|
ru.linux- RU.LINUX --------------------------------------------------------------------- From : Sergey Lentsov 2:4615/71.10 07 Jun 2001 17:16:50 To : All Subject : URL: http://lwn.net/2001/0607/letters.php3 -------------------------------------------------------------------------------- [1][LWN Logo] [2]Click Here [LWN.net] Sections: [3]Main page [4]Security [5]Kernel [6]Distributions [7]On the Desktop [8]Development [9]Commerce [10]Linux in the news [11]Announcements [12]Linux History Letters [13]All in one big page See also: [14]last week's Letters page. Letters to the editor Letters to the editor should be sent to [15]letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. June 7, 2001 From: "Michael Hunt" <michael.j.hunt@usa.net> To: <letters@lwn.net> Subject: Some positive thoughts on the Desktop section Date: Thu, 31 May 2001 12:30:24 +0100 It seems lately that Hammel has been getting some flack over his writings for LWN's Desktop section and while I can see the point of peoples claims (i.e. that the feel of the writing is not in the tradition or spirit of LWN) I do want to point out some positive points (since I am ever the optimist). 1. This weeks Desktop section was the best so far and I think much more in line with what readers expect from LWN. Having read Michael's GIMP book the expertise on Linux printing is to be expected and shows through and I wish to applauded him for the quality of it. 2. His pointers to good resources on the subject of printing showed research and allowed people who were interested in the topic to pursue it, while leaving others free to move on. 3. Comment was concise and to the point. It was also stated in a "mater of fact" way not a "I think this is right". 4. News coverage was to the point and not long winded. I understand that any new direction that LWN takes is going to be meet with challenges such as readership acceptance, maintaining of style, keeping your core focus etc. So far the desktop section has not entirely meet all of these satisfactorily but if this weeks edition is anything to go by you are getting much closer. Michael Hunt An Aussie in Africa P.S. As a GNOME user I have enough trouble just trying to stay up to date with it let alone all the other desktops out there. From: Hans-Peter Fischer <hp.fischer@heidenheim.com> To: letters@lwn.net Subject: On The Desktop Date: Thu, 31 May 2001 19:10:51 +0200 (CEST) Dear editor, I am writing to you because I am somewhat appalled by the hostile reaction of some of your readers to Michael J. Hammel's desktop column, especially Bret Mogilefsky's arrogant "he's got to go" comment. Have all these self-made desktop experts who can't stand witnessing somebody learning something forgotten how to skip an article they don't like? I have no intention to either install KDE or Gnome on my machine because I don't see what they could possibly do for me that fvwm2 can't and because I like all my applications look and behave differently, but I still enjoy reading Mr. Hammel's column simply because it is well written, and sometimes also informative. What I find annoying about LWN is something totally different, namely that it has become more and more "business-minded" over time, and apparently so without any member of the "free" Linux community complaining. So why not split LWN in two: one edition about Linux - in which there would certainly be a place for Mr. Hammel - and one about stock quotes and business with/on Linux? Yours sincerely, Hans-Peter Fischer -- Visit [16]http://www.hei-news.de/ From: Robert L Krawitz <rlk@alum.mit.edu> To: letters@lwn.net Subject: Printing Date: Thu, 31 May 2001 21:05:19 -0400 I read the On The Desktop section of your May 31 edition with considerable interest. As the project lead for Gimp-Print, I'd like to explain the relationship between Gimp-Print, the GIMP, CUPS, and other printing systems. Gimp-print has indeed seen a major overhaul. It is no longer just the Print plugin for the GIMP; it can be used with CUPS, Ghostscript, Foomatic ([17]http://www.linuxprinting.org/foomatic.html), and (via Ghostscript) plain unadorned lpd and LPRng. At the core, it's organized as a set of dithering routines, color management (of a sort, presently rather ad-hoc), and a collection of drivers for the main families of printers we support (Epson, HP, Lexmark, and Canon). In 4.1 (the current development mainline), this was organized into a shared library that applications that need to generate printer output link against. The current clients of this library are the GIMP Print plugin, a CUPS driver, and a Ghostscript driver (named "stp" when compiled into Ghostscript). Using this package directly through Ghostscript is not recommended due to the large number of options; it's much more convenient to use it with CUPS or Foomatic. The GIMP plugin aside, the package is strictly a driver package. We leave spooling and rendering to people who are experts in that field, and work with those people to ensure that the interfaces between layers are appropriate for our needs. The focus of this project (at least since I started working on it) has always been on high quality output, comparable to or better than OEM drivers in many cases. Some of our developers have backgrounds in color and dithering theory and practice, and this has been of enormous value to the project. We're working on supporting additional printers, including high end professional devices such as the Epson Stylus Pro series of printers. I think that the name of the project, Gimp-Print, is confusing to many people; it's easy to assume that it's just the GIMP plugin. However, we've never succeeded in coming up with a better name, and to be perfectly honest, the association with the GIMP (the premier free end-user graphics application) isn't anything to be ashamed of :-) -- Robert Krawitz <rlk@alum.mit.edu> [18]http://www.tiac.net/users/rlk/ Tall Clubs International -- [19]http://www.tall.org/ or 1-888-IM-TALL-2 Member of the League for Programming Freedom -- mail lpf@uunet.uu.net Project lead for Gimp Print/stp -- [20]http://gimp-print.sourceforge.net "Linux doesn't dictate how I work, I dictate how Linux works." --Eric Crampton From: "Kevin Postlewaite" <kevin.postlewaite@tumbleweed.com> To: "'lwn@lwn.net'" <lwn@lwn.net> Subject: Response to LWN's statement about Linux security costs Date: Thu, 31 May 2001 12:25:25 -0700 In LWN's front page article about the relative security costs of Linux versus Windows, you wrote: "While it is nice to see a (hopefully) objective result that favors Linux, it is also a little disappointing. 5-15% is a fairly small margin; we should really be able to do better than that. It's a start, anyway. " I used to work for PricewaterhouseCoopers auditing computer security of our clients. We would go in and try to penetrate our clients' systems (with their permission, of course). The main flaws that existed did not have to do with the particular OS but depended on the skill and conscientousness of the system administrators, as well as the computerl security education of the company's employees. The most successful penetrations were obtained when some sysadmin would set the root password to root (or better yet, none at all) or have the Windows Administrator password be Administrator. Also, a surprisingly high number of employees would gladly give out useful information (including accounts and passwords) to people that they didn't know over the phone. People were the weakest link, not the OSes. Thus, I wouldn't expect that the underlying OS would affect the expected damages by much. Far more important than installing Linux is educating the users(not that they shouldn't install Linux anyway :-) ). -Kevin From: "First Name Last Name" <spamalabasura@my-deja.com> To: letters@lwn.net Subject: Software Auditing Date: Fri, 1 Jun 2001 13:39:32 -0700 Dear LWN editors, I read your front page article on the auditing of free software. You make a good point that not enough auditing is being done. Your articles in LWN can play a very beneficial role in encouraging more people to participate in the auditing process. Instead of describing auditing as 'tedious' and auditors as 'obscure participants' you could focus on successful code auditors. Probably the most active community in the auditing scene of Free Operating Systems is OpenBSD, led by Theo DeRaadt. For OpenBSD hackers, auditing is not tedious and auditors are 'star players'! All areas of software can be interesting once you find the right community. Some people say that writing installation packages is boring but you can ask Debian developers and they'll give you a very different perspective. In future editorial articles on the state of Linux auditing, you could add links to interviews to OpenBSD hackers on how fascinating code auditing can be and also add some pointers on where to learn more about this subject. Approach this subject with enthusiasm and you will encourage more people to do something similar for Linux. Best Regards, Eusebio C Rufian-Zilbermann ------------------------------------------------------------ From: "Charles Hethcoat" <CHETHCOA@oss.oceaneering.com> To: <lwn@lwn.net> Subject: On the auditing of free software Date: Fri, 01 Jun 2001 17:02:11 -0500 I think your outlook on auditing of code is a tad pessimistic. Sure, code may sit there for years, but I feel it probably gets the attention that it warrants. That is, if it gets little attention, then it's probably doing its job pretty well. The key condition, to me, is that the code is _there_, available for review when necessary. When some situation arises that triggers an widespread audit, then a rapid period of bug squashing ensues. Having open code helps assure that the number of bugs steadily approaches zero over time. The time scale may be hours, days, or years, but I find it reassuring to know that it's headed in the right direction. Compare this to the situation with closed code. Here, you don't have any assurance that anybody is doing anything, at least if you are not a part of the organization that owns the code. Look at how the immortal DOS and Windows bugs remain a part of the landscape forever, even though they are widely known to have caused all sorts of problems for people. Charles Hethcoat Oceaneering Space Systems From: Mike Coleman <mkc@mathdogs.com> To: letters@lwn.net Subject: Re: The Boundaries of GPL Date: Thu, 31 May 2001 23:29:14 -0500 (CDT) Cc: "Chad C. Walstrom" <chewie@wookimus.net> Chad C. Walstrom's suggestion that the Linux kernel licensing issues could be solved by "unifying" the copyrights of code contributed to the kernel, transferring "copyright control" to the FSF or a newly created non-profit organization, begs the question. The problem itself is that it is not feasible to get all of the past contributors to agree to anything, including any such transfer. (Many would see this as good fortune rather than a problem, in any case.) I believe Mr. Walstrom's characterization of RMS and the FSF as "Marxist-like" is a baseless attack. If he feels that they are a bit too left-leaning for his tastes, though, then he must be absolutely howling with rage at those corporations and individuals who (pounding their shoes on the podium) insist that of us who GPL our software are obliged to instead give our work away without compensation (i.e., by switching to a non-GPL license). Marxist indeed ! -- Mike Coleman, mkc@mathdogs.com [21]http://www.mathdogs.com -- problem solving, expert software development From: Fred Mobach <fred@mobach.nl> To: Linux Weekly News <lwn@lwn.net> Subject: Re: The Boundaries of GPL Date: Sat, 02 Jun 2001 23:03:13 +0200 "Chad C. Walstrom" <chewie@wookimus.net> wrote : I highly doubt that all the Linux kernel developers could be convinced to sign over copyright control to their contributions to the FSF, as not too many people buy in to the Marxist-like views of RMS and the FSF. It is still every time very offending to read about the "Marxist-like" views of Richard Stallman. Mr. Walstrom should _prove_ why he states this or he should shut up. A little bit of study on marxism and the FSF might help him, although I'm not sure ;-). Regards, Fred -- Fred Mobach - fred@mobach.nl - postmaster@mobach.nl Systemhouse Mobach bv - The Netherlands - since 1976 The Free Transaction Processing Monitor project : [22]http://www.ftpm.org/ From: "Chad C. Walstrom" <chewie@wookimus.net> To: Mike Coleman <mkc@mathdogs.com> Subject: Re: The Boundaries of GPL Date: Fri, 01 Jun 2001 02:51:51 -0500 Cc: letters@lwn.net To Mr. Mike Coleman: Howling? Baseless attack? You misinterpret me quite wildly, and base some far fetched assumptions about my character from that misinterpretation. My classification of FSF policies as Marxists is not an attack at all. To refute this classification, however, is in most cases an amusing knee-jerk reaction to a "bad word". I do not place a value upon the policies the Free Software Foundation or of Marxism in general, I simply pointed out a commonly accepted observation that the FSF exemplifies many of the same principles. The question about my personal position has no bearing on the conversation. What we do agree on, to some extent, is that it may be difficult to "sign over" control of the Linux kernel from each of its contributors to the FSF or any other centralized foundation. Organizing such a move is no small task. Regardless, these logistics are somewhat off-topic in reference to the original article, which addressed the relationship between a GPL software product and proprietary modules that interface with that product. It is a topic that relates to any similarily licensed products, and one that needs further legal clarification. -- Chad Walstrom <chewie@wookimus.net> | a.k.a. ^chewie [23]http://www.wookimus.net/ | s.k.a. gunnarr Key fingerprint = B4AB D627 9CBD 687E 7A31 1950 0CC7 0B18 206C 5AFD From: Tres Melton <class5@pacbell.net> To: letters@lwn.net, djb@cr.yp.to, rms@stallman.org, class5@pacbell.net Subject: License trouble everywhere. Date: Sat, 02 Jun 2001 02:41:57 -0600 Dear Editor, I realize that I'm a little late in addressing this issue as you wrote about it in the 24 May 2001 issue. But after reading Richard M Stallman's speech and various other tidbits regarding the licensing of ip_filter and tcp_wrappers ([24]http://bsdtoday.com/2001/June/Features496.html) I thought that this issue might need to be re-examined. Particularly in light of the other article that you wrote regarding djbdns. You mentioned the license as not being free to modify and redistribute djbdns (qmail, and ucspi-tcp). The reasons for this are Mr. Bernstein's and are related to security. It seems that he doesn't want to have modified versions that might have security problems running around the Internet for people to download thinking that he has given them his blessing. I have been a programmer for many years but security is not my forte. I have audited his code (to the best of my abilities) and am reasonably sure of its security; enough to be running his software on my machines. I find his code to be exceptionally clean and well thought out. This is in stark contrast to some of the other servers (sendmail, bind, etc.) that are distributed with the various GNU/Linux distributions. These programs seem to focus on features to the detriment of security. Was it not a security flaw in sendmail that brought the Internet to its knees in the 80's? I believe the first time the major news outlets covered the Internet was to say that it was being devasted by an unkown problem and most of the major sites were pulling the plug to The 'Net until they could fix it. Although that was a bit before my time I'm currently very aware of the various bugs that have been exploited recently in multiple BIND vulnerabilities to create a multitude of migrains for various system administrators throughout the world. A great deal of software that I use that is considered free and/or open and I enjoy tinkering with it. I also enjoy the new features that come out on a regular basis. Unfortunatly some of these features come out without serious thought put into their security. When it comes to running these programs on my desktop, behind my firewall, with limited local access, I can easily tolerate these mistakes in the name of progress. When it comes to a corporate server that is exposed to the Wild, Wild, 'Net that is a different story. In that case I'm very thankful that programs written by Mr. Berstein have his seal of approval; not to mention having survived the security bounty that he has placed on these programs: [25]http://cr.yp.to/djbdns/guarantee.html "I offer $500 to the first person to publicly report a verifiable security hole in the latest version of djbdns" I believe that qmail had a similair bounty for awhile too. I realize the difference between DJB's programs and ipfilter is that ipfilter is embedded within an OS with its own license and not running ontop of it as a service. And I'm not sure how to address a license that is a small part of a whole product with a different license, as in the case of BSD and ipfilter. I do know that I'm willing to accept things like: [26]http://cr.yp.to/qmail/dist.html If you want to distribute modified versions of qmail (including ports, no matter how minor the changes are) you'll have to get my approval. This does not mean approval of your distribution method, your intentions, your e-mail address, your haircut, or any other irrelevant information. It means a detailed review of the exact package that you want to distribute. if it means that I can be assured that the code has undergone a thorough security audit by the author and has his/her seal of approval. I know that Linus keeps a tight leash on 'his' kernel: as distributed by kernel.org but that it doesn't always get the review that it might need. The various forks of Linux are even more murky. I would be in favor of the firewalling code and other security portions of the kernel either not being modified or having the modifications approved by the authors. I know that RMS might not agree but he has the expertise to verify his own code. Some of us do not. The freedoms granted by the GPL are very important to me but so is secure code. There are certain circumstances in which I would be willing to forgo the third freedom of the FSF as RMS put it: [27]http://www.gnu.org/events/rms-nyu-2001-transcript.txt (aprox 1/3 of the way down) And Freedom Three is the freedom to help build your community by publishing an improved version so others can get the benefit of your work. The only places that I would forgo this freedom is in the area of security. Perhaps the solution is to change the license to include an author's seal of approval and allow modification provided that the seal of approval is removed. Afterall what would happend to qmail if DJB got hit by a truck and later a bug was discovered. Could it never be fixed? Would the software fade away? What if he gets hit before he migrates djbdns to IPv6? What would happen to these quality pieces of software? Tres Melton class5@pacbell.net From: Richard Stallman <rms@gnu.org> To: class5@pacbell.net Subject: Re: License trouble everywhere. Date: Sat, 2 Jun 2001 14:48:49 -0600 (MDT) Cc: letters@lwn.net, djb@cr.yp.to, class5@pacbell.net It is clear that your goals and values are very different from mine. I don't think technical merit can make up for a lack of freedom to distribute modified versions, any more than a capable despot who makes the trains run on time can make up for a lack of democracy. [28]Eklektix, Inc. Linux powered! Copyright Л 2001 [29]Eklektix, Inc., all rights reserved Linux (R) is a registered trademark of Linus Torvalds References 1. http://lwn.net/ 2. http://ads.tucows.com/click.ng/pageid=pageid=132-000-001-001 3. http://lwn.net/2001/0607/ 4. http://lwn.net/2001/0607/security.php3 5. http://lwn.net/2001/0607/kernel.php3 6. http://lwn.net/2001/0607/dists.php3 7. http://lwn.net/2001/0607/desktop.php3 8. http://lwn.net/2001/0607/devel.php3 9. http://lwn.net/2001/0607/commerce.php3 10. http://lwn.net/2001/0607/press.php3 11. http://lwn.net/2001/0607/announce.php3 12. http://lwn.net/2001/0607/history.php3 13. http://lwn.net/2001/0607/bigpage.php3 14. http://lwn.net/2001/0531/letters.php3 15. mailto:letters@lwn.net 16. http://www.hei-news.de/ 17. http://www.linuxprinting.org/foomatic.html 18. http://www.tiac.net/users/rlk/ 19. http://www.tall.org/ 20. http://gimp-print.sourceforge.net/ 21. http://www.mathdogs.com/ 22. http://www.ftpm.org/ 23. http://www.wookimus.net/ 24. http://bsdtoday.com/2001/June/Features496.html 25. http://cr.yp.to/djbdns/guarantee.html 26. http://cr.yp.to/qmail/dist.html 27. http://www.gnu.org/events/rms-nyu-2001-transcript.txt 28. http://www.eklektix.com/ 29. http://www.eklektix.com/ --- ifmail v.2.14.os7-aks1 * Origin: Unknown (2:4615/71.10@fidonet) Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор
Архивное /ru.linux/2030808c78760.html, оценка из 5, голосов 10
|