of software would go up to fund that effort and to
pay for liability claims. It would be a different world.
Life would change for free software too, however. If a developer can
be sued for a bug which appears in software which was released for
free, the supply of free software will dry up in a hurry. Free
software developers do not have the resources for fanatical quality
control procedures or to buy insurance against liability suits. The
free software development process depends heavily on users to help
find problems.
Distributors of free software also have much to fear from exposure to
product liability suits. Some Linux distributors are more careful than
others, but they all package up vast amounts of software that they did
not write, and for which they are in no position to write guarantees.
The software business as a whole, perhaps, is not yet in a position to
assume liability for its products. The state of the art in software
development remains primitive. Yet it would be a good thing to
encourage software producers to focus more on the reliability and
security of their offerings. But any such change must be done in a way
that does not destroy the free software ecology.
One possible position to take could be that closed-source software,
being a proprietary black box, should come with warranties and
liability coverage. By making its source available (not necessarily
with a free license) a company could enable others to audit its
software, and, in the act, transfer liability to the users of that
software. All free software would, thus, retain its current "no
warranty" status. Don't expect proprietary software companies - and
the congressmen they buy - to be pleased with that idea, however.
2600 case appeal denied. A U.S. Federal Appeals Court declined to
review the 2600 DVD case, leaving the lower court ruling unchanged.
Thus, it is still illegal to post the DeCSS code, or even a link to
it. The one remaining option at this point is to appeal to the Supreme
Court; no decision, yet, has been announced as to whether that course
will be followed or not.
The LWN.net Weekly Edition will not be published next week so that the
LWN staff can enjoy the Memorial Day holiday, and so we can finish up
a surprise that we hope to make available soon. The [34]daily updates
page will be maintained as usual, and the Weekly Edition will return
on June 6.
Inside this LWN.net weekly edition:
* [35]Security: Goodbye rlogind; fingerprint scanners; OpenSSH and
Mailman releases
* [36]Kernel: New quota code; the end of /dev/port, misusing
copy_*_user.
* [37]Distributions: Clustering and the Linux distribution;
ClosedBSD.
* [38]Development: GCC 3.1, MnoGoSearch 3.2.4, Analog 5.23, Guikachu
1.2.0, OpenSSH 3.2.2, AlsaPlayer 0.99.70, WaveSurfer 1.4, Netscape
7.0 Preview Release 1.
* [39]Commerce: FSF Files Brief Amicus Curiae in Eldred v. Aschroft
Supreme Court Case; Ericsson Joins Open Source Development Lab.
* [40]Letters: Outlawing markers; RMS and GNU/Linux.
...plus the usual array of reports, updates, and announcements.
This Week's LWN was brought to you by:
* [41]Jonathan Corbet, Executive Editor
May 23, 2002
Sponsored Link
[42]Cheap and Effective
LWN's text ads are a cheap and effective marketing tool for your
organization. You can now purchase text ads automatically through our
own credit card gateway. (No more PayPal).
[43]Next: Security
[44]Eklektix, Inc. Linux powered! Copyright Л 2002 [45]Eklektix, Inc.,
all rights reserved
Linux (R) is a registered trademark of Linus Torvalds
References
1. http://lwn.net/
2. http://lwn.net/2002/0523/security.php3
3. http://lwn.net/2002/0523/kernel.php3
4. http://lwn.net/2002/0523/dists.php3
5. http://lwn.net/2002/0523/devel.php3
6. http://lwn.net/2002/0523/commerce.php3
7. http://lwn.net/2002/0523/press.php3
8. http://lwn.net/2002/0523/announce.php3
9. http://lwn.net/2002/0523/letters.php3
10. http://lwn.net//2002/0523/bigpage.php3
11. http://lwn.net/daily/
12. http://linuxcalendar.com/
13. http://lwn.net/stocks/
14. http://lwn.net/Reviews/
15. http://lwn.net/Gallery/
16. http://lwn.net/archives/
17. http://lwn.net/op/headlines.phtml
18. http://lwn.net/mediakit/
19. http://lwn.net/corp/paypal/donate.php3
20. http://lwn.net/corp/supporters.php3
21. http://lwn.net/op/Contact.html
22. http://lwn.net/2002/features/rms.php3
23. http://lwn.net/2001/features/Timeline/
24. http://lwn.net/2001/features/oreilly2001/
25. http://lwn.net/2001/features/OLS/
26. http://lwn.net/2001/features/MandrakeSoft.php3
27. http://lwn.net/2001/features/KernelSummit/
28. http://lwn.net/2001/features/Singapore
29. http://lwn.net/2001/features/djbdns.php3
30. http://lwn.net/2002/0523/
31. http://lwn.net/2002/0516/
32. http://www.eweek.com/article/0,3658,s%253D701%2526a%253D26875,00.asp
33. http://www.counterpane.com/crypto-gram-0204.html#6
34. http://lwn.net/daily/
35. http://lwn.net/2002/0523/security.php3
36. http://lwn.net/2002/0523/kernel.php3
37. http://lwn.net/2002/0523/dists.php3
38. http://lwn.net/2002/0523/devel.php3
39. http://lwn.net/2002/0523/commerce.php3
40. http://lwn.net/2002/0523/letters.php3
41. mailto:lwn@lwn.net
42.
http://oasis.lwn.net/oasisc.php?s=2&c=5&cb=1231275721&url=http%3A%2F%2Flwn.net%2
Fcorp%2Fadvertise%2Ftext%2F
43. http://lwn.net/2002/0523/security.php3
44. http://www.eklektix.com/
45. http://www.eklektix.com/
--- ifmail v.2.14.os7-aks1
* Origin: Unknown (2:4615/71.10@fidonet)
Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
| Тема: |
Автор: |
Дата: |
|
URL: http://www.lwn.net/2002/0523/ |
Sergey Lentsov |
30 May 2002 16:15:15 |
|
|
