From fsb-return-5394-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu Mar 15 21:58:53 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 73879 invoked from network); 15 Mar 2001 21:58:53 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (qmailr@192.203.178.14) by taz3.hyperreal.org with SMTP; 15 Mar 2001 21:58:53 -0000 Received: (qmail 13191 invoked by alias); 15 Mar 2001 21:55:43 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 13182 invoked from network); 15 Mar 2001 21:55:37 -0000 Subject: Who is Leon Stambler? To: fsb@crynwr.com From: Ben_Tilly@trepp.com Date: Thu, 15 Mar 2001 16:47:23 -0500 Message-ID: X-MIMETrack: Serialize by Router on T1/Trepp(Release 5.0.6a |January 17, 2001) at 03/15/2001 04:47:23 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N And what is the status of his many lawsuits? Leon Stambler has a list of patents he claims in the US related to online cryptographic transactions. In a brief search I turned up US patents 5524073, 5555303, 5646998, 5793302, 5936541 and 5974148. What he has done is not patent the encryption mechanism, but rather he has patented the basic handshake you need in a transaction where both sides authenticate themselves to each other. Any useful cryptographic transaction needs to use some sort of handshake, so he can claim that his patents cover SSL, SET, and so on. He is contacting and threatening people and companies based on this. I cannot believe that these would stand up in court, and I am amazed that I hadn't heard of this guy before. A standard search turned up very little as well. A couple of lines in Crypto-Gram, a couple of mails on a firewall list, that kind of thing. However we have a client who has had a brush with him, and wants us to sign a legal indemnification. So I am wondering if anyone has more background on him, knows whether any cases went to court, that kind of thing. Also how has he managed to threaten people with lawsuits, yet still avoid wider publicity? Thanks, Ben From fsb-return-5395-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu Mar 15 22:45:25 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 80384 invoked from network); 15 Mar 2001 22:45:25 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (qmailr@192.203.178.14) by taz3.hyperreal.org with SMTP; 15 Mar 2001 22:45:25 -0000 Received: (qmail 15326 invoked by alias); 15 Mar 2001 22:42:19 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 15318 invoked from network); 15 Mar 2001 22:42:16 -0000 From: kmself@ix.netcom.com Date: Thu, 15 Mar 2001 14:39:51 -0800 To: fsb@crynwr.com Subject: Re: Who is Leon Stambler? Message-ID: <20010315143951.B8327@ix.netcom.com> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="4zI0WCX1RcnW9Hbu" Content-Disposition: inline User-Agent: Mutt/1.3.12i In-Reply-To: ; from Ben_Tilly@trepp.com on Thu, Mar 15, 2001 at 04:47:23PM -0500 X-Debian-GNU-Linux: Rocks X-Kuro5hin-cabal: There is no K5 cabal X-GPG-Fingerprint: F932 8B25 5FDD 2528 D595 DC61 3847 889F 55F2 B9B0 Sender: X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N --4zI0WCX1RcnW9Hbu Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable on Thu, Mar 15, 2001 at 04:47:23PM -0500, Ben_Tilly@trepp.com (Ben_Tilly@tr= epp.com) wrote: > And what is the status of his many lawsuits? >=20 > Leon Stambler has a list of patents he claims in the US related to online > cryptographic transactions. In a brief search I turned up US patents > 5524073, 5555303, 5646998, 5793302, 5936541 and 5974148. =20 And 5,267,314, plus D290,548 and RE31,302. If Greg and Tim are still on speaking terms after P2PCon, there's been some coverage in PATNEWS, Greg Aharonian's patent and IP newsletter, since April of last year: !20000411 Let's bust Stambler; Boycott AOL's patent of 1-search shopping? =20 An inventor named Leon Stambler is claiming to have invented all of Internet security in 1992, based on his patents 5267314, 5524073, 5555303, 5646998, 5793302, 5936541 and 5974148. With the PTO unable to examine security patents as well as, well everything else in software, Stambler has a nice collection of crappy patents for which he will probably end up "techsearching" many companies (extorting by asking for $30,000 license fees). Anyways, his lawyers are sending out letters of accusation, one victim of which wants me to do a patent bust. Anyone else who wants to buy in as well, please contact me. ---------------------------------------- !20000614 Stambler; CNet patent; Microsoft patent; Bournemouth IP cent= re =20 -- STAMBLER ASSERTION STARTING TO HEAT UP Much like everyone else, I have been real busy as of late (which is why PATNEWS has become rather boring). However I am gearing up to have a go at the Stambler patents - apropos in light of a new round of letters of notice being sent out. Call me if you are interested, or already called me and promised to send me a letter. ---------------------------------------- !20001017 Stambler; Nicotine; Bio IP rights; ants & antibiotics RE STAMBLER: But first, once again, any lawyers interested in getting into a joint effort to seek out prior art to crush the Stambler patents on behalf of your client, please contact me. I am getting another wave of nibbles, maybe this time enough will be willing to act. This is my last time trying to pull this off. ---------------------------------------- !20010221 Crushing Napster Part II: Bad P2P ethics (NOTE: I am doing a Stambler bust. Once you translate the claims into regular English, their claims are pretty much crap. A 1990s attempt to claim 1980s technology, much like Rozmanith, and all of the upcoming P2P patent filings. Anyone interested in buying in, email me.)=20 ---------------------------------------- Greg's info: Greg Aharonian Internet Patent News Service www.bustpatents.com/subscribe.htm clients@bustpatents.com --=20 Karsten M. Self http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org --4zI0WCX1RcnW9Hbu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6sUS3OEeIn1XyubARAiotAJ9bTiszHn/7SZEVI2He4gHoJIAWogCdHfO9 f9Jm6hpAeFoUs5/P8OPH410= =q2+4 -----END PGP SIGNATURE----- --4zI0WCX1RcnW9Hbu-- From fsb-return-5396-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Tue Mar 20 15:57:20 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 96366 invoked from network); 20 Mar 2001 15:57:20 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 20 Mar 2001 15:57:20 -0000 Received: (qmail 21675 invoked by alias); 20 Mar 2001 15:53:42 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 21668 invoked from network); 20 Mar 2001 15:53:42 -0000 Message-ID: <9A3ED4B61C86D411B5CD00508BD3222801D425FF@SOK-MS> From: "Munsterman, Paul" To: "'fsb@crynwr.com'" Subject: FW: Help - Open CTO position Date: Tue, 20 Mar 2001 07:51:16 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N How do I fill an open source CTO position? Are there better or worse places to look? Paul B. Munsterman Futurestep (An offering of Korn/Ferry International) 333 West Wacker Drive, Suite 470 Chicago, IL 60606 ph: 312-377-0856 fx: 312-377-0835 mailto:paulm@futurestep.com Find out what motivates you at www.futurestep.com From fsb-return-5397-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Tue Mar 20 17:30:45 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 24280 invoked from network); 20 Mar 2001 17:30:44 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 20 Mar 2001 17:30:44 -0000 Received: (qmail 27205 invoked by alias); 20 Mar 2001 17:27:11 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 27198 invoked from network); 20 Mar 2001 17:27:10 -0000 Date: Tue, 20 Mar 2001 09:26:30 -0800 Message-Id: <200103201726.f2KHQU923587@speedy.datawave.net> From: "Brian J. Fox" To: PaulM@futurestep.com CC: fsb@crynwr.com In-reply-to: <9A3ED4B61C86D411B5CD00508BD3222801D425FF@SOK-MS> (PaulM@futurestep.com) Subject: Re: FW: Help - Open CTO position X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N From: "Munsterman, Paul" Date: Tue, 20 Mar 2001 07:51:16 -0800 charset="iso-8859-1" How do I fill an open source CTO position? Are there better or worse places to look? This list might even be a good place to look. Brian http://www.metahtml.org/~bfox/resume.mhtml == The Difference Between Cultures: == Einigkeit und Recht und Freiheit Liberte', E'galite', Fraternite' Sex, drugs and rock'n'roll From fsb-return-5398-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Tue Mar 20 21:07:10 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 943 invoked from network); 20 Mar 2001 21:06:12 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 20 Mar 2001 21:06:12 -0000 Received: (qmail 12346 invoked by alias); 20 Mar 2001 21:01:28 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 12339 invoked from network); 20 Mar 2001 21:01:27 -0000 Sender: ljean Message-ID: <3AB7C544.196E8D5D@harvard.edu> Date: Tue, 20 Mar 2001 16:01:56 -0500 From: jean_camp@harvard.edu Reply-To: jean_camp@harvard.edu Organization: Harvard X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.14-6.1.1 i686) X-Accept-Language: en MIME-Version: 1.0 CC: fsb@crynwr.com Subject: FYI:GLOBAL GOVERNANCE OF TECHNOLOGY References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Workshop on GLOBAL GOVERNANCE OF TECHNOLOGY Meeting the Needs of Developing Countries Workshop Homepage: http://www.cid.harvard.edu/cidbiotech/globalgovconf/index.htm Tentative Program: http://www.cid.harvard.edu/cidbiotech/globalgovconf/ggtprogram.htm Registration: http://www.cid.harvard.edu/cidbiotech/globalgovconf/ggtreg.htm Organized by the Belfer Center for Science and International Affairs, Harvard University Center for International Development, Harvard University Cambridge, Massachusetts 20-21 April 2001 Contact: Calestous Juma or Karen Fang Science and technology is widely recognized as an important factor in the economic transformation of developing countries. However, the global economy is marked by extreme disparities in the creation of scientific and technical knowledge. The majority of the world's scientific knowledge is generated and utilized in industrialized countries. Mobilizing this knowledge to meet the agricultural, health, communication and environmental needs of the poor has become of the most important issues in international relations. The aim of the workshop is to identify ways of using the world's scientific and technological knowledge to meet the needs of the poor in developing countries. More specifically, the workshop will examine: (a) linkages between science, technology and development; (b) national innovations systems and global trends in science and technology; (c) incentives measures for technological innovation; (d) international cooperation and assistance; and (e) technological capacity building and utilization in developing countries. Presentations will be based on comparative experiences from developed and developing countries. Participants will be drawn from government, industry, academia, international organizations and civil society. The workshop is part of an on-going effort to explore the linkages between science, technology and globalization. It is funded by the Rockefeller Foundation, the Belfer Center for Science and International Affairs at Harvard University and the Center for International Development at Harvard University. The workshop builds on the results of the Research Seminar on Global Governance of Biotechnology (January 31-April 25, 2001). Other related activities include the International Conference on Biotechnology in the Global Economy: Science and the Precautionary Principle, held in September 2000; as well as future conferences on Ethical Considerations to take place May 1-2, 2001; Biotechnology in Developing Countries; Biodiversity and Traditional Knowledge; and Institutional Innovation. There is no charge for registration. Participants are responsible for their own travel and accommodation. From fsb-return-5399-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Mar 21 16:46:12 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 2362 invoked from network); 21 Mar 2001 16:46:12 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 21 Mar 2001 16:46:12 -0000 Received: (qmail 15066 invoked by alias); 21 Mar 2001 16:42:30 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 15059 invoked from network); 21 Mar 2001 16:42:30 -0000 Date: Wed, 21 Mar 2001 17:28:00 +0100 Message-Id: <200103211628.RAA19620@quill.thinkcoach.com> From: Norbert Bollow Prefer-Language: de, en, fr To: PaulM@futurestep.com CC: fsb@crynwr.com In-reply-to: <9A3ED4B61C86D411B5CD00508BD3222801D425FF@SOK-MS> (PaulM@futurestep.com) Subject: Re: FW: Help - Open CTO position References: <9A3ED4B61C86D411B5CD00508BD3222801D425FF@SOK-MS> X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N > How do I fill an open source CTO position? Are there better or worse > places to look? Is this for a virtual company (where really the CTO could live anywhere in the world, or at least anywhere within certain timezones), or will the CTO have to be physically present in the company headquarters? What kind of budget do you have? God bless you, Norbert -- Norbert Bollow, Weidlistr.18, CH-8624 Gruet (near Zurich, Switzerland) Tel +41 1 972 20 59 Fax +41 1 972 20 69 nb@thinkcoach.com From fsb-return-5400-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Mar 21 16:49:25 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 3216 invoked from network); 21 Mar 2001 16:49:25 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 21 Mar 2001 16:49:25 -0000 Received: (qmail 15503 invoked by alias); 21 Mar 2001 16:45:18 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 15496 invoked from network); 21 Mar 2001 16:45:18 -0000 Message-ID: <9A3ED4B61C86D411B5CD00508BD3222801D4261F@SOK-MS> From: "Munsterman, Paul" To: 'Norbert Bollow' Cc: fsb@crynwr.com Subject: RE: FW: Help - Open CTO position Date: Wed, 21 Mar 2001 08:44:34 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N This position will need to be located in Washington DC. -----Original Message----- From: Norbert Bollow [mailto:nb@thinkcoach.com] Sent: Wednesday, March 21, 2001 8:28 AM To: PaulM@futurestep.com Cc: fsb@crynwr.com Subject: Re: FW: Help - Open CTO position > How do I fill an open source CTO position? Are there better or worse > places to look? Is this for a virtual company (where really the CTO could live anywhere in the world, or at least anywhere within certain timezones), or will the CTO have to be physically present in the company headquarters? What kind of budget do you have? God bless you, Norbert -- Norbert Bollow, Weidlistr.18, CH-8624 Gruet (near Zurich, Switzerland) Tel +41 1 972 20 59 Fax +41 1 972 20 69 nb@thinkcoach.com From fsb-return-5401-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 14:40:21 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 54684 invoked from network); 23 Mar 2001 14:40:20 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 14:40:20 -0000 Received: (qmail 13768 invoked by alias); 23 Mar 2001 12:47:10 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 13760 invoked from network); 23 Mar 2001 12:47:09 -0000 Date: Fri, 23 Mar 2001 00:32:13 -0800 (PST) From: Anil Kumar X-Sender: anil@localhost.localdomain To: fsb@crynwr.com Subject: FreeDevelopers Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Greetings, This is to invite your attention to our fight against proprietary software at FreeDevelopers.Net (FD); a company for free developers by free developers for a free world started with the endorsement of Stallman. This week, we disclosed our proposed revolutionary new commercial structure for free software and it is available for review at http://FreeDevelopers.Net/company/CommCo/ The primary intention of FD is to replace the proprietary and to pay free developers. Find more info at the web site: http://FreeDevelopers.Net. We recently published the "Declaration of Software freedom" which is available at http://FreeDevelopers.Net/freedomdec. Please sign it. I invite all those who are interested in free software to join us to become part of the revolution. fight against the proprietary, Anil -- I have signed it at http://FreeDevelopers.Net/freedomdec, did you? From fsb-return-5402-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 14:41:33 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 54807 invoked from network); 23 Mar 2001 14:41:32 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 14:41:32 -0000 Received: (qmail 17575 invoked by alias); 23 Mar 2001 13:47:23 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 17568 invoked from network); 23 Mar 2001 13:47:21 -0000 Message-ID: <3ABB53C6.800469C3@algroup.co.uk> Date: Fri, 23 Mar 2001 13:46:47 +0000 From: Ben Laurie X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Anil Kumar Cc: fsb@crynwr.com, EU Free Software Subject: Re: FreeDevelopers References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Anil Kumar wrote: > > Greetings, > > This is to invite your attention to our fight against proprietary software > at FreeDevelopers.Net (FD); a company for free developers by free > developers for a free world started with the endorsement of Stallman. > > This week, we disclosed our proposed revolutionary new commercial > structure for free software and it is available for review at > http://FreeDevelopers.Net/company/CommCo/ > > The primary intention of FD is to replace the proprietary and to pay free > developers. Find more info at the web site: http://FreeDevelopers.Net. We > recently published the "Declaration of Software freedom" which is > available at http://FreeDevelopers.Net/freedomdec. Please sign it. > > I invite all those who are interested in free software to join us to > become part of the revolution. Sigh. I'm interested in free software. But free software is not the exclusive domain of GPL. BTW, its unlikely that I would even consider signing your declaration, since it is likely to say that the GPL is the best thing since sliced bread, but I certainly won't until I can read it. Try a less cute font. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff ApacheCon 2001! http://ApacheCon.com/ From fsb-return-5403-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 14:49:45 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 56021 invoked from network); 23 Mar 2001 14:49:45 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 14:49:45 -0000 Received: (qmail 20548 invoked by alias); 23 Mar 2001 14:45:54 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 20541 invoked from network); 23 Mar 2001 14:45:51 -0000 From: TonStanco@aol.com Message-ID: Date: Fri, 23 Mar 2001 09:44:03 EST Subject: Re: [Freesw] Re: FreeDevelopers To: ben@algroup.co.uk CC: fsb@crynwr.com, freesw@conecta.it MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 4.0 for Windows 95 sub 114 X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N In a message dated 3/23/01 8:51:27 AM Eastern Standard Time, ben@algroup.co.uk writes: > Sigh. I'm interested in free software. But free software is not the > exclusive domain of GPL. > > BTW, its unlikely that I would even consider signing your declaration, > since it is likely to say that the GPL is the best thing since sliced > bread, but I certainly won't until I can read it. Try a less cute font. If you don't agree with Stallman on the GPL, then you won't agree with the Declaration. But what about the reshuffling of the software industry to deal proprietary out, as described in the Community is the Company (CommCo) industry structure? [http://FreeDevelopers.Net/company/CommCo/] Can you support that? Even someone who supports non-GPL free software has to like the idea of replacing proprietary to leave the whole industry to free software. best regards, tony From fsb-return-5404-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 17:18:16 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 97881 invoked from network); 23 Mar 2001 17:18:15 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 17:18:15 -0000 Received: (qmail 31210 invoked by alias); 23 Mar 2001 17:14:23 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 31203 invoked from network); 23 Mar 2001 17:14:22 -0000 Message-ID: <3ABB844A.3929134F@algroup.co.uk> Date: Fri, 23 Mar 2001 17:13:46 +0000 From: Ben Laurie X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: TonStanco@aol.com Cc: fsb@crynwr.com, freesw@conecta.it Subject: Re: [Freesw] Re: FreeDevelopers References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N TonStanco@aol.com wrote: > > In a message dated 3/23/01 8:51:27 AM Eastern Standard Time, > ben@algroup.co.uk writes: > > > Sigh. I'm interested in free software. But free software is not the > > exclusive domain of GPL. > > > > BTW, its unlikely that I would even consider signing your declaration, > > since it is likely to say that the GPL is the best thing since sliced > > bread, but I certainly won't until I can read it. Try a less cute font. > > If you don't agree with Stallman on the GPL, then you won't agree with the > Declaration. > > But what about the reshuffling of the software industry to deal proprietary > out, as described in the Community is the Company (CommCo) industry structure? > [http://FreeDevelopers.Net/company/CommCo/] Can you support that? Even > someone who supports non-GPL free software has to like the idea of replacing > proprietary to leave the whole industry to free software. Indeed, but why would I support an organisation that advocates an approach I don't believe in? Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff ApacheCon 2001! http://ApacheCon.com/ From fsb-return-5405-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 18:31:10 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 24468 invoked from network); 23 Mar 2001 18:31:10 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 18:31:10 -0000 Received: (qmail 2930 invoked by alias); 23 Mar 2001 18:27:14 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 2923 invoked from network); 23 Mar 2001 18:27:13 -0000 Sender: tom Message-ID: <3ABB9322.E02902BE@kscable.com> Date: Fri, 23 Mar 2001 12:17:06 -0600 From: Tom Hull Reply-To: thull@kscable.com X-Mailer: Mozilla 4.61 [en] (X11; U; Linux 2.2.12-20 i686) X-Accept-Language: en MIME-Version: 1.0 To: Anil Kumar CC: fsb@crynwr.com Subject: Re: FreeDevelopers References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Anil Kumar wrote: > > This week, we disclosed our proposed revolutionary new commercial > structure for free software and it is available for review at > http://FreeDevelopers.Net/company/CommCo/ I'm always happy to see people thinking about how to subsidize free software development, but this proposal has a few weak spots. In particular, one finds the following significant assertion: >> There needs to be a predominant marketing company for GPL software >> to compete with proprietary software ... False. There are many reasons why multiple/many marketing companies are more effective than one. Multiple companies have to compete, sharpen their pitch, hustle harder, are more accountable, can specialize, can adapt to finer niches, etc. >> and to provide salaries to developers. False: Multiple marketing companies provide more jobs for employees. Also, while all developers need some form of income for their livelihood, such income does not have to be in the form of a salary. >> Without such a company, price-cutting would destroy the market for >> GPL software ... False. Price cutting in theory at least increases the market, albeit by reducing margin. In practice, even very competitive commodity markets tend to avoid catastrophe by finding an eqilibrium between price and other factors. >> and then developers could not be paid to work on it. Yet somehow developers produce a lot of free software anyway. I'm sympathetic to the idea of getting more money to subsidize free software developers, but it's hard to argue that lack of pay is a crippling problem. The other obvious problem with this assertion is that the GPL makes it impossible to significantly limit competition for your "predominant marketing company." The only thing you might do is withhold services based on the extent to which you are able to organize the developers. But if you recognize this proviso, then you should realize that what you really want is a labor union, not a company. The AMA (American Medical Association) is an obvious example of a union that has been effective at marshalling its resources -- a big part of the reason why the US health care system is the world's most expensive, not a real compelling argument for pursuing that path. There are other evident problems with the proposal, but the central problem is this notion that a movement that has thrived in diversity and (dare I say it) freedom should be bundled into a "predominant" unity. I don't see any way that it can work, or that it should work. -- /* * Tom Hull * thull at kscable.com * http://www.ocston.org/~thull/ */ From fsb-return-5406-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 18:34:14 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 24965 invoked from network); 23 Mar 2001 18:34:13 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 18:34:13 -0000 Received: (qmail 3346 invoked by alias); 23 Mar 2001 18:30:20 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 3339 invoked from network); 23 Mar 2001 18:30:20 -0000 From: TonStanco@aol.com Message-ID: <9d.12f6e0e4.27ecefd2@aol.com> Date: Fri, 23 Mar 2001 13:28:34 EST Subject: Re: [Freesw] Re: FreeDevelopers To: ben@algroup.co.uk CC: fsb@crynwr.com, freesw@conecta.it MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 4.0 for Windows 95 sub 114 X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N > > If you don't agree with Stallman on the GPL, then you won't agree with the > > Declaration. > > > > But what about the reshuffling of the software industry to deal > > proprietary out, as described in the Community is the Company (CommCo) > > industry structure? > > [http://FreeDevelopers.Net/company/CommCo/] Can you support that? Even > > someone who supports non-GPL free software has to like the idea of > > replacing proprietary to leave the whole industry to free software. > > Indeed, but why would I support an organisation that advocates an > approach I don't believe in? Because it will achieve the goals you believe in. Proprietary has a huge advantage because it buys its supporters (developers, lawyers, politicians, etc.). Free software has a hard time even finding support among itself, because people want more to quibble with friends than fight the foe. While we split hairs, proprietary relentlessly marches on to enslave the world (e.g., HailStorm). Let's concentrate on defeating proprietary. Once that is done, we will have the luxury to argue over who has the better free license. Until that is done, we are just arguing over who has the better view from inside the prison wall. And if we lose at this point, how do we topple proprietary after it is fully ensconced in an interconnected world with network effects? This is not the time for inaction. From fsb-return-5407-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 18:48:03 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 29036 invoked from network); 23 Mar 2001 18:48:02 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 18:48:02 -0000 Received: (qmail 4112 invoked by alias); 23 Mar 2001 18:44:07 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 4105 invoked from network); 23 Mar 2001 18:44:06 -0000 Message-ID: <20010323195019.F23461@margaux.inria.fr> Date: Fri, 23 Mar 2001 19:50:19 +0100 From: Bernard Lang To: fsb@crynwr.com Subject: French State secretary for Industry against SoftPat Reply-To: Bernard Lang Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Mailer: Mutt 0.93.2 X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N " The Administration faster on-line thanks to free software " Christian Pierret, State secretary for Industry. " I already supported personally open-source software, notably at the university of Metz. I am glad to see French publishers of free software like MandrakeSoft be successful in the United States. I support Linux and free software, because they allow faster and more robust development to put the Administration on-line. While commercial software raise the issue of computer security, since one does not know what is inside. This is why I am against software patenting in Europe. It would kill innovation and reinforce litigation terrorism, because commercial software multinational corporations would multiply legal actions against start-ups. " Translated by B. Lang from: 01 Informatique, N° 1626, 23 mars 2001, page 51 « L'Administration plus vite en ligne grâce au logiciel libre » Christian Pierret, secrétaire d'Etat à l'Industrie. « J'ai déjà apporté mon soutien personnel au logiciel libre, notamment à l'université de Metz. Je suis heureux de voir des éditeurs français de logiciels libres come MandrakeSoft s'illustrer aux Etats-Unis. Je suis un défenseur de Linux et du logiciel libre, car ils permettent un développement plus rapide et plus robuste pour la mise en ligne de l'Administration. Tandis que les logiciels commerciaux posent la question de la sécurité informatique, puisque l'on ne sait pas ce qu'ils renferment. C'est pourquoi je suis contre la brevetabilité des logiciels en Europe. Elle tuerait l'innovation et renforcerait le terrorisme juridique, car les multinationales du logiciel commercial multiplieraient les procès envers les jeunes pousses. » -- Non aux Brevets Logiciels - No to Software Patents SIGNEZ http://petition.eurolinux.org/ SIGN Bernard.Lang@inria.fr ,_ /\o \o/ Tel +33 1 3963 5644 http://pauillac.inria.fr/~lang/ ^^^^^^^^^^^^^^^^^ Fax +33 1 3963 5469 INRIA / B.P. 105 / 78153 Le Chesnay CEDEX / France Je n'exprime que mon opinion - I express only my opinion CAGED BEHIND WINDOWS or FREE WITH LINUX From fsb-return-5408-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 19:18:54 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 39275 invoked from network); 23 Mar 2001 19:18:54 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 19:18:54 -0000 Received: (qmail 6213 invoked by alias); 23 Mar 2001 19:14:58 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 6206 invoked from network); 23 Mar 2001 19:14:57 -0000 From: TonStanco@aol.com Message-ID: <95.89bccab.27ecfa37@aol.com> Date: Fri, 23 Mar 2001 14:12:55 EST Subject: Re: [Freesw] Re: FreeDevelopers To: fche@elastic.org CC: ben@algroup.co.uk, fsb@crynwr.com, freesw@conecta.it MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 4.0 for Windows 95 sub 114 X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N In a message dated 3/23/01 1:49:11 PM Eastern Standard Time, fche@elastic.org writes: > : > Indeed, but why would I support an organisation that advocates an > : > approach I don't believe in? > : > : Because it will achieve the goals you believe in. > > Do you realize you're advocating "ends justifies the means"? I'm advocating that you free yourself and your neighbor while you can, and to stop worrying about which is the optimal way out. Just take an opening, any opening, and run. This is no longer just about software development methodologies. With interconnected digital machines, this is about real personal freedom. You don't have to look far into history to realize that some notorious people would have loved to have secret code tracking everyone's moves and transactions to be so much more efficient in their purges. From fsb-return-5409-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 19:36:31 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 45390 invoked from network); 23 Mar 2001 19:36:30 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 19:36:30 -0000 Received: (qmail 7389 invoked by alias); 23 Mar 2001 19:32:36 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 7382 invoked from network); 23 Mar 2001 19:32:35 -0000 Sender: crispin@wirex.com Message-ID: <3ABBA48D.34ABCC6D@wirex.com> Date: Fri, 23 Mar 2001 11:31:25 -0800 From: Crispin Cowan Organization: WireX Communications, Inc. X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.18-1_imnx_5_crispin i686) X-Accept-Language: en MIME-Version: 1.0 To: TonStanco@aol.com Cc: ben@algroup.co.uk, fsb@crynwr.com, freesw@conecta.it Subject: Re: [Freesw] Re: FreeDevelopers References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N TonStanco@aol.com wrote: > But what about the reshuffling of the software industry to deal proprietary > out, as described in the Community is the Company (CommCo) industry structure? > [http://FreeDevelopers.Net/company/CommCo/] Can you support that? Even > someone who supports non-GPL free software has to like the idea of replacing > proprietary to leave the whole industry to free software. I can't understand what any of this is about. Sure, I *could* figure it out, if I wanted to spend a couple of hours reading the long-winded declarations on freedevelopers.net, but I don't have a couple of hours of spare time. Can you provide a one paragraph explanation of what this is? Some things I'm assuming that it's not: * FSF 2: there's no point, the FSF does a fine job of being the FSF. * Red Hat 2: if its trying to be a commercial entity based on fully GPL'd software, then there are many companies out there doing it quite well, e.g. Red Hat, Abi, Walnut Creek, etc. * A controlling body for all of open source software: get real :-) Crispin -- Crispin Cowan, Ph.D. Chief Research Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org From fsb-return-5410-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 20:06:39 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 51407 invoked from network); 23 Mar 2001 20:06:39 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 20:06:39 -0000 Received: (qmail 9823 invoked by alias); 23 Mar 2001 20:00:58 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 9811 invoked from network); 23 Mar 2001 20:00:57 -0000 Message-ID: <004c01c0b3d2$42de68b0$806810ac@vmware> From: "Jonathan S. Shapiro" To: , Cc: , , References: <95.89bccab.27ecfa37@aol.com> Subject: Re: [Freesw] Re: FreeDevelopers Date: Fri, 23 Mar 2001 14:48:35 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N > I'm advocating that you free yourself and your > neighbor while you can, and to stop worrying > about which is the optimal way out. Just take > an opening, any opening, and run. Indeed, under your logic the right decision for various persecuted groups in Nazi Germany was to flee to Russia -- which many did, only to arrive just in time for Stalin's purges after the war. If you think running off cliffs is fun, please don't let any of us stop you. We're good hearted folks, so we all promise to wave as you go by. We'll stand around afterwords and measure the size of the splat and talk about what a nice guy you were before that tragic loss of synaptic function in the common sense part of the brain. As for me, I plan to continue to invest deliberately and thoughtfully in reputation and customer interactions, much as Ben does. A key value of "free" software is in reputation. Reputation apppears to be the only tool for building the type of trust relationships that can overcome proprietary privacy invasion in the long term. Reputation isn't built by running off half-assed and doing the first thing that comes to mind. > This is no longer just about software development > methodologies. With interconnected digital machines, > this is about real personal freedom. Indeed, which is why it must not be done badly and stupidly. Therefore, the choice of method matters a great deal. > You don't have to look far into history to realize that > some notorious people would have loved to have secret > code tracking everyone's moves and transactions to be so > much more efficient in their purges. Wonderful words. What the hell do they have to do with the FreeDevelopers group and/or the silly proclamation you guys are touting? Look, I have nothing against GPL [well, actually, I have quite a large number of problems with GPL, but most have to do with it's legal failings rather than with its intent], but for me GPL is a business decision, not a religion. I suspect that most of the people on this list feel the same -- whatever license they have chosen is a matter of business realities, not crede. Some of us *also* have a political agenda in a particular license, but this list is about Free Software *Business*. Jonathan From fsb-return-5411-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 20:22:51 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 55037 invoked from network); 23 Mar 2001 20:22:51 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 20:22:51 -0000 Received: (qmail 11051 invoked by alias); 23 Mar 2001 20:18:56 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 11044 invoked from network); 23 Mar 2001 20:18:55 -0000 Date: Fri, 23 Mar 2001 18:22:16 +0000 From: Simon Cozens To: TonStanco@aol.com Cc: ben@algroup.co.uk, fsb@crynwr.com, freesw@conecta.it Subject: Re: [Freesw] Re: FreeDevelopers Message-ID: <20010323182216.A8760@netthink.co.uk> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.15i In-Reply-To: ; from TonStanco@aol.com on Fri, Mar 23, 2001 at 09:44:03AM -0500 X-Operating-System: Linux deep-dark-truthful-mirror 2.4.2 X-POM: The Moon is Waning Crescent (2% of Full) X-Addresses: The simon@cozens.net address is deprecated due to being broken. simon@brecon.co.uk still works, but simon-cozens.org or netthink.co.uk are preferred. Sender: Simon Cozens X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Fri, Mar 23, 2001 at 09:44:03AM -0500, TonStanco@aol.com wrote: > ben@algroup.co.uk writes: > > Sigh. I'm interested in free software. But free software is not the > > exclusive domain of GPL. > > > > BTW, its unlikely that I would even consider signing your declaration, > > since it is likely to say that the GPL is the best thing since sliced > > bread > > If you don't agree with Stallman on the GPL, then you won't agree with the > Declaration. Help me out here - which of Stallman's assertions is Ben disagreeing with? Did Stallman really say that the GPL was the best thing since sliced bread, (which would merely make him wrong) or that free software was the exclusive domain of the GPL? (which would make him both wrong and also a danger to free software.) -- "Even more amazing was the realization that God has Internet access. I wonder if He has a full newsfeed?" (By Matt Welsh) From fsb-return-5412-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 20:48:26 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 62191 invoked from network); 23 Mar 2001 20:48:26 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 20:48:26 -0000 Received: (qmail 13220 invoked by alias); 23 Mar 2001 20:44:31 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 13213 invoked from network); 23 Mar 2001 20:44:30 -0000 Message-ID: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> From: Lucas Vogel To: "'fsb@crynwr.com'" Subject: GNU and classified software Date: Fri, 23 Mar 2001 12:44:10 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Can GNU tools be used in the creation/use/distribution of classified software? ------------------------------------------- Lucas Vogel, Software Developer Exponent Failure Analysis Associates, Inc. lvogel@exponent.com From fsb-return-5413-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 21:18:29 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 71373 invoked from network); 23 Mar 2001 21:18:28 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 21:18:28 -0000 Received: (qmail 15386 invoked by alias); 23 Mar 2001 21:14:35 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 15378 invoked from network); 23 Mar 2001 21:14:34 -0000 Sender: novalis Message-ID: <3ABBB8F7.BCD7D440@novalis.org> Date: Fri, 23 Mar 2001 15:58:31 -0500 From: Dave Turner X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.4.2 i686) X-Accept-Language: en,pdf MIME-Version: 1.0 To: Lucas Vogel CC: "'fsb@crynwr.com'" Subject: Re: GNU and classified software References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Lucas Vogel wrote: > > Can GNU tools be used in the creation/use/distribution of classified > software? > Yes, and it is. Here's evidence: http://www2.linuxjournal.com/lj-issues/issue61/3394.html >> Marjorie: Who is using Perl and how are they using it? Larry: A couple of years ago, I ran into someone at a trade show who was representing the NSA (National Security Agency). He mentioned to someone else in passing that he'd written a filter program in Perl, so without telling him who I was, I asked him if I could tell people that the NSA uses Perl. His response was, ``Doesn't everyone?'' So now I don't tell people the NSA uses Perl. I merely tell people the NSA thinks everyone uses Perl. They should know, after all. As an interesting side note, it turned out this fellow was the very administrator who shut down the NSA project Perl was (indirectly) written to support. He was vaguely amused when I pointed out Perl might well be the most enduring legacy of the project. << -- -Dave Turner Stalk me: (215)-545-2859 ---------------------------------------------------------------------- Wait, you're right, I'm thinking of the Ankh-Morpork Assassin's guild, sorry From fsb-return-5414-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 21:21:45 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 73312 invoked from network); 23 Mar 2001 21:21:45 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 21:21:45 -0000 Received: (qmail 15852 invoked by alias); 23 Mar 2001 21:17:55 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 15845 invoked from network); 23 Mar 2001 21:17:54 -0000 Date: Fri, 23 Mar 2001 13:17:18 -0800 To: TonStanco@aol.com Cc: ben@algroup.co.uk, fsb@crynwr.com, freesw@conecta.it Subject: Re: [Freesw] Re: FreeDevelopers Message-ID: <20010323131718.B18895@claire.namodn.com> References: <9d.12f6e0e4.27ecefd2@aol.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <9d.12f6e0e4.27ecefd2@aol.com>; from TonStanco@aol.com on Fri, Mar 23, 2001 at 01:28:34PM -0500 Organization: Namodn - http://www.namodn.com X-OS-Type: Debian GNU/Linux 2.2 From: Nick Jennings X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Fri, Mar 23, 2001 at 01:28:34PM -0500, TonStanco@aol.com wrote: > > Proprietary has a huge advantage because it buys its supporters (developers, > lawyers, politicians, etc.). Free software has a hard time even finding > support among itself, because people want more to quibble with friends than > fight the foe. While we split hairs, proprietary relentlessly marches on to > enslave the world (e.g., HailStorm). Let's concentrate on defeating > proprietary. Once that is done, we will have the luxury to argue over who has > the better free license. Until that is done, we are just arguing over who has > the better view from inside the prison wall. > > And if we lose at this point, how do we topple proprietary after it is fully > ensconced in an interconnected world with network effects? This is not the > time for inaction. > Looks like you've already been enslaved! You have this "conspiracy" theory going on, and you go all mellow dramatic on us. And you click SEND from your AOL Mail client and then give your machine a reboot for good measure! -- Nick Jennings | "Laugh, and the world ignores you. http://nick.namodn.com | Crying doesn't help either." From fsb-return-5415-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 21:23:52 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 74601 invoked from network); 23 Mar 2001 21:23:52 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 21:23:52 -0000 Received: (qmail 16323 invoked by alias); 23 Mar 2001 21:19:57 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 16315 invoked from network); 23 Mar 2001 21:19:56 -0000 Date: Fri, 23 Mar 2001 13:19:01 -0800 To: TonStanco@aol.com Cc: fche@elastic.org, ben@algroup.co.uk, fsb@crynwr.com, freesw@conecta.it Subject: Re: [Freesw] Re: FreeDevelopers Message-ID: <20010323131901.C18895@claire.namodn.com> References: <95.89bccab.27ecfa37@aol.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <95.89bccab.27ecfa37@aol.com>; from TonStanco@aol.com on Fri, Mar 23, 2001 at 02:12:55PM -0500 Organization: Namodn - http://www.namodn.com X-OS-Type: Debian GNU/Linux 2.2 From: Nick Jennings X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Fri, Mar 23, 2001 at 02:12:55PM -0500, TonStanco@aol.com wrote: > In a message dated 3/23/01 1:49:11 PM Eastern Standard Time, fche@elastic.org > writes: > > > : > Indeed, but why would I support an organisation that advocates an > > : > approach I don't believe in? > > : > > : Because it will achieve the goals you believe in. > > > > Do you realize you're advocating "ends justifies the means"? > > I'm advocating that you free yourself and your neighbor while you can, and to > stop worrying about which is the optimal way out. Just take an opening, any > opening, and run. Looks like you need freeing. (right click on your windows directory and click delete) if that doesnt work. Take a magnet and place it on your harddrive -- then. yoooooo'll beeee freeeee, hacker, yooooo'll beee freeeEEEeeeEEE!!! > > This is no longer just about software development methodologies. With > interconnected digital machines, this is about real personal freedom. You > don't have to look far into history to realize that some notorious people > would have loved to have secret code tracking everyone's moves and > transactions to be so much more efficient in their purges. > -- Nick Jennings | "Laugh, and the world ignores you. http://nick.namodn.com | Crying doesn't help either." From fsb-return-5416-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 21:25:17 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 74870 invoked from network); 23 Mar 2001 21:25:17 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 21:25:17 -0000 Received: (qmail 16694 invoked by alias); 23 Mar 2001 21:21:11 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 16687 invoked from network); 23 Mar 2001 21:21:10 -0000 Sender: novalis Message-ID: <3ABBBA9B.9FEEBFB0@novalis.org> Date: Fri, 23 Mar 2001 16:05:31 -0500 From: Dave Turner X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.4.2 i686) X-Accept-Language: en,pdf MIME-Version: 1.0 CC: fsb@crynwr.com Subject: Re: [Freesw] Re: FreeDevelopers References: <20010323182216.A8760@netthink.co.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Simon Cozens wrote: > > On Fri, Mar 23, 2001 at 09:44:03AM -0500, TonStanco@aol.com wrote: > > ben@algroup.co.uk writes: > > > Sigh. I'm interested in free software. But free software is not the > > > exclusive domain of GPL. > > > > > > BTW, its unlikely that I would even consider signing your declaration, > > > since it is likely to say that the GPL is the best thing since sliced > > > bread > > > > If you don't agree with Stallman on the GPL, then you won't agree with the > > Declaration. > > Help me out here - which of Stallman's assertions is Ben disagreeing with? > > Did Stallman really say that the GPL was the best thing since sliced bread, > (which would merely make him wrong) or that free software was the exclusive > domain of the GPL? (which would make him both wrong and also a danger to free > software.) It's not Stallman, it's Stanco. If you look at the archives of his list, you'll see what kind of chance his project has of success. What Stallman says about the GPL is that he thinks it is the best free software license... but that others are fine too. Ben disagrees with that. He also disagrees that Stanco's company is good, effective, or necessary (I'm inclined to agree). Stanco deeply confuses me - the archives of his Topica list should be quite enlightening. -- -Dave Turner Stalk me: (215)-545-2859 ---------------------------------------------------------------------- Wait, you're right, I'm thinking of the Ankh-Morpork Assassin's guild, sorry From fsb-return-5417-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 21:26:36 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 75422 invoked from network); 23 Mar 2001 21:26:36 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 21:26:36 -0000 Received: (qmail 17051 invoked by alias); 23 Mar 2001 21:22:36 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 17037 invoked from network); 23 Mar 2001 21:22:36 -0000 Date: Fri, 23 Mar 2001 13:14:27 -0800 To: TonStanco@aol.com Cc: ben@algroup.co.uk, fsb@crynwr.com, freesw@conecta.it Subject: Re: [Freesw] Re: FreeDevelopers Message-ID: <20010323131427.A18895@claire.namodn.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from TonStanco@aol.com on Fri, Mar 23, 2001 at 09:44:03AM -0500 Organization: Namodn - http://www.namodn.com X-OS-Type: Debian GNU/Linux 2.2 From: Nick Jennings X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Fri, Mar 23, 2001 at 09:44:03AM -0500, TonStanco@aol.com wrote: > In a message dated 3/23/01 8:51:27 AM Eastern Standard Time, > ben@algroup.co.uk writes: > > > Sigh. I'm interested in free software. But free software is not the > > exclusive domain of GPL. > > > > BTW, its unlikely that I would even consider signing your declaration, > > since it is likely to say that the GPL is the best thing since sliced > > bread, but I certainly won't until I can read it. Try a less cute font. > > If you don't agree with Stallman on the GPL, then you won't agree with the > Declaration. > Why would I listen to a Hypocrit! You LEADING the FreeDevelopers on your Windows 95 Box with AOL of all things!! At least you could have the decency to ssh to a box to send you mail from. I have a hard time swallowing any GPL/Free Software stance you take seeing as how you don't "live with the people you're trying to lead" That's one of the reasons I removed myself from involvement in FreeDevelopers and joined this list. That and the fact that you use Topica! to run your horribly un-organized and half-assed mailing lists on! I cannot believe how un-organized FreeDeveloper.net is! > But what about the reshuffling of the software industry to deal proprietary > out, as described in the Community is the Company (CommCo) industry structure? > [http://FreeDevelopers.Net/company/CommCo/] Can you support that? Even > someone who supports non-GPL free software has to like the idea of replacing > proprietary to leave the whole industry to free software. > > best regards, > tony > -- Nick Jennings | "Laugh, and the world ignores you. http://nick.namodn.com | Crying doesn't help either." From fsb-return-5418-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 21:27:55 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 75733 invoked from network); 23 Mar 2001 21:27:55 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 21:27:55 -0000 Received: (qmail 17264 invoked by alias); 23 Mar 2001 21:23:22 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 17256 invoked from network); 23 Mar 2001 21:23:21 -0000 Date: Fri, 23 Mar 2001 21:22:21 +0000 From: Simon Cozens To: Dave Turner Cc: Lucas Vogel , "'fsb@crynwr.com'" Subject: Re: GNU and classified software Message-ID: <20010323212220.A9459@netthink.co.uk> References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> <3ABBB8F7.BCD7D440@novalis.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.15i In-Reply-To: <3ABBB8F7.BCD7D440@novalis.org>; from novalis@novalis.org on Fri, Mar 23, 2001 at 03:58:31PM -0500 X-Operating-System: Linux deep-dark-truthful-mirror 2.4.2 X-POM: The Moon is Waning Crescent (1% of Full) X-Addresses: The simon@cozens.net address is deprecated due to being broken. simon@brecon.co.uk still works, but simon-cozens.org or netthink.co.uk are preferred. Sender: Simon Cozens X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Fri, Mar 23, 2001 at 03:58:31PM -0500, Dave Turner wrote: > Marjorie: Who is using Perl and how are they using it? If you call Perl a GNU tool again, I will do horrific things to you. :) Don't forget that Perl is dual-licensed. A lot of businesses can *only* use it because of this fact; the Artistic license gives them a lot more freedom^Wleeway than the GPL does. -- You're not Dave. Who are you? From fsb-return-5419-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 21:37:35 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 78941 invoked from network); 23 Mar 2001 21:37:35 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 21:37:35 -0000 Received: (qmail 18160 invoked by alias); 23 Mar 2001 21:33:44 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 18153 invoked from network); 23 Mar 2001 21:33:43 -0000 From: TonStanco@aol.com Message-ID: Date: Fri, 23 Mar 2001 16:31:47 EST Subject: Re: [Freesw] Re: FreeDevelopers To: crispin@wirex.com, TonStanco@aol.com CC: ben@algroup.co.uk, fsb@crynwr.com, freesw@conecta.it MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 4.0 for Windows 95 sub 114 X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N In a message dated 3/23/01 2:32:20 PM Eastern Standard Time, crispin@wirex.com writes: > I can't understand what any of this is about. Sure, I *could* figure it out, > if I wanted to spend a couple of hours reading the long-winded declarations > on freedevelopers.net, but I don't have a couple of hours of spare time. > Can you provide a one paragraph explanation of what this is? It's not that simple, because it has philosophical/moral elements, because proprietary must be defeated (e.g., FSF, GPL, the Declaration of Software Freedom). And economic elements, because it has to be a successful business strategy (e.g., The Community is the Company structure). But basically it is a reorganization of the software industry to establish free software as the development paradigm around the world on a fair and equitable basis going forward. > Some things I'm assuming that it's not: > > * FSF 2: there's no point, the FSF does a fine job of being the FSF. RMS is the philosopher/leader of free software and therefore FreeDevelopers (notice I didn't say philosopher/king, because we are a free and democratic). He has been involved from its inception and he is one of the drafters involved with the Declaration. RMS has worked on the philosophical underpinnings of free software for 17 years and his GPL has made free software a viable alternative to proprietary at this critical period. Without the GPL, there wouldn't be Linux; and without Linux and the media frenzy, there wouldn't be a chance against proprietary now. FreeDevelopers works with the FSF and GNU, by paying developers to work on free software. > * Red Hat 2: if its trying to be a commercial entity based on fully GPL'd > software, then there are many companies out there doing it quite well, > e.g. Red Hat, Abi, Walnut Creek, etc. We are a free software organization. We are unlike open source companies because we are democratic and community owned. Also, we will pay developers to work on free software, because on an economic basis, if developers are not paid, free software is underproduced vis-a-vis proprietary (that pays its developers). > * A controlling body for all of open source software: get real :-) It is not a controlling body, but it does set up a certain democratic federalism between itself and the independent free software projects. The free software projects are still a free market meritocracy of cooperation and competition as they are now. But items of common interest, like joint marketing, are done at the FreeDevelopers level. The sales revenues are then used to pay the free software developers working on the projects. Very briefly, free software developers have a collective action problem and FreeDevelopers creates a framework to solve that problem in much the same way that citizens solved the collective action problem that routinely caused them to be subjugated by armies. It creates a democratic constitution with appropriate check and balances so forces (hardware, investors, marketers) are aligned to keep the structure together, rather than to tear developers apart. But it is explained fully at [www.FreeDevelopers.net/company/CommCo]. From fsb-return-5420-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 21:38:49 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 79163 invoked from network); 23 Mar 2001 21:38:49 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 21:38:49 -0000 Received: (qmail 18407 invoked by alias); 23 Mar 2001 21:34:17 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 18395 invoked from network); 23 Mar 2001 21:34:16 -0000 From: TonStanco@aol.com Message-ID: Date: Fri, 23 Mar 2001 16:32:34 EST Subject: Re: [Freesw] Re: FreeDevelopers To: simon@brecon.co.uk, TonStanco@aol.com CC: ben@algroup.co.uk, fsb@crynwr.com, freesw@conecta.it MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 4.0 for Windows 95 sub 114 X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N In a message dated 3/23/01 3:17:40 PM Eastern Standard Time, simon@brecon.co.uk writes: > Help me out here - which of Stallman's assertions is Ben disagreeing with? I'm not sure. I can't speak for either. What I was saying was that FreeDevelopers is a GPL company, so if Ben disagrees with the GPL, he will not like the Declaration. From fsb-return-5421-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 21:40:04 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 79555 invoked from network); 23 Mar 2001 21:40:04 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 21:40:04 -0000 Received: (qmail 18523 invoked by alias); 23 Mar 2001 21:34:39 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 18509 invoked from network); 23 Mar 2001 21:34:38 -0000 From: TonStanco@aol.com Message-ID: Date: Fri, 23 Mar 2001 16:32:23 EST Subject: Re: [Freesw] Re: FreeDevelopers To: shap@eros-os.org, TonStanco@aol.com, fche@elastic.org CC: ben@algroup.co.uk, fsb@crynwr.com, freesw@conecta.it MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 4.0 for Windows 95 sub 114 X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N In a message dated 3/23/01 3:00:43 PM Eastern Standard Time, shap@eros-os.org writes: > ....As for me, I plan to continue to invest deliberately and thoughtfully in > reputation and customer interactions, much as Ben does. A key value of > "free" software is in reputation. Reputation apppears to be the only tool > for building the type of trust relationships that can overcome proprietary > privacy invasion in the long term... You are absolutely right, branding and warranties are important to free software like any other business. But the CommCo document has a Free Software Marketing Company for just that marketing purpose. > ... Wonderful words. What the hell do they have to do with the FreeDevelopers > group and/or the silly proclamation you guys are touting?... It is the basis for everything FreeDevelopers is doing: proprietary must be defeated. But there must be a structural solution, so that free software can be viable vis-a-vis proprietary. But the Declaration and the CommCo are separate documents. The CommCo is the document for the pragmatists. > ... Look, I have nothing against GPL [well, actually, I have quite a large > number of problems with GPL, but most have to do with it's legal failings > rather than with its intent], but for me GPL is a business decision, not a > religion. I suspect that most of the people on this list feel the same -- > whatever license they have chosen is a matter of business realities, not > crede. Some of us *also* have a political agenda in a particular license, > but this list is about Free Software *Business*... The CommCo document is the business side of FreeDevelopers. But morality and business are not mutually exclusive. They can coexist quite nicely if appropriately structured. From fsb-return-5422-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 21:43:50 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 80987 invoked from network); 23 Mar 2001 21:43:50 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 21:43:50 -0000 Received: (qmail 19362 invoked by alias); 23 Mar 2001 21:39:53 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 19355 invoked from network); 23 Mar 2001 21:39:52 -0000 Sender: novalis Message-ID: <3ABBBEFC.3BD4FC14@novalis.org> Date: Fri, 23 Mar 2001 16:24:12 -0500 From: Dave Turner X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.4.2 i686) X-Accept-Language: en,pdf MIME-Version: 1.0 To: Simon Cozens CC: Lucas Vogel , "'fsb@crynwr.com'" Subject: Re: GNU and classified software References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> <3ABBB8F7.BCD7D440@novalis.org> <20010323212220.A9459@netthink.co.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Simon Cozens wrote: > > On Fri, Mar 23, 2001 at 03:58:31PM -0500, Dave Turner wrote: > > Marjorie: Who is using Perl and how are they using it? > > If you call Perl a GNU tool again, I will do horrific things to you. :) You know where to find me - see my sig :) > Don't forget that Perl is dual-licensed. A lot of businesses can *only* > use it because of this fact; the Artistic license gives them a lot more > freedom^Wleeway than the GPL does. s/use/distribute/. There are no restrictions on use in the GPL or any other free software license. Of course, whether the right to restrict the further distribution of software you distribute (which bsd-like and the artistic license provide for) is a legitimate right, well, that's a topic for a philosophical list. > You're not Dave. Who are you? What? I am David M. Turner, a.k.a. Novalis. I'm an infrastructure dude for the Worldforge project. -- -Dave Turner Stalk me: (215)-545-2859 ---------------------------------------------------------------------- Wait, you're right, I'm thinking of the Ankh-Morpork Assassin's guild, sorry From fsb-return-5423-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 21:47:07 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 81710 invoked from network); 23 Mar 2001 21:47:07 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 21:47:07 -0000 Received: (qmail 19795 invoked by alias); 23 Mar 2001 21:43:12 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 19788 invoked from network); 23 Mar 2001 21:43:11 -0000 Date: Fri, 23 Mar 2001 13:39:17 -0800 From: "Karsten M. Self" To: "'fsb@crynwr.com'" Subject: Re: GNU and classified software Message-ID: <20010323133917.E2468@ix.netcom.com> References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="cPi+lWm09sJ+d57q" Content-Disposition: inline User-Agent: Mutt/1.3.12i In-Reply-To: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com>; from lvogel@exponent.com on Fri, Mar 23, 2001 at 12:44:10PM -0800 X-Debian-GNU-Linux: Rocks X-Kuro5hin-cabal: There is no K5 cabal X-GPG-Fingerprint: F932 8B25 5FDD 2528 D595 DC61 3847 889F 55F2 B9B0 Sender: X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N --cPi+lWm09sJ+d57q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable on Fri, Mar 23, 2001 at 12:44:10PM -0800, Lucas Vogel (lvogel@exponent.com)= wrote: > Can GNU tools be used in the creation/use/distribution of classified > software? Define "classified software". Are you talking about military/defense security classifications? This response assumes so. I can't answer your question directly, but: Q: Does the GPL mandate that software created using GNU tools, compilers, etc., be covered under the GPL? =20 A: No. In general, program outputs are not governed by the GPL. Q: Does using GPLd libraries mandate that software incorporating these libraries (linked to them) be covered by the GPL? =20 A: Yes. Linking is considered to be a derivative work (defined by copyright) under the GPL. There is some ongoing discussion as to how broad, inclusive, or legitimate this claim is. The general understanding is that static linking is, and dynamic linking probably is, covered. Q: As above, but LGPLd libraries? =20 A: No. The LGPL allows linking to LGPLd libraries without requiring the linked software be covered under the GPL or LGPL. Q: Does using the GPL require public disclosure of sources and/or binaries? =20 A: This depends. Depending on your distribution of binaries and/or sources, this may be mandated. See section 3 of the GPL for requirements and alternatives in addressing source distribution requirements. Note that the one act proscribed by the GPL is restricting third party distribution. Q: Do classified software requirements conflict with the GNU GPL? A: I have no idea. I don't know what the requirements or regulations are. I *do* know that the NSA has worked with GNU/Linux, that Bruce Perens spoke to the Navy regarding (IIRC) working with Free Software in classified environments. My general sense is that any such restrictions would come from the restrictions imposed by the classification requirements, not from the GPL. IANAL. I am also not a military security specialist. I hold no military security clearances. --=20 Karsten M. Self http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org --cPi+lWm09sJ+d57q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6u8KFOEeIn1XyubARAr21AJ4tcOmAJWAlHtivhUUtd7d2gTNXgwCfQD+B XfBf66cm7MTpo/VQsaBBa98= =15FC -----END PGP SIGNATURE----- --cPi+lWm09sJ+d57q-- From fsb-return-5424-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 21:48:05 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 81818 invoked from network); 23 Mar 2001 21:48:05 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 21:48:05 -0000 Received: (qmail 19884 invoked by alias); 23 Mar 2001 21:43:26 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 19876 invoked from network); 23 Mar 2001 21:43:25 -0000 Date: Fri, 23 Mar 2001 22:41:00 +0100 Message-Id: <200103232141.WAA30718@quill.thinkcoach.com> From: Norbert Bollow Prefer-Language: de, en, fr To: fsb@crynwr.com In-reply-to: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> (message from Lucas Vogel on Fri, 23 Mar 2001 12:44:10 -0800) Subject: Re: GNU and classified software References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Lucas Vogel wrote: > Can GNU tools be used in the creation/use/distribution of classified > software? Yes, as long as you just want to _use_the_tools_ for this purpose. However you are not allowed to take parts of the source code of GNU programs and adapt them for inclusion in classified software. You can use most libraries (to be precise, those which are released under the Lesser GNU Public License) but not for example the readline library. The whole point of the GNU Public license is to give the greatest possible freedom to the users of the software. As long as you are just a user of the GNU software, you can use it for any purpose, classified or not. But if the plan is to not just use the GNU software but create a derivative product, then the derivative product must also be free software. In particular the derivative product cannot be classified. Why is there a need for classified software anyway? I agree that there is a need to keep some information confidential, or secret. But I do not see any reason why it would not be a good idea to rely entirely on free software for processing and protecting this confidential information. God bless you, Norbert -- Norbert Bollow, Weidlistr.18, CH-8624 Gruet (near Zurich, Switzerland) Tel +41 1 972 20 59 Fax +41 1 972 20 69 nb@thinkcoach.com From fsb-return-5425-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 21:54:20 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 83655 invoked from network); 23 Mar 2001 21:54:20 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 21:54:20 -0000 Received: (qmail 21122 invoked by alias); 23 Mar 2001 21:50:28 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 21112 invoked from network); 23 Mar 2001 21:50:25 -0000 Sender: crispin@wirex.com Message-ID: <3ABBC4DA.65CE050D@wirex.com> Date: Fri, 23 Mar 2001 13:49:15 -0800 From: Crispin Cowan Organization: WireX Communications, Inc. X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.18-1_imnx_5_crispin i686) X-Accept-Language: en MIME-Version: 1.0 To: TonStanco@aol.com Cc: ben@algroup.co.uk, fsb@crynwr.com, freesw@conecta.it Subject: Re: [Freesw] Re: FreeDevelopers References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N TonStanco@aol.com wrote: > > I can't understand what any of this is about. Sure, I *could* figure it > out, > > if I wanted to spend a couple of hours reading the long-winded declarations > > on freedevelopers.net, but I don't have a couple of hours of spare time. > > Can you provide a one paragraph explanation of what this is? > It's not that simple, because it has philosophical/moral elements, because > proprietary must be defeated (e.g., FSF, GPL, the Declaration of Software > Freedom). Tough. Skepticizm runs very high when some new people that have never been seen in the community before crop up and say "I have an idea. Why don't you all follow me!" You have to have a compelling hook that fits in one paragraph, or you'll be dismissed immediately. So far, I've seen a lot of heat & thrash, and no substance. There isn't enough motive for me to even go read your documents, let alone sign the declaration. Until the compelling one-paragraph explanation shows up, you're officially dismissed :-) Crispin P.S. I'll just add to the "bad form" criticizms of trying to run an open source group from a Windows/AOL platform by pointing out that it's tacky to cross-post to a list that isn't accepting replies to those posts (freesw@conecta.it). No, I do not want to subscribe to freesw. -- Crispin Cowan, Ph.D. Chief Research Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org From fsb-return-5426-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 21:56:40 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 84398 invoked from network); 23 Mar 2001 21:56:40 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 21:56:40 -0000 Received: (qmail 21697 invoked by alias); 23 Mar 2001 21:52:47 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 21690 invoked from network); 23 Mar 2001 21:52:47 -0000 Date: Fri, 23 Mar 2001 21:51:45 +0000 From: Simon Cozens To: Dave Turner Cc: Lucas Vogel , "'fsb@crynwr.com'" Subject: Re: GNU and classified software Message-ID: <20010323215145.A9738@netthink.co.uk> References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> <3ABBB8F7.BCD7D440@novalis.org> <20010323212220.A9459@netthink.co.uk> <3ABBBEFC.3BD4FC14@novalis.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.15i In-Reply-To: <3ABBBEFC.3BD4FC14@novalis.org>; from novalis@novalis.org on Fri, Mar 23, 2001 at 04:24:12PM -0500 X-Operating-System: Linux deep-dark-truthful-mirror 2.4.2 X-POM: The Moon is Waning Crescent (1% of Full) X-Addresses: The simon@cozens.net address is deprecated due to being broken. simon@brecon.co.uk still works, but simon-cozens.org or netthink.co.uk are preferred. Sender: Simon Cozens X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Fri, Mar 23, 2001 at 04:24:12PM -0500, Dave Turner wrote: > > Don't forget that Perl is dual-licensed. A lot of businesses can *only* > > use it because of this fact; the Artistic license gives them a lot more > > freedom^Wleeway than the GPL does. > > s/use/distribute/. No, I meant use. For starters, there are those companies who simply won't use GPLed software because of allergic reaction. Whether true or not, they feel that if they write code with GPLed tools, they have to release that code; dual-licensing works around that. > the right to restrict the further distribution of software you distribute > (which bsd-like and the artistic license provide for) Which is also something that some companies want to do; and those companies take Perl under the Artistic license, not the GPL. But we're getting away from the point. I don't know whether it's possible to use GPL-*only* tools on a classified project; I'm not a license lawyer. But I do know that Perl is not GPL-only. > > You're not Dave. Who are you? > What? I am David M. Turner, a.k.a. Novalis. I'm an infrastructure dude > for the Worldforge project. You are also someone who needs to watch 2001: A Space Oddysey again. :) -- I'm not going into LMH, there might be GECKOS. - Henry Braun is Oxford Zippy From fsb-return-5427-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 22:07:47 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 91114 invoked from network); 23 Mar 2001 22:07:47 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 22:07:47 -0000 Received: (qmail 22474 invoked by alias); 23 Mar 2001 22:03:51 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 22467 invoked from network); 23 Mar 2001 22:03:51 -0000 Date: Fri, 23 Mar 2001 23:01:49 +0100 Message-Id: <200103232201.XAA30922@quill.thinkcoach.com> From: Norbert Bollow Prefer-Language: de, en, fr To: fsb@crynwr.com In-reply-to: (TonStanco@aol.com) Subject: Re: [Freesw] Re: FreeDevelopers References: X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N TonStanco@aol.com wrote: > We are a free software organization. We are unlike open source > companies because we are democratic and community owned. Also, > we will pay developers to work on free software, because on an > economic basis, if developers are not paid, free software is > underproduced vis-a-vis proprietary (that pays its developers). Yes. So far free software has been really successful only in those areas where there are many skilled programmers among the users of the software. If we want free software to become attractive to users who cannot be bothered to read a manual of any kind, there must be a way to make these users pay for the cost of making the software fullproof. I think this is what your company is all about - right? God bless you, Norbert -- Norbert Bollow, Weidlistr.18, CH-8624 Gruet (near Zurich, Switzerland) Tel +41 1 972 20 59 Fax +41 1 972 20 69 nb@thinkcoach.com From fsb-return-5428-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 22:10:10 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 91947 invoked from network); 23 Mar 2001 22:10:09 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 22:10:09 -0000 Received: (qmail 22895 invoked by alias); 23 Mar 2001 22:06:17 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 22884 invoked from network); 23 Mar 2001 22:06:16 -0000 Sender: novalis Message-ID: <3ABBC51B.7E20E58E@novalis.org> Date: Fri, 23 Mar 2001 16:50:19 -0500 From: Dave Turner X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.4.2 i686) X-Accept-Language: en,pdf MIME-Version: 1.0 To: Simon Cozens CC: Lucas Vogel , "'fsb@crynwr.com'" Subject: Re: GNU and classified software References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> <3ABBB8F7.BCD7D440@novalis.org> <20010323212220.A9459@netthink.co.uk> <3ABBBEFC.3BD4FC14@novalis.org> <20010323215145.A9738@netthink.co.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Simon Cozens wrote: > > On Fri, Mar 23, 2001 at 04:24:12PM -0500, Dave Turner wrote: > > > Don't forget that Perl is dual-licensed. A lot of businesses can *only* > > > use it because of this fact; the Artistic license gives them a lot more > > > freedom^Wleeway than the GPL does. > > > > s/use/distribute/. > > No, I meant use. For starters, there are those companies who simply won't use > GPLed software because of allergic reaction. Whether true or not, they feel > that if they write code with GPLed tools, they have to release that code; > dual-licensing works around that. Well, while I've heard this, I've never seen any such companies. But you say *can*, not *will*. > > the right to restrict the further distribution of software you distribute > > (which bsd-like and the artistic license provide for) > > Which is also something that some companies want to do; and those companies > take Perl under the Artistic license, not the GPL. > > But we're getting away from the point. I don't know whether it's possible to > use GPL-*only* tools on a classified project; I'm not a license lawyer. But I > do know that Perl is not GPL-only. NSA Secure Linux becomes my new example. Yes, it is allowed. Also, it's classified - who's gonna know :) > > > You're not Dave. Who are you? > > What? I am David M. Turner, a.k.a. Novalis. I'm an infrastructure dude > > for the Worldforge project. > > You are also someone who needs to watch 2001: A Space Oddysey again. :) Ah, right. I have been confused with another Dave Turner in the past, which is what I thought was going on. -- -Dave Turner Stalk me: (215)-545-2859 ---------------------------------------------------------------------- Wait, you're right, I'm thinking of the Ankh-Morpork Assassin's guild, sorry From fsb-return-5429-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 22:12:54 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 93002 invoked from network); 23 Mar 2001 22:12:54 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 22:12:54 -0000 Received: (qmail 23344 invoked by alias); 23 Mar 2001 22:09:03 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 23337 invoked from network); 23 Mar 2001 22:09:02 -0000 Date: Fri, 23 Mar 2001 22:08:02 +0000 From: Simon Cozens To: Dave Turner Cc: Lucas Vogel , "'fsb@crynwr.com'" Subject: Re: GNU and classified software Message-ID: <20010323220802.A9982@netthink.co.uk> References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> <3ABBB8F7.BCD7D440@novalis.org> <20010323212220.A9459@netthink.co.uk> <3ABBBEFC.3BD4FC14@novalis.org> <20010323215145.A9738@netthink.co.uk> <3ABBC51B.7E20E58E@novalis.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.15i In-Reply-To: <3ABBC51B.7E20E58E@novalis.org>; from novalis@novalis.org on Fri, Mar 23, 2001 at 04:50:19PM -0500 X-Operating-System: Linux deep-dark-truthful-mirror 2.4.2 X-POM: The Moon is Waning Crescent (1% of Full) X-Addresses: The simon@cozens.net address is deprecated due to being broken. simon@brecon.co.uk still works, but simon-cozens.org or netthink.co.uk are preferred. Sender: Simon Cozens X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Fri, Mar 23, 2001 at 04:50:19PM -0500, Dave Turner wrote: > > GPLed software because of allergic reaction. Whether true or not, they feel > > that if they write code with GPLed tools, they have to release that code; > > dual-licensing works around that. > > Well, while I've heard this, I've never seen any such companies. But > you say *can*, not *will*. Well, I can give you one to start with: Texas Instruments. They make chips. :) (One of the Perl developers, Nick Ing-Simmons, tells of how they only feel they can use Perl because of the AL.) I'm sure there are others. -- 10. The Earth quakes and the heavens rattle; the beasts of nature flock together and the nations of men flock apart; volcanoes usher up heat while elsewhere water becomes ice and melts; and then on other days it just rains. - Prin. Dis. From fsb-return-5430-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 22:26:06 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 99495 invoked from network); 23 Mar 2001 22:26:06 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 22:26:06 -0000 Received: (qmail 24416 invoked by alias); 23 Mar 2001 22:19:29 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 24403 invoked from network); 23 Mar 2001 22:19:28 -0000 From: TonStanco@aol.com Message-ID: <16.aa31281.27ed2581@aol.com> Date: Fri, 23 Mar 2001 17:17:37 EST Subject: Re: [Freesw] Re: FreeDevelopers To: crispin@wirex.com, TonStanco@aol.com CC: ben@algroup.co.uk, fsb@crynwr.com, freesw@conecta.it MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 4.0 for Windows 95 sub 114 X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N In a message dated 3/23/01 4:50:24 PM Eastern Standard Time, crispin@wirex.com writes: > Tough. Skepticizm runs very high when some new people that have never been > seen in the community before crop up and say "I have an idea. Totally understandable. But a couple of people ask me to explain, so I did. And then a couple more came on top of that. I know I monopolized way too much time today. But it would have been rude of me to stop, too. I have been following the list for a long time and it is high quality, so I didn't want to be rude. > Why don't you all follow me!" I haven't asked you to follow me. Sharing ideas is never a bad thing. I may learn something from you or the other way 'round. In the end we are both better off as long as we are civil. Truth like gold is not burned away by the fire, only made purer. > You have to have a compelling hook that fits in one paragraph, > or you'll be dismissed immediately. > So far, I've seen a lot of heat & thrash, and no substance. There isn't > enough motive for me to even go read your documents, let alone sign the > declaration. You don't have to read them and you don't have to sign. There is a difference between opportunity and compulsion. > Until the compelling one-paragraph explanation shows up, you're officially > dismissed :-) > Crispin > > P.S. I'll just add to the "bad form" criticizms of trying to run an open > source group from a Windows/AOL platform I actually have a Socratic streak, which likes to tweak people's complacency. Truth seldom lies on the surface. People who can't get passed the Windows/AOL are not looking for truth, only easy answers. Of course, look where the Socratic streak got Socrates ;-) Still, it has a good pedigree. > by pointing out that it's tacky to > cross-post to a list that isn't accepting replies to those posts > (freesw@conecta.it). The first person cross-posted and it is customary to respond to all, in those circumstances. > No, I do not want to subscribe to freesw. I have been on that list for a very long time, too, but with a different email. Another high quality list. From fsb-return-5431-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 22:46:28 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 4055 invoked from network); 23 Mar 2001 22:46:28 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 22:46:28 -0000 Received: (qmail 26412 invoked by alias); 23 Mar 2001 22:42:35 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 26405 invoked from network); 23 Mar 2001 22:42:34 -0000 Date: Fri, 23 Mar 2001 14:41:49 -0800 To: TonStanco@aol.com Cc: crispin@wirex.com, ben@algroup.co.uk, fsb@crynwr.com Subject: Re: [Freesw] Re: FreeDevelopers Message-ID: <20010323144149.D18895@claire.namodn.com> References: <16.aa31281.27ed2581@aol.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <16.aa31281.27ed2581@aol.com>; from TonStanco@aol.com on Fri, Mar 23, 2001 at 05:17:37PM -0500 Organization: Namodn - http://www.namodn.com X-OS-Type: Debian GNU/Linux 2.2 From: Nick Jennings X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Fri, Mar 23, 2001 at 05:17:37PM -0500, TonStanco@aol.com wrote: > > I actually have a Socratic streak, which likes to tweak people's complacency. > Truth seldom lies on the surface. People who can't get passed the Windows/AOL > are not looking for truth, only easy answers. > I am not looking for easy answers, I am not looking for answers. I did "get past" the Windows/AOL thing when i joined FD in November! After my valid concerns were ignored and other posts reject by you (when you started moderating the main list) for NO valid reason other then I should have posted it to whatever "sub-list of the day" that was "where the main discussions are happening". I began to realize how completely futile it was to try to voice my opinion. I also realized before this, that the FD lists (depending on which list you were on) where either dead or full of completely sparatic postings completely unrealted to each other. You want some adive: re-organize. Get a server, put FreeDevelopers.net domain on it, host the website there. host the mailing lists there. re-organize the mailing list structure: what the hell is all this: fd-structure1 fd-structure2 fd fd-democracy fd-it blah blah blah. MESSY You claim you have "hundreds of developers" behind this initiative. That is a LIE Tony! Only a very select group of people are the only ones continuing a related topic thread on your lists. Most of the people subscribed have no idea whats going on. You mentioned on a previous post you wish to learn something from these discussions. I urge you to take what I am saying for what it is: A Free Software Hacker, seeing FD, thinking "Wow, _sounds_ cool". Going to the site, seeing a harribly messy, unorganized site, with topica mailing lists. After viewing topica's main site, cringing. Joining the lists anyways. Seeing the Leader posting about Battling proprietary software like it's life or death yet sending these valiant posts from his Windows/AOL box. Seeing chaos on the lists. Sifting through garbage trying to find direction, failing. Trying to check out the other, completely unintuitively named sub-lists, and ending up just being lost as to what the HELL you are trying to do. Seeing this all go NOWHERE! You desperately need to rethink what you say is "surface". You are stepping into a leadership role! If ANYONE Is going to be judged from surface items, it's you, and you need to accept this, bite the bullet, and live by your dramatic rhetoric! you might be taken more seriously. Or you could continue to chalk it up as "simple people, unable to look past the surface to see 'my real substance'" ... HA! > Of course, look where the Socratic streak got Socrates ;-) Still, it has a > good pedigree. Don't flatter yourself. It's bad form. -- Nick Jennings | "Laugh, and the world ignores you. http://nick.namodn.com | Crying doesn't help either." From fsb-return-5432-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 23:00:42 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 9076 invoked from network); 23 Mar 2001 23:00:41 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 23:00:41 -0000 Received: (qmail 28689 invoked by alias); 23 Mar 2001 22:56:47 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 28681 invoked from network); 23 Mar 2001 22:56:45 -0000 Date: Fri, 23 Mar 2001 22:55:03 +0000 From: Simon Cozens To: TonStanco@aol.com Cc: crispin@wirex.com, ben@algroup.co.uk, fsb@crynwr.com Subject: Re: [Freesw] Re: FreeDevelopers Message-ID: <20010323225503.A10341@netthink.co.uk> References: <16.aa31281.27ed2581@aol.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.15i In-Reply-To: <16.aa31281.27ed2581@aol.com>; from TonStanco@aol.com on Fri, Mar 23, 2001 at 05:17:37PM -0500 X-Operating-System: Linux deep-dark-truthful-mirror 2.4.2 X-POM: The Moon is Waning Crescent (1% of Full) X-Addresses: The simon@cozens.net address is deprecated due to being broken. simon@brecon.co.uk still works, but simon-cozens.org or netthink.co.uk are preferred. X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Fri, Mar 23, 2001 at 05:17:37PM -0500, TonStanco@aol.com wrote: > I actually have a Socratic streak, which likes to tweak people's complacency. > Truth seldom lies on the surface. People who can't get passed the Windows/AOL > are not looking for truth, only easy answers. You seem to know little about Socrates; Socrates practiced what he felt was important. -- Do you associate ST JOHN'S with addiction to ASIA FILE? - Henry Braun is Oxford Zippy From fsb-return-5433-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 23:13:55 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 15033 invoked from network); 23 Mar 2001 23:13:55 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 23:13:55 -0000 Received: (qmail 29944 invoked by alias); 23 Mar 2001 23:09:57 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 29937 invoked from network); 23 Mar 2001 23:09:57 -0000 Message-ID: <00f101c0b3ee$143686c0$806810ac@vmware> From: "Jonathan S. Shapiro" To: , Cc: , , References: Subject: Re: [Freesw] Re: FreeDevelopers Date: Fri, 23 Mar 2001 18:07:44 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N All: This is my last post on this subject unless TonStanco has a useful response. It's gone on long enough. Still, many people here helped me when *I* was hopelessly confused (and occasionally still do, since confusion has no permanent cure).... TonStanco: I think it is somewhat telling that the people on this list who are most skeptical about FreeDevelopers are those who have built successful businesses and organizations. Rather than speak for them, let me try to give you a sense of why this is so by using myself as an example. I have a working, active community (the EROS community) that is already known and slowly becoming more financially effective within the free software community. I don't need a new company. I'm not interested in a credo. I really don't care about revolutionary business models that appear to be totally without substance. I have a pretty strong grasp on how to market this kind of product, and I have a very strong grasp on finance (something that FreeDeveloper seems to need, by the way). Like several (many?) others on this list, I've actually *built* organizations and companies that have been multimillion dollar revenue generators -- more than once. Like *all* of the people on the list, my time is valuable and revolutions without substance aren't a good use of that time. The details of course vary from participant to participant, but I think that this characterization is reasonably representative of many people on this list. Some, of course, are at earlier stages of the process, but the point still holds -- their time is valuable. In three to five (reasonable length) sentences or less, why should I care about FreeDevelopers? If you can't answer the question in three to five sentences that make a compelling business case, you really aren't ready to be talking to people like me or FSB. Either convince me in those three to five sentences that it's worth reading your web site when I have a stack 100 deep of email messages that actually *need* my attention, or go away and come back when you *can* convince me. Please understand: I'm not interested in discouraging you. I'm interested in making you productive. Preferably without sacrificing my own productivity. Jonathan Shapiro From fsb-return-5434-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 23:15:16 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 15510 invoked from network); 23 Mar 2001 23:15:14 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 23:15:14 -0000 Received: (qmail 30300 invoked by alias); 23 Mar 2001 23:11:12 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 30292 invoked from network); 23 Mar 2001 23:11:11 -0000 Message-ID: <00f601c0b3ee$32551900$806810ac@vmware> From: "Jonathan S. Shapiro" To: , Cc: , , References: Subject: Re: [Freesw] Re: FreeDevelopers Date: Fri, 23 Mar 2001 18:08:37 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N > > Can you provide a one paragraph explanation of what this is? > > It's not that simple... If it can't be made that simple, it's probably not a viable business, and it's *definitely* not ready to do marketing and/or PR for anyone else. Jonathan From fsb-return-5435-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 23:38:56 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 20754 invoked from network); 23 Mar 2001 23:38:56 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 23:38:56 -0000 Received: (qmail 31402 invoked by alias); 23 Mar 2001 23:35:03 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 31392 invoked from network); 23 Mar 2001 23:35:01 -0000 From: TonStanco@aol.com Message-ID: <4d.93033fa.27ed3722@aol.com> Date: Fri, 23 Mar 2001 18:32:50 EST Subject: Re: [Freesw] Re: FreeDevelopers To: nick@namodn.com CC: crispin@wirex.com, ben@algroup.co.uk, fsb@crynwr.com MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 4.0 for Windows 95 sub 114 X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N There are only 2 things that are permanent at FreeDevelopers and they are the Declaration and the Community is the Company (CommCo) structure. These are the bedrock. You can give them a chance or not. Look at them with an open mind and free heart, or not. It is up to you. There is a lot of time, effort and thought behind them by people who cared deeply about what they are doing-- who put up with the surface defects you mentioned, stuck it out and did their utter best. And in the end, people are remembered for the things they do, not the things they don't. There are a lot of things everyone wishes were better, faster, easier, more organized. But you can go to another list, or you play the hand you're given and stick it out and do what you can to help. We didn't announce anything here before, because there was nothing to announce before. But even with all the problems you can so carefully list, we DID SOMETHING. That it was as hard as it was, only makes it sweeter. At this point, those that want to join, can join. The rest, we'll wave you in when the fighting is done and the war is won. And things are as perfect as you need to have them. In a message dated 3/23/01 5:42:32 PM Eastern Standard Time, nick@namodn.com writes: > Subj: Re: [Freesw] Re: FreeDevelopers > Date: 3/23/01 5:42:32 PM Eastern Standard Time > From: nick@namodn.com (Nick Jennings) > To: TonStanco@aol.com > CC: crispin@wirex.com, ben@algroup.co.uk, fsb@crynwr.com > > On Fri, Mar 23, 2001 at 05:17:37PM -0500, TonStanco@aol.com wrote: > > > > I actually have a Socratic streak, which likes to tweak people's > complacency. > > Truth seldom lies on the surface. People who can't get passed the Windows/ > AOL > > are not looking for truth, only easy answers. > > > > I am not looking for easy answers, I am not looking for answers. I did > "get past" the Windows/AOL thing when i joined FD in November! > > After my valid concerns were ignored and other posts reject by you > (when you started moderating the main list) for NO valid reason > other then I should have posted it to whatever "sub-list of the day" > that was "where the main discussions are happening". I began to realize > how completely futile it was to try to voice my opinion. I also realized > before this, that the FD lists (depending on which list you were on) > where > either dead or full of completely sparatic postings completely unrealted > to each other. You want some adive: re-organize. > > Get a server, put FreeDevelopers.net domain on it, host the website there. > > host the mailing lists there. > > re-organize the mailing list structure: > > what the hell is all this: fd-structure1 fd-structure2 fd fd-democracy > fd-it blah blah blah. MESSY > > You claim you have "hundreds of developers" behind this initiative. That > is a LIE Tony! Only a very select group of people are the only ones > continuing a related topic thread on your lists. Most of the people > subscribed have no idea whats going on. > > You mentioned on a previous post you wish to learn something from > these discussions. I urge you to take what I am saying for what it > is: > > A Free Software Hacker, seeing FD, thinking "Wow, _sounds_ cool". > Going to the site, seeing a harribly messy, unorganized site, with > topica mailing lists. After viewing topica's main site, cringing. > Joining the lists anyways. Seeing the Leader posting about > Battling proprietary software like it's life or death yet sending > these valiant posts from his Windows/AOL box. Seeing chaos on > the lists. Sifting through garbage trying to find direction, failing. > Trying to check out the other, completely unintuitively named > sub-lists, and ending up just being lost as to what the HELL you > are trying to do. > > Seeing this all go NOWHERE! You desperately need to rethink what > you say is "surface". You are stepping into a leadership role! > If ANYONE Is going to be judged from surface items, it's you, > and you need to accept this, bite the bullet, and live by your > dramatic rhetoric! you might be taken more seriously. > > Or you could continue to chalk it up as "simple people, unable > to look past the surface to see 'my real substance'" ... HA! > > > Of course, look where the Socratic streak got Socrates ;-) Still, it has > a > > good pedigree. > > Don't flatter yourself. It's bad form. > > -- > Nick Jennings | "Laugh, and the world ignores you. > http://nick.namodn.com | Crying doesn't help either." > > > > > ----------------------- Headers -------------------------------- > Return-Path: > Received: from rly-zc01.mx.aol.com (rly-zc01.mail.aol.com [172.31.33.1]) by > air-zc05.mail.aol.com (v77_r1.36) with ESMTP; Fri, 23 Mar 2001 17:42:32 -0500 > Received: from claire.namodn.com (namodn.com [209.0.100.49]) by rly-zc01.mx. > aol.com (v77_r1.36) with ESMTP; Fri, 23 Mar 2001 17:41:53 -0500 > Received: from nick by claire.namodn.com with local (Exim 3.12 #1 (Debian)) > id 14gaFh-0005E1-00; Fri, 23 Mar 2001 14:41:49 -0800 > Date: Fri, 23 Mar 2001 14:41:49 -0800 > To: TonStanco@aol.com > Cc: crispin@wirex.com, ben@algroup.co.uk, fsb@crynwr.com > Subject: Re: [Freesw] Re: FreeDevelopers > Message-ID: <20010323144149.D18895@claire.namodn.com> > References: <16.aa31281.27ed2581@aol.com> > Mime-Version: 1.0 > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > User-Agent: Mutt/1.2.5i > In-Reply-To: <16.aa31281.27ed2581@aol.com>; from TonStanco@aol.com on Fri, > Mar 23, 2001 at 05:17:37PM -0500 > Organization: Namodn - http://www.namodn.com > X-OS-Type: Debian GNU/Linux 2.2 > From: Nick Jennings > > From fsb-return-5436-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 23 23:50:09 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 22868 invoked from network); 23 Mar 2001 23:50:08 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 23 Mar 2001 23:50:08 -0000 Received: (qmail 32117 invoked by alias); 23 Mar 2001 23:46:15 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 32110 invoked from network); 23 Mar 2001 23:46:15 -0000 Date: Fri, 23 Mar 2001 23:44:42 +0000 From: Simon Cozens To: TonStanco@aol.com Cc: nick@namodn.com, crispin@wirex.com, ben@algroup.co.uk, fsb@crynwr.com Subject: Re: [Freesw] Re: FreeDevelopers Message-ID: <20010323234442.A10737@netthink.co.uk> References: <4d.93033fa.27ed3722@aol.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.15i In-Reply-To: <4d.93033fa.27ed3722@aol.com>; from TonStanco@aol.com on Fri, Mar 23, 2001 at 06:32:50PM -0500 X-Operating-System: Linux deep-dark-truthful-mirror 2.4.2 X-POM: The Moon is Waning Crescent (1% of Full) X-Addresses: The simon@cozens.net address is deprecated due to being broken. simon@brecon.co.uk still works, but simon-cozens.org or netthink.co.uk are preferred. X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Fri, Mar 23, 2001 at 06:32:50PM -0500, TonStanco@aol.com wrote: > We didn't announce anything here before Excuse me. That is a lie. From: "tony stanco" To: simon@cozens.net, fsb@crynwr.com Cc: tonstanco@aol.com Subject: Re: Dealing with the Open Source community Date: Sat, 18 Nov 2000 15:31:54 GMT That is why at FreeDevelopers.net we have a goal of displacing the propreitary paradigm with a free one in the next 10 years. We only started a couple of months ago. Below is some press that we received in the last few weeks. best regards, tony stanco www.FreeDevelopers.net http://www.zdnet.com/enterprise/stories/main/0,10228,2654413,00.html [...] -- "I don't think so," said Rene Descartes. Just then, he vanished. From fsb-return-5437-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Mar 24 00:10:39 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 29526 invoked from network); 24 Mar 2001 00:10:39 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 24 Mar 2001 00:10:39 -0000 Received: (qmail 989 invoked by alias); 24 Mar 2001 00:06:42 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 982 invoked from network); 24 Mar 2001 00:06:40 -0000 Date: Fri, 23 Mar 2001 16:06:04 -0800 From: Nick Jennings To: TonStanco@aol.com Cc: crispin@wirex.com, ben@algroup.co.uk, fsb@crynwr.com Subject: Re: [Freesw] Re: FreeDevelopers Message-ID: <20010323160604.F18895@claire.namodn.com> References: <4d.93033fa.27ed3722@aol.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <4d.93033fa.27ed3722@aol.com>; from TonStanco@aol.com on Fri, Mar 23, 2001 at 06:32:50PM -0500 Organization: Namodn - http://www.namodn.com X-OS-Type: Debian GNU/Linux 2.2 X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Obviously you did not come here, open to learning something. You came here to try to recruit, and nothing more. On Fri, Mar 23, 2001 at 06:32:50PM -0500, TonStanco@aol.com wrote: > There are only 2 things that are permanent at FreeDevelopers and they are the > Declaration and the Community is the Company (CommCo) structure. These are > the bedrock. You can give them a chance or not. Look at them with an open > mind and free heart, or not. It is up to you. > > There is a lot of time, effort and thought behind them by people who cared > deeply about what they are doing-- who put up with the surface defects you > mentioned, stuck it out and did their utter best. And in the end, people are > remembered for the things they do, not the things they don't. > > There are a lot of things everyone wishes were better, faster, easier, more > organized. But you can go to another list, or you play the hand you're given > and stick it out and do what you can to help. > > We didn't announce anything here before, because there was nothing to > announce before. But even with all the problems you can so carefully list, we > DID SOMETHING. That it was as hard as it was, only makes it sweeter. > > At this point, those that want to join, can join. The rest, we'll wave you in > when the fighting is done and the war is won. And things are as perfect as > you need to have them. > > > > In a message dated 3/23/01 5:42:32 PM Eastern Standard Time, nick@namodn.com > writes: > > > Subj: Re: [Freesw] Re: FreeDevelopers > > Date: 3/23/01 5:42:32 PM Eastern Standard Time > > From: nick@namodn.com (Nick Jennings) > > To: TonStanco@aol.com > > CC: crispin@wirex.com, ben@algroup.co.uk, fsb@crynwr.com > > > > On Fri, Mar 23, 2001 at 05:17:37PM -0500, TonStanco@aol.com wrote: > > > > > > I actually have a Socratic streak, which likes to tweak people's > > complacency. > > > Truth seldom lies on the surface. People who can't get passed the > Windows/ > > AOL > > > are not looking for truth, only easy answers. > > > > > > > I am not looking for easy answers, I am not looking for answers. I did > > "get past" the Windows/AOL thing when i joined FD in November! > > > > After my valid concerns were ignored and other posts reject by you > > (when you started moderating the main list) for NO valid reason > > other then I should have posted it to whatever "sub-list of the day" > > that was "where the main discussions are happening". I began to realize > > how completely futile it was to try to voice my opinion. I also realized > > before this, that the FD lists (depending on which list you were on) > > where > > either dead or full of completely sparatic postings completely unrealted > > to each other. You want some adive: re-organize. > > > > Get a server, put FreeDevelopers.net domain on it, host the website > there. > > > > host the mailing lists there. > > > > re-organize the mailing list structure: > > > > what the hell is all this: fd-structure1 fd-structure2 fd > fd-democracy > > fd-it blah blah blah. MESSY > > > > You claim you have "hundreds of developers" behind this initiative. That > > is a LIE Tony! Only a very select group of people are the only ones > > continuing a related topic thread on your lists. Most of the people > > subscribed have no idea whats going on. > > > > You mentioned on a previous post you wish to learn something from > > these discussions. I urge you to take what I am saying for what it > > is: > > > > A Free Software Hacker, seeing FD, thinking "Wow, _sounds_ cool". > > Going to the site, seeing a harribly messy, unorganized site, with > > topica mailing lists. After viewing topica's main site, cringing. > > Joining the lists anyways. Seeing the Leader posting about > > Battling proprietary software like it's life or death yet sending > > these valiant posts from his Windows/AOL box. Seeing chaos on > > the lists. Sifting through garbage trying to find direction, failing. > > Trying to check out the other, completely unintuitively named > > sub-lists, and ending up just being lost as to what the HELL you > > are trying to do. > > > > Seeing this all go NOWHERE! You desperately need to rethink what > > you say is "surface". You are stepping into a leadership role! > > If ANYONE Is going to be judged from surface items, it's you, > > and you need to accept this, bite the bullet, and live by your > > dramatic rhetoric! you might be taken more seriously. > > > > Or you could continue to chalk it up as "simple people, unable > > to look past the surface to see 'my real substance'" ... HA! > > > > > Of course, look where the Socratic streak got Socrates ;-) Still, it > has > > a > > > good pedigree. > > > > Don't flatter yourself. It's bad form. > > > > -- > > Nick Jennings | "Laugh, and the world ignores you. > > http://nick.namodn.com | Crying doesn't help either." > > > > > > > > > > ----------------------- Headers -------------------------------- > > Return-Path: > > Received: from rly-zc01.mx.aol.com (rly-zc01.mail.aol.com [172.31.33.1]) > by > > air-zc05.mail.aol.com (v77_r1.36) with ESMTP; Fri, 23 Mar 2001 17:42:32 > -0500 > > Received: from claire.namodn.com (namodn.com [209.0.100.49]) by > rly-zc01.mx. > > aol.com (v77_r1.36) with ESMTP; Fri, 23 Mar 2001 17:41:53 -0500 > > Received: from nick by claire.namodn.com with local (Exim 3.12 #1 (Debian)) > > id 14gaFh-0005E1-00; Fri, 23 Mar 2001 14:41:49 -0800 > > Date: Fri, 23 Mar 2001 14:41:49 -0800 > > To: TonStanco@aol.com > > Cc: crispin@wirex.com, ben@algroup.co.uk, fsb@crynwr.com > > Subject: Re: [Freesw] Re: FreeDevelopers > > Message-ID: <20010323144149.D18895@claire.namodn.com> > > References: <16.aa31281.27ed2581@aol.com> > > Mime-Version: 1.0 > > Content-Type: text/plain; charset=us-ascii > > Content-Disposition: inline > > User-Agent: Mutt/1.2.5i > > In-Reply-To: <16.aa31281.27ed2581@aol.com>; from TonStanco@aol.com on Fri, > > Mar 23, 2001 at 05:17:37PM -0500 > > Organization: Namodn - http://www.namodn.com > > X-OS-Type: Debian GNU/Linux 2.2 > > From: Nick Jennings > > > > > -- Nick Jennings | "Laugh, and the world ignores you. http://nick.namodn.com | Crying doesn't help either." From fsb-return-5438-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Mar 24 00:18:51 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 32458 invoked from network); 24 Mar 2001 00:18:50 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 24 Mar 2001 00:18:50 -0000 Received: (qmail 1536 invoked by alias); 24 Mar 2001 00:14:59 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 1527 invoked from network); 24 Mar 2001 00:14:58 -0000 Date: Fri, 23 Mar 2001 16:14:51 -0800 (PST) From: Brian Behlendorf X-X-Sender: To: Subject: Re: [Freesw] Re: FreeDevelopers In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N The only conclusion I can come to after reading this thread and the thicket of jumbled concepts on the web pages is that this is an "attention-sink" meant to distract the rest of us from going about our business of building successful free software businesses. I could further speculate on motives but I really don't care to be drawn into this mess. All I can say at this point is I wish "TonStanco@aol.com" the best of luck on this, and hopefully he doesn't drag down the FSF's name in the process. Congratulations to Red Hat, btw, on making it to break-even! There is hope for the rest of us, yet. Brian From fsb-return-5439-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Mar 24 00:21:42 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 33986 invoked from network); 24 Mar 2001 00:21:42 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 24 Mar 2001 00:21:42 -0000 Received: (qmail 1934 invoked by alias); 24 Mar 2001 00:17:49 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 1925 invoked from network); 24 Mar 2001 00:17:48 -0000 From: TonStanco@aol.com Message-ID: <48.13492601.27ed414e@aol.com> Date: Fri, 23 Mar 2001 19:16:14 EST Subject: Re: [Freesw] Re: FreeDevelopers To: TonStanco@aol.com, ben@algroup.co.uk CC: fsb@crynwr.com, freesw@conecta.it MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 4.0 for Windows 95 sub 114 X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Thanks for the warm reception. But I will repeat one of the first posts I made today, because 95% of the posts thereafter proved the point exactly. BTW, This was cannibalism, not skepticism. Skepticism hears what a person has to say (or write), first. and then judges on the merits. > Proprietary has a huge advantage because it buys its supporters (developers, > lawyers, politicians, etc.). Free software has a hard time even finding > support among itself, because people want more to quibble with friends than > fight the foe. While we split hairs, proprietary relentlessly marches on to > enslave the world (e.g., HailStorm). Let's concentrate on defeating > proprietary. Once that is done, we will have the luxury to argue over who has > the better free license. Until that is done, we are just arguing over who has > the better view from inside the prison wall. From fsb-return-5440-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Mar 24 01:32:45 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 49859 invoked from network); 24 Mar 2001 01:32:45 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 24 Mar 2001 01:32:45 -0000 Received: (qmail 5124 invoked by alias); 24 Mar 2001 01:28:51 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 5117 invoked from network); 24 Mar 2001 01:28:50 -0000 Date: Fri, 23 Mar 2001 17:28:15 -0800 To: TonStanco@aol.com' Cc: ben@algroup.co.uk, fsb@crynwr.com, freesw@conecta.it Subject: Re: [Freesw] Re: FreeDevelopers Message-ID: <20010323172815.B21629@claire.namodn.com> References: <48.13492601.27ed414e@aol.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <48.13492601.27ed414e@aol.com>; from TonStanco@aol.com on Fri, Mar 23, 2001 at 07:16:14PM -0500 Organization: Namodn - http://www.namodn.com X-OS-Type: Debian GNU/Linux 2.2 From: Nick Jennings X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N If I REALLY want to see quibbling! I will read the freedevelopers lists! On Fri, Mar 23, 2001 at 07:16:14PM -0500, TonStanco@aol.com wrote: > Thanks for the warm reception. But I will repeat one of the first posts I > made today, because 95% of the posts thereafter proved the point exactly. > > BTW, This was cannibalism, not skepticism. Skepticism hears what a person has > to say (or write), first. and then judges on the merits. > > > Proprietary has a huge advantage because it buys its supporters > (developers, > > lawyers, politicians, etc.). Free software has a hard time even finding > > support among itself, because people want more to quibble with friends than > > fight the foe. While we split hairs, proprietary relentlessly marches on to > > enslave the world (e.g., HailStorm). Let's concentrate on defeating > > proprietary. Once that is done, we will have the luxury to argue over who > has > > the better free license. Until that is done, we are just arguing over who > has > > the better view from inside the prison wall. > -- Nick Jennings | "Laugh, and the world ignores you. http://nick.namodn.com | Crying doesn't help either." From fsb-return-5441-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Mar 24 01:48:15 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 53300 invoked from network); 24 Mar 2001 01:48:15 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 24 Mar 2001 01:48:15 -0000 Received: (qmail 6026 invoked by alias); 24 Mar 2001 01:44:20 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 6019 invoked from network); 24 Mar 2001 01:44:19 -0000 Message-ID: <3ABBFBDE.3E4CCF90@collab.net> Date: Fri, 23 Mar 2001 20:43:58 -0500 From: Frank Hecker Organization: CollabNet, Inc. X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Norbert Bollow CC: fsb@crynwr.com Subject: Re: GNU and classified software References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> <200103232141.WAA30718@quill.thinkcoach.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Norbert Bollow wrote: > Lucas Vogel wrote: > > Can GNU tools be used in the creation/use/distribution of classified > > software? > > Yes, as long as you just want to _use_the_tools_ for this > purpose. > > However you are not allowed to take parts of the source code of > GNU programs and adapt them for inclusion in classified > software. I respectfully disagree. Based on my reading of it, the GPL does not require that you make source code for derived works publicly available, it requires only that you make the source code available to those to whom you distribute the derived work. For example, IMO the NSA can take unclassified publicly available GPLed software, create a derived work that is itself classified (under relevant US government regulations), and provide that derived work to (say) a US government contractor as classified material. The NSA would comply with the requirements of the GPL by (among other things) providing the contractor with the source code for the NSA's modifications to the original GPLed software, and providing the derived work as a whole under GPL terms and conditions. The contractor would then be free to redistribute that work, including NSA's modifications, to others under GPL terms and conditions. As it happens, the contractor would be prohibited by US law from distributing the work to anyone not authorized to handle classified material, but IMO that is not a problem for the GPL, as discussed below. I can't speak for the FSF, but I can quote from "What is Free Software": "You should also have the freedom to make modifications and use them privately in your own work or play, without even mentioning that they exist." This clearly implies the ability for an agency like NSA to use free software internally, make modifications to it, and keep those modifications to itself. "The freedom to use a program means the freedom for any kind of person or organization to use it on any kind of computer system, for any kind of overall job, and without being required to communicate subsequently with the developer or any other specific entity." Again, this reinforces the idea that a free software license cannot _mandate_ public disclosure; rather it must not _prohibit_ such disclosure. ("The freedom to improve the program, and release your improvements to the public ...") And in fact in the above example the contractor receiving a classified GPL application from the NSA is permitted to disclose it to the public under the terms of the GPL; however in practice the contractor is prevented from exercising this right by US laws relating to distribution of classified data. Both "What is Free Software" and the GPL itself discuss cases where distribution under the GPL (or other free software licenses) might be restricted due to other legal issues. The GPL in Section 8 discusses restrictions on distribution due to patents and/or interface copyrights, and "What is Free Software" discusses restrictions due to government export control regulations (e.g., for encryption code). In both cases IMO the FSF makes clear that by complying with such restrictions you are not violating the GPL or any other free software license. Restrictions against distribution of classified data would IMO be considered exactly equivalent in terms of their effect on the GPL. As a final comment, I think the FSF did a very smart thing by disallowing as free software licenses licenses that mandate public disclosure of modifications. If free software licenses were either required or allowed to mandated public disclosure, then IMO the end result would have been to restrict significantly the environments in which free software could be used. Frank -- Frank Hecker work: http://www.collab.net/ frank@collab.net home: http://www.hecker.org/ From fsb-return-5442-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Mar 24 02:20:52 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 59411 invoked from network); 24 Mar 2001 02:20:50 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 24 Mar 2001 02:20:50 -0000 Received: (qmail 8052 invoked by alias); 24 Mar 2001 02:16:52 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 8045 invoked from network); 24 Mar 2001 02:16:51 -0000 Message-ID: <3ABC0381.E426009C@collab.net> Date: Fri, 23 Mar 2001 21:16:33 -0500 From: Frank Hecker Organization: CollabNet, Inc. X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: "Karsten M. Self" CC: "'fsb@crynwr.com'" Subject: Re: GNU and classified software References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> <20010323133917.E2468@ix.netcom.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N "Karsten M. Self" wrote: > on Fri, Mar 23, 2001 at 12:44:10PM -0800, Lucas Vogel (lvogel@exponent.com) wrote: > > Can GNU tools be used in the creation/use/distribution of classified > > software? > > Define "classified software". Are you talking about military/defense > security classifications? Yes, he was. Disclaimer before proceeding further: I do have some level of familarity and experience with US government security clearances and classification issues, but am by no means an expert on the subject. > Q: Do classified software requirements conflict with the GNU GPL? > A: I have no idea. I don't know what the requirements or > regulations are. Briefly: Information, including computer data and software, can be classified at a given classification level within a hierarchical scheme (e.g., Confidential, Secret, Top Secret, in increasing order), and then within particular "compartments" (basically, topic areas) at a given level. Access to information at a given classification level requires a person to hold a clearance at that level or higher; thus, for example, access to Secret data requires a Secret clearance or above. Access to information within a given compartment requires "need to know" approval for that compartment; thus a person with a Top Secret clearance might be allowed to access data in compartment A but not in compartment B. In theory information can move from lower classification levels to higher levels but not the other way (at least, not without a formal declassification procedure being followed). Thus, for example, if the NSA took a CD containing publicly available GNU software, loaded the software onto a system attached to a classified network, and modified the software, then the resulting software would be classified (at whatever level the network was at) and thus not publicly releasable (More correctly, the modifications could potentially be released, but they'd have to be formally reviewed and declassified first.) > I *do* know that the NSA has worked with GNU/Linux, If you're referring to the "SE Linux" work, that's within a part of the NSA that conducts unclassified research on operating system security. The NSA Security Enhanced Linux code itself is not classified. (If it were, it wouldn't be downloadable from the NSA web site :-) However I'm sure there are also GNU/Linux systems deployed within NSA (and potentially elsewhere within DoD and the US government) within classified environments. Frank -- Frank Hecker work: http://www.collab.net/ frank@collab.net home: http://www.hecker.org/ From fsb-return-5443-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Mar 24 03:05:46 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 77310 invoked from network); 24 Mar 2001 03:05:44 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 24 Mar 2001 03:05:44 -0000 Received: (qmail 10264 invoked by alias); 24 Mar 2001 03:01:47 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 10257 invoked from network); 24 Mar 2001 03:01:46 -0000 Date: Fri, 23 Mar 2001 19:01:13 -0800 From: Seth David Schoen To: fsb@crynwr.com Subject: Re: GNU and classified software Message-ID: <20010323190113.C32421@zork.net> Mail-Followup-To: Seth David Schoen , fsb@crynwr.com References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> <200103232141.WAA30718@quill.thinkcoach.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200103232141.WAA30718@quill.thinkcoach.com>; from nb@thinkcoach.com on Fri, Mar 23, 2001 at 10:41:00PM +0100 X-Accept-Language: en,la,eo Sender: Seth David Schoen X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Norbert Bollow writes: > Lucas Vogel wrote: > > > Can GNU tools be used in the creation/use/distribution of classified > > software? > > Why is there a need for classified software anyway? I agree > that there is a need to keep some information confidential, or > secret. But I do not see any reason why it would not be a good > idea to rely entirely on free software for processing and > protecting this confidential information. Some software is classified because it reveals classified technology or techniques. For example, software which simulates reactions in nuclear weapons is classified because it contains or produces classified information about nuclear weapons. The same thing is sometimes true of non-military secrecy. Some software which could otherwise be free builds in trade secrets so that the software can't be disclosed without revealing the trade secrets. I'm not just talking about having a database password inside a Perl script, but for example a lot of financial companies have their own secret models of financial markets -- and they have programs to work out those models, and if you saw the programs, you would know their models. -- Seth David Schoen | And do not say, I will study when I Temp. http://www.loyalty.org/~schoen/ | have leisure; for perhaps you will down: http://www.loyalty.org/ (CAF) | not have leisure. -- Pirke Avot 2:5 From fsb-return-5444-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Mar 24 03:18:30 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 87095 invoked from network); 24 Mar 2001 03:18:30 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 24 Mar 2001 03:18:30 -0000 Received: (qmail 11067 invoked by alias); 24 Mar 2001 03:14:34 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 11060 invoked from network); 24 Mar 2001 03:14:33 -0000 Date: Fri, 23 Mar 2001 19:14:01 -0800 From: Seth David Schoen To: fsb@crynwr.com Subject: Re: GNU and classified software Message-ID: <20010323191401.D32421@zork.net> Mail-Followup-To: Seth David Schoen , fsb@crynwr.com References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> <200103232141.WAA30718@quill.thinkcoach.com> <3ABBFBDE.3E4CCF90@collab.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3ABBFBDE.3E4CCF90@collab.net>; from frank@collab.net on Fri, Mar 23, 2001 at 08:43:58PM -0500 X-Accept-Language: en,la,eo Sender: Seth David Schoen X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Frank Hecker writes: > Norbert Bollow wrote: > > Lucas Vogel wrote: > > > Can GNU tools be used in the creation/use/distribution of classified > > > software? > > > > Yes, as long as you just want to _use_the_tools_ for this > > purpose. > > > > However you are not allowed to take parts of the source code of > > GNU programs and adapt them for inclusion in classified > > software. > > I respectfully disagree. Based on my reading of it, the GPL does not > require that you make source code for derived works publicly available, > it requires only that you make the source code available to those to > whom you distribute the derived work. For example, IMO the NSA can take > unclassified publicly available GPLed software, create a derived work > that is itself classified (under relevant US government regulations), > and provide that derived work to (say) a US government contractor as > classified material. The NSA would comply with the requirements of the > GPL by (among other things) providing the contractor with the source > code for the NSA's modifications to the original GPLed software, and > providing the derived work as a whole under GPL terms and conditions. > > The contractor would then be free to redistribute that work, including > NSA's modifications, to others under GPL terms and conditions. As it > happens, the contractor would be prohibited by US law from distributing > the work to anyone not authorized to handle classified material, but IMO > that is not a problem for the GPL, as discussed below. This is true, but there are some possibilities for error; for example, there's an argument that the agency could get in a lot of trouble if it ever accidentally forgot to provide the source code -- even in an isolated incident -- and a copyright holder found out and wanted to make an issue out of it. I think you're entirely right about this scenario. There are also licenses, on the other hand, which some people consider free with a disclosure requirement which isn't compatible with classification. > I can't speak for the FSF, but I can quote from "What is Free Software": > > "You should also have the freedom to make modifications and use them > privately in your own work or play, without even mentioning that they > exist." I agree with the FSF here, but that doesn't quite resolve the issue: > This clearly implies the ability for an agency like NSA to use free > software internally, make modifications to it, and keep those > modifications to itself. ... giving the software or a derived version to a contractor for commercial purposes is almost certainly not fair use, and is also arguably not use "privately in your own work or play". So neither copyright law nor the particular FSF argument you quoted would prevent a hypothetical free software license from requiring public disclosure when derived works are shared with a contractor. > "The freedom to use a program means the freedom for any kind of person > or organization to use it on any kind of computer system, for any kind > of overall job, and without being required to communicate subsequently > with the developer or any other specific entity." > > Again, this reinforces the idea that a free software license cannot > _mandate_ public disclosure; rather it must not _prohibit_ such > disclosure. ("The freedom to improve the program, and release your > improvements to the public ...") > [...] > As a final comment, I think the FSF did a very smart thing by > disallowing as free software licenses licenses that mandate public > disclosure of modifications. If free software licenses were either > required or allowed to mandated public disclosure, then IMO the end > result would have been to restrict significantly the environments in > which free software could be used. I again agree with the FSF and with your analysis, but some people disagree, which leaves some possibly interesting marginal cases. I'm not sure that there's a wide consensus yet on the degree to which a free software license must respect privacy when derived works are made. -- Seth David Schoen | And do not say, I will study when I Temp. http://www.loyalty.org/~schoen/ | have leisure; for perhaps you will down: http://www.loyalty.org/ (CAF) | not have leisure. -- Pirke Avot 2:5 From fsb-return-5445-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Mar 24 03:24:25 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 88138 invoked from network); 24 Mar 2001 03:24:25 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 24 Mar 2001 03:24:25 -0000 Received: (qmail 11568 invoked by alias); 24 Mar 2001 03:20:32 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 11554 invoked from network); 24 Mar 2001 03:20:32 -0000 Date: Fri, 23 Mar 2001 19:19:59 -0800 From: Seth David Schoen To: fsb@crynwr.com Subject: Re: GNU and classified software Message-ID: <20010323191959.E32421@zork.net> Mail-Followup-To: Seth David Schoen , fsb@crynwr.com References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> <200103232141.WAA30718@quill.thinkcoach.com> <3ABBFBDE.3E4CCF90@collab.net> <20010323191401.D32421@zork.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010323191401.D32421@zork.net>; from schoen@loyalty.org on Fri, Mar 23, 2001 at 07:14:01PM -0800 X-Accept-Language: en,la,eo Sender: Seth David Schoen X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Seth David Schoen writes: > I again agree with the FSF and with your analysis, but some people > disagree, which leaves some possibly interesting marginal cases. I'm > not sure that there's a wide consensus yet on the degree to which a > free software license must respect privacy when derived works are made. Oops, I already forgot that the original question was only about GNU software and not about all imaginable free software. So I'm wondering about the question in greater generality rather than the form in which it was originally asked. -- Seth David Schoen | And do not say, I will study when I Temp. http://www.loyalty.org/~schoen/ | have leisure; for perhaps you will down: http://www.loyalty.org/ (CAF) | not have leisure. -- Pirke Avot 2:5 From fsb-return-5446-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Mar 24 03:43:36 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 91314 invoked from network); 24 Mar 2001 03:43:36 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 24 Mar 2001 03:43:36 -0000 Received: (qmail 12469 invoked by alias); 24 Mar 2001 03:39:45 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 12462 invoked from network); 24 Mar 2001 03:39:44 -0000 Content-Type: text/plain; charset="iso-8859-1" From: Bryan Dumm Reply-To: bdumm@bobby.bcpub.com To: fsb@crynwr.com Subject: Re: [Freesw] Re: FreeDevelopers Date: Fri, 23 Mar 2001 19:14:48 +0000 X-Mailer: KMail [version 1.2] References: <4d.93033fa.27ed3722@aol.com> <20010323160604.F18895@claire.namodn.com> In-Reply-To: <20010323160604.F18895@claire.namodn.com> MIME-Version: 1.0 Message-Id: <01032319144800.01432@bobby> Content-Transfer-Encoding: 8bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Saturday 24 March 2001 00:06, Nick Jennings wrote: > Obviously you did not come here, open to learning something. You came > here to try to recruit, and nothing more. and it's becomming tiresome... :) Bryan From fsb-return-5447-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Mar 24 04:10:38 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 95472 invoked from network); 24 Mar 2001 04:10:38 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 24 Mar 2001 04:10:38 -0000 Received: (qmail 14273 invoked by alias); 24 Mar 2001 04:06:40 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 14266 invoked from network); 24 Mar 2001 04:06:39 -0000 Message-ID: <3ABC1D1F.25E0EA29@collab.net> Date: Fri, 23 Mar 2001 23:05:51 -0500 From: Frank Hecker Organization: CollabNet, Inc. X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Seth David Schoen CC: fsb@crynwr.com Subject: Re: GNU and classified software References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> <200103232141.WAA30718@quill.thinkcoach.com> <3ABBFBDE.3E4CCF90@collab.net> <20010323191401.D32421@zork.net> <20010323191959.E32421@zork.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Seth David Schoen wrote: > Seth David Schoen writes: > > > I again agree with the FSF and with your analysis, but some people > > disagree, which leaves some possibly interesting marginal cases. I'm > > not sure that there's a wide consensus yet on the degree to which a > > free software license must respect privacy when derived works are made. > > Oops, I already forgot that the original question was only about GNU > software and not about all imaginable free software. I too could have been clearer on this point and others. I'll summarize briefly what I believe to be the case. Based on my reading of it, the GPL does not mandate public disclosure of modifications made for internal use, and does not mandate public disclosure of modifications when privately distributing GPLed software from one party to another. Ditto for the LGPL. So this IMO answers the question of whether GNU software under the GPL and LGPL could be used in classified applications: Classified software licensed under the GPL could be distributed among people and organizations posessing the proper clearances while still complying fully with the terms of the GPL (or LGPL). Of course the original question was really "Can GNU tools be used in the creation/use/distribution of classified software?" Restricting ourselves to GNU tools under the GPL, that question is addressed by Section 0 of the GPL: "Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program)." So running GNU tools to process (i.e., edit, compile, link, debug, etc.) classified software appears to be OK in the case where no GPLed software actually ends up in the classified software. If the GNU tools do insert GPLed code in the classified software then IMO this is still OK, as discussed above. > So I'm wondering about the question in greater generality rather than > the form in which it was originally asked. Based on my reading of "What is Free Software", the FSF's definition of free software disallows having a license that mandates public disclosure of modifications made for internal use. However at least from "What is Free Software" it is not totally clear whether the FSF's definition of free software disallows having a license that mandates public disclosure of modifications when privately distributing software from one party to another. I believe I have read comments elsewhere by RMS that free software licenses should allow private distribution without mandating public disclosure (this issue certainly came up in the original discussions of the NPL and MPL), but unfortunately I can't find any references for this. But in any case if there were a free software license that mandated public disclosure of source upon _any_ distribution (public or private) then it appears to me that it would be incompatible with the GPL. Frank -- Frank Hecker work: http://www.collab.net/ frank@collab.net home: http://www.hecker.org/ From fsb-return-5448-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Mar 24 04:25:37 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 97943 invoked from network); 24 Mar 2001 04:25:36 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 24 Mar 2001 04:25:36 -0000 Received: (qmail 15545 invoked by alias); 24 Mar 2001 04:21:40 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 15538 invoked from network); 24 Mar 2001 04:21:39 -0000 Message-ID: <3ABC20A5.56107D9E@collab.net> Date: Fri, 23 Mar 2001 23:20:53 -0500 From: Frank Hecker Organization: CollabNet, Inc. X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Seth David Schoen CC: fsb@crynwr.com Subject: Re: GNU and classified software References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> <200103232141.WAA30718@quill.thinkcoach.com> <3ABBFBDE.3E4CCF90@collab.net> <20010323191401.D32421@zork.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Seth David Schoen wrote: > Frank Hecker writes: > > The contractor would then be free to redistribute that work, including > > NSA's modifications, to others under GPL terms and conditions. As it > > happens, the contractor would be prohibited by US law from distributing > > the work to anyone not authorized to handle classified material, but IMO > > that is not a problem for the GPL, as discussed below. > > This is true, but there are some possibilities for error; for example, > there's an argument that the agency could get in a lot of trouble if > it ever accidentally forgot to provide the source code -- even in an > isolated incident -- and a copyright holder found out and wanted to > make an issue out of it. I'm not sure why this would cause trouble. It seems to me that in such a case the NSA could simply correct the problem by providing the source code to whomever it distributed the software. Speaking for myself, I can't see any way by which the copyright holder could force any sort of public disclosure, or even force disclosure to any third parties (including themselves) whom had not received the software from the NSA originally. > ... giving the software or a derived version to a contractor for > commercial purposes is almost certainly not fair use, and is also > arguably not use "privately in your own work or play". So neither > copyright law nor the particular FSF argument you quoted would prevent > a hypothetical free software license from requiring public disclosure > when derived works are shared with a contractor. You are correct, as I noted in my previous message; "What is Free Software" seems to be silent on this point. But I'm curious: do you (or anyone else) happen to know of an actual free software license which in fact requires public disclosure on private distribution? Frank -- Frank Hecker work: http://www.collab.net/ frank@collab.net home: http://www.hecker.org/ From fsb-return-5449-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Mar 24 05:19:44 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 4399 invoked from network); 24 Mar 2001 05:19:44 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 24 Mar 2001 05:19:44 -0000 Received: (qmail 18015 invoked by alias); 24 Mar 2001 05:14:06 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 17981 invoked from network); 24 Mar 2001 05:13:23 -0000 Date: Fri, 23 Mar 2001 21:12:32 -0800 (PST) From: Anil Kumar X-Sender: anil@localhost.localdomain To: Tom Hull cc: fsb@crynwr.com Subject: Re: FreeDevelopers In-Reply-To: <3ABB9322.E02902BE@kscable.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Fri, 23 Mar 2001, Tom Hull wrote: > Anil Kumar wrote: > > > > This week, we disclosed our proposed revolutionary new commercial > > structure for free software and it is available for review at > > http://FreeDevelopers.Net/company/CommCo/ > > I'm always happy to see people thinking about how to subsidize free > software development, but this proposal has a few weak spots. In > particular, one finds the following significant assertion: > > >> There needs to be a predominant marketing company for GPL software > >> to compete with proprietary software ... > > False. There are many reasons why multiple/many marketing companies > are more effective than one. Multiple companies have to compete, > sharpen their pitch, hustle harder, are more accountable, can > specialize, can adapt to finer niches, etc. Our primary intention at FD is to "replace the proprietary". So for that we identified the requirement of a marketing company to promote the Free code available. That's why we decided to start one. If someone else wants to start a another one we welcome him/her and it is a healthy situation as you have indicated. > > >> and to provide salaries to developers. > > False: Multiple marketing companies provide more jobs for employees. > Also, while all developers need some form of income for their > livelihood, such income does not have to be in the form of a > salary. > I think you missed some of the documents in the FD site. In its purest form we are aiming for a company which will resemble proprietary ones except in ownership and licensing of the code we write. > >> Without such a company, price-cutting would destroy the market for > >> GPL software ... > > False. Price cutting in theory at least increases the market, albeit > by reducing margin. In practice, even very competitive commodity > markets tend to avoid catastrophe by finding an eqilibrium between > price and other factors. > Now we are "enjoying" the highest price cutting; it's free :) That's why we cannot pay the developers. We want to pay the developers. And what you have said is correct we got a fairly huge userbase (market). > >> and then developers could not be paid to work on it. > > Yet somehow developers produce a lot of free software anyway. I'm > sympathetic to the idea of getting more money to subsidize free > software developers, but it's hard to argue that lack of pay is > a crippling problem. ... Its is true that even with out this company developers will keep writing Free software. Our attempt is to take things to a higher dimension; (again) to replace the proprietary and to pay the (otherwise unpaid) Free developers. cheers, Anil -- I have signed it at http://FreeDevelopers.Net/freedomdec, did you? From fsb-return-5450-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Mar 24 05:28:15 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 5463 invoked from network); 24 Mar 2001 05:28:14 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 24 Mar 2001 05:28:14 -0000 Received: (qmail 18619 invoked by alias); 24 Mar 2001 05:23:02 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 18597 invoked from network); 24 Mar 2001 05:22:32 -0000 Date: Fri, 23 Mar 2001 21:21:51 -0800 (PST) From: Anil Kumar X-Sender: anil@localhost.localdomain To: Ben Laurie cc: fsb@crynwr.com, EU Free Software Subject: Re: FreeDevelopers In-Reply-To: <3ABB53C6.800469C3@algroup.co.uk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Fri, 23 Mar 2001, Ben Laurie wrote: > Sigh. I'm interested in free software. But free software is not the > exclusive domain of GPL. > definitely not. GNU.org itself has a list of compatible licenses. FD decided to go with the GPL way. And it is likely to be continued in the future. > BTW, its unlikely that I would even consider signing your declaration, > since it is likely to say that the GPL is the best thing since sliced > bread, but I certainly won't until I can read it. Try a less cute font. You have the freedom to choose. Also, instead of fighting about the finer aspect of the terms in licensing the primary objective for a us to stay united is to fight against the proprietary. thanks, Anil -- I have signed it at http://FreeDevelopers.Net/freedomdec, did you? From fsb-return-5451-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Mar 24 08:57:31 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 28972 invoked from network); 24 Mar 2001 08:57:31 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 24 Mar 2001 08:57:31 -0000 Received: (qmail 27546 invoked by alias); 24 Mar 2001 08:53:34 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 27537 invoked from network); 24 Mar 2001 08:53:33 -0000 Date: Sat, 24 Mar 2001 09:51:26 +0100 Message-Id: <200103240851.JAA00528@quill.thinkcoach.com> From: Norbert Bollow Prefer-Language: de, en, fr To: fsb@crynwr.com In-reply-to: <20010323190113.C32421@zork.net> (message from Seth David Schoen on Fri, 23 Mar 2001 19:01:13 -0800) Subject: Re: GNU and classified software References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> <200103232141.WAA30718@quill.thinkcoach.com> <20010323190113.C32421@zork.net> X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Lucas Vogel wrote: > > > Can GNU tools be used in the creation/use/distribution of classified > > > software? I replied: > > Yes, as long as you just want to _use_the_tools_ for this > > purpose. > > > > However you are not allowed to take parts of the source code of > > GNU programs and adapt them for inclusion in classified > > software. Frank Hecker replied: > I respectfully disagree. Based on my reading of it, the GPL does not > require that you make source code for derived works publicly available, > it requires only that you make the source code available to those to > whom you distribute the derived work. For example, IMO the NSA can take > unclassified publicly available GPLed software, create a derived work > that is itself classified (under relevant US government regulations), > and provide that derived work to (say) a US government contractor as > classified material. The NSA would comply with the requirements of the > GPL by (among other things) providing the contractor with the source > code for the NSA's modifications to the original GPLed software, and > providing the derived work as a whole under GPL terms and conditions. > > The contractor would then be free to redistribute that work, including > NSA's modifications, to others under GPL terms and conditions. As it > happens, the contractor would be prohibited by US law from distributing > the work to anyone not authorized to handle classified material, but IMO > that is not a problem for the GPL, as discussed below. So under your interpretation of the GPL, the NSA has the right to distribute "classified GPL'd software" to whoever they like while at the same time restricting the recipient of this "classified GPL'd software" from distributing the software further? I would say that this contradicts both the spirit and the text of the GPL. > As a final comment, I think the FSF did a very smart thing by > disallowing as free software licenses licenses that mandate public > disclosure of modifications. I agree. However the GPL is also designed to be incompatible with some types of licenses. I would say that "This is classified software and you are hereby given security clearance to have it" is a GPL-incompatible software license. > If free software licenses were either required or allowed to > mandated public disclosure, then IMO the end result would have > been to restrict significantly the environments in which free > software could be used. Yes. The NSA, just like any other licensee of GNU software, is free to create a derivative work of the GNU software and label it "For internal use only. This software is classified and in addition it must not be distributed outside of the NSA." There is no conflict between the GPL and deciding that a derivative work is "classified software" or a "trade secret" or whatever, as long as the derivative work is not redistributed. However the original question was not asked by a representative of the NSA or any branch of the military, but the question came from a software company (which I assume has been granted some security clearance). So the possibility of creating a derived work and not distributing it at all is probably not relevant to the original question. I wrote: > > Why is there a need for classified software anyway? I agree > > that there is a need to keep some information confidential, or > > secret. But I do not see any reason why it would not be a good > > idea to rely entirely on free software for processing and > > protecting this confidential information. David Schoen replied: > Some software is classified because it reveals classified technology > or techniques. > > For example, software which simulates reactions in nuclear weapons is > classified because it contains or produces classified information about > nuclear weapons. You're right. In general I believe that it is best when software is publicly available even when the data that it processes may be confidential. However in this case I understand that the 'data' (the mathematical model of a nuclear weapon) will be so complicated that it must be specified in a programming language. But it should still be feasible to separate the system into parts in a way that avoids all problems with the Free Software Foundation's licensing policy. I would suggest that it is reasonable to devide the system into three parts: a) A 'user interface' part, for starting/stopping the simulation and displaying the results b) A 'classified information' part, probably a C, C++ or FORTRAN program for doing some serious number crunching c) An 'information processing' part that acts on the 'classified information'. This part might simply consist of a GNU complier, or it may be a derivative work of such a compiler. Parts 'a' and 'c' can be GPL'd free software. Code from the GNU project and other free software can then be freely re-used. Part 'b' will remain classified, i.e. it is possible to distribute it outside your organisation and still make it available only to selected people and/or organisations and forbid them from distributing it to others. Nota bene, the number-crunching part 'b' can use the appropriate GNU libraries because they're available under the Lesser GNU Public License. > software which could otherwise be free builds in trade secrets so that > the software can't be disclosed without revealing the trade secrets. > I'm not just talking about having a database password inside a Perl > script, but for example a lot of financial companies have their own > secret models of financial markets -- and they have programs to work > out those models, and if you saw the programs, you would know their > models. *nod* - and i think, the same discussion applies. God bless you, Norbert -- Norbert Bollow, Weidlistr.18, CH-8624 Gruet (near Zurich, Switzerland) Tel +41 1 972 20 59 Fax +41 1 972 20 69 nb@thinkcoach.com From fsb-return-5452-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Mar 24 12:14:58 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 66881 invoked from network); 24 Mar 2001 12:14:58 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 24 Mar 2001 12:14:58 -0000 Received: (qmail 3645 invoked by alias); 24 Mar 2001 12:11:00 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 3635 invoked from network); 24 Mar 2001 12:10:59 -0000 From: "Stephen J. Turnbull" MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15036.36179.542116.776363@turnbull.sk.tsukuba.ac.jp> Date: Sat, 24 Mar 2001 21:04:35 +0900 To: TonStanco@aol.com Cc: fsb@crynwr.com Subject: Re: [Freesw] Re: FreeDevelopers In-Reply-To: <9d.12f6e0e4.27ecefd2@aol.com> References: <9d.12f6e0e4.27ecefd2@aol.com> X-Mailer: VM 6.88 under 21.2 (beta45) "Thelxepeia" XEmacs Lucid X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N CC list pruned. >>>>> "Ton" == TonStanco writes: > > [http://FreeDevelopers.Net/company/CommCo/] Can you support that? Even > > someone who supports non-GPL free software has to like the idea of > > replacing proprietary to leave the whole industry to free software. > [ben laurie - Ton, why don't you get a real MUA and learn how > the big boys conduct threads?]: > Indeed, but why would I support an organisation that advocates an > approach I don't believe in? Ton> Because it will achieve the goals you believe in. Would be nice, but you proceed to explain why it cannot achieve those goals: Ton> Proprietary has a huge advantage because it buys its Ton> supporters (developers, lawyers, politicians, Ton> etc.). Free software has a hard time even finding Ton> support among itself, This is _not_ an accident. "Economic man", interested only in dollars (euros, yen, whatever), has an _enormous_ advantage in setting goals, planning implementations, and recognizing mistakes in time to change course and win (by his standard). A labor union disguised as a free software marketing collective just can't be nimble enough to compete with "economic man." Fortunately ... Ton> And if we lose at this point, how do we topple proprietary Ton> after it is fully ensconced in an interconnected world with Ton> network effects? This is not the time for inaction. Sure it is. Because _we can't lose_. Short of the totalitarian bogeyman [skirting Godwin's Law, here!] you invoke. As long as our thoughts are free[1], we'll program, for fun and profit. We're all monkeys, in the end; _fun_ will get us every time. AS RMS pointed out so many years ago, programming itself is fun, and sharing programs is more fun. Free software isn't going to go away. I doubt proprietary will go away for a long long time---but it will go first. "Economic man" can't win out over people having fun, you know. Because in the long run, money is only a means to fun. Even Bill Gates has lost interest in just making money; he's now falling over himself trying to "put it to good use." What does this have to do with FSB? Well, businesses can be vehicles for fun, too. And FSBs provide more opportunities for their workers to do well while having fun than almost anything I can imagine (more than being a professor---which ain't bad, but I'm trying to get out of this place!) Also, they're conducive to sole proprietor/partnership organization, which both enhances the fun and lessens the importance of profit pressure. Not to mention that FSBs "do good" by creating, distributing, and enhancing the reputation of, free software. Steve "Dr. Economics" Turnbull Footnotes: [1] OK, there is a problem here: software patents _are_ dangerous. But we don't need a FS developers' labor union to deal with that, and it wouldn't be very effective in that role anyway. -- University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN Institute of Policy and Planning Sciences Tel/fax: +81 (298) 53-5091 _________________ _________________ _________________ _________________ What are those straight lines for? "XEmacs rules." From fsb-return-5453-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Mar 24 16:59:27 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 97240 invoked from network); 24 Mar 2001 16:59:27 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 24 Mar 2001 16:59:27 -0000 Received: (qmail 17588 invoked by alias); 24 Mar 2001 16:55:27 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 17581 invoked from network); 24 Mar 2001 16:55:26 -0000 Date: Sat, 24 Mar 2001 17:54:42 +0100 From: Werner Koch To: fsb@crynwr.com, freesw@conecta.it Subject: Re: [Freesw] Re: FreeDevelopers Message-ID: <20010324175442.Q14316@alberti.gnupg.de> Mail-Followup-To: fsb@crynwr.com, freesw@conecta.it References: <20010323182216.A8760@netthink.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010323182216.A8760@netthink.co.uk>; from simon@brecon.co.uk on Fri, Mar 23, 2001 at 06:22:16PM +0000 X-PGP-KeyID: 621CC013 X-PGP-CertKey: A4D9 4E92 B098 6AB5 EE9D CD75 5DE2 4996 5B03 58A2 X-Request-PGP: finger:wk@porta.u64.de X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Fri, 23 Mar 2001, Simon Cozens wrote: > Did Stallman really say that the GPL was the best thing since sliced bread, Of course not. It is just that the goal of the GPL is to _protect_ the _freedom_ whereas BSD style licenses don't care whether code can be made proprietary later. Sure, in an ideal world we won't need this freedom protection. I can therefore understand that Ben disclaims all protection and believes in that the Right Thing will happen anyway. On Fri, 23 Mar 2001, TonStanco@aol.com wrote: > at this critical period. Without the GPL, there wouldn't be Linux; and > without Linux and the media frenzy, there wouldn't be a chance against I totally disagree. First, if you are talking about Free Software and the ideas of the FSF, you should use the term GNU/Linux to give credit to all the people who worked on GNU over the past 17 years. Second, Linux (the kernel) has orginally not been published under the GPL and Linus still does not care about proprietary or binary only extensions to his GPLed kernel. Third, GNU has been known for a longer time than GNU/Linux and was used for it's quality and also for the freedom it gives. Many, many admins did install the GNU tools on their proprietary systems eagerly waiting for the last missing part - the kernel. Linux was the replacement of that kernel at the right time. The media hype did not orginate from the term "Linux" but from the freedom, quality and price GNU/Linux brought to the people and the business. Just my 2 cents, Werner -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus From fsb-return-5454-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Mar 24 18:09:21 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 21112 invoked from network); 24 Mar 2001 18:09:21 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 24 Mar 2001 18:09:21 -0000 Received: (qmail 21687 invoked by alias); 24 Mar 2001 18:05:19 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 21679 invoked from network); 24 Mar 2001 18:05:17 -0000 Sender: crispin@wirex.com Message-ID: <3ABCE195.BC64A3EE@wirex.com> Date: Sat, 24 Mar 2001 10:04:05 -0800 From: Crispin Cowan Organization: WireX Communications, Inc. X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.18-1_imnx_5_crispin i686) X-Accept-Language: en MIME-Version: 1.0 To: Werner Koch Cc: fsb@crynwr.com Subject: Re: [Freesw] Re: FreeDevelopers References: <20010323182216.A8760@netthink.co.uk> <20010324175442.Q14316@alberti.gnupg.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Werner Koch wrote: > On Fri, 23 Mar 2001, Simon Cozens wrote: > > > Did Stallman really say that the GPL was the best thing since sliced bread, > > Of course not. It is just that the goal of the GPL is to _protect_ > the _freedom_ whereas BSD style licenses don't care whether code > can be made proprietary later. Arguing the merrits of various free software licenses is another topic that has been done to death on FSB. Various people's reasons for using various licenses are well-founded, heart-felt, and passionate. "The Foo license is generally better because ..." always degenerates into a useless flame war. Consider a general assertion that either GPL or BSD is better to be an extension of Godwin's law :-) Crispin -- Crispin Cowan, Ph.D. Chief Research Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org From fsb-return-5455-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sun Mar 25 12:36:11 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 31839 invoked from network); 25 Mar 2001 12:36:10 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 25 Mar 2001 12:36:10 -0000 Received: (qmail 12481 invoked by alias); 25 Mar 2001 12:32:08 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 12474 invoked from network); 25 Mar 2001 12:32:05 -0000 Message-ID: <3ABDE523.6EFB8437@algroup.co.uk> Date: Sun, 25 Mar 2001 13:31:31 +0100 From: Ben Laurie X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: TonStanco@aol.com Cc: fsb@crynwr.com, freesw@conecta.it Subject: Re: [Freesw] Re: FreeDevelopers References: <9d.12f6e0e4.27ecefd2@aol.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N TonStanco@aol.com wrote: > > > > If you don't agree with Stallman on the GPL, then you won't agree with > the > > > Declaration. > > > > > > But what about the reshuffling of the software industry to deal > > > proprietary out, as described in the Community is the Company (CommCo) > > > industry structure? > > > [http://FreeDevelopers.Net/company/CommCo/] Can you support that? Even > > > someone who supports non-GPL free software has to like the idea of > > > replacing proprietary to leave the whole industry to free software. > > > > Indeed, but why would I support an organisation that advocates an > > approach I don't believe in? > > Because it will achieve the goals you believe in. > > Proprietary has a huge advantage because it buys its supporters (developers, > lawyers, politicians, etc.). Free software has a hard time even finding > support among itself, because people want more to quibble with friends than > fight the foe. While we split hairs, proprietary relentlessly marches on to > enslave the world (e.g., HailStorm). Let's concentrate on defeating > proprietary. Once that is done, we will have the luxury to argue over who has > the better free license. Until that is done, we are just arguing over who has > the better view from inside the prison wall. Cool. So let me know when you've switched to a BSD-style licence. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff ApacheCon 2001! http://ApacheCon.com/ From fsb-return-5456-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sun Mar 25 13:12:04 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 34592 invoked from network); 25 Mar 2001 13:12:04 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 25 Mar 2001 13:12:04 -0000 Received: (qmail 15812 invoked by alias); 25 Mar 2001 13:07:57 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 15804 invoked from network); 25 Mar 2001 13:07:56 -0000 From: TonStanco@aol.com Message-ID: <66.d446ce8.27ef474a@aol.com> Date: Sun, 25 Mar 2001 08:06:18 EST Subject: Re: [Freesw] Re: FreeDevelopers To: freesw@conecta.it CC: fsb@crynwr.com MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 4.0 for Windows 95 sub 114 X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N In a message dated 3/25/01 7:36:34 AM Eastern Standard Time, ben@algroup.co.uk writes: > Cool. So let me know when you've switched to a BSD-style licence. We won't do that because the world will end up back into a proprietary paradigm after a cycling or two. The other non GPL licenses allow the old favorite of proprietary in dealing with free standards -- embrace and extend. Only the GPL breaks that cycle. From fsb-return-5457-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Mon Mar 26 22:55:24 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 90102 invoked from network); 26 Mar 2001 22:55:24 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 26 Mar 2001 22:55:24 -0000 Received: (qmail 18584 invoked by alias); 25 Mar 2001 14:01:59 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 18577 invoked from network); 25 Mar 2001 14:01:58 -0000 From: Glen Starchman To: TonStanco@aol.com, freesw@conecta.it Subject: Re: [Freesw] Re: FreeDevelopers Date: Sun, 25 Mar 2001 07:49:11 -0800 X-Mailer: KMail [version 1.0.29] Content-Type: text/plain Cc: fsb@crynwr.com References: <66.d446ce8.27ef474a@aol.com> In-Reply-To: <66.d446ce8.27ef474a@aol.com> MIME-Version: 1.0 Message-Id: <01032507553100.03306@daibutsu> Content-Transfer-Encoding: 8bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Sun, 25 Mar 2001, TonStanco@aol.com wrote: > In a message dated 3/25/01 7:36:34 AM Eastern Standard Time, > ben@algroup.co.uk writes: > > > Cool. So let me know when you've switched to a BSD-style licence. > > We won't do that because the world will end up back into a proprietary > paradigm after a cycling or two. The other non GPL licenses allow the old > favorite of proprietary in dealing with free standards -- embrace and extend. > Only the GPL breaks that cycle. I am an advocate for open source and free (maybe not all the way to the letter) software but I don't see why a company or individual should *not* be able to release proprietary software. Playing the devil's advocate for a minute... why should a software developer use a GPL when they are charging for their software when that opens up the possibility that the organization they are selling to can make a few modifications and resell the software to others? Or, worse yet, from a financial standpoint, *give away* the derivative software? Here's another example: I create a wonderful new widget using gcc, ld, etc... I have done it mostly for fun and have whimsically given it a GPL. Now, company X wants to buy the rights to said widget, but they don't want to have to release the source changes they might make when they sell a commercial version. What happens? Am I screwed? (this is a theoretical situation). In my eyes, there are definitely areas for commercial (I tend to prefer that phrase to proprietary) software. Oracle is never going to be a free software product (meaning free as in freedom, not financial), but Oracle in a lot of situations is a preferred tool compared to Postgres or MySQL. Maybe someday MySQL or Postgres will have some of the advanced Oracle features, I would love to see that but I am not going to hold my breath. On the other hand, 75%+ of the software I use is GPLed with the majority of the rest being either Mozilla or BSDed. But, should I not use Python because its license doesn't care one way or another if I create commercial (eg, proprietary) software? In my opinion, Tony, there is no need for this to be a holy war. It's a war of choice, and the consumer deserves the right to choose between commercial and free software. The majority of *users* out there could give a flying crap if the product they have is bundled with source code. In fact, most of them will probably resent the space it takes up on their drives. All a user wants is stability, ease-of-use, and power (in that order). Until some free software product offers the same functionality and integration with the WinOS, people will continue to use Outlook... in fact, they will continue to use Outlook *after* this uber free software Outlook clone is released. Free software (and open source, for that matter) are geared more towards the developer than the consumer, in my opinion. From fsb-return-5458-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Mon Mar 26 23:51:16 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 9630 invoked from network); 26 Mar 2001 23:51:16 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 26 Mar 2001 23:51:16 -0000 Received: (qmail 32260 invoked by alias); 25 Mar 2001 19:54:29 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 32252 invoked from network); 25 Mar 2001 19:54:26 -0000 From: TonStanco@aol.com Message-ID: <5b.13b4d16c.27efa668@aol.com> Date: Sun, 25 Mar 2001 14:52:08 EST Subject: Re: [Freesw] Re: FreeDevelopers To: glen@enabledventures.com, TonStanco@aol.com, freesw@conecta.it CC: fsb@crynwr.com MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 4.0 for Windows 95 sub 114 X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N > I am an advocate for open source and free (maybe not all the way to the > letter) software but I don't see why a company or individual should *not* be > able to release proprietary software. Glen, if you don't see why all software should be free, instead of proprietary, I don't see how we can bridge that gulf. It is just too bigger between us. This is substantially different from saying that it should be free, but disagreeing on a license. > Playing the devil's advocate for a minute... why should a software developer > use a GPL when they are charging for their software when that opens up the > possibility that the organization they are selling to can make a few > modifications and resell the software to others? Or, worse yet, from a > financial standpoint, *give away* the derivative software? Because keeping the code free allows all developers to do development better. Developers can't develop if they don't have access to the code. Just like an airplane mechanic has to have access to the plane to do his job. And proprietary hides the code on the pretense it is property that they own and no one else should even see. I don't think anyone can seriously argue with that proposition. The issue has only been, if it is freely accessible to everyone (a good thing), how do you make money to keep the development going. > Here's another example: I create a wonderful new widget using gcc, ld, etc... > I have done it mostly for fun and have whimsically given it a GPL. Now, > company X wants to buy the rights to said widget, but they don't want to have to > release the source changes they might make when they sell a commercial > version. What happens? Am I screwed? (this is a theoretical situation). No you join FreeDevelopers and get paid for developing this wonderful thing ;-) Seriously, you have this question, because you haven't fully understood the benefits to all developers from open or free code and how closing the code divided the developer community. In fact, you make the exact same argument that Gates made is his infamous letter to developers. But once you accept that premise, you end up with a Microsoft. Which was even tolerable before the Internet, but now with network effects, a dominant players will control the standards, and will eventually shut everyone else out. > In my eyes, there are definitely areas for commercial (I tend to prefer that > phrase to proprietary) software. Oracle is never going to be a free software > product (meaning free as in freedom, not financial), but Oracle in a lot of > situations is a preferred tool compared to Postgres or MySQL. Maybe someday > MySQL or Postgres will have some of the advanced Oracle features, I would > love to see that but I am not going to hold my breath. Because there are superior proprietary products, doesn't justify the acceptance of proprietary. It only means that free software has to work harder. It would be surprising if proprietary didn't have superior products at this time, since they are paying 99% of the developers in the world to develop proprietary code. > On the other hand, 75%+ of the software I use is GPLed with the majority of > the rest being either Mozilla or BSDed. But, should I not use Python because > its license doesn't care one way or another if I create commercial (eg, > proprietary) software? Yes. That is why they will paid for free software the same way they pay for proprietary. > In my opinion, Tony, there is no need for this to be a holy war. It's a war > of choice, and the consumer deserves the right to choose between commercial > and free software. The choice is the developers', because it matter to them. The customers don't care as you rightfully say. But that just means that the developers have to protect the customers too. > The majority of *users* out there could give a flying crap if > the product they have is bundled with source code. In fact, most of them > will probably resent the space it takes up on their drives. All a user wants is > stability, ease-of-use, and power (in that order). Until some free software > product offers the same functionality and integration with the WinOS, people > will continue to use Outlook... in fact, they will continue to use Outlook > *after* this uber free software Outlook clone is released. > > Free software (and open source, for that matter) are geared more towards the > developer than the consumer, in my opinion. The development of free software is geared to the developer. But the marketing of free software, like any company, has to be geared to the consumer. From fsb-return-5460-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Tue Mar 27 00:33:07 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 23499 invoked from network); 27 Mar 2001 00:33:05 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 27 Mar 2001 00:33:05 -0000 Received: (qmail 25624 invoked by alias); 26 Mar 2001 06:14:08 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 25610 invoked from network); 26 Mar 2001 06:14:06 -0000 From: "Stephen J. Turnbull" MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15038.56501.323819.797876@turnbull.sk.tsukuba.ac.jp> Date: Mon, 26 Mar 2001 15:07:49 +0900 To: fsb@crynwr.com Subject: Re: [Freesw] Re: FreeDevelopers In-Reply-To: <3ABCE195.BC64A3EE@wirex.com> References: <20010323182216.A8760@netthink.co.uk> <20010324175442.Q14316@alberti.gnupg.de> <3ABCE195.BC64A3EE@wirex.com> X-Mailer: VM 6.88 under 21.2 (beta45) "Thelxepeia" XEmacs Lucid X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N >>>>> "Crispin" == Crispin Cowan writes: Crispin> Werner Koch wrote: >> Of course not. It is just that the goal of the GPL is to >> _protect_ the _freedom_ whereas BSD style licenses don't care >> whether code can be made proprietary later. Crispin> Arguing the merrits ??? I see no arguments about merits, just a statement of fact. A necessary clarification in context, although most FSBers are well aware of it. -- University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN Institute of Policy and Planning Sciences Tel/fax: +81 (298) 53-5091 _________________ _________________ _________________ _________________ What are those straight lines for? "XEmacs rules." From fsb-return-5461-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Tue Mar 27 01:03:40 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 33973 invoked from network); 27 Mar 2001 01:03:40 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 27 Mar 2001 01:03:40 -0000 Received: (qmail 17897 invoked by alias); 26 Mar 2001 14:14:08 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 17890 invoked from network); 26 Mar 2001 14:14:06 -0000 Subject: Re: GNU and classified software To: Frank Hecker Cc: fsb@crynwr.com From: Ben_Tilly@trepp.com Date: Mon, 26 Mar 2001 09:15:44 -0500 Message-ID: X-MIMETrack: Serialize by Router on T1/Trepp(Release 5.0.6a |January 17, 2001) at 03/26/2001 09:15:45 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Frank Hecker wrote: > Norbert Bollow wrote: > > However you are not allowed to take parts of the source code of > > GNU programs and adapt them for inclusion in classified > > software. > > I respectfully disagree. Based on my reading of it, the GPL does not > require that you make source code for derived works publicly available, > it requires only that you make the source code available to those to > whom you distribute the derived work... Is slipping spyware into an unsuspecting person's computer "distribution"? What if they never discover it? :-) /duck Cheers, Ben From fsb-return-5462-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Tue Mar 27 01:09:42 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 36054 invoked from network); 27 Mar 2001 01:09:41 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 27 Mar 2001 01:09:41 -0000 Received: (qmail 24129 invoked by alias); 26 Mar 2001 16:09:09 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 24122 invoked from network); 26 Mar 2001 16:09:08 -0000 Message-ID: <3ABF6842.75258628@kenan.com> Date: Mon, 26 Mar 2001 11:03:14 -0500 X-Sybari-Space: 00000000 00000000 00000000 From: Seth Gordon Organization: Kenan Systems X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: fsb@crynwr.com Subject: Re: FreeDevelopers Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N [Anil Kumar:] >> There needs to be a predominant marketing company for GPL software >> to compete with proprietary software ... Let me expand a little on Tom Hull's response. Suppose I write a GPL program to be used by doctors' offices, and you write a GPL program to be used by banks. Why should my program and your program have the same organization doing marketing work? A person who would be very effective in selling to doctors' offices would be someone who is very familiar with how doctors do business, what their needs are, how to impress them, etc., etc. -- and such a person would not be nearly as effective in marketing to banks. For similar reasons, someone who excels at *running* a marketing organization for medical software would not be so good at running a marketing organization for financial software. So if you set up one uber-marketing company that is prepared to market any GPL software by any FreeDevelopers employee, it seems like a recipe for mediocrity. I would rather have my medical-software services sold by a company that specialized in medical software, even if it also sold some proprietary medical software as well, than by a company whose focus was the GPL. [TonStanco:] > Proprietary has a huge advantage because it buys its supporters > (developers, lawyers, politicians, etc.). Free software has a hard time > even finding support among itself, because people want more to quibble > with friends than fight the foe. While we split hairs, proprietary > relentlessly marches on to enslave the world (e.g., HailStorm). Let's > concentrate on defeating proprietary. "Proprietary", singular, does no such thing. Vendors, plural, of proprietary software can buy support, but (a) they have expenses that many free-software developers don't have to worry about[*]; (b) they also compete against each other, which inhibits any one company's ability to march on to enslave the world; (c) their goal is not to enslave the world (well, I might make an exception for Microsoft :-), but to make money. I'm generally unmoved by complaints about how [fill in the name of a community here] suffers from a lack of unity, because the person who makes the complaint usually follows up by saying "...and therefore, you all should unite around me." In this case it's "...and therefore, you all should unite around the organization I belong to", but my response is the same: yawn. [*]Have I ever posted my theory of free-vs.-proprietary software competition to this list? -- "The big dig might come in handy ... for a few project managers whom I think would make great landfill." --Elaine Ashton == seth gordon == sgordon@kenan.com == standard disclaimer == == documentation group, kenan systems corp., cambridge, ma == From fsb-return-5463-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Tue Mar 27 01:10:58 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 36670 invoked from network); 27 Mar 2001 01:10:57 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 27 Mar 2001 01:10:57 -0000 Received: (qmail 24369 invoked by alias); 26 Mar 2001 16:17:04 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 24362 invoked from network); 26 Mar 2001 16:17:02 -0000 Date: Mon, 26 Mar 2001 11:14:38 EST From: TonStanco@aol.com Subject: Re: [Freesw] Re: FreeDevelopers To: , Cc: , , Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Mailer: Unknown (No Version) Message-ID: X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Sorry, I must have missed this post from Jonathan Shapiro on Friday. Weekends are hectic, because my wife and I have a commuter marriage for another couple of months, so half the time I'm flying or training up and down on the weekend. It is no excuse, but somehow I missed his email I think. >I think it is somewhat telling that the people on this >list who are most skeptical about FreeDevelopers are >those who have built successful businesses and >organizations. People are always skeptical about anything new. It happens with everything -- GPL, free software, open source, democracy, etc., etc. So it only makes sense to reach out to the early adopters and free thinkers. [And if the concept is wrong, it atrophies naturally with the exposure to sunlight.] >I have a working, active community (the EROS >community) that is already known and slowly becoming >more financially effective within the free software >community. I don't need a new company. I'm not >interested in a credo. I really don't care about >revolutionary business models that appear to be >totally without substance. I have a pretty strong >grasp on how to market this kind of product, and I >have a very strong grasp on finance (something that >FreeDeveloper seems to need, by the way). Well, with all due respect maybe FreeDevelopers isn't really for you, then. If you have a totally free software business with no proprietary software at all and it is successful and pays your developers, then great. Then FreeDevelopers is not for you. And if your model can be replicated for others successfully around the world, then FreeDevelopers may not be needed at all. This is fine, too. The solution FreeDevelopers is trying to solve is the paying of the developers for free software development. If there is no problem to solve, because existing structures work, then there is no need for FreeDevelopers. Period. But I have to see how you solved the systemic problem in the free software development model that allows competitors to price at the zero marginal cost. The dilemma in free software has always been that development costs at t=0 are sunk and therefore, the marginal costs at t=1 are zero. Since markets price at marginal cost, not average cost, competition will cause the market price to approach effectively zero. If an industry has a market price that doesn't even recoup the average costs that industry fails by competing itself to death. This is not a new problem by the way, railways, telephones had the same basic cost structure at the beginning of those industries where the big costs are sunk at t=0 and then the companies competed themselves to death until a new structure was put in place. Proprietary has a solution for this problem, because it hides the source, so the sunk development costs are recoverable, since others have to duplicate the work and cost, and therefore can't price at zero. This is the dilemma. You tell me how you solved it. Of course, you have to show me how you pay the developers. No taking the work of developers for free. That avoids the problem, not solves it. Show me how you can pay the developers and not price free software at zero and are viable longterm and I'll be very impressed. >In three to five (reasonable length) sentences or >less, why should I care about FreeDevelopers? If you >can't answer the question in three to five sentences >that make a compelling business case, you really >aren't ready to be talking to people like me or FSB. 1. Why you should care about FD is because it solves the systemic problem of paying for the development of free software. 2. It solves the problem by having one marketing company for everyone as the shock absorber between the free software developer community and the market, so they are not competing to death. 3. That creates its own problem of market concentration, but that is solved by having the marketing entity owned by the whole developer community. 4. And the developer community produces just as it does now by having thousands of independent free software projects and leaders. 5. The developer community also has to have a democratic federalism between the developer company and the developer projects, so that the developer company is responsive to the developer community and does not become a new software kingdom itself, replacing one software king with another. >Please understand: I'm not interested in discouraging >you. I'm interested in making you productive. >Preferably without sacrificing my own productivity. That is quite reasonable and helps both of us. Thanks, tony From fsb-return-5464-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Tue Mar 27 01:37:18 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 44139 invoked from network); 27 Mar 2001 01:37:18 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 27 Mar 2001 01:37:18 -0000 Received: (qmail 13435 invoked by alias); 26 Mar 2001 22:55:51 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 13428 invoked from network); 26 Mar 2001 22:55:50 -0000 Message-ID: <9A3ED4B61C86D411B5CD00508BD3222801D42674@SOK-MS> From: "Munsterman, Paul" To: fsb@crynwr.com Subject: Please remove me from the list Date: Mon, 26 Mar 2001 14:55:14 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N From fsb-return-5465-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Tue Mar 27 01:38:38 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 44452 invoked from network); 27 Mar 2001 01:38:38 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 27 Mar 2001 01:38:38 -0000 Received: (qmail 15794 invoked by alias); 26 Mar 2001 23:16:40 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 15787 invoked from network); 26 Mar 2001 23:16:38 -0000 Sender: crispin@wirex.com Message-ID: <3ABFCD8B.91528316@wirex.com> Date: Mon, 26 Mar 2001 15:15:23 -0800 From: Crispin Cowan Organization: WireX Communications, Inc. X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.18-1_imnx_5_crispin i686) X-Accept-Language: en MIME-Version: 1.0 To: Glen Starchman Cc: TonStanco@aol.com, fsb@crynwr.com Subject: Re: [Freesw] Re: FreeDevelopers References: <66.d446ce8.27ef474a@aol.com> <01032507553100.03306@daibutsu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Glen Starchman wrote: > Here's another example: I create a wonderful new widget using gcc, ld, etc... I > have done it mostly for fun and have whimsically given it a GPL. Now, company X > wants to buy the rights to said widget, but they don't want to have to release > the source changes they might make when they sell a commercial version. What > happens? Am I screwed? (this is a theoretical situation). That depends. The software can be re-issued under any license the authors choose, regardless of the existance of a GPL'd edition. The catch is that you have to get the agreement of all of the authors. So you can effectively do the re-issue hack if: * you are the sole developer * the other developer's contributions were minor, and therefore can be backed out and replaced * the other developers can be bought (share your profits) None of these apply to the Linux kernel, which has hundreds or thousands of authors, many of whom can no longer be found. Thus the Linux kernel is effectively GPL'd forever, but it is the many unknown authors, and not the GPL itself, that locks in Linux's GPL'd status. Note also that by re-issuing your widget under a proprietary license, you do NOT get to prevent others from distributing and enhancing the existing GPL'd version of your widget. The re-issue hack/business plan counts on you (the primary author) being better at supporting the widget than that rowdy gang of open source user/developers, which may or may not be true. Caveat: I am not at all addressing the morality of whether one *should* engage in such practices. It's a free world (more or less) and I leave that up to the authors of the code. Crispin -- Crispin Cowan, Ph.D. Chief Research Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org From fsb-return-5466-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Tue Mar 27 01:40:03 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 44805 invoked from network); 27 Mar 2001 01:40:02 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 27 Mar 2001 01:40:02 -0000 Received: (qmail 16660 invoked by alias); 26 Mar 2001 23:23:46 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 16653 invoked from network); 26 Mar 2001 23:23:45 -0000 Date: Mon, 26 Mar 2001 15:22:57 -0800 To: Glen Starchman Cc: TonStanco@aol.com, freesw@conecta.it, fsb@crynwr.com Subject: Re: [Freesw] Re: FreeDevelopers Message-ID: <20010326152257.J16548@claire.namodn.com> References: <66.d446ce8.27ef474a@aol.com> <01032507553100.03306@daibutsu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <01032507553100.03306@daibutsu>; from glen@enabledventures.com on Sun, Mar 25, 2001 at 07:49:11AM -0800 Organization: Namodn - http://www.namodn.com X-OS-Type: Debian GNU/Linux 2.2 From: Nick Jennings X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Sun, Mar 25, 2001 at 07:49:11AM -0800, Glen Starchman wrote: > > Playing the devil's advocate for a minute... why should a software developer > use a GPL when they are charging for their software when that opens up the > possibility that the organization they are selling to can make a few > modifications and resell the software to others? Or, worse yet, from a > financial standpoint, *give away* the derivative software? > > Here's another example: I create a wonderful new widget using gcc, ld, etc... I > have done it mostly for fun and have whimsically given it a GPL. Now, company X > wants to buy the rights to said widget, but they don't want to have to release > the source changes they might make when they sell a commercial version. What > happens? Am I screwed? (this is a theoretical situation). > If you had released this code BSD, the company would just take the code and not even think twice. In fact, company X wouldn't want to "buy the rights" to your code, unless your code was closed source. It's a very unrealistic example. > In my eyes, there are definitely areas for commercial (I tend to prefer that > phrase to proprietary) software. Oracle is never going to be a free software > product (meaning free as in freedom, not financial), but Oracle in a lot of > situations is a preferred tool compared to Postgres or MySQL. Maybe someday > MySQL or Postgres will have some of the advanced Oracle features, I would love > to see that but I am not going to hold my breath. > > On the other hand, 75%+ of the software I use is GPLed with the majority of the > rest being either Mozilla or BSDed. But, should I not use Python because its > license doesn't care one way or another if I create commercial (eg, > proprietary) software? > > In my opinion, Tony, there is no need for this to be a holy war. It's a war of > choice, and the consumer deserves the right to choose between commercial and > free software. The majority of *users* out there could give a flying crap if > the product they have is bundled with source code. In fact, most of them will > probably resent the space it takes up on their drives. All a user wants is > stability, ease-of-use, and power (in that order). Until some free software > product offers the same functionality and integration with the WinOS, people > will continue to use Outlook... in fact, they will continue to use Outlook > *after* this uber free software Outlook clone is released. > Yes, *however*, many end users are becoming more and more "aware of their surrounding" so to speak. In that they may realize that some programs, because of their open-source roots, tend to be more stable, and more powerfull. Although many aren't, I think that as time goes on, more and more open-source projects will get the status of Apache/Linux/BSD etc. as being the "best / stablest / most powerfull " etc. etc. If these users, more and more, begin to use open-source software, the developers, in turn, will find their need increasing more and more. The more the demand, the more a chance for making money. > Free software (and open source, for that matter) are geared more towards the > developer than the consumer, in my opinion. > -- Nick Jennings | "Laugh, and the world ignores you. http://nick.namodn.com | Crying doesn't help either." From fsb-return-5467-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Tue Mar 27 01:45:51 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 46483 invoked from network); 27 Mar 2001 01:45:50 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 27 Mar 2001 01:45:50 -0000 Received: (qmail 17846 invoked by alias); 26 Mar 2001 23:33:11 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 17839 invoked from network); 26 Mar 2001 23:33:10 -0000 From: Glen Starchman To: fsb@crynwr.com Subject: Re: [Freesw] Re: FreeDevelopers Date: Mon, 26 Mar 2001 17:17:03 -0800 X-Mailer: KMail [version 1.0.29] Content-Type: text/plain References: <66.d446ce8.27ef474a@aol.com> <01032507553100.03306@daibutsu> <3ABFCD8B.91528316@wirex.com> In-Reply-To: <3ABFCD8B.91528316@wirex.com> MIME-Version: 1.0 Message-Id: <01032617264100.04323@daibutsu> Content-Transfer-Encoding: 8bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N > Here's another example: I create a wonderful new widget using gcc, ld, etc... I > > have done it mostly for fun and have whimsically given it a GPL. Now, company X > > wants to buy the rights to said widget, but they don't want to have to release > > the source changes they might make when they sell a commercial version. What > > happens? Am I screwed? (this is a theoretical situation). > > That depends. The software can be re-issued under any license the authors choose, > regardless of the existance of a GPL'd edition. The catch is that you have to get > the agreement of all of the authors. So you can effectively do the re-issue hack > if: > > * you are the sole developer > * the other developer's contributions were minor, and therefore can be backed > out and replaced > * the other developers can be bought (share your profits) Thanks, Crispin... note that this is a completely hypothetical scenario. In reality, I have come across situations whereby a company wished to use a proprietary license for the core of a product, but was not adverse to GPLing other parts... I think that is a relatively common scenario nowadays. > > Note also that by re-issuing your widget under a proprietary license, you do NOT > get to prevent others from distributing and enhancing the existing GPL'd version > of your widget. That's to be expected. But for another question: is there a *legal* mechanism for changing an existing license, especially in regards to GPL? >The re-issue hack/business plan counts on you (the primary > author) being better at supporting the widget than that rowdy gang of open source > user/developers, which may or may not be true. Which, I believe, is the primary motivation behind big business's use of closed source licensing... the fear that someone will take their code and create a monstrosity out of it and still refer to the original product. I have had several discussions with clients in this regard. On the other hand, there are definitely cases where software companies fear an open source effort will be *superior* to their own proprietary product. Caveat: I am not at all addressing the morality of whether one *should* engage in > such practices. It's a free world (more or less) and I leave that up to the > authors of the code. From fsb-return-5468-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Tue Mar 27 01:53:56 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 48190 invoked from network); 27 Mar 2001 01:53:55 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 27 Mar 2001 01:53:55 -0000 Received: (qmail 13610 invoked by alias); 27 Mar 2001 01:30:11 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 13581 invoked from network); 27 Mar 2001 01:30:09 -0000 Date: Mon, 26 Mar 2001 17:26:17 -0800 From: "Karsten M. Self" To: fsb@crynwr.com Subject: Re: GNU and classified software Message-ID: <20010326172617.A32106@ix.netcom.com> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="FL5UXtIhxfXey3p5" Content-Disposition: inline User-Agent: Mutt/1.3.12i In-Reply-To: ; from Ben_Tilly@trepp.com on Mon, Mar 26, 2001 at 09:15:44AM -0500 X-Debian-GNU-Linux: Rocks X-Kuro5hin-cabal: There is no K5 cabal X-GPG-Fingerprint: F932 8B25 5FDD 2528 D595 DC61 3847 889F 55F2 B9B0 Sender: X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N --FL5UXtIhxfXey3p5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable on Mon, Mar 26, 2001 at 09:15:44AM -0500, Ben_Tilly@trepp.com (Ben_Tilly@tr= epp.com) wrote: >=20 > Frank Hecker wrote: > > Norbert Bollow wrote: > > > However you are not allowed to take parts of the source code of > > > GNU programs and adapt them for inclusion in classified > > > software. > > > > I respectfully disagree. Based on my reading of it, the GPL does not > > require that you make source code for derived works publicly available, > > it requires only that you make the source code available to those to > > whom you distribute the derived work... >=20 > Is slipping spyware into an unsuspecting person's computer > "distribution"? >=20 > What if they never discover it? :-) That's not quite so glib as you might think it is. I had a brainwave some time back that foreign companies whose communications were being intercepted by Echelon might seek suit against the US Government under the DMCA anti-circumvetion laws. While national security is exempted, corporate and/or commercial interests are not. This could be an interesting bit of caselaw. --=20 Karsten M. Self http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org --FL5UXtIhxfXey3p5 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6v+w5OEeIn1XyubARAvL2AJ9Te75S2G+a0GWDrKOfOUUOledPCwCfdtyt BFhOBtPzP78QoQwtPCRYN8Y= =7Nb4 -----END PGP SIGNATURE----- --FL5UXtIhxfXey3p5-- From fsb-return-5469-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Tue Mar 27 02:25:19 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 57863 invoked from network); 27 Mar 2001 02:25:18 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 27 Mar 2001 02:25:18 -0000 Received: (qmail 21315 invoked by alias); 27 Mar 2001 02:21:07 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 21308 invoked from network); 27 Mar 2001 02:21:07 -0000 Sender: crispin@wirex.com Message-ID: <3ABFF8C9.224BAE6@wirex.com> Date: Mon, 26 Mar 2001 18:19:53 -0800 From: Crispin Cowan Organization: WireX Communications, Inc. X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.18-1_imnx_5_crispin i686) X-Accept-Language: en MIME-Version: 1.0 To: Glen Starchman Cc: fsb@crynwr.com Subject: Re: [Freesw] Re: FreeDevelopers References: <66.d446ce8.27ef474a@aol.com> <01032507553100.03306@daibutsu> <3ABFCD8B.91528316@wirex.com> <01032617264100.04323@daibutsu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Glen Starchman wrote: > > Note also that by re-issuing your widget under a proprietary license, you do NOT > > get to prevent others from distributing and enhancing the existing GPL'd version > > of your widget. > That's to be expected. But for another question: is there a *legal* mechanism > for changing an existing license, especially in regards to GPL? The "mechanism" is no different than the original copyright applied to anything that anyone writes. You are not actually *changing* the license (you can't do that). What you are doing is *re-issuing* the code under a new license. As the copyright holder(s) on a work, the author(s) can do that, while others cannot. So the "mechanism" such as it is, is: 1. Make sure all author(s) agree to the change. 2. Hack the sources & binaries to reflect the new license. 3. Publish. Screw up on step 1, and one of the authors can claim that your re-issued product is a violation of hir license on the old product, and force you to do ugly things. To my knowledge, no mechanism exists for assuring step 1 other than careful diligence. Disclaimer, before I get myself in trouble: I am not a lawyer, get your own legal advice. Crispin -- Crispin Cowan, Ph.D. Chief Research Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org From fsb-return-5459-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Tue Mar 27 03:25:36 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 72478 invoked from network); 27 Mar 2001 03:25:36 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 27 Mar 2001 03:25:36 -0000 Received: (qmail 17337 invoked by alias); 26 Mar 2001 05:23:00 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 17278 invoked from network); 26 Mar 2001 05:22:18 -0000 Message-ID: <3ABED200.5F05A0FB@collab.net> Date: Mon, 26 Mar 2001 00:22:08 -0500 From: Frank Hecker Organization: CollabNet, Inc. X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Norbert Bollow CC: fsb@crynwr.com Subject: Re: GNU and classified software References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> <200103232141.WAA30718@quill.thinkcoach.com> <20010323190113.C32421@zork.net> <200103240851.JAA00528@quill.thinkcoach.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Norbert Bollow wrote: > So under your interpretation of the GPL, the NSA has the right > to distribute "classified GPL'd software" to whoever they like > while at the same time restricting the recipient of this > "classified GPL'd software" from distributing the software > further? It is not the NSA itself that is restricting the distribution, it is US government laws and egulations. (If it's confusing to think of the NSA as distinct from the US government in this context, imagine a situation where a government contractor creates classified software and distributes it to another US government contractor.) This is exactly analogous to the former situation in the US with regard to encryption software. Prior to the US government export control regulations being changed (say, back in 1999) a US citizen and resident could create software implementing an encryption algorithm (DES, RSA, whatever), license it under the GPL and distribute it to another US resident; however the recipient of the software would be prohibited from redistributing that software to further persons, if those persons were not in the US (or Canada). That restriction was not imposed by the creator of the software, it was imposed by US government laws and regulations relating to encryption software. > However the GPL is also designed to be incompatible with > some types of licenses. I would say that "This is classified > software and you are hereby given security clearance to have > it" is a GPL-incompatible software license. I think there is confusion here between a license and an overriding law or regulation. Prior to 2000, if I said, "This is encryption software developed in the US, and you must be a US citizen or resident to have it", that doesn't change the license, it just specifies that additional laws and regulations apply over and above the license. > In general I believe that it is best when > software is publicly available even when the data that it > processes may be confidential. I don't disagree. For what it's worth, I doubt that there is or will be much if any software created "from scratch" by NSA or anyone else that is both classified and under the GPL. The original question was about creating classified software using GPLed tools, which is a different issue. I also suspect that there are also pre-existing GPLed products used within classified environments, and I presume that the people using those products may make in-house bug fixes and enhancements. However if I would be very surprised to learn that NSA or anyone else had created a classified application themselves and decided to license it under the GPL. Frank -- Frank Hecker work: http://www.collab.net/ frank@collab.net home: http://www.hecker.org/ From fsb-return-5470-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Tue Mar 27 03:43:43 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 87556 invoked from network); 27 Mar 2001 03:43:41 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 27 Mar 2001 03:43:41 -0000 Received: (qmail 28039 invoked by alias); 27 Mar 2001 03:36:41 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 28030 invoked from network); 27 Mar 2001 03:36:40 -0000 From: "Stephen J. Turnbull" MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15040.2372.597526.433573@turnbull.sk.tsukuba.ac.jp> Date: Tue, 27 Mar 2001 12:30:12 +0900 To: Glen Starchman Cc: TonStanco@aol.com, fsb@crynwr.com Subject: Re: [Freesw] Re: FreeDevelopers In-Reply-To: <01032507553100.03306@daibutsu> References: <66.d446ce8.27ef474a@aol.com> <01032507553100.03306@daibutsu> X-Mailer: VM 6.88 under 21.2 (beta45) "Thelxepeia" XEmacs Lucid X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N >>>>> "Glen" == Glen Starchman writes: Glen> Playing the devil's advocate for a minute... why should a Glen> software developer use a GPL when they are charging for Glen> their software when that opens up the possibility that the Glen> organization they are selling to can make a few Glen> modifications and resell the software to others? Or, worse Glen> yet, from a financial standpoint, *give away* the derivative Glen> software? It's not a rhetorical question, you know. There are affirmative answers: seeking them is what this list is about. Also cf. Shapiro (not Jonathan ;) and Varian, _Information Rules_. Glen> commercial (I tend to prefer that phrase to proprietary) Glen> software. But it's not your choice, you know. "Commercial" means "something" is "for sale." It is possible (eg, if the buyers are ASPs and do not intend to redistribute) to sell free software at monopoly prices. It is possible to sell free software at a tidy profit if bundled with other services. The buyers _do_ get access to source and _may_ redistribute it; they just don't want to, or at least redistribution doesn't destroy the target market. "Proprietary" means "if you want to use these ideas, you have to pay what I ask." Source may or may not be distributed, there may or may not be a price to run the software. But you have no right to pass it on. You really shouldn't confuse those two words. -- University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN Institute of Policy and Planning Sciences Tel/fax: +81 (298) 53-5091 _________________ _________________ _________________ _________________ What are those straight lines for? "XEmacs rules." From fsb-return-5471-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Tue Mar 27 13:38:55 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 19327 invoked from network); 27 Mar 2001 13:38:54 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 27 Mar 2001 13:38:54 -0000 Received: (qmail 30397 invoked by alias); 27 Mar 2001 13:31:12 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 30388 invoked from network); 27 Mar 2001 13:31:11 -0000 From: Russell Nelson MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Tue, 27 Mar 2001 08:31:10 -0500 (EST) To: "Munsterman, Paul" Cc: fsb@crynwr.com Subject: Re: Please remove me from the list In-Reply-To: <9A3ED4B61C86D411B5CD00508BD3222801D42674@SOK-MS> References: <9A3ED4B61C86D411B5CD00508BD3222801D42674@SOK-MS> X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs Lucid Message-ID: <15040.38314.90397.468600@desk.crynwr.com> X-Face: $K'YURj"g6ImvqTS_=]8)gqh!5;ElY<[.Rao%j8r+]iUfE{%|v%F<=mcq<6l{K=~mf&#:?" nslS]U~|x{2V=Eex_I#"9K~9)>?m7Lm={(j_&)SX~fzg&ST~P%QUhc{1p]c3@Zn1u*PZlkHM**X^vV l>GkB5y^Kz%w5p~^uDue]hL&ke,N;+Q Have you considered removing yourself? Send mail to fsb-unsubscribe@crynwr.com. Or, if your email address has chaned, look in the headers of the email for your subscription address, and send mail of the following form: fsb-unsubscribe-USER=HOST@crynwr.com You can attempt to unsubscribe any address using that form, however a confirmation reply is needed before any unsubscribe happens. -- -russ nelson will be speaking at http://www.osdn.com/conferences/brie/ Crynwr sells support for free software | PGPok | Watch out! He's got an 521 Pleasant Valley Rd. | +1 315 268 1925 voice | opinion, and he's not Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | afraid to share it! From fsb-return-5472-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Tue Mar 27 14:48:41 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 29359 invoked from network); 27 Mar 2001 14:48:41 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 27 Mar 2001 14:48:41 -0000 Received: (qmail 3421 invoked by alias); 27 Mar 2001 14:44:27 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 3407 invoked from network); 27 Mar 2001 14:44:25 -0000 Subject: Re: GNU and classified software To: Frank Hecker Cc: fsb@crynwr.com From: Ben_Tilly@trepp.com Date: Tue, 27 Mar 2001 09:46:06 -0500 Message-ID: X-MIMETrack: Serialize by Router on T1/Trepp(Release 5.0.6a |January 17, 2001) at 03/27/2001 09:46:07 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Frank Hecker wrote: > Norbert Bollow wrote: > > So under your interpretation of the GPL, the NSA has the right > > to distribute "classified GPL'd software" to whoever they like > > while at the same time restricting the recipient of this > > "classified GPL'd software" from distributing the software > > further? > > It is not the NSA itself that is restricting the distribution, it is US > government laws and egulations. (If it's confusing to think of the NSA > as distinct from the US government in this context, imagine a situation > where a government contractor creates classified software and > distributes it to another US government contractor.) Why does that matter? > This is exactly analogous to the former situation in the US with regard > to encryption software. Prior to the US government export control > regulations being changed (say, back in 1999) a US citizen and resident > could create software implementing an encryption algorithm (DES, RSA, > whatever), license it under the GPL and distribute it to another US > resident; however the recipient of the software would be prohibited from > redistributing that software to further persons, if those persons were > not in the US (or Canada). That restriction was not imposed by the > creator of the software, it was imposed by US government laws and > regulations relating to encryption software. IANAL but please explain how section 7 of the GPL is consistent with this. If you are prevented from distributing except to people who may not in turn distribute however they want, then you are not allowed to distribute at all. Or at least that is how I read it. > > However the GPL is also designed to be incompatible with > > some types of licenses. I would say that "This is classified > > software and you are hereby given security clearance to have > > it" is a GPL-incompatible software license. > > I think there is confusion here between a license and an overriding law > or regulation. Prior to 2000, if I said, "This is encryption software > developed in the US, and you must be a US citizen or resident to have > it", that doesn't change the license, it just specifies that additional > laws and regulations apply over and above the license. I am not confused. I am of the belief that the additional regulations when combined with the terms of the license forbid distribution at all. The pertinant section starts: 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. [...] ^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ (My emphasis.) Cheers, Ben From fsb-return-5473-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Tue Mar 27 17:05:47 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 65779 invoked from network); 27 Mar 2001 17:05:46 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 27 Mar 2001 17:05:46 -0000 Received: (qmail 16255 invoked by alias); 27 Mar 2001 17:01:23 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 16248 invoked from network); 27 Mar 2001 17:01:22 -0000 Date: Tue, 27 Mar 2001 11:59:19 EST From: TonStanco@aol.com Subject: Re: [Freesw] Re: FreeDevelopers To: , Cc: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Mailer: Unknown (No Version) Message-ID: <96.11f8547a.27f220e7@aol.com> X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N This is the best explanation of multiple licensing I've seen. But I would add one caution, no court has spoken on the GPL, yet, so you have to be careful, because a court might see it differently. For example, someone could argue that the GPL was an exclusive license and so the author gave all the rights away, and had nothing left to give, because otherwise the GPL and the other license fundamentally contradict. Though others may say that it was a limited license and the author kept the right to re-license and so could still do so. This concrete has been poured, but hasn't set yet, and until a court rules you should remember the situation is still liquid. I think RMS accepts multiple licensing with the GPL, so that helps, though, but is not determinative. [disclaimer: this is not legal advice and don't rely on it.] >Crispin Cowan wrote: >That depends. The software can be re-issued under any >license the authors choose, regardless of the >existance of a GPL'd edition. The catch is that you >have to get the agreement of all of the authors. So >you can effectively do the re-issue hack >if: > * you are the sole developer > * the other developer's contributions were minor, > and therefore can be backed out and replaced > * the other developers can be bought (share your >profits) >None of these apply to the Linux kernel, which has >hundreds or thousands of authors, many of whom can no >longer be found. Thus the Linux kernel is effectively >GPL'd forever, but it is the many unknown authors, and >not the GPLitself, that locks in Linux's GPL'd status. > Note also that by re-issuing your widget under a >proprietary license, you do NOT get to prevent others >from distributing and enhancing the existing GPL'd >version of your widget. The re-issue hack/business >plan counts on you (the primary author) being better >at supporting the widget than that rowdy gang of open >source user/developers, which may or may not be true. >Caveat: I am not at all addressing the morality of >whether one *should* engage in such practices. It's a >free world (more or less) and I leave that up to the >authors of the code. From fsb-return-5474-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Tue Mar 27 17:09:49 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 66919 invoked from network); 27 Mar 2001 17:09:48 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 27 Mar 2001 17:09:48 -0000 Received: (qmail 16710 invoked by alias); 27 Mar 2001 17:05:33 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 16703 invoked from network); 27 Mar 2001 17:05:33 -0000 Message-ID: <3AC0C7FB.38F2EA32@collab.net> Date: Tue, 27 Mar 2001 12:03:55 -0500 From: Frank Hecker Organization: CollabNet, Inc. X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Ben_Tilly@trepp.com CC: fsb@crynwr.com Subject: Re: GNU and classified software References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Ben_Tilly@trepp.com wrote: > > This is exactly analogous to the former situation in the US with regard > > to encryption software. Prior to the US government export control > > regulations being changed (say, back in 1999) a US citizen and resident > > could create software implementing an encryption algorithm (DES, RSA, > > whatever), license it under the GPL and distribute it to another US > > resident; however the recipient of the software would be prohibited from > > redistributing that software to further persons, if those persons were > > not in the US (or Canada). That restriction was not imposed by the > > creator of the software, it was imposed by US government laws and > > regulations relating to encryption software. > > IANAL but please explain how section 7 of the GPL is consistent with > this. If you are prevented from distributing except to people who > may not in turn distribute however they want, then you are not allowed > to distribute at all. Or at least that is how I read it. This is an interesting point. I don't have time to comment in full, but I wanted to make a brief comment. The document "What is Free Software" comments on the issue of export control as follows: "Sometimes government export control regulations and trade sanctions can constrain your freedom to distribute copies of programs internationally. Software developers do not have the power to eliminate or override these restrictions, but what they can and must do is refuse to impose them as conditions of use of the program. In this way, the restrictions will not affect activities and people outside the jurisdictions of these governments." On rereading it, the last sentence seems to imply that this is written from the point of view of a developer _outside_ the areas under restriction. Thus, for example, if a developer lives in a country with no export or other restrictions, they simply distribute the software under a free software license, and don't worry about restrictions other countries might impose; their only obligation is not to incorporate these restrictions "as conditions of use of the program." But consider this from the point of view of a developer living within a country with export restrictions, releasing the exact same software under the exact same free software licence, but knowing that the software cannot be distributed outside their country. Is that developer, purely releasing the software in this context, imposing restrictions "as conditions of use of the program"? And thus that the developer cannot therefore by definition release this software as free software? (The GPL clauses you quote appear to be a special case of this.) If this is true, then this same reasoning would apply to software released under a free software license but for internal use only with an organization, or to the case we've been discussing of classified software which can be distributed only to those posessing the proper security clearance: by definition these cannot be free software even if they are nominally released under a free software license, and could not be released under the GPL according to the clause you quote. So then this by extension would mean that a government agency that took GPLed software from outside for use in a classified environment, made modifications, and distributed the resulting software to other agencies or to contractors, also for use in classified environments, would be in violation of the GPL. Which seems like we're leading up to a argument that the US government should strongly discourage the use of GNU/Linux software by government agencies, at least for classified applications and other circumstances where government regulations might restrict distribution of the software. I think I'm beginning to sound like Jim Allchin :-) Frank -- Frank Hecker work: http://www.collab.net/ frank@collab.net home: http://www.hecker.org/ From fsb-return-5475-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Tue Mar 27 23:49:22 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 59264 invoked from network); 27 Mar 2001 23:49:22 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 27 Mar 2001 23:49:22 -0000 Received: (qmail 17413 invoked by alias); 27 Mar 2001 23:43:56 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 17406 invoked from network); 27 Mar 2001 23:43:55 -0000 Date: Tue, 27 Mar 2001 15:43:21 -0800 From: Seth David Schoen To: fsb@crynwr.com Subject: Re: GNU and classified software Message-ID: <20010327154321.E13804@zork.net> Mail-Followup-To: Seth David Schoen , fsb@crynwr.com References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from Ben_Tilly@trepp.com on Tue, Mar 27, 2001 at 09:46:06AM -0500 X-Accept-Language: en,la,eo Sender: Seth David Schoen X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Ben_Tilly@trepp.com writes: > Frank Hecker wrote: > > > This is exactly analogous to the former situation in the US with regard > > to encryption software. Prior to the US government export control > > regulations being changed (say, back in 1999) a US citizen and resident > > could create software implementing an encryption algorithm (DES, RSA, > > whatever), license it under the GPL and distribute it to another US > > resident; however the recipient of the software would be prohibited from > > redistributing that software to further persons, if those persons were > > not in the US (or Canada). That restriction was not imposed by the > > creator of the software, it was imposed by US government laws and > > regulations relating to encryption software. > > IANAL but please explain how section 7 of the GPL is consistent with > this. If you are prevented from distributing except to people who > may not in turn distribute however they want, then you are not allowed > to distribute at all. Or at least that is how I read it. > > [...] > > I am not confused. I am of the belief that the additional > regulations when combined with the terms of the license forbid > distribution at all. > > The pertinant section starts: > > 7. If, as a consequence of a court judgment or allegation of patent > infringement or for any other reason (not limited to patent issues), > conditions are imposed on you (whether by court order, agreement or > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > otherwise) that contradict the conditions of this License, they do not > excuse you from the conditions of this License. If you cannot > distribute so as to satisfy simultaneously your obligations under this > License and any other pertinent obligations, then as a consequence you > may not distribute the Program at all. [...] ^^^ > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ The interpretation that seems most logical to me is that these conditions are not being imposed on _you_ (the developer and publisher of the software) but imposed on the recipients of the software. The "condition[] of this License" in question is 2(b): b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. and then again 6: 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. The discussions of "to be licensed" and to "receive[] a license [...] to copy [...]" seem to relate only to permissions under copyright law. But copyright law is not the only thing that might prevent someone from distributing something. If there happens to be some other extrinsic reason that someone can't or won't redistribute GPLed software, or that person just doesn't want to, that doesn't mean that you're violating the GPL by giving modified GPL-covered software to that person. I think the only serious ambiguity comes from the phrase "You may not impose any further restrictions on the recipients' exercise of the rights granted herein". There shouldn't be any question that someone _else_ might impose further restrictions. I once gave the example of a country where women are not allowed to use computers; if you publish modifications to GPLed software there, some people might be restricted by third parties from exercising the rights that you granted them under copyright law. But that's not your fault; you aren't violating the GPL just because women in that country wouldn't be allowed to use your software. _You_ didn't tell the women not to use the program; _you_ didn't impose further restrictions. So the question with government administrative classifications and maybe also with trade secrets is what counts as imposing a restriction. A government agency could argue that it didn't actually create the regime of classification which is preventing the contractor from publishing the software, and that it's definitely not trying to use copyright to prevent publication. The agency can say that it did, as 2(b) required, or whatever, perhaps grant a license to everyone to copy the material -- under copyright law -- but still the general public is not allowed to see it, for reasons entirely unrelated to copyright. In fact, as far as I know, since all original U.S. government works are not copyrighted, classified materials produced internally by a government agency are _only_ protected from publication by the secrecy oaths or NDAs which officials or contractors signed, and by the penalties which can sometimes apply for violating administrative classification regulations. This is why, when classified U.S. government works are sometimes leaked, journalists can publish them without fear of a copyright lawsuit: they're not copyrighted! So, what if I had a prior NDA with someone who agreed in writing never to disclose anything that I shared with him about avocadoes. Then one day I wrote a patch for someone else's GPLed program which relates to avocadoes. And I share that program with the person who is under this NDA, and I say that I am causing the modified program to be licensed as a whole at no charge to all third parties under the terms of the GNU GPL, and I expect him to honor his NDA and never share anything I wrote about avocadoes with a third party. So am I in this case imposing a "further restriction"? It seems a little murky to me. -- Seth David Schoen | And do not say, I will study when I Temp. http://www.loyalty.org/~schoen/ | have leisure; for perhaps you will down: http://www.loyalty.org/ (CAF) | not have leisure. -- Pirke Avot 2:5 From fsb-return-5476-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Mar 28 00:15:08 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 73566 invoked from network); 28 Mar 2001 00:15:08 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 28 Mar 2001 00:15:08 -0000 Received: (qmail 21110 invoked by alias); 28 Mar 2001 00:10:43 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 21103 invoked from network); 28 Mar 2001 00:10:42 -0000 Message-ID: <005f01c0b719$1b123f60$806810ac@vmware> From: "Jonathan S. Shapiro" To: , , Cc: References: <96.11f8547a.27f220e7@aol.com> Subject: Re: [Freesw] Re: FreeDevelopers Date: Tue, 27 Mar 2001 18:53:20 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N > Someone could argue that the GPL was an > exclusive license and so the author gave all > the rights away, and had nothing left to give, > because otherwise the GPL and the other > license fundamentally contradict. ... I'm not a lawyer either, but I know a bit about IP licenses, and the above hypothesis is crap. GPL doesn't say *anywhere* that it is an exclusive license. If you were inclined to lose sleep over this suggestion, sleep comfortably. Jonathan From fsb-return-5477-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Mar 28 00:34:15 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 82207 invoked from network); 28 Mar 2001 00:34:14 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 28 Mar 2001 00:34:14 -0000 Received: (qmail 23452 invoked by alias); 28 Mar 2001 00:29:56 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 23445 invoked from network); 28 Mar 2001 00:29:55 -0000 Sender: crispin@wirex.com Message-ID: <3AC13035.3A1A7BA0@wirex.com> Date: Tue, 27 Mar 2001 16:28:38 -0800 From: Crispin Cowan Organization: WireX Communications, Inc. X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.18-1_imnx_5_crispin i686) X-Accept-Language: en MIME-Version: 1.0 To: "Jonathan S. Shapiro" Cc: TonStanco@aol.com, glen@enabledventures.com, fsb@crynwr.com Subject: Re: [Freesw] Re: FreeDevelopers References: <96.11f8547a.27f220e7@aol.com> <005f01c0b719$1b123f60$806810ac@vmware> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N "Jonathan S. Shapiro" wrote: > > Someone could argue that the GPL was an > > exclusive license and so the author gave all > > the rights away, and had nothing left to give, > > because otherwise the GPL and the other > > license fundamentally contradict. ... > > I'm not a lawyer either, but I know a bit about IP licenses, and the above > hypothesis is crap. GPL doesn't say *anywhere* that it is an exclusive > license. However, this is America, and someone can argue any kind of silly-assed nonsense they want in a nuiscance law suit :-) Crispin -- Crispin Cowan, Ph.D. Chief Research Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org From fsb-return-5478-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Mar 28 03:44:25 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 51512 invoked from network); 28 Mar 2001 03:44:25 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 28 Mar 2001 03:44:25 -0000 Received: (qmail 8753 invoked by alias); 28 Mar 2001 03:40:04 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 8737 invoked from network); 28 Mar 2001 03:40:02 -0000 Date: Tue, 27 Mar 2001 22:39:08 -0500 Message-Id: <200103280339.WAA24352@greed.delorie.com> From: DJ Delorie To: schoen@loyalty.org CC: fsb@crynwr.com In-reply-to: <20010327154321.E13804.cygnus.fsb@zork.net> (schoen@loyalty.org) Subject: Re: GNU and classified software References: <20010327154321.E13804.cygnus.fsb@zork.net> X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N > It seems a little murky to me. WRT NDAs... IMHO, if you won't (or can't) give someone a copy of the software until/unless they agree to waive some of the rights the GPL would have granted them, you shouldn't give it to them. Especially if you're not the sole author. If, however, you would/could give it to them whether they waived those rights or not, but they happen to waive them anyway, that would be OK. I don't think the GPL is written this way, though. The GPL doesn't force you to distribute your program. If you choose only to distribute to people who have NDAs, that's your choice. However, if that person chooses to violate the NDA and redistribute the code, the GPL would grant the recipients the right to further redistribution - that's what you agreed to when you gave it to the other NDA party under the GPL. Your only recompense is a court penalty for that person violating the NDA, but I don't think you can do anything about the non-NDA'd people who receive it. They can continue redistributing it without penalty. From fsb-return-5479-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Mar 28 08:11:09 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 12786 invoked from network); 28 Mar 2001 08:11:09 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 28 Mar 2001 08:11:09 -0000 Received: (qmail 32384 invoked by alias); 28 Mar 2001 08:06:44 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 32376 invoked from network); 28 Mar 2001 08:06:42 -0000 Sender: crispin@wirex.com Message-ID: <3AC19B44.916EF9DD@wirex.com> Date: Wed, 28 Mar 2001 00:05:24 -0800 From: Crispin Cowan Organization: WireX Communications, Inc. X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.18-1_imnx_5_crispin i686) X-Accept-Language: en MIME-Version: 1.0 To: DJ Delorie Cc: schoen@loyalty.org, fsb@crynwr.com Subject: Re: GNU and classified software References: <20010327154321.E13804.cygnus.fsb@zork.net> <200103280339.WAA24352@greed.delorie.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N DJ Delorie wrote: > > It seems a little murky to me. > > WRT NDAs... > > IMHO, if you won't (or can't) give someone a copy of the software > until/unless they agree to waive some of the rights the GPL would have > granted them, you shouldn't give it to them. Especially if you're not > the sole author. There are extenuating circumstances. The most obvious was the people doing the Merced/Itanium/IA64 port of GCC, who had to be under NDA to get early access to the IA64 spec & simulators. Reportedly, this was judged to be sufficiently in the interest of the long-term interest of the GCC community that some vigorous nudging & winking over the pro forma GPL violation went on. I'm sure the definite & near-term end-date to the NDA helped asuage people's concerns, too. Crispin -- Crispin Cowan, Ph.D. Chief Research Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org From fsb-return-5480-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Mar 28 10:14:44 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 30571 invoked from network); 28 Mar 2001 10:14:43 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 28 Mar 2001 10:14:43 -0000 Received: (qmail 9970 invoked by alias); 28 Mar 2001 10:10:14 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 9963 invoked from network); 28 Mar 2001 10:10:12 -0000 From: "Stephen J. Turnbull" MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15041.46861.46922.442002@turnbull.sk.tsukuba.ac.jp> Date: Wed, 28 Mar 2001 19:03:57 +0900 To: Crispin Cowan Cc: DJ Delorie , schoen@loyalty.org, fsb@crynwr.com Subject: Re: GNU and classified software In-Reply-To: <3AC19B44.916EF9DD@wirex.com> References: <20010327154321.E13804.cygnus.fsb@zork.net> <200103280339.WAA24352@greed.delorie.com> <3AC19B44.916EF9DD@wirex.com> X-Mailer: VM 6.88 under 21.2 (beta45) "Thelxepeia" XEmacs Lucid X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N >>>>> "Crispin" == Crispin Cowan writes: Crispin> The most obvious was the people doing the Crispin> Merced/Itanium/IA64 port of GCC, who had to be under NDA Crispin> to get early access to the IA64 spec & simulators. Crispin> Reportedly, this was judged to be sufficiently in the Crispin> interest of the long-term interest of the GCC community Crispin> that some vigorous nudging & winking over the pro forma Crispin> GPL violation went on. I don't see any GPL violation at all. No software is being "distributed" in the mere process of development. Even when handing the product to Intel, I don't see that the developers can appeal to the GPL---Intel did not write and distribute the software to them! Intel can not distribute if it chooses. (Of course, if Intel proceeds to distribute, it must be under GPL.) The developers have no right to distribute the software themselves---GPL clause 7 makes that clear. The GPL is _not_ a magic wand. The GPL is a fascinating piece of legal and economic judo. It uses the strong desire of software developers to _distribute_ their product (for fun, profit, potlatch, or "alpha hacker status") to encourage them to distribute broadly by preventing them from distributing at all otherwise. But it (as of v2, anyway) can't do anything about "dark room developers" who don't care if their product never sees the light of day (or have signed away that right). Crispin> I'm sure the definite & near-term Crispin> end-date to the NDA helped asuage people's concerns, too. DJ has discussed this in the past. Evidently Cygnus (now Red Hat) made some mistakes in signing NDAs in the past, which led to Cygnus-developed enhancements remaining unavailable to the public due to internal fxxk-ups by the hardware manufacturer. They vowed "never again", and now (IIRC DJ's explanation) insist on fairly short term limits on NDAs that they sign. But again, the GPL gives absolutely no leverage on software that is not being distributed. The NDA "mistake" was simply a matter of abusing the Cygnus developers' trust by permitting the hardware manufacturer to retain proprietary rights that prevented Cygnus from distributing the software, as they very naturally wished to do. -- University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN Institute of Policy and Planning Sciences Tel/fax: +81 (298) 53-5091 _________________ _________________ _________________ _________________ What are those straight lines for? "XEmacs rules." From fsb-return-5481-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Mar 28 10:26:14 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 31258 invoked from network); 28 Mar 2001 10:26:14 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 28 Mar 2001 10:26:14 -0000 Received: (qmail 10643 invoked by alias); 28 Mar 2001 10:21:45 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 10636 invoked from network); 28 Mar 2001 10:21:45 -0000 From: TonStanco@aol.com Message-ID: <8e.131e232d.27f314cb@aol.com> Date: Wed, 28 Mar 2001 05:19:55 EST Subject: Re: [Freesw] Re: FreeDevelopers To: shap@eros-os.org CC: fsb@crynwr.com, TonStanco@aol.com MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 4.0 for Windows 95 sub 120 X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N >shap@eros-os.org writes: > I'm not a lawyer either, Here you are jumping to unfounded conclusions, again. I never said I wasn't a lawyer. I'm a corporate/securities attorney who formerly worked at the Securities and Exchange Commission in the Internet and software group and worked on over 300 IPOs. I have not one but 2 law degrees. The normal one and a LL.M. in financial regulation. I left a great, safe career at the SEC to work on FreeDevelopers. So your statement that FreeDevelopers has an incoherent financial plan was also quite amusing. > but I know a bit about IP licenses, and the above > hypothesis is crap. GPL doesn't say *anywhere* that it is an exclusive > license. > If you were inclined to lose sleep over this suggestion, sleep comfortably. If you think that anything is settled in the area of intellectual property law and software, take a look at any prospectus dealing with software. In the front after the Summary, there's a section called Risk Factors. Under that section, you will invariably find a Risk Factor on the unsettled state of intellectual property law, because it is an absolute mess. This doesn't just apply to the GPL license; it cautions about the state of everything in the area. That doesn't mean anyone needs to lose sleep over it, but ignorance of trouble spots and thinking you are on absolute solid ground is not a prudent thing, either. tony From fsb-return-5482-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Mar 28 17:50:46 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 38377 invoked from network); 28 Mar 2001 17:50:46 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 28 Mar 2001 17:50:46 -0000 Received: (qmail 17119 invoked by alias); 28 Mar 2001 17:45:50 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 17110 invoked from network); 28 Mar 2001 17:45:48 -0000 Date: Wed, 28 Mar 2001 12:44:57 -0500 Message-Id: <200103281744.MAA08332@greed.delorie.com> From: DJ Delorie To: turnbull@sk.tsukuba.ac.jp CC: crispin@wirex.com, schoen@loyalty.org, fsb@crynwr.com In-reply-to: <15041.46861.46922.442002@turnbull.sk.tsukuba.ac.jp> Subject: Re: GNU and classified software References: <20010327154321.E13804.cygnus.fsb@zork.net> <200103280339.WAA24352@greed.delorie.com> <3AC19B44.916EF9DD@wirex.com> <15041.46861.46922.442002@turnbull.sk.tsukuba.ac.jp> X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N > DJ has discussed this in the past. Evidently Cygnus (now Red Hat) > made some mistakes in signing NDAs in the past, which led to > Cygnus-developed enhancements remaining unavailable to the public due > to internal fxxk-ups by the hardware manufacturer. They vowed "never > again", and now (IIRC DJ's explanation) insist on fairly short term > limits on NDAs that they sign. FYI "Evidently...manufacturer" didn't come from me. It was before my time. From fsb-return-5483-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu Mar 29 08:02:17 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 35661 invoked from network); 29 Mar 2001 08:02:17 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 29 Mar 2001 08:02:17 -0000 Received: (qmail 12726 invoked by alias); 29 Mar 2001 07:55:05 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 12712 invoked from network); 29 Mar 2001 07:55:04 -0000 Date: Thu, 29 Mar 2001 09:53:50 +0200 Message-Id: <200103290753.f2T7roU05125@linux.local> X-Authentication-Warning: linux.local: norbert set sender to nb@thinkcoach.com using -f From: Norbert Bollow Prefer-Language: de, en, fr To: fsb@crynwr.com In-reply-to: <3ABED200.5F05A0FB@collab.net> (message from Frank Hecker on Mon, 26 Mar 2001 00:22:08 -0500) Subject: Re: GNU and classified software References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> <200103232141.WAA30718@quill.thinkcoach.com> <20010323190113.C32421@zork.net> <200103240851.JAA00528@quill.thinkcoach.com> <3ABED200.5F05A0FB@collab.net> X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N I wrote: > > So under your interpretation of the GPL, the NSA has the right > > to distribute "classified GPL'd software" to whoever they like > > while at the same time restricting the recipient of this > > "classified GPL'd software" from distributing the software > > further? Frank Hecker replied: > It is not the NSA itself that is restricting the distribution, it is US > government laws and egulations. [..] > This is exactly analogous to the former situation in the US with regard > to encryption software. No, this is not exactly analogous. When the NSA creates some software that is a derivative work of GNU software, then the NSA has these options: a) Not _distribute_ the software at all (it can still be used internally within the NSA) b) Make the software "not classified" and then distribute it (this may require a formal declassification procedure) c) Make a list of the individuals and companies who should have access to the software, arrange for these individuals and companies to have the appropriate security clearance, and distribute the software to them as "classified software". So the NSA can choose between option 'b' and 'c'. Therefore, by choosing option 'c' the NSA would effectively impose a restriction on how the software can be redistributed, in violation of what the GPL says in section 6: "You may not impose any further restrictions on the recipients' exercise of the rights granted herein." Then the FSF could sue the NSA. God bless you, Norbert -- Norbert Bollow, Weidlistr.18, CH-8624 Gruet (near Zurich, Switzerland) Tel +41 1 972 20 59 Fax +41 1 972 20 69 nb@thinkcoach.com From fsb-return-5484-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu Mar 29 13:19:09 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 93020 invoked from network); 29 Mar 2001 13:19:09 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 29 Mar 2001 13:19:09 -0000 Received: (qmail 140 invoked by alias); 29 Mar 2001 13:14:25 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 133 invoked from network); 29 Mar 2001 13:14:24 -0000 Sender: shap@eros.cs.jhu.edu Message-ID: <3AC334F2.1BA5AB6F@cs.jhu.edu> Date: Thu, 29 Mar 2001 08:13:22 -0500 From: "Jonathan S. Shapiro" Organization: Johns Hopkins University X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.16-3 i686) X-Accept-Language: en MIME-Version: 1.0 To: Norbert Bollow CC: fsb@crynwr.com Subject: Re: GNU and classified software References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> <200103232141.WAA30718@quill.thinkcoach.com> <20010323190113.C32421@zork.net> <200103240851.JAA00528@quill.thinkcoach.com> <3ABED200.5F05A0FB@collab.net> <200103290753.f2T7roU05125@linux.local> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Norbert Bollow wrote: > When the NSA creates some software that is a derivative work of > GNU software, then the NSA has these options: > > a) Not _distribute_ the software at all (it can still be used > internally within the NSA) There is some ambiguity about whether such software could be used by an NSA contractor. When the contractor uses the software, it has crossed from one legal entity to another, and it could be argued that this is a distribution. While I don't think that this constraint was intended under GPL, I wanted to point out that the "non-distribution" strategy has some concerns associated with it. Jonathan From fsb-return-5485-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu Mar 29 13:30:27 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 93939 invoked from network); 29 Mar 2001 13:30:26 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 29 Mar 2001 13:30:26 -0000 Received: (qmail 1697 invoked by alias); 29 Mar 2001 13:25:42 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 1687 invoked from network); 29 Mar 2001 13:25:42 -0000 Date: Thu, 29 Mar 2001 15:23:50 +0200 Message-Id: <200103291323.f2TDNoi06924@linux.local> X-Authentication-Warning: linux.local: norbert set sender to nb@thinkcoach.com using -f From: Norbert Bollow Prefer-Language: de, en, fr To: TonStanco@aol.com CC: shap@eros-os.org, fche@elastic.org, ben@algroup.co.uk, fsb@crynwr.com, freesw@conecta.it In-reply-to: (TonStanco@aol.com) Subject: Re: [Freesw] Re: FreeDevelopers References: X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N TonStanco@aol.com wrote > 1. Why you should care about FD is because it solves the > systemic problem of paying for the development of free > software. > > 2. It solves the problem by having one marketing company for > everyone as the shock absorber between the free software > developer community and the market, so they are not > competing to death. Please explain how exactly this is supposed to work. Will the free software be available very inexpensively by downloading from the internet? If yes, how will you get the users to pay any significant money for it? (Will it be bundled with consulting services?) If no, how can you possibly prevent it? God bless you, Norbert -- Norbert Bollow, Weidlistr.18, CH-8624 Gruet (near Zurich, Switzerland) Tel +41 1 972 20 59 Fax +41 1 972 20 69 nb@thinkcoach.com From fsb-return-5486-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu Mar 29 14:30:01 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 1665 invoked from network); 29 Mar 2001 14:30:01 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 29 Mar 2001 14:30:01 -0000 Received: (qmail 6101 invoked by alias); 29 Mar 2001 14:25:17 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 6094 invoked from network); 29 Mar 2001 14:25:16 -0000 Sender: shap@eros.cs.jhu.edu Message-ID: <3AC34599.BCF474D7@cs.jhu.edu> Date: Thu, 29 Mar 2001 09:24:25 -0500 From: "Jonathan S. Shapiro" Organization: Johns Hopkins University X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.16-3 i686) X-Accept-Language: en MIME-Version: 1.0 To: fsb@crynwr.com CC: freesw@conecta.it Subject: Re: [Freesw] Re: FreeDevelopers References: <200103291323.f2TDNoi06924@linux.local> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N TonStanco@aol.com wrote > 2. It solves the problem by having one marketing company for > everyone as the shock absorber between the free software > developer community and the market, so they are not > competing to death. In my opinion, one of the fundamental advantages that a free software project potentially has is reputation. By virtue of being free, a free software project is able to take a certain type of "moral high ground" that proprietary efforts cannot take. However, the general audience consumer doesn't really know how to evaluate software quality in depth. Their view is "it works for me" (or not) and possibly "it worked for me in the past so I'll upgrade it." By "upgrade", they mean that they will go to the same vendor and by a new version. That is, **in the general purpose market, free software revenue is about brand identity.** Of the $100 that the customer pays for Windoze, $7 is materials cost, $30 or so is channel distribution costs, and $63 is for the value of the brand (we could debate the figures, but the point is sound). So here is my view about offloading marketing to an organization like FreeDevelopers: If you want your product to be commercially successful, and you want to make money off of that, you'ld be a damned fool to let some third party company that has no specific mission focus do the marketing. Unless they have a specific interest in what *your* system does, it will get lost in the jumble of all the other marketing activities they undertake, and it will have no brand identity at all. This isn't a new idea. For years, there were "software publishers" who did exactly this kind of thing in the proprietary softrware world. Most of the software they dealt in was pretty minor and didn't go anywhere. On big ticket items, a lot of software authors got screwed. If you feel that you aren't the right person to market what you have, it may be a good idea to bring in a group that does marketing and sales well, but find one that will *cherish* the software that you do because they have a stake in its success. Jonathan From fsb-return-5487-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu Mar 29 14:52:33 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 6360 invoked from network); 29 Mar 2001 14:52:33 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 29 Mar 2001 14:52:33 -0000 Received: (qmail 7079 invoked by alias); 29 Mar 2001 14:47:50 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 7072 invoked from network); 29 Mar 2001 14:47:49 -0000 Date: Thu, 29 Mar 2001 09:32:15 -0500 To: "Jonathan S. Shapiro" Cc: fsb@crynwr.com, freesw@conecta.it Subject: Re: [Freesw] Re: FreeDevelopers Message-ID: <20010329093215.A18698@griggsinst.org> Reply-To: bill.white@griggsinst.com References: <200103291323.f2TDNoi06924@linux.local> <3AC34599.BCF474D7@cs.jhu.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="6c2NcOVqGQ03X4Wi" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3AC34599.BCF474D7@cs.jhu.edu>; from shap@cs.jhu.edu on Thu, Mar 29, 2001 at 09:24:25AM -0500 From: Bill White X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N --6c2NcOVqGQ03X4Wi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable The problem I acquired with FreeDevelopers, after reading the mailing list for about two weeks, was that there was a lot of talk about vaguely defined but strongly and emotionally expressed philosophy, but little about Software. If I had seen one application described, or even one discussion about the kind of SW process they intend to use I would think they had some germ of an idea. Alas, I saw nothing of substance there. Just my bit, for whatever little it may be worth. --=20 Call me Svejk. bill.white@griggsinst.org Griggs Research Institute --6c2NcOVqGQ03X4Wi Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6w0duip75cpZMzSoRAqLjAKCdj5kaK+2Sjx4wHVsERAtnu2c3jwCffg/4 37avMrmbnHQwwYrY8oSNT5M= =ApUE -----END PGP SIGNATURE----- --6c2NcOVqGQ03X4Wi-- From fsb-return-5488-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu Mar 29 16:48:27 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 34183 invoked from network); 29 Mar 2001 16:48:27 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 29 Mar 2001 16:48:27 -0000 Received: (qmail 13624 invoked by alias); 29 Mar 2001 16:43:37 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 13612 invoked from network); 29 Mar 2001 16:43:36 -0000 Sender: ljean Message-ID: <3AC25AB3.41D79CAF@harvard.edu> Date: Wed, 28 Mar 2001 16:42:11 -0500 From: jean_camp@harvard.edu Reply-To: jean_camp@harvard.edu Organization: Harvard X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.14-6.1.1 i686) X-Accept-Language: en MIME-Version: 1.0 CC: fsb@crynwr.com Subject: Re: GNU and classified software References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N I believe that non-discrimination of distribution is a requirement under the GPL, as with OS software. You cannot simultaneously practice non-discrimination and require that a recipient has the military-given right to view secret/top secret/sensitive documents. I believe that non-discrimination is a central feature to OS and FS. (One I am, btw, not terribly fond of since it prohibits limits for safety-critical systems. Being able to prohibit use of software for safety-critical systems seems damn reasonable to me.) I also believe that I will certainly be corrected if I am wrong .... -Jean From fsb-return-5489-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu Mar 29 17:32:00 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 47496 invoked from network); 29 Mar 2001 17:32:00 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 29 Mar 2001 17:32:00 -0000 Received: (qmail 16772 invoked by alias); 29 Mar 2001 17:27:14 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 16765 invoked from network); 29 Mar 2001 17:27:13 -0000 Date: Thu, 29 Mar 2001 09:23:22 -0800 From: "Karsten M. Self" To: fsb@crynwr.com Subject: Re: Please remove me from the list Message-ID: <20010329092322.D20728@ix.netcom.com> References: <9A3ED4B61C86D411B5CD00508BD3222801D42674@SOK-MS> <15040.38314.90397.468600@desk.crynwr.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="YToU2i3Vx8H2dn7O" Content-Disposition: inline User-Agent: Mutt/1.3.12i In-Reply-To: <15040.38314.90397.468600@desk.crynwr.com>; from nelson@crynwr.com on Tue, Mar 27, 2001 at 08:31:10AM -0500 X-Debian-GNU-Linux: Rocks X-Kuro5hin-cabal: There is no K5 cabal X-GPG-Fingerprint: F932 8B25 5FDD 2528 D595 DC61 3847 889F 55F2 B9B0 Sender: X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N --YToU2i3Vx8H2dn7O Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable on Tue, Mar 27, 2001 at 08:31:10AM -0500, Russell Nelson (nelson@crynwr.com= ) wrote: > Munsterman, Paul writes: > >=20 >=20 > Have you considered removing yourself? Send mail to > fsb-unsubscribe@crynwr.com. Or, if your email address has chaned, > look in the headers of the email for your subscription address, and > send mail of the following form: > fsb-unsubscribe-USER=3DHOST@crynwr.com >=20 > You can attempt to unsubscribe any address using that form, however a > confirmation reply is needed before any unsubscribe happens. Many lists carry a footer with short unsubscribe information. This at least indicates that the request is coming from someone who can't read. --=20 Karsten M. Self http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org --YToU2i3Vx8H2dn7O Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6w2+JOEeIn1XyubARAr/JAJ0dzqcTWY+Yz9bvdaCmClWz0WX8+gCeK32Q rnzp52SPqc+b/eMFqMG9474= =uP0V -----END PGP SIGNATURE----- --YToU2i3Vx8H2dn7O-- From fsb-return-5490-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu Mar 29 17:42:31 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 50785 invoked from network); 29 Mar 2001 17:42:30 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 29 Mar 2001 17:42:30 -0000 Received: (qmail 17489 invoked by alias); 29 Mar 2001 17:37:45 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 17482 invoked from network); 29 Mar 2001 17:37:44 -0000 Date: Thu, 29 Mar 2001 12:36:07 EST From: TonStanco@aol.com Subject: Fwd: A World Without Microsoft article To: Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="----_Part_3ac37287-0364-4dd2-010203040506" Content-Transfer-Encoding: 7bit X-Mailer: Unknown (No Version) Message-ID: <7c.13ab25db.27f4cc88@aol.com> X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N ------_Part_3ac37287-0364-4dd2-010203040506 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit ------_Part_3ac37287-0364-4dd2-010203040506 Content-Type: message/rfc822 Content-Disposition: inline Return-Path: Received: from rly-xb02.mx.aol.com (rly-xb02.mail.aol.com [172.20.105.103]) by air-xb01.mail.aol.com (v77_r1.36) with ESMTP; Thu, 29 Mar 2001 12:24:13 -0500 Received: from outmta002.topica.com (outmta002.topica.com [206.132.75.237]) by rly-xb02.mx.aol.com (v77_r1.36) with ESMTP; Thu, 29 Mar 2001 12:23:41 -0500 To: FreeDevelopers@topica.com From: Tony Stanco Subject: A World Without Microsoft article Message-ID: <0.1700024072.1488897331-212058698-985883200@topica.com> Reply-To: FreeDevelopers@topica.com X-Topica-Loop: 1700024072 List-Help: List-Unsubscribe: List-Subscribe: List-Archive: X-Mailer: Unknown (No Version) Date: Thu, 29 Mar 2001 12:24:14 EST FYI, you may be interested in this link at LinuxToday [http://linuxtoday.com/news_story.php3?ltsn=2001-03-28-006-20-OS-CY] There is the RedPepper article, (which is interesting so say the least), the update and the talkbacks at LinuxToday, all at the same url. +++++++++++ UPDATED: RedPepper: A World Without Microsoft Mar 29, 2001, 14 :09 UTC (33 Talkback[s]) (6721 reads) (Other stories by Heather Sharp) Tony Stanco wrote in this morning with these thoughts: A lot of commentators to this article are trying to use inappropriate terms, and so are missing a huge point. We are entering the intellectual age, so your great grandfather's socio-economic labels no longer apply. We need to find new terms and ideas to describe our own reality. And to do that you need to go back to first principles, which is why FreeDevelopers wiped the slate clean and went back to the most basic principles: We hold these truths to be self-evident, that all men and women are created equal, that they are endowed with certain inalienable Rights, and that chief among these are Life, Liberty and the pursuit of Happiness. And went on from there in the Declaration of Software Freedom and The Community is the Company (CommCo) organizational structure. I call the emerging paradigm "democratic economics" and the new commercial organizations, "democratic economic structures." But who cares what you call it. But you need to understand that we are in a new, strange land. Someone some time back said I should look at Dee Hock's "Birth of the Chaordic Age." Dee Hock is the founder of VISA and since the VISA structure is one of the models for the FreeDevelopers', The Community is the Company (CommCo) structure, I was meaning to take a look for awhile. Well, I had some down-time on Tuesday and went to the library and picked it up. And this is what he says on the back cover: We are at the very point in time when a 400-year-old age is dying and another is struggling to be born - a shifting of culture, science, society, and institutions enormously greater than the would has ever experienced. Ahead, the possibility of regeneration of individuality, liberty, community and ethics, such as the world has never known, and a harmony with nature, with one another and with the divine intelligence such as the wolrld has always dreamed. In short, he gets it. In fact, boy, does he get it. I haven't finished it, yet, but so far there is a lot in it that is spot-on. He calls it chaordic (chaos and order). 1. the behaviour of any self-governing organism, organization or system which harmoniously blends characteristics of order and chaos. 2. patterned in a way dominated by neither chaos or order. I would add, democratic self-governing organization or system, but so what. The ideas are there. The reason that the VISA model was so appealing for FreeDevelopers is because it is a model of competition and cooperation between the independent member banks who use the VISA structure to solve their collective action problems that they had when they had the same networking problems as the independent free software projects are having now. So we are at a point where old thinking isn't going to help. In fact, it hurts. You are going to have to think for yourself for awhile. But that's the fun part. ---------------------------------------------- Note: Please be brief, some overseas pay by the KB/s for Internet access For a single daily digest of all emails, email tonstanco@aol.com To unsubscribe, email FreeDevelopers-unsubscribe@topica.com ==^================================================================ EASY UNSUBSCRIBE click here: http://topica.com/u/?b1dh5g.b1xtGU Or send an email To: FreeDevelopers-unsubscribe@topica.com This email was sent to: tonstanco@aol.com T O P I C A -- Learn More. Surf Less. Newsletters, Tips and Discussions on Topics You Choose. http://www.topica.com/partner/tag01 ==^================================================================ ------_Part_3ac37287-0364-4dd2-010203040506-- From fsb-return-5491-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 30 14:45:10 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 29229 invoked from network); 30 Mar 2001 14:45:10 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 30 Mar 2001 14:45:10 -0000 Received: (qmail 18952 invoked by alias); 30 Mar 2001 14:40:05 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 18934 invoked from network); 30 Mar 2001 14:40:03 -0000 Date: Fri, 30 Mar 2001 09:37:01 EST From: TonStanco@aol.com Subject: Re: [Freesw] Re: FreeDevelopers To: Cc: , , , , , Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Mailer: Unknown (No Version) Message-ID: <25.130280f0.27f5f40d@aol.com> X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N >> 1. Why you should care about FD is because it solves >>the systemic problem of paying for the development of >>free software. > >> 2. It solves the problem by having one marketing >> company for everyone as the shock absorber between >> the free software developer community and the >> market, so they are not competing to death. >Please explain how exactly this is supposed to work. >Will the free software be available very inexpensively >by downloading from the internet? >If yes, how will you get the users to pay any >significant money for it? (Will it be bundled with >consulting services?) >If no, how can you possibly prevent it? There are at least 2 conceptually distinct customers. [BTW, Customers are not developers. Developers are producers. They need to see the code to do their work and don't pay for it] High end (government and enterprise) and low end (personal use and small business users). The high end actually wants a company to sue, ie. provide a warranty and branded product. The irony is that the high end wants to pay for software for 2 reasons, 1. so they can sue (even though they seldom do, but it is a mindset) and 2. they are very old school who can't understand how anything of quality can be produced without cost (they literally believe that you get what you pay for). The high end group is who we are going for. They will pay even though it is also available elsewhere. The low end group can free ride on the great software produced and take it from the Internet. From fsb-return-5493-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri Mar 30 14:58:59 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 31267 invoked from network); 30 Mar 2001 14:58:59 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 30 Mar 2001 14:58:59 -0000 Received: (qmail 21110 invoked by alias); 30 Mar 2001 14:54:08 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 21103 invoked from network); 30 Mar 2001 14:54:07 -0000 Date: Fri, 30 Mar 2001 09:51:58 EST From: TonStanco@aol.com Subject: Re: [Freesw] Re: FreeDevelopers To: , Cc: , , Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Mailer: Unknown (No Version) Message-ID: <31.128c306e.27f5f78f@aol.com> X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N >The problem I acquired with FreeDevelopers, after >reading the mailing list for about two weeks, was that >there was a lot of talk about vaguely defined but >strongly and emotionally expressed philosophy, >but little about Software. This is a fair comment. But you need to remember that at the time we were gathering up only true believers whose heart had been touched by the philosophy of RMS and free software, so that we could give them leadership roles in the organization. So at the time we were going through a weeding out process to see who had free software credentials. That process culminated with the Declaration of Software Freedom, which marked the end of the Philosophy phase. We have now entered the business phase with the release of the CommCo structure. >If I had seen one application described, or even one >discussion about the kind of SW process they intend >to use I would think they had some germ of an idea. Existing projects are coming in and others are being proposed daily now. But that started in the last couple of weeks. >Alas, I saw nothing of substance there. I would suggest you check every 3 or 6 months. This is an organic, self-governing organization that evolves quickly. And what it looks like next month depends entirely on what the members decide to do with it this month. And more and better members mean better things. From fsb-return-5494-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Mar 31 02:05:07 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 50036 invoked from network); 31 Mar 2001 02:05:06 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 31 Mar 2001 02:05:06 -0000 Received: (qmail 22485 invoked by alias); 31 Mar 2001 02:00:08 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 22478 invoked from network); 31 Mar 2001 02:00:06 -0000 Sender: crispin@wirex.com Message-ID: <3AC50ACE.68646E7@wirex.com> Date: Fri, 30 Mar 2001 14:38:06 -0800 From: Crispin Cowan Organization: WireX Communications, Inc. X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.18-1_imnx_5_crispin i686) X-Accept-Language: en MIME-Version: 1.0 To: "fsb@crynwr.com" Subject: Spam [Fwd: How to get rich.] Content-Type: multipart/mixed; boundary="------------45BFB533CE67364CF6D791D8" X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N This is a multi-part message in MIME format. --------------45BFB533CE67364CF6D791D8 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit So, it seems that the spammers have harvested the fsb@crynwr.com address. It won't be long before there's a flood of crap posted there. Shall we consider employing some kind of spam filter? "Subscribers only" is my favorite, and is what we employ on the Immunix mailing lists. Crispin -- Crispin Cowan, Ph.D. Chief Research Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org --------------45BFB533CE67364CF6D791D8 Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: inline Return-Path: Delivered-To: crispin@wirex.com Received: from ns.crynwr.com (ns1.crynwr.com [192.203.178.14]) by mail.wirex.com (Postfix) with SMTP id 6E8473EC19 for ; Fri, 30 Mar 2001 06:49:21 -0800 (PST) Received: (qmail 20223 invoked by alias); 30 Mar 2001 14:49:23 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 20214 invoked from network); 30 Mar 2001 14:49:22 -0000 Date: Fri, 30 Mar 01 18:36:14 EST From: lesakiop_kimase@yahoo.com To: Friend@public.com Subject: How to get rich. Message-ID: <3A842494.7D151514@yahoo.com> Sender: fsb-return-5492-crispin=wirex.com@crynwr.com X-Mozilla-Status2: 00000000 Hello! I want to let you know about the unique Affiliate program. Every Affiliate of the program can get any product from our catalogue and growing monthly income for many years. To receive a product, you should affiliate to the Program two new Referrals. You earn money for all new Referrals since third. Moreover, you get money for all your indirect referrals of any level. Number of Referral levels is unlimited. If you do not want to receive a product from the Program's catalogue, you receive money instead of it. Current referral structure: Level 1 (direct referral) - $10 Level 2 (indirect referral) - $5 Level 3 (indirect referral) - $2 Levels 4, 5, 6, 7, 8, 9, 10 - infinity (indirect referral) - $1 Due to these profitable conditions you may earn up to $5000-$7000 during the first month of the participation. Further, your income will increase rapidly without any additional efforts! All the Affiliates are provided with the promotion tools and tutorials - to support in the Program's promoting. If you are interested in the participation in the Program and want to get additional information, e-mail your confirmation me, to memory_rambus@yahoo.com . In "subject" field please, specify "subscribe". And I will mail you detailed information on the Program. ___________________________________________________________ We apologize for any inconvenience. F.Y.I. Under Bill s 1618 TITLE III passed by the 105th U.S. Congress this letter can NOT be considered "SPAM" as long as we include: 1) Contact information 2) A "REMOVE" device. This is a one time e-mail transmission, with extremely limited availability. No request for removal is necessary. However, if you feel a need, lesakiop_kimase@yahoo.com with "REMOVE" in the subject line. We can then be sure to separate you from other subscribers to this information. --------------45BFB533CE67364CF6D791D8-- From fsb-return-5495-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Mar 31 02:39:34 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 56331 invoked from network); 31 Mar 2001 02:39:34 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 31 Mar 2001 02:39:34 -0000 Received: (qmail 23915 invoked by alias); 31 Mar 2001 02:34:40 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 23908 invoked from network); 31 Mar 2001 02:34:39 -0000 Date: 30 Mar 2001 21:54:29 -0000 Message-ID: <20010330215429.16245.qmail@horse-nettle.ropine.com> From: Seth Gordon To: TonStanco@aol.com CC: fsb@crynwr.com In-reply-to: <25.130280f0.27f5f40d@aol.com> (TonStanco@aol.com) Subject: Re: [Freesw] Re: FreeDevelopers References: <25.130280f0.27f5f40d@aol.com> X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N >Please explain how exactly this is supposed to work. >Will the free software be available very inexpensively >by downloading from the internet? >If yes, how will you get the users to pay any >significant money for it? (Will it be bundled with >consulting services?) >If no, how can you possibly prevent it? There are at least 2 conceptually distinct customers.... High end (government and enterprise) and low end (personal use and small business users). The high end actually wants a company to sue, ie. provide a warranty and branded product.... They will pay even though it is also available elsewhere. The low end group can free ride on the great software produced and take it from the Internet. Let's say you actually have a piece of software that you're making available through this system, and then Red Hat downloads a copy of it, puts *their* warranty and brand on it, and competes with you for the same high-end customers. How will you convince potential customers to pay you and not Red Hat? --sethg From fsb-return-5496-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Mar 31 21:33:25 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 28667 invoked from network); 31 Mar 2001 21:33:25 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 31 Mar 2001 21:33:25 -0000 Received: (qmail 1162 invoked by alias); 31 Mar 2001 21:24:30 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 1151 invoked from network); 31 Mar 2001 21:24:28 -0000 Message-ID: <00b101c0b9f3$34761800$806810ac@vmware> From: "Jonathan S. Shapiro" To: "Crispin Cowan" , References: <3AC50ACE.68646E7@wirex.com> Subject: Re: Spam [Fwd: How to get rich.] Date: Sat, 31 Mar 2001 09:59:20 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Not sure this is helpful, but a lot of spam shows up with suppressed "other recipients". Mailman uses this as a reason not to accept the posting. Also, if the recipient is not explicitly named in the originating "to" list. We've had various people try to spam our lists at Hopkins, but so far only one has actually gotten through the Mailman checks. ----- Original Message ----- From: "Crispin Cowan" To: Sent: Friday, March 30, 2001 5:38 PM Subject: Spam [Fwd: How to get rich.] > So, it seems that the spammers have harvested the fsb@crynwr.com > address. It won't be long before there's a flood of crap posted there. > Shall we consider employing some kind of spam filter? "Subscribers > only" is my favorite, and is what we employ on the Immunix mailing > lists. > > Crispin > > -- > Crispin Cowan, Ph.D. > Chief Research Scientist, WireX Communications, Inc. http://wirex.com > Security Hardened Linux Distribution: http://immunix.org > > > From fsb-return-5497-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Mar 31 21:59:39 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 30486 invoked from network); 31 Mar 2001 21:59:39 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 31 Mar 2001 21:59:39 -0000 Received: (qmail 4463 invoked by alias); 31 Mar 2001 21:54:41 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 4456 invoked from network); 31 Mar 2001 21:54:40 -0000 Date: Sat, 31 Mar 2001 09:20:01 +0530 (IST) From: Radi X-X-Sender: To: Seth Gordon cc: , Subject: Re: [Freesw] Re: FreeDevelopers In-Reply-To: <20010330215429.16245.qmail@horse-nettle.ropine.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On 30 Mar 2001, Seth Gordon wrote: : Let's say you actually have a piece of software that you're making : available through this system, and then Red Hat downloads a copy of : it, puts *their* warranty and brand on it, and competes with you for : the same high-end customers. How will you convince potential : customers to pay you and not Red Hat? There are successful GPL stuff which are vulnerable to the situation as given above: 1. GNOME of Ximian (formerly Helix). This is GPL'd. RedHat or anyone can do anything as you say. 2. Nautilus of Eazel is exactly like item No. 1. My question is how these two companies survive? How they signed huge contracts with HP (Ximian); Sun and Dell (Eazel)? Why didn't the client companies sign with RedHat or similar ones who can also offer what Ximian or Eazel do? Radi __________________________________________________________________ I have signed it at http://FreeDevelopers.Net/freedomdec, did you? From fsb-return-5498-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Mar 31 22:00:47 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 30596 invoked from network); 31 Mar 2001 22:00:47 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 31 Mar 2001 22:00:47 -0000 Received: (qmail 4805 invoked by alias); 31 Mar 2001 21:55:49 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 4798 invoked from network); 31 Mar 2001 21:55:49 -0000 From: TonStanco@aol.com Message-ID: Date: Sat, 31 Mar 2001 08:51:27 EST Subject: Re: [Freesw] Re: FreeDevelopers To: sethg@ropine.com, TonStanco@aol.com CC: fsb@crynwr.com MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Mailer: AOL 4.0 for Windows 95 sub 114 X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N > sethg@ropine.com writes: > Let's say you actually have a piece of software that you're making > available through this system, and then Red Hat downloads a copy of > it, puts *their* warranty and brand on it, and competes with you for > the same high-end customers. How will you convince potential > customers to pay you and not Red Hat? Most sophisticated business people understand that to have a viable industry longterm, the developers of free software have to be directly paid for the development itself. We give them the opportunity to paid the developers. Free software has suffered in the past because business people couldn't see how it could work longterm without the developers being paid. From fsb-return-5499-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Mar 31 22:21:08 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 31891 invoked from network); 31 Mar 2001 22:21:08 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 31 Mar 2001 22:21:08 -0000 Received: (qmail 5823 invoked by alias); 31 Mar 2001 22:16:09 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 5816 invoked from network); 31 Mar 2001 22:16:07 -0000 Sender: crispin@wirex.com Message-ID: <3AC656D3.A8CDAF70@wirex.com> Date: Sat, 31 Mar 2001 14:14:44 -0800 From: Crispin Cowan Organization: WireX Communications, Inc. X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.18-1_imnx_5_crispin i686) X-Accept-Language: en MIME-Version: 1.0 To: Radi Cc: Seth Gordon , TonStanco@aol.com, fsb@crynwr.com Subject: Re: [Freesw] Re: FreeDevelopers References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Radi wrote: > On 30 Mar 2001, Seth Gordon wrote: > : Let's say you actually have a piece of software that you're making > : available through this system, and then Red Hat downloads a copy of > : it, puts *their* warranty and brand on it, and competes with you for > : the same high-end customers. How will you convince potential > : customers to pay you and not Red Hat? > > There are successful GPL stuff which are vulnerable to the situation as > given above: > > 1. GNOME of Ximian (formerly Helix). This is GPL'd. RedHat or anyone > can do anything as you say. > > 2. Nautilus of Eazel is exactly like item No. 1. > > My question is how these two companies survive? How they signed huge > contracts with HP (Ximian); Sun and Dell (Eazel)? Why didn't the client > companies sign with RedHat or similar ones who can also offer what > Ximian or Eazel do? Actually, those examples beg several more very important questions: * Indeed, how do these companies survive? Will they survive? Eazel just had a large-scale lay-off. It is unclear that these are models to be emulated. * What does FreeDevelopers offer over these companies? Eazel and Ximian offer substantial technical, support, and marketing expertise in their niche-focussed areas. FreeDevelopers appears to be generic. Why would anyone choose FreeDevelopers over a specialist? * If you actually want a generalist, why not just go to large Linux distributors like Red Hat or SuSE? > I have signed it at http://FreeDevelopers.Net/freedomdec, did you? Not a freakin' chance :-) Crispin -- Crispin Cowan, Ph.D. Chief Research Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org From fsb-return-5500-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Mar 31 22:26:10 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 32267 invoked from network); 31 Mar 2001 22:26:10 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 31 Mar 2001 22:26:10 -0000 Received: (qmail 6300 invoked by alias); 31 Mar 2001 22:21:13 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 6292 invoked from network); 31 Mar 2001 22:21:12 -0000 Date: Sat, 31 Mar 2001 23:20:04 +0100 From: Simon Cozens To: TonStanco@aol.com Cc: sethg@ropine.com, fsb@crynwr.com Subject: Re: [Freesw] Re: FreeDevelopers Message-ID: <20010331232004.A27120@netthink.co.uk> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.15i In-Reply-To: ; from TonStanco@aol.com on Sat, Mar 31, 2001 at 08:51:27AM -0500 X-Operating-System: Linux deep-dark-truthful-mirror 2.4.2 X-POM: The Moon is Waxing Crescent (44% of Full) X-Addresses: The simon@cozens.net address is deprecated due to being broken. simon@brecon.co.uk still works, but simon-cozens.org or netthink.co.uk are preferred. X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Sat, Mar 31, 2001 at 08:51:27AM -0500, TonStanco@aol.com wrote: > Free software has suffered in the past because business people couldn't see > how it could work longterm without the developers being paid. Au contraire, they're rather get something for nothing, (or at worst, a lot for a little) and they're recently realising they can. (cf. Solaris 8) -- I wish my keyboard had a SMITE key -- J-P Stacey From fsb-return-5501-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sun Apr 01 07:02:55 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 71925 invoked from network); 1 Apr 2001 07:02:55 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 1 Apr 2001 07:02:55 -0000 Received: (qmail 4628 invoked by alias); 1 Apr 2001 06:57:52 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 4620 invoked from network); 1 Apr 2001 06:57:51 -0000 Date: Sat, 31 Mar 2001 22:53:59 -0800 From: "Karsten M. Self" To: fsb@crynwr.com Subject: Re: [Freesw] Re: FreeDevelopers Message-ID: <20010331225359.B23786@ix.netcom.com> References: <20010330215429.16245.qmail@horse-nettle.ropine.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="rS8CxjVDS/+yyDmU" Content-Disposition: inline User-Agent: Mutt/1.3.15i In-Reply-To: ; from radi@freedevelopers.net on Sat, Mar 31, 2001 at 09:20:01AM +0530 X-Debian-GNU-Linux: Rocks X-Kuro5hin-cabal: There is no K5 cabal X-GPG-Fingerprint: F932 8B25 5FDD 2528 D595 DC61 3847 889F 55F2 B9B0 Sender: X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N --rS8CxjVDS/+yyDmU Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable on Sat, Mar 31, 2001 at 09:20:01AM +0530, Radi (radi@freedevelopers.net) wr= ote: > On 30 Mar 2001, Seth Gordon wrote: >=20 > : Let's say you actually have a piece of software that you're making > : available through this system, and then Red Hat downloads a copy of > : it, puts *their* warranty and brand on it, and competes with you for > : the same high-end customers. How will you convince potential > : customers to pay you and not Red Hat? >=20 > There are successful GPL stuff which are vulnerable to the situation as > given above: >=20 > 1. GNOME of Ximian (formerly Helix). This is GPL'd. RedHat or anyone > can do anything as you say. >=20 > 2. Nautilus of Eazel is exactly like item No. 1. Eazel is hardly the paragon of a successful business model. Will it survive? Maybe, but the deck's somewhat stacked right now. Pity, it's a pretty product. IMO (based on conjecture and experience) I'm not convinced that a "build-it-all-in-house" software development model is a good fit for the free software process. While certain core direction may be so driven, this is probably going to be a largely low-margin business. Ultimately you're selling services. The revealed truth is that services don't scale. Unless: - Services are backed by other products, notably software and/or hardware. This is the model used by Sun, Oracle, SAS, and noteably, IBM. - Services are driven by a very well defined process. This is the model used by several of the management consulting firms, notably Accenture (formerly Andersen Consulting). Sort of like McDonalds -- consistent, if non-stellar, results. > My question is how these two companies survive? How they signed huge > contracts with HP (Ximian); Sun and Dell (Eazel)? Why didn't the client > companies sign with RedHat or similar ones who can also offer what > Ximian or Eazel do? Presumably, ongoing support and/or development contracts. Unfortunatly, the ultimate product is a freebie for the sponsoring companies (Sun, HP, IBM) as a component of their branded Unix systems. There's a certain value to such contracts, however they have to exist, and cover costs. In the current climate, it's a risky proposition. --=20 Karsten M. Self http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org --rS8CxjVDS/+yyDmU Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6xtCHOEeIn1XyubARAtg5AJ4u4Hc1/VH3E2EIR6MPKM1CzVtY7ACdH48Z T+YUre2y97kETytg9JRF/tw= =1A4a -----END PGP SIGNATURE----- --rS8CxjVDS/+yyDmU-- From fsb-return-5502-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sun Apr 01 10:05:09 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 80595 invoked from network); 1 Apr 2001 10:05:09 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 1 Apr 2001 10:05:09 -0000 Received: (qmail 32376 invoked by alias); 1 Apr 2001 10:00:04 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 32357 invoked from network); 1 Apr 2001 10:00:01 -0000 Date: Sun, 1 Apr 2001 06:01:53 -0400 (EDT) Message-Id: <200104011001.GAA16779@kirk.dnaco.net> From: kragen@pobox.com To: jean_camp@harvard.edu Subject: Re: GNU and classified software Cc: fsb@crynwr.com X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N jean_camp@harvard.edu writes: > I believe that non-discrimination of distribution is a requirement under > the GPL, as with OS software. You cannot simultaneously practice > non-discrimination and require that a recipient has the military-given > right to view secret/top secret/sensitive documents. What section of the GPL do you believe specifies this? By my reading, the GPL does not say anything about how you may or may not choose to whom you give copies of software; it only obligates you to do certain things with regard to those to whom you give the software, and to license the software to the public at large. > I believe that non-discrimination is a central feature to OS and FS. > (One I am, btw, not terribly fond of since it prohibits limits for > safety-critical systems. Being able to prohibit use of software for > safety-critical systems seems damn reasonable to me.) Such prohibition does not belong in copyright licenses; it's perfectly reasonable for a nuclear-plant operator to do a thorough safety audit of existing unsafe code and fix its bugs rather than writing its own from scratch, for example; and if it were to decide to write its own after having read the unsafe code, copyright licenses that prohibit the use of the original code for safety-critical systems could make it liable for copyright infringement if it subconsciously copied parts of the original system. As an FSB, you're quite entitled to refuse to do business with companies not in America, companies not willing to pay you, companies you don't like the politics of, companies whose CEO slept with your wife, or companies without any personnel holding an SCI for a particular compartment. You just can't require that your customers not share your free software with companies not in America, companies not willing to pay you, or companies without any personnel holding an SCI for a particular compartment --- if you do, it's not free. I don't know whether writing classified software constitutes imposing such a requirement. From fsb-return-5503-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Mon Apr 02 02:33:06 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 45203 invoked from network); 2 Apr 2001 02:33:06 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 2 Apr 2001 02:33:06 -0000 Received: (qmail 482 invoked by alias); 2 Apr 2001 02:27:52 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 475 invoked from network); 2 Apr 2001 02:27:51 -0000 Message-ID: <3AC7E397.44893C61@collab.net> Date: Sun, 01 Apr 2001 22:27:35 -0400 From: Frank Hecker Organization: CollabNet, Inc. X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: fsb@crynwr.com Subject: Re: GNU and classified software References: <200104011001.GAA16779@kirk.dnaco.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N kragen@pobox.com wrote: > As an FSB, you're quite entitled to refuse to do business with > companies not in America, companies not willing to pay you, companies > you don't like the politics of, companies whose CEO slept with your > wife, or companies without any personnel holding an SCI for a > particular compartment. You just can't require that your customers > not share your free software with companies not in America, companies > not willing to pay you, or companies without any personnel holding an > SCI for a particular compartment --- if you do, it's not free. > > I don't know whether writing classified software constitutes imposing > such a requirement. Not to speak for others, but I believe the argument is that it is: That the issue regarding the GPL is not whom you choose to distribute the software to, but that a) you have distributed the software with the additional proviso that it be treated as classified data (and hence subject to all the regulations concerning how classified data must be handled); b) you had (at least in theory) the ability not to treat the software as classified, i.e., you could have sought declassification of it prior to distributing it; and c) the recipients of the software do not have that ability -- they are bound to treat the software as classified data, and cannot declassify it themselves (because they didn't create it -- I think this is how declassification works). Whether one agrees with this argument or not, I think it is clearly a different argument than the argument about whether the GPL constraints your ability to choose to whom you distribute the software. Frank -- Frank Hecker work: http://www.collab.net/ frank@collab.net home: http://www.hecker.org/ From fsb-return-5504-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Mon Apr 02 02:34:50 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 45421 invoked from network); 2 Apr 2001 02:34:50 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 2 Apr 2001 02:34:50 -0000 Received: (qmail 569 invoked by alias); 2 Apr 2001 02:27:59 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 508 invoked from network); 2 Apr 2001 02:27:56 -0000 From: Russell Nelson MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Sun, 1 Apr 2001 22:27:54 -0400 (EDT) To: "fsb@crynwr.com" Subject: Re: Spam [Fwd: How to get rich.] In-Reply-To: <3AC50ACE.68646E7@wirex.com> References: <3AC50ACE.68646E7@wirex.com> X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs Lucid Message-ID: <15047.57944.140324.589935@desk.crynwr.com> X-Face: $K'YURj"g6ImvqTS_=]8)gqh!5;ElY<[.Rao%j8r+]iUfE{%|v%F<=mcq<6l{K=~mf&#:?" nslS]U~|x{2V=Eex_I#"9K~9)>?m7Lm={(j_&)SX~fzg&ST~P%QUhc{1p]c3@Zn1u*PZlkHM**X^vV l>GkB5y^Kz%w5p~^uDue]hL&ke,N;+Q So, it seems that the spammers have harvested the fsb@crynwr.com > address. It won't be long before there's a flood of crap posted there. > Shall we consider employing some kind of spam filter? "Subscribers > only" is my favorite, and is what we employ on the Immunix mailing > lists. We already have an anti-spam filter, and it rejects at least one piece of spam a day. It's called "Russ Nelson". If someone new sends email to the list, their first posting goes to me. If it's spam, I delete it, and remove their name from the "allow" filter. Otherwise I forward it to the list. This works quite well, and permits people to post two or more postings even if I'm off the net. Unfortunately, the rare spammer posts twice using the same envelope sender. When this happens, the spam gets through. -- -russ nelson will be speaking at http://www.osdn.com/conferences/brie/ Crynwr sells support for free software | PGPok | Watch out! He's got an 521 Pleasant Valley Rd. | +1 315 268 1925 voice | opinion, and he's not Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | afraid to share it! From fsb-return-5505-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Mon Apr 02 02:47:48 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 46856 invoked from network); 2 Apr 2001 02:47:48 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 2 Apr 2001 02:47:48 -0000 Received: (qmail 1535 invoked by alias); 2 Apr 2001 02:42:40 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 1528 invoked from network); 2 Apr 2001 02:42:39 -0000 From: Russell Nelson MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Sun, 1 Apr 2001 22:42:37 -0400 (EDT) To: fsb@crynwr.com Subject: Re: [Freesw] Re: FreeDevelopers In-Reply-To: References: X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs Lucid Message-ID: <15047.58562.713146.987856@desk.crynwr.com> X-Face: $K'YURj"g6ImvqTS_=]8)gqh!5;ElY<[.Rao%j8r+]iUfE{%|v%F<=mcq<6l{K=~mf&#:?" nslS]U~|x{2V=Eex_I#"9K~9)>?m7Lm={(j_&)SX~fzg&ST~P%QUhc{1p]c3@Zn1u*PZlkHM**X^vV l>GkB5y^Kz%w5p~^uDue]hL&ke,N;+Q > sethg@ropine.com writes: > > Let's say you actually have a piece of software that you're making > > available through this system, and then Red Hat downloads a copy of > > it, puts *their* warranty and brand on it, and competes with you for > > the same high-end customers. How will you convince potential > > customers to pay you and not Red Hat? > > Most sophisticated business people understand that to have a viable industry > longterm, the developers of free software have to be directly paid for the > development itself. We give them the opportunity to paid the developers. I'm giving a talk at the Trenton Computer Festival entitled "Making a living on software you didn't write", at 2:00 on May 6th in Edison, NJ. More information is available at http://tcf-nj.org -- -russ nelson will be speaking at http://www.osdn.com/conferences/brie/ Crynwr sells support for free software | PGPok | Watch out! He's got an 521 Pleasant Valley Rd. | +1 315 268 1925 voice | opinion, and he's not Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | afraid to share it! From fsb-return-5506-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Mon Apr 02 03:24:15 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 49902 invoked from network); 2 Apr 2001 03:24:15 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 2 Apr 2001 03:24:15 -0000 Received: (qmail 6840 invoked by alias); 2 Apr 2001 03:19:07 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 6832 invoked from network); 2 Apr 2001 03:19:05 -0000 Message-ID: <3AC7EF5D.9BCEDEF7@collab.net> Date: Sun, 01 Apr 2001 23:17:49 -0400 From: Frank Hecker Organization: CollabNet, Inc. X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: fsb@crynwr.com Subject: Re: GNU and classified software References: <200104011001.GAA16779@kirk.dnaco.net> <3AC7E397.44893C61@collab.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Frank Hecker wrote: > Not to speak for others, but I believe the argument is that it is: That > the issue regarding the GPL is not whom you choose to distribute the > software to, but that > > a) you have distributed the software with the additional proviso that it > be treated as classified data (and hence subject to all the regulations > concerning how classified data must be handled); > > b) you had (at least in theory) the ability not to treat the software as > classified, i.e., you could have sought declassification of it prior to > distributing it; and > > c) the recipients of the software do not have that ability -- they are > bound to treat the software as classified data, and cannot declassify it > themselves (because they didn't create it -- I think this is how > declassification works). And I should have added that whether or not the argument that this violates the GPL is "correct" or not, if you negate either (b) or (c) above then IMO the argument no longer holds. In other words, the key to the argument is that the distributor of the software had the freedom to cause the GPL-licensed software to be put under an additional restriction or not, but the recipient lacked the ability to undo the effect of the restriction once imposed. If the distributor was under the exact same constraints as the recipient, or if the recipient could undo the restriction on their own, then arguably the terms under which the software was distributed were consistent with the GPL. The previous example of export-controlled encryption software can be used to explore this thought: In the "first order" analysis of US encryption export control pre-2000, if I as a US resident wrote encryption software and distributed it to another US resident under the GPL, arguably no GPL violation would have occurred: I would be under the restriction that I could not distribute the software outside the US, and so would the recipient. The recipient's freedom to export my encryption software would have been no greater nor less than the recipient's freedom to export their own encryption software; my actions woud not have decreased the recipient's freedom and hence would not be inconsistent with the GPL. In the "second order" analysis we have to take into account the fact that although I would have been restricted from exporting my software in electronic form (as would the recipient), I would not have been restricted from exporting my software in printed form. (First Amendment to the rescue here.) Thus I would have had the freedom of action to distribute the software to the recipient in a form not subject to the restriction (i.e., printed form). This corresponds to point (b) above, and presumably then compliance with the GPL would have required my distributing the document in the unrestricted printed form, not the restricted electronic form. But as it turns out the recipient in this case would also have had the freedom to convert the electronic form of the work into printed form and export it from the US. So point (c) in the above argument does not hold: the recipient of the software would have had the power to remove the software from the export control restriction (the exact same power that I would have had), hence my distributing the software in electronic form would still have been consistent with the GPL. So I will concede Norbert Bollow's point here: distributing classified software is not exactly analogous to distributing export-controlled encryption software (pre-2000), if in fact the distributor has the power to declassify the software prior to distribution and the recipient of the software does not have such power once they've received the software. Frank -- Frank Hecker work: http://www.collab.net/ frank@collab.net home: http://www.hecker.org/ From fsb-return-5507-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Tue Apr 03 08:06:12 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 44239 invoked from network); 3 Apr 2001 08:06:11 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 3 Apr 2001 08:06:11 -0000 Received: (qmail 9911 invoked by alias); 3 Apr 2001 08:00:55 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 9904 invoked from network); 3 Apr 2001 08:00:54 -0000 Date: Tue, 3 Apr 2001 04:02:49 -0400 (EDT) Message-Id: <200104030802.EAA21083@kirk.dnaco.net> From: kragen@pobox.com To: Frank Hecker Subject: Re: GNU and classified software Cc: fsb@crynwr.com X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Frank Hecker writes: > c) the recipients of the software do not have that ability -- they are > bound to treat the software as classified data, and cannot declassify it > themselves (because they didn't create it -- I think this is how > declassification works). I haven't declassified much, but all of the several gigabytes of imagery I declassified when working for a DoD contractor were produced by a different DoD contractor. ("I declassified" means "mine was one of the two signatures on the form".) From fsb-return-5508-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu Apr 05 20:08:15 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 81448 invoked from network); 5 Apr 2001 20:08:15 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 5 Apr 2001 20:08:15 -0000 Received: (qmail 29843 invoked by alias); 5 Apr 2001 20:02:43 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 29836 invoked from network); 5 Apr 2001 20:02:42 -0000 Mail-Followup-To: fsb@crynwr.com To: fsb@crynwr.com Subject: SourceXchange shuts down From: Ian Lance Taylor Date: 05 Apr 2001 13:02:02 -0700 Message-ID: Lines: 4 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N SourceXchange shuts down: http://linuxtoday.com/news_story.php3?ltsn=2001-04-05-017-20-NW-CY Ian From fsb-return-5509-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu Apr 05 21:56:52 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 1944 invoked from network); 5 Apr 2001 21:56:51 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 5 Apr 2001 21:56:51 -0000 Received: (qmail 8790 invoked by alias); 5 Apr 2001 21:51:21 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 8780 invoked from network); 5 Apr 2001 21:51:19 -0000 Date: Thu, 5 Apr 2001 14:51:46 -0700 (PDT) From: Brian Behlendorf X-X-Sender: To: Ian Lance Taylor cc: Subject: Re: SourceXchange shuts down In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On 5 Apr 2001, Ian Lance Taylor wrote: > SourceXchange shuts down: > http://linuxtoday.com/news_story.php3?ltsn=2001-04-05-017-20-NW-CY To be honest, the site has been awful quiet for a long time, so this is more of a housecleaning than anything else. After an initial spurt of interest, and a couple successfully completed projects, we found that the overhead of being the broker and having to hand-hold developers and sponsors was more cost than what we were getting in return. More significantly, I think, companies who were comfortable with using and funding open source development would rather have their in-house teams do that work, improving both the happiness and competence of their own engineers, than to outsource it. So at the end of the day, it was a hard thing to sell, and after waiting to see if the market conditions would change to favor outsourcing more (they didn't), we decided to make the shutdown official. There's probably lots of Tuesday-morning quarterbacking one could do on how well we executed on the idea, but... ah well. If someone else wants to give this idea a try, let us know; we haven't packaged up the source code to the sourcexchange process management interface, but would if someone was really interested in it. The other business, software development infrastructure, based on open source tools and provided as an ASP, is doing very well, even in this market. Brian From fsb-return-warn-987712563.omigjlfagnifemhkaggh-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu Apr 19 20:35:43 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 15017 invoked from network); 19 Apr 2001 20:35:43 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 19 Apr 2001 20:35:43 -0000 Received: (qmail 1012 invoked by alias); 19 Apr 2001 20:36:05 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Date: 19 Apr 2001 20:36:05 -0000 Message-ID: <987712565.1004.ezmlm-warn@crynwr.com> From: fsb-help@crynwr.com To: brian-fsb-archive@taz3.hyperreal.org Content-type: text/plain; charset=us-ascii Subject: ezmlm warning X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Hi! This is the ezmlm program. I'm managing the fsb@crynwr.com mailing list. Messages to you seem to have been bouncing. I've attached a copy of the first bounce message I received. If this message bounces too, I will send you a probe. If the probe bounces, I will remove your address from the mailing list, without further notice. I've kept a list of which messages bounced from your address. Copies of these messages may be in the archive. To get message 12345 from the archive, send an empty note to fsb-get.12345@crynwr.com. Here are the message numbers: 5492 --- Below this line is a copy of the bounce message I received. Return-Path: <> Received: (qmail 11460 invoked for bounce); 6 Apr 2001 19:19:44 -0000 Date: 6 Apr 2001 19:19:44 -0000 From: MAILER-DAEMON@ns.crynwr.com To: fsb-return-5492-@crynwr.com Subject: failure notice Hi. This is the qmail-send program at ns.crynwr.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. : 209.133.83.22 failed after I sent the message. Remote host said: 553 Spam or junk mail threshold exceeded. See http://www.flame.org/qmail/spamjunk.html (#5.7.1) From fsb-return-5510-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Apr 21 10:43:15 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 19475 invoked from network); 21 Apr 2001 10:43:14 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 21 Apr 2001 10:43:14 -0000 Received: (qmail 15632 invoked by alias); 21 Apr 2001 10:43:34 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 15622 invoked from network); 21 Apr 2001 10:43:33 -0000 Date: Sat, 21 Apr 2001 11:42:59 +0100 From: Simon Cozens To: fsb@crynwr.com Subject: Apple and Open Source Message-ID: <20010421114259.A31502@netthink.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.17i X-Operating-System: Linux deep-dark-truthful-mirror 2.4.2 X-POM: The Moon is Waning Crescent (5% of Full) X-Addresses: The simon@cozens.net address is deprecated due to being broken. simon@brecon.co.uk still works, but simon-cozens.org or netthink.co.uk are preferred. X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Oh, it's gone quiet, so I'll throw out a controversial one. ---- So, what is it with Apple and Open Source? Once upon a time, when they were desperate to get an operating system written, they were bending over backwards to attract open source hackers - even going through a few iterations of the ASPL and giving up their precious rights to own any modifications to the software in order to have the license certified Open Source. Now, on the other hand, they're sending cease-and-desist letters to open source projects (http://macthemes.org) which appear to be nothing but thinly-disguised and baseless threats. Of course, the cynical explanation would be that the persecution of MacThemes could well be related to Apple's own patent on themes - a patent which MacThemes predates. Removing the visibility of prior art would be a useful step in securing the ligitimacy of that patent. Is this behaviour compatible with their desire to be seen to be part of the Open Source movement - in fact, *is* there such a desire on the part of Apple to be counted as an Open Source vendor? Or are they stuck in the old economy and still playing the game for purely selfish interests? An alternative and slightly more charitable explanation would be that Apple's right hand - the developers - doesn't know what its left hand - the legal team - is doing. Of course, if this is the case, and Apple will court you with the one hand and savage you with the other, does it really make sound business sense for any company to deal with them? -- Simon Cozens CEO NetThink Open Source Consultancy From fsb-return-5511-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat Apr 21 13:02:09 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 27011 invoked from network); 21 Apr 2001 13:02:09 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 21 Apr 2001 13:02:09 -0000 Received: (qmail 23255 invoked by alias); 21 Apr 2001 13:02:31 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 23248 invoked from network); 21 Apr 2001 13:02:30 -0000 Date: Sat, 21 Apr 2001 05:59:57 -0700 From: "Karsten M. Self" To: fsb@crynwr.com Subject: Re: Apple and Open Source Message-ID: <20010421055956.B29594@navel.introspect> References: <20010421114259.A31502@netthink.co.uk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="0ntfKIWw70PvrIHh" Content-Disposition: inline User-Agent: Mutt/1.3.17i In-Reply-To: <20010421114259.A31502@netthink.co.uk>; from simon@netthink.co.uk on Sat, Apr 21, 2001 at 11:42:59AM +0100 X-Debian-GNU-Linux: Rocks X-Kuro5hin-cabal: There is no K5 cabal X-GPG-Fingerprint: F932 8B25 5FDD 2528 D595 DC61 3847 889F 55F2 B9B0 Sender: X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N --0ntfKIWw70PvrIHh Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable on Sat, Apr 21, 2001 at 11:42:59AM +0100, Simon Cozens (simon@netthink.co.u= k) wrote: > Oh, it's gone quiet, so I'll throw out a controversial one. >=20 > ---- >=20 > So, what is it with Apple and Open Source? Once upon a time, when they > were desperate to get an operating system written, they were bending > over backwards to attract open source hackers - even going through a > few iterations of the ASPL and giving up their precious rights to own > any modifications to the software in order to have the license > certified Open Source. >=20 > Now, on the other hand, they're sending cease-and-desist letters to > open source projects (http://macthemes.org) which appear to be nothing > but thinly-disguised and baseless threats. Of course, the cynical > explanation would be that the persecution of MacThemes could well be > related to Apple's own patent on themes - a patent which MacThemes > predates. Removing the visibility of prior art would be a useful step > in securing the ligitimacy of that patent. Doesn't change the fact of prior art. Hell, I commented on this earlier -- the themes.org domain registration predates the patent filing date by 13 days, and Tigert was doing themes for some time prior to registering the site. > Is this behaviour compatible with their desire to be seen to be part > of the Open Source movement - in fact, *is* there such a desire on the > part of Apple to be counted as an Open Source vendor? Or are they > stuck in the old economy and still playing the game for purely selfish > interests? >=20 > An alternative and slightly more charitable explanation would be that > Apple's right hand - the developers - doesn't know what its left hand > - the legal team - is doing. Of course, if this is the case, and Apple > will court you with the one hand and savage you with the other, does > it really make sound business sense for any company to deal with them? In Apple's case, the left mouse finger doesn't know what the right mouse finger's doing, so they gave you a one-button mouse. Apple's tended to be hypochondriac about UI appearance issues from day one. They fought (and lost) a nasty lawsuit with Microsoft over this (though you trash your Mac while you recycle you WinXX). There was just a patent filed over theme management which was largely against an Apple-related site. Themes.org has had more than one Apple-patterned theme pulled from it -- I don't remember if these were E, blackbox, KDE, or what. There's some current Gnome/E chrome that looks a hell of a lot like Aqua. This is pretty much SOP for them. Not much has changed for the past decade. Except that Steve Jobs's ego now blocks out both the sun *and* PG&E. Couple of items from The Register: http://www.theregister.co.uk/content/archive/17461.html http://www.theregister.co.uk/content/39/18349.html Cheers. --=20 Karsten M. Self http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org --0ntfKIWw70PvrIHh Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE64YRMOEeIn1XyubARArRpAJ93dB99zfI0X19bd8uCiBtYVxdL5wCaAxLf U7jmhvjxWOF8bEOzE4Zc5DA= =aTVW -----END PGP SIGNATURE----- --0ntfKIWw70PvrIHh-- From fsb-return-5512-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Apr 25 13:09:13 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 90220 invoked from network); 25 Apr 2001 13:09:12 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 25 Apr 2001 13:09:12 -0000 Received: (qmail 15376 invoked by alias); 25 Apr 2001 13:09:27 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 15367 invoked from network); 25 Apr 2001 13:09:26 -0000 Date: Wed, 25 Apr 2001 09:08:52 -0400 (EDT) From: Keith Bostic Message-Id: <200104251308.JAA08118@abyssinian.sleepycat.com> To: fsb@crynwr.com Subject: Microsoft: Closed source is more secure X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N http://www.securityfocus.com/news/191 Microsoft: Closed source is more secure Redmond's security response chief warns the RSA Conference of the perils of open source. By Kevin Poulsen April 12, 2001 1:46 PM PT SAN FRANCISCO--The head of Microsoft's security response team argued here Thursday that closed source software is more secure than open source projects, in part because nobody's reviewing open source code for security flaws. "Review is boring and time consuming, and it's hard," said Steve Lipner, manager of Microsoft's security response center. "Simply putting the source code out there and telling folks 'here it is' doesn't provide any assurance or degree of likelihood that the review will occur." The comments, delivered at the 2001 RSA Conference, were a challenge to one of the tenets of open source, that 'with many eyes, all bugs are shallow.' "The vendor eyes in a security review tend to be dedicated, trained, full time and paid," Lipner said. Lipner argued that network administrators are better off spending their time reading log files and installing patches than poring over source code looking for security holes, and the system of 'peer review' that works well for vetting encryption algorithms, doesn't work to evaluate large pieces of software for flaws. "An encryption algorithm is relatively simple, compared to a 40 million line operating system," Lipner argued. "And the discovery of an individual software flaw doesn't pay off much... It doesn't win anyone fame and fortune... People fix the flaw and move on." Lipner, who oversees Microsoft's response to newly-reported security holes in its products, took the opportunity to point out "the repeated and recurring vulnerabilities in the Unix utilities BIND, WU-FTP, and so on. The repeated theme is people use this stuff, but they don't spend time security reviewing." 'The open source model tends to emphasize design and development. Testing is boring and expensive.' -- Steve Lipner, Microsoft Trapdoor risk? Making source code public also increases the risk that attackers will find a crucial security hole that reviewers missed, said Lipner. "That argument sounds like an argument for 'security through obscurity,' and I apologize. The facts are there." Lipner slammed the open source development process, suggesting that the often-voluntary nature of creating works like the Linux operating system make it less disciplined, and less secure. "The open source model tends to emphasize design and development. Testing is boring and expensive." By contrast, Microsoft does extensive testing on every product, and on every patch, said Lipner. "People ask us why our security patches take so long. One of the reasons they take so long is because we test them." Lipner closed by warning that the nature of open source development may lend itself to abuse by malicious coders, who could devilishly clever 'trapdoors' in the code that escapes detection, hidden in plain sight. Under polite questioning from the audience, Lipner acknowledged that some closed-source commercial products have been found to have trapdoors themselves. Other conferees expressed skepticism that closed source software receives more thorough security reviews than open source code. "Looking at products that come from commercial vendors, it seems the customer has very little guarantee that the software has been reviewed," said one conferee. "Industry has not acquitted itself well." From fsb-return-5513-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Apr 25 13:17:23 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 90520 invoked from network); 25 Apr 2001 13:17:23 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 25 Apr 2001 13:17:23 -0000 Received: (qmail 16020 invoked by alias); 25 Apr 2001 13:17:47 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 16013 invoked from network); 25 Apr 2001 13:17:47 -0000 Date: Wed, 25 Apr 2001 14:17:07 +0100 From: Simon Cozens To: fsb@crynwr.com Subject: Re: Microsoft: Closed source is more secure Message-ID: <20010425141707.A6614@netthink.co.uk> References: <200104251308.JAA08118@abyssinian.sleepycat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.17i In-Reply-To: <200104251308.JAA08118@abyssinian.sleepycat.com>; from bostic@sleepycat.com on Wed, Apr 25, 2001 at 09:08:52AM -0400 X-Operating-System: Linux deep-dark-truthful-mirror 2.4.2 X-POM: The Moon is Waxing Crescent (4% of Full) X-Addresses: The simon@cozens.net address is deprecated due to being broken. simon@brecon.co.uk still works, but simon-cozens.org or netthink.co.uk are preferred. X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Wed, Apr 25, 2001 at 09:08:52AM -0400, Keith Bostic wrote: > "Review is boring and time consuming, and it's hard," said Steve Lipner, > manager of Microsoft's security response center. "Simply putting the > source code out there and telling folks 'here it is' doesn't provide any > assurance or degree of likelihood that the review will occur." Eevn though I know he's effectively preaching to the converted, I wonder if this is wilful or true ignorance of the existence of OpenBSD. -- A debugged program is one for which you have not yet found the conditions that make it fail. -- Jerry Ogdin From fsb-return-5514-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Apr 25 13:54:41 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 92468 invoked from network); 25 Apr 2001 13:54:41 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 25 Apr 2001 13:54:41 -0000 Received: (qmail 19595 invoked by alias); 25 Apr 2001 13:54:59 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 19587 invoked from network); 25 Apr 2001 13:54:57 -0000 Date: Wed, 25 Apr 2001 15:57:33 +0200 From: Werner Koch To: fsb@crynwr.com Subject: Re: Microsoft: Closed source is more secure Message-ID: <20010425155732.S14988@alberti.gnupg.de> Mail-Followup-To: fsb@crynwr.com References: <200104251308.JAA08118@abyssinian.sleepycat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.16i In-Reply-To: <200104251308.JAA08118@abyssinian.sleepycat.com>; from bostic@sleepycat.com on Wed, Apr 25, 2001 at 09:08:52AM -0400 X-PGP-KeyID: 621CC013 X-PGP-CertKey: A4D9 4E92 B098 6AB5 EE9D CD75 5DE2 4996 5B03 58A2 X-Request-PGP: finger:wk@porta.u64.de X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Hi! > http://www.securityfocus.com/news/191 > manager of Microsoft's security response center. "Simply putting the > source code out there and telling folks 'here it is' doesn't provide any > assurance or degree of likelihood that the review will occur." He is right there and I know a couple of cases where I fixed a bug and realized that nobody with a little bit of programming knowledge could have looked at it. OTOH, I know that for example quite a couple of folks are quite familar with the GnuPG code base and actually contributed fixes to questionable constructs. So it is not that bad. PGP 5 is not Free Software but we can look at the code - there is evidence that nobody has done a code auditing, enither the NAI folks nor any one else. > "The vendor eyes in a security review tend to be dedicated, trained, > full time and paid," Lipner said. Given only those simple to detect buffer overflows reported daily about proprietary products, I don't buy this. > Lipner argued that network administrators are better off spending their > time reading log files and installing patches than poring over source > code looking for security holes, and the system of 'peer review' that Nobody expects admins to look over the code. We have thousands of talented programmers who do this. There are reports on the code quality of GNU which claim that this Free Software outperforms any other proprietary Unix software in robustness and error freeness, let alone DOS and Windows software. > "An encryption algorithm is relatively simple, compared to a 40 million > line operating system," Lipner argued. "And the discovery of an Someone who designs a 40 million line OS without any internal security boundaries does not know what he is doing. Complexity is the worst enemy of security. > holes in its products, took the opportunity to point out "the repeated > and recurring vulnerabilities in the Unix utilities BIND, WU-FTP, and so > on. The repeated theme is people use this stuff, but they don't spend > time security reviewing." Responsible admins don't use wu-ftp or other programs with a large record of security pitfalls. Well, Bind is a problem because there is no other conforming and usable alternative available. > By contrast, Microsoft does extensive testing on every product, and on > every patch, said Lipner. "People ask us why our security patches take > so long. One of the reasons they take so long is because we test them." Most of us know the quality of their patches. And he missed a very imprtant point: It is not possible to find design flaws or other security holes just by testing. To find those things, independed design and code auditing is a must. > Lipner closed by warning that the nature of open source development may > lend itself to abuse by malicious coders, who could devilishly clever > 'trapdoors' in the code that escapes detection, hidden in plain sight. Well, we could. But although the MS folks are not able to figure them out (they even don't find the most obvious bugs in their code), other hacker will find them. And because we can't hide our code, the whole world will point their fingers at a programmer who added delibertely malicious code into Free Software. Not could for his reputation. > Under polite questioning from the audience, Lipner acknowledged that > some closed-source commercial products have been found to have trapdoors > themselves. And that even without access to the source code! Expect a lot more backdoors in prorietary software. > "Looking at products that come from commercial vendors, it seems the > customer has very little guarantee that the software has been reviewed," > said one conferee. "Industry has not acquitted itself well." Reading Bugtraq proves this to 100% SCNR to comment on these ridicolous statements. Werner -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus From fsb-return-5515-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Apr 25 14:06:37 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 93434 invoked from network); 25 Apr 2001 14:06:37 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 25 Apr 2001 14:06:37 -0000 Received: (qmail 20904 invoked by alias); 25 Apr 2001 14:06:55 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 20894 invoked from network); 25 Apr 2001 14:06:54 -0000 Subject: Re: Microsoft: Closed source is more secure To: Keith Bostic Cc: fsb@crynwr.com From: Ben_Tilly@trepp.com Date: Wed, 25 Apr 2001 10:07:38 -0400 Message-ID: X-MIMETrack: Serialize by Router on T1/Trepp(Release 5.0.6a |January 17, 2001) at 04/25/2001 10:07:39 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Keith Bostic quotes: > SAN FRANCISCO--The head of Microsoft's security response team argued > here Thursday that closed source software is more secure than open > source projects, in part because nobody's reviewing open source code for > security flaws. > > "Review is boring and time consuming, and it's hard," said Steve Lipner, > manager of Microsoft's security response center. "Simply putting the > source code out there and telling folks 'here it is' doesn't provide any > assurance or degree of likelihood that the review will occur." > > The comments, delivered at the 2001 RSA Conference, were a challenge to > one of the tenets of open source, that 'with many eyes, all bugs are > shallow.' > > "The vendor eyes in a security review tend to be dedicated, trained, > full time and paid," Lipner said. [...] >From a vendor's eyes, security reviews are a major cost center. In the real world things that get labelled "costs" quickly migrate to the bottom of the corporate rung on priorities. The gut reaction in virtually any business is to try to find ways to not pay costs, but to pass them on to someone else. Security is no different, which is why software companies over time have migrated the legal costs of inadequate security to consumers, and then quietly moved it fairly low on their priority scale. In this respect Microsoft is one of the worst offenders. I cannot pretend to be a student of finance or history, but without some external motivation (be that legal, a certification, active consumers), this is going to be the inevitable reaction of any corporation. Cheers, Ben From fsb-return-5516-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Apr 25 14:43:52 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 97039 invoked from network); 25 Apr 2001 14:43:52 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 25 Apr 2001 14:43:52 -0000 Received: (qmail 22933 invoked by alias); 25 Apr 2001 14:44:11 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 22926 invoked from network); 25 Apr 2001 14:44:10 -0000 Message-ID: <3AE6E298.99377548@algroup.co.uk> Date: Wed, 25 Apr 2001 15:43:36 +0100 From: Ben Laurie X-Mailer: Mozilla 4.76 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Werner Koch Cc: fsb@crynwr.com Subject: Re: Microsoft: Closed source is more secure References: <200104251308.JAA08118@abyssinian.sleepycat.com> <20010425155732.S14988@alberti.gnupg.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Werner Koch wrote: > > Hi! > > > http://www.securityfocus.com/news/191 > > > manager of Microsoft's security response center. "Simply putting the > > source code out there and telling folks 'here it is' doesn't provide any > > assurance or degree of likelihood that the review will occur." > > He is right there and I know a couple of cases where I fixed a bug > and realized that nobody with a little bit of programming knowledge > could have looked at it. Until you did, of course. I find it weird that people keep arguing that opening the source hasn't fixed bugs by quoting examples where it has. Cheers, Ben. -- http://www.apache-ssl.org/ben.html "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff ApacheCon 2001! http://ApacheCon.com/ From fsb-return-5517-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Apr 25 15:00:17 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 98216 invoked from network); 25 Apr 2001 15:00:17 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 25 Apr 2001 15:00:17 -0000 Received: (qmail 24565 invoked by alias); 25 Apr 2001 15:00:36 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 24556 invoked from network); 25 Apr 2001 15:00:34 -0000 Sender: ljean Message-ID: <3AE6D8FA.1B5253FE@harvard.edu> Date: Wed, 25 Apr 2001 10:02:34 -0400 From: jean_camp@harvard.edu Reply-To: jean_camp@harvard.edu Organization: Harvard X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.14-6.1.1 i686) X-Accept-Language: en MIME-Version: 1.0 To: fsb@crynwr.com Subject: Intesting paper References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> <200103232141.WAA30718@quill.thinkcoach.com> <3ABBFBDE.3E4CCF90@collab.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N http://www.firstmonday.org/issues/issue6_1/tuomi/index.html This paper describes the evolution of the Linux operating system, and studies dynamics of socio-technical change using Linux as a case example. Theoretical models of community-based practice and learning are combined with actor-network theory, and the characteristics of the open source development model are described using the introduced theoretical concepts. The paper analyses the growth and development of Linux and its development community, and shows how the development community evolves into an ecology of community-centered practices. From fsb-return-5518-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Apr 25 15:09:56 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 98963 invoked from network); 25 Apr 2001 15:09:56 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 25 Apr 2001 15:09:56 -0000 Received: (qmail 25538 invoked by alias); 25 Apr 2001 15:09:44 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 25526 invoked from network); 25 Apr 2001 15:09:43 -0000 Message-ID: <20010425150943.18601.qmail@desk.crynwr.com> To: ben@algroup.co.uk CC: fsb@crynwr.com Subject: Re: Microsoft: Closed source is more secure Date: Wed, 25 Apr 2001 16:01:38 +0100 From: forsyth@vitanuova.com MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N >Werner Koch wrote: >> He is right there and I know a couple of cases where I fixed a bug >> and realized that nobody with a little bit of programming knowledge >> could have looked at it. > >Until you did, of course. I find it weird that people keep arguing that >opening the source hasn't fixed bugs by quoting examples where it has. i suspect he might have been suggesting that it was not necessarily examined systematically, although that seems to me to be a separate problem. From fsb-return-5519-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Apr 25 15:14:49 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 99303 invoked from network); 25 Apr 2001 15:14:49 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 25 Apr 2001 15:14:49 -0000 Received: (qmail 26271 invoked by alias); 25 Apr 2001 15:15:13 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 26264 invoked from network); 25 Apr 2001 15:15:12 -0000 Sender: shap@eros.cs.jhu.edu Message-ID: <3AE6E8F5.6E87D460@cs.jhu.edu> Date: Wed, 25 Apr 2001 11:10:45 -0400 From: shap@cs.jhu.edu Organization: Johns Hopkins University X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.16-3 i686) X-Accept-Language: en MIME-Version: 1.0 To: Ben Laurie CC: Werner Koch , fsb@crynwr.com Subject: Re: Microsoft: Closed source is more secure References: <200104251308.JAA08118@abyssinian.sleepycat.com> <20010425155732.S14988@alberti.gnupg.de> <3AE6E298.99377548@algroup.co.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Ben Laurie wrote: > > Werner Koch wrote: > > > > > "Simply putting the > > > source code out there and telling folks 'here it is' doesn't provide any > > > assurance or degree of likelihood that the review will occur." > > > > He is right there and I know a couple of cases where I fixed a bug > > and realized that nobody with a little bit of programming knowledge > > could have looked at it. > > Until you did, of course. I find it weird that people keep arguing that > opening the source hasn't fixed bugs by quoting examples where it has. No no. This is a silly way to think about it. The Microsoft guy says: "Publishing the code doesn't guarantee that the public fixes it." This is a perfectly true statement, uttered to facilitate fear, uncertainty, and doubt. The productive response goes like this: FSB Member: "True, but when you *hide* the code, there *is* a guarantee: the public *can't* fix it. Further, if you look at the license, you'll discover that *Microsoft* won't fix it either. So here's the real question: You're falling out of an airplane from 30,000 feet. There's this parachute that might (or might not) open. Do you want the parachute or not?" Jonathan From fsb-return-5520-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Apr 25 15:21:22 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 191 invoked from network); 25 Apr 2001 15:21:22 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 25 Apr 2001 15:21:22 -0000 Received: (qmail 26894 invoked by alias); 25 Apr 2001 15:21:44 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 26887 invoked from network); 25 Apr 2001 15:21:44 -0000 Sender: ljean Message-ID: <3AE6DDF1.18A19518@harvard.edu> Date: Wed, 25 Apr 2001 10:23:45 -0400 From: jean_camp@harvard.edu Reply-To: jean_camp@harvard.edu Organization: Harvard X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.14-6.1.1 i686) X-Accept-Language: en MIME-Version: 1.0 CC: fsb@crynwr.com Subject: Re: GNU and classified software References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> <200103232141.WAA30718@quill.thinkcoach.com> <20010323190113.C32421@zork.net> <200103240851.JAA00528@quill.thinkcoach.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Perens, Open Sources, pp179 5. No discriminations against persons or groups (like those without classification..) fsf.org "Some free software developers have started to use the term ``open source software'' instead of ``free software''. While free software by any other name would give you the same freedom,..." I do not see how it is possible to develop free software in a classified environment. Where is the error in my logic? -Jean From fsb-return-5521-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Apr 25 15:43:44 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 2297 invoked from network); 25 Apr 2001 15:43:44 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 25 Apr 2001 15:43:44 -0000 Received: (qmail 28675 invoked by alias); 25 Apr 2001 15:43:58 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 28667 invoked from network); 25 Apr 2001 15:43:57 -0000 Sender: shap@eros.cs.jhu.edu Message-ID: <3AE6EFC9.7C5A2361@cs.jhu.edu> Date: Wed, 25 Apr 2001 11:39:53 -0400 From: shap@cs.jhu.edu Organization: Johns Hopkins University X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.16-3 i686) X-Accept-Language: en MIME-Version: 1.0 CC: fsb@crynwr.com Subject: Re: Microsoft: Closed source is more secure References: <200104251308.JAA08118@abyssinian.sleepycat.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N > "An encryption algorithm is relatively simple, compared to a 40 million > line operating system," Lipner argued. Off topic, but I really can't resist this one. Note Lipner's argument: "our operating system is to large to manage, so we should give up on managing operating systems." There is, of course, another solution... Jonathan From fsb-return-5522-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Apr 25 15:59:54 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 4459 invoked from network); 25 Apr 2001 15:59:53 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 25 Apr 2001 15:59:53 -0000 Received: (qmail 30866 invoked by alias); 25 Apr 2001 16:00:11 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 30859 invoked from network); 25 Apr 2001 16:00:10 -0000 Subject: Looking for ELJ authors To: fsb@crynwr.com Date: Wed, 25 Apr 2001 09:00:44 -0700 (PDT) X-Mailer: ELM [version 2.4ME+ PL48 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <20010425160044.D654CF864@cascadia.a42.com> From: fyl@a42.com (Phil Hughes) X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Just realized there are probably some people on this list doing embedded work that might be interested in writing articles for Embedded Linux Journal. And some that would like to receive it for free. First, if you are working in embedded systems or plan to be, and live in North America, you can get a free subscription to ELJ. It's controlled circulation (like Electronic Design, ...). You can check out some articles on-line and even subscribe at http://embedded.linuxjournal.com. That said, I continue to look for articles. One specific one I am looking for is something explaining why the GPL is not a horrible disease that will infect all your embedded systems. We covered this in Linux Journal five or six years ago but many of the embedded people are new to Linux and they need to hear the argument. The discussion about Microsoft FUD on this list inspired me to post the question here. I have asked one person if he is interested in writing it but haven't hear back. If you are interested in writing this (or another article) you can e-mail me at eljeditor@ssc.com. As for "other articles" I am specifically shopping in two areas: * Success stories -- cases where Embedded Linux (or any Open Source OS was used. The story should talk about why it was selected, what hurdles were involved and what came out the other end. * HowTos -- many of our readers are new to Linux but know embedded, the rest are new to embedded but know Linux. Any tutorial sort of article that helps people get up to speed is desirable. Like with the early days of Linux Journal where evangalism was the primary goal, ELJ is doing that now in the embedded market. So, if you want to help, let me know. The advantages are: a chance to plug something you believe in, some fame and a little bit of fortune. -- Phil Hughes fyl@a42.com To find out about Pacific Beach, check out http://www.pacificbeachwa.com/ From fsb-return-5523-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Apr 25 16:14:43 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 5727 invoked from network); 25 Apr 2001 16:14:43 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 25 Apr 2001 16:14:43 -0000 Received: (qmail 32205 invoked by alias); 25 Apr 2001 16:14:55 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 32198 invoked from network); 25 Apr 2001 16:14:54 -0000 Date: Wed, 25 Apr 2001 18:17:23 +0200 From: Werner Koch To: fsb@crynwr.com Subject: Re: Microsoft: Closed source is more secure Message-ID: <20010425181723.V14988@alberti.gnupg.de> Mail-Followup-To: fsb@crynwr.com References: <20010425150943.18601.qmail@desk.crynwr.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.16i In-Reply-To: <20010425150943.18601.qmail@desk.crynwr.com>; from forsyth@vitanuova.com on Wed, Apr 25, 2001 at 04:01:38PM +0100 X-PGP-KeyID: 621CC013 X-PGP-CertKey: A4D9 4E92 B098 6AB5 EE9D CD75 5DE2 4996 5B03 58A2 X-Request-PGP: finger:wk@porta.u64.de X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Wed, 25 Apr 2001, forsyth@vitanuova.com wrote: > i suspect he might have been suggesting that it was not > necessarily examined systematically, although that seems to me to > be a separate problem. Right. Although we do better than the average proprietary vendor (this includes MS), we can't close our eyes on real problems like the more or less not existing code auditing. I know that the OpenPGP folks do that but they have a whole bunch of code and can just go for a specific problem domain at one time and don't start a full coverage auditing. More than 6 months ago we had an international crypto workshop at the Linux-Kongress and one top topic was that there is not enough auditing going on and how we can foster that. Although we agreed on some actions, nothing has yet happened - probably due to a lack of time/money. Well this is getting a bit off-topic, so lets better stop here. Werner -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus From fsb-return-5524-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Apr 25 20:31:56 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 36950 invoked from network); 25 Apr 2001 20:31:55 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 25 Apr 2001 20:31:55 -0000 Received: (qmail 16715 invoked by alias); 25 Apr 2001 20:32:11 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 16708 invoked from network); 25 Apr 2001 20:32:10 -0000 Message-ID: <3AE731B1.4B417B31@collab.net> Date: Wed, 25 Apr 2001 16:21:05 -0400 From: Frank Hecker Organization: CollabNet, Inc. X-Mailer: Mozilla 4.77 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: jean_camp@harvard.edu CC: fsb@crynwr.com Subject: Re: GNU and classified software References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> <200103232141.WAA30718@quill.thinkcoach.com> <20010323190113.C32421@zork.net> <200103240851.JAA00528@quill.thinkcoach.com> <3AE6DDF1.18A19518@harvard.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N jean_camp@harvard.edu wrote: > I do not see how it is possible to develop free software in a classified > environment. > > Where is the error in my logic? After participating in the various discussions about this, I agree with your conclusion, although I think there are some subtleties worth noting on the way to reaching it: First, to pick a minor nit: You're quoting from the OSD; if we're talking about "free software" (as distinguished from "open source") I think it would be more appropriate to quote from "What is Free Software?" and related FSF documents. But that doesn't actually change the argument, since the FSF documents contain language which has similar effect. Next, the original question (way back when) was about using free software tools (e.g., GCC, GNU Emacs) to develop classified software. I see no issue there, assuming that the development process is such that the classified software doesn't end up incorporating code from the free software. The interesting case is where software is developed in a classified environment and then distributed to others under what purports to be a free software (or open source) license; this includes cases where the newly developed software is considered a derivative work of free software or open source software developed outside the classified environment. (If the original software was distributed under the GPL then there's a lot of circumstances where the newly developed software could come under this umbrella.) The question is whether and in what cases distribution of such newly developed software would not satisfy the criteria for free software or open source software. To start with, there is (at least in my opinion) some ambiguity as to what would actually constitute "distribution" and thus trigger licensing requirements. Is transfer of classified software solely within (say) the NSA "distribution" in the licensing sense? I don't think so. Transfer between the NSA and the CIA? Maybe not -- they're both agencies of the US government. Transfer between the NSA and a private government contractor working under contract to NSA? Maybe. Transfer between the NSA and GCHQ in the UK? Definitely. Assume "distribution" does occur. I believe, and I think many would agree, that an organization creating software and distributing it under a free software (or open source) license can arbitrarily choose to whom they distribute it; they are not compelled by the FSF criteria nor by the OSD to distribute it to everyone. Thus there is no problem arising solely from choosing to distribute classified software under a free software license to only those who have proper clearances. The OSD and FSF criteria rather prohibit placing restrictions on the licensors' ability to redistribute to certain groups. Now if the recipients of such classified software could potentially declassify the software themselves, without needing the permission of the distributor of the software, then IMO there would not necessarily be a problem. The distributor/licensor of the software would not in fact have put any real restriction on the recipient/licensee; the recipient may not choose to declassify, but could if they chose. However I do not believe that classification works this way in general. For example, I doubt very much that GCHQ could unilaterally declassify material provided to it by the NSA; I'm sure there are binding legal agreements between the US and UK governments that prevent this. So, given this point (which is courtesy of Norbert Bollow), I agree that in general it would not be possible to create and distribute classified software under a free software (or open source) license and actually meet the FSF (or OSD) criteria. This implies (among other things) that it would not be possible to incorporate publicly available GPLed software into classified applications and distribute those applications without violating the GPL terms. (I'm of course assuming that the "incorporation" is such that a derived work of the GPLed software would in fact be created.) A similar argument would apply to software created by a private individual or organization and distributed to others under a non-disclosure agreement, unless recipients had the legal power to breach the NDA and release the software to those who had not signed it. Frank -- Frank Hecker work: http://www.collab.net/ frank@collab.net home: http://www.hecker.org/ From fsb-return-5525-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Apr 25 21:11:27 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 43154 invoked from network); 25 Apr 2001 21:11:27 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 25 Apr 2001 21:11:27 -0000 Received: (qmail 19976 invoked by alias); 25 Apr 2001 21:11:46 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 19968 invoked from network); 25 Apr 2001 21:11:45 -0000 Mime-Version: 1.0 Message-Id: In-Reply-To: <3AE731B1.4B417B31@collab.net> References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> <200103232141.WAA30718@quill.thinkcoach.com> <20010323190113.C32421@zork.net> <200103240851.JAA00528@quill.thinkcoach.com> <3AE6DDF1.18A19518@harvard.edu> <3AE731B1.4B417B31@collab.net> Date: Wed, 25 Apr 2001 14:07:26 -0700 To: fsb@crynwr.com From: Rich Morin Subject: Re: GNU and classified software Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N To make the question explicit, consider the following scenario: An arm of the US Government is putting together an embedded system which will be used in a classified manner. The system uses a special-purpose processor which needs a customized C compiler. A contractor on the project decides to use GCC as the basis for the new compiler, delivering both the source and binary code for the new compiler to the government agency. The agency then allows its employees and other contractors access to the compiler. IP aspects aside, I have seen exactly this sort of situation arise (well, it was actually an assembler/linker combination :-), so I can affirm that this sort of issue is not unrealistic. -r -- http://www.cfcl.com/rdm - home page, resume, etc. http://www.cfcl.com/Meta/md_fb.html - The FreeBSD Browser email: rdm@cfcl.com; phone: +1 650-873-7841 From fsb-return-5526-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Apr 25 21:23:47 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 44644 invoked from network); 25 Apr 2001 21:23:47 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 25 Apr 2001 21:23:47 -0000 Received: (qmail 21131 invoked by alias); 25 Apr 2001 21:22:50 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 21097 invoked from network); 25 Apr 2001 21:22:46 -0000 Sender: shap@eros.cs.jhu.edu Message-ID: <3AE73F2C.D7B239BC@cs.jhu.edu> Date: Wed, 25 Apr 2001 17:18:36 -0400 From: shap@cs.jhu.edu Organization: Johns Hopkins University X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.16-3 i686) X-Accept-Language: en MIME-Version: 1.0 To: Rich Morin CC: fsb@crynwr.com Subject: Re: GNU and classified software References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> <200103232141.WAA30718@quill.thinkcoach.com> <20010323190113.C32421@zork.net> <200103240851.JAA00528@quill.thinkcoach.com> <3AE6DDF1.18A19518@harvard.edu> <3AE731B1.4B417B31@collab.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N The contractor using GCC is not a problem -- this is a work for hire, and the return of the modified code to the government is not a distribution of the code. The government turning around and giving copies to further contractors, however, clearly violates GCC. At the moment of transfer the code passes from one legal entity to another, and at that point the source code must be released under GPL if the recipient demands it. Rich Morin wrote: > > To make the question explicit, consider the following scenario: > > An arm of the US Government is putting together an embedded system > which will be used in a classified manner. The system uses a > special-purpose processor which needs a customized C compiler. A > contractor on the project decides to use GCC as the basis for the > new compiler, delivering both the source and binary code for the > new compiler to the government agency. The agency then allows its > employees and other contractors access to the compiler. > > IP aspects aside, I have seen exactly this sort of situation arise > (well, it was actually an assembler/linker combination :-), so I can > affirm that this sort of issue is not unrealistic. > > -r > -- > http://www.cfcl.com/rdm - home page, resume, etc. > http://www.cfcl.com/Meta/md_fb.html - The FreeBSD Browser > email: rdm@cfcl.com; phone: +1 650-873-7841 From fsb-return-5527-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Apr 25 23:24:23 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 65928 invoked from network); 25 Apr 2001 23:24:23 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 25 Apr 2001 23:24:23 -0000 Received: (qmail 3552 invoked by alias); 25 Apr 2001 23:24:42 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 3545 invoked from network); 25 Apr 2001 23:24:41 -0000 Message-ID: <3AE75CA9.9B39A4EC@collab.net> Date: Wed, 25 Apr 2001 19:24:25 -0400 From: Frank Hecker Organization: CollabNet, Inc. X-Mailer: Mozilla 4.77 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: fsb@crynwr.com Subject: Re: GNU and classified software References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> <200103232141.WAA30718@quill.thinkcoach.com> <20010323190113.C32421@zork.net> <200103240851.JAA00528@quill.thinkcoach.com> <3AE6DDF1.18A19518@harvard.edu> <3AE731B1.4B417B31@collab.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Frank Hecker wrote: > Assume "distribution" does occur. I believe, and I think many would > agree, that an organization creating software and distributing it under > a free software (or open source) license can arbitrarily choose to whom > they distribute it; they are not compelled by the FSF criteria nor by > the OSD to distribute it to everyone. Thus there is no problem arising > solely from choosing to distribute classified software under a free > software license to only those who have proper clearances. The OSD and > FSF criteria rather prohibit placing restrictions on the licensors' > ability to redistribute to certain groups. Oops... I meant "The OSD and FSF criteria rather prohibit placing restrictions on the _licensees'_ ability to redistribute to certain groups." Frank -- Frank Hecker work: http://www.collab.net/ frank@collab.net home: http://www.hecker.org/ From fsb-return-5528-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Apr 25 23:33:24 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 67009 invoked from network); 25 Apr 2001 23:33:24 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 25 Apr 2001 23:33:24 -0000 Received: (qmail 4164 invoked by alias); 25 Apr 2001 23:33:45 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 4157 invoked from network); 25 Apr 2001 23:33:44 -0000 Message-ID: <3AE75EC8.9A672A96@collab.net> Date: Wed, 25 Apr 2001 19:33:28 -0400 From: Frank Hecker Organization: CollabNet, Inc. X-Mailer: Mozilla 4.77 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: shap@cs.jhu.edu CC: Rich Morin , fsb@crynwr.com Subject: Re: GNU and classified software References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> <200103232141.WAA30718@quill.thinkcoach.com> <20010323190113.C32421@zork.net> <200103240851.JAA00528@quill.thinkcoach.com> <3AE6DDF1.18A19518@harvard.edu> <3AE731B1.4B417B31@collab.net> <3AE73F2C.D7B239BC@cs.jhu.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N shap@cs.jhu.edu wrote: > The contractor using GCC is not a problem -- this is a work for hire, > and the return of the modified code to the government is not a > distribution of the code. And I should add, the contractor could copyright the new code and assign the copyright to the US government, with the government then being the licensor for that code as distributed; this simplifies the example IMO. > The government turning around and giving copies to further contractors, > however, clearly violates GCC. I presume you meant GPL. > At the moment of transfer the code passes > from one legal entity to another, and at that point the source code must > be released under GPL if the recipient demands it. Yes, though I don't think that that in and of itself would cause a problem. The government could certainly give the new contractor the source code (original and new) if the contractor had the proper clearances (which I assume would be the case since they got the binaries). The problem is that the contractor would not be free to redistribute the source (or binaries) to arbitrary others -- that's where the GPL violation appears to occur, based on our prior discussions. Frank -- Frank Hecker work: http://www.collab.net/ frank@collab.net home: http://www.hecker.org/ From fsb-return-5529-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed Apr 25 23:45:55 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 69961 invoked from network); 25 Apr 2001 23:45:55 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 25 Apr 2001 23:45:55 -0000 Received: (qmail 5895 invoked by alias); 25 Apr 2001 23:46:14 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 5888 invoked from network); 25 Apr 2001 23:46:13 -0000 Message-ID: <3AE761B5.50DD0D74@collab.net> Date: Wed, 25 Apr 2001 19:45:57 -0400 From: Frank Hecker Organization: CollabNet, Inc. X-Mailer: Mozilla 4.77 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: shap@cs.jhu.edu CC: Rich Morin , fsb@crynwr.com Subject: Re: GNU and classified software References: <66037540DA72D31180D400A0C9D17D1F466280@phoenix1.exponent.com> <200103232141.WAA30718@quill.thinkcoach.com> <20010323190113.C32421@zork.net> <200103240851.JAA00528@quill.thinkcoach.com> <3AE6DDF1.18A19518@harvard.edu> <3AE731B1.4B417B31@collab.net> <3AE73F2C.D7B239BC@cs.jhu.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N shap@cs.jhu.edu wrote: > The contractor using GCC is not a problem -- this is a work for hire, > and the return of the modified code to the government is not a > distribution of the code. > > The government turning around and giving copies to further contractors, > however, clearly violates GCC. At the moment of transfer the code passes > from one legal entity to another, (Sorry, I forgot to add this point in my last message:) But if the contractor is working under contract to the government, and the transfer of the software is in relation to work performed under that contract, would this transfer actually be considered an act of distribution under the license? I'm not qualified to answer this one way or the other. However as you probably know, it is very common for cleared contractor personnel to work on-site in US government classified facilities, working side-by-side with US goverment employees and freely sharing software and other data. Again, it seems as if this same issue would arise in the commercial world with temporary contract employees and other contractors working onsite. This is especially true given that many firms have completely outsourced their IS functions to third parties, to the extent of having all their IS employees leave the company and become employees of the outsourcing provider, but still continue to work in the same office at the same job. Frank -- Frank Hecker work: http://www.collab.net/ frank@collab.net home: http://www.hecker.org/ From fsb-return-5530-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu Apr 26 01:23:13 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 88401 invoked from network); 26 Apr 2001 01:23:13 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 26 Apr 2001 01:23:13 -0000 Received: (qmail 11377 invoked by alias); 26 Apr 2001 01:23:32 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 11370 invoked from network); 26 Apr 2001 01:23:29 -0000 From: "Stephen J. Turnbull" MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15079.30483.289078.970359@turnbull.sk.tsukuba.ac.jp> Date: Thu, 26 Apr 2001 10:17:07 +0900 To: Werner Koch Cc: fsb@crynwr.com Subject: Re: Microsoft: Closed source is more secure In-Reply-To: <20010425181723.V14988@alberti.gnupg.de> References: <20010425150943.18601.qmail@desk.crynwr.com> <20010425181723.V14988@alberti.gnupg.de> X-Mailer: VM 6.92 under 21.4 (patch 0) "Solid Vapor" XEmacs Lucid X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N >>>>> "Werner" == Werner Koch writes: Werner> Although we agreed on some actions, nothing has yet Werner> happened - probably due to a lack of time/money. Werner> Well this is getting a bit off-topic, so lets better stop Werner> here. Excuse me? You mention "time and money" on FSB, and say "now we're drifting off-topic"? This is precisely where the thread should have kicked off, IMHO. The fact that Microsoft spreads FUD is nothing new, nor are the arguments and evidence that Open Source is at least as secure (although in different ways and with different emphasis) as "hide the bugs along with the security holes" software. Nor is the fact that we could do a lot better -- given time and money and redirection of emphasis. Let's go get them! I'm sorry I don't have any ideas about where the time and money might come from, and how an FSB can make money off it, but isn't discussing that what we're here for? Well, I've got one idea. At least some of us are professors. Maybe assigning audits to our students would be a good idea. (a) Many professionals don't do it because they were never trained in it, so let's train some more. (b) Free labor. Everybody happy! -- University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN Institute of Policy and Planning Sciences Tel/fax: +81 (298) 53-5091 _________________ _________________ _________________ _________________ What are those straight lines for? "XEmacs rules." From fsb-return-5531-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu Apr 26 08:04:42 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 29305 invoked from network); 26 Apr 2001 08:04:41 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 26 Apr 2001 08:04:41 -0000 Received: (qmail 3370 invoked by alias); 26 Apr 2001 08:04:53 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 3361 invoked from network); 26 Apr 2001 08:04:52 -0000 Date: Thu, 26 Apr 2001 10:06:28 +0200 From: Werner Koch To: fsb@crynwr.com Subject: Re: Microsoft: Closed source is more secure Message-ID: <20010426100628.I27268@alberti.gnupg.de> Mail-Followup-To: fsb@crynwr.com References: <20010425150943.18601.qmail@desk.crynwr.com> <20010425181723.V14988@alberti.gnupg.de> <15079.30483.289078.970359@turnbull.sk.tsukuba.ac.jp> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.16i In-Reply-To: <15079.30483.289078.970359@turnbull.sk.tsukuba.ac.jp>; from turnbull@sk.tsukuba.ac.jp on Thu, Apr 26, 2001 at 10:17:07AM +0900 X-PGP-KeyID: 621CC013 X-PGP-CertKey: A4D9 4E92 B098 6AB5 EE9D CD75 5DE2 4996 5B03 58A2 X-Request-PGP: finger:wk@porta.u64.de X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Thu, 26 Apr 2001, Stephen J. Turnbull wrote: > Well, I've got one idea. At least some of us are professors. Maybe > assigning audits to our students would be a good idea. (a) Many I am very in favor of this idea. I usually suggest excactly this when I talk to administrations who are often keen to spend money on Free Software projects and don't know how to do this. I see two benefits: Needed work gets done and students are educated in real life programming. There is also the hope that those students don't make all the beginners errors when they start their professional life. Ciao, Werner -- Werner Koch Omnis enim res, quae dando non deficit, dum habetur g10 Code GmbH et non datur, nondum habetur, quomodo habenda est. Privacy Solutions -- Augustinus From fsb-return-5532-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu Apr 26 11:04:24 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 62522 invoked from network); 26 Apr 2001 11:04:24 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 26 Apr 2001 11:04:24 -0000 Received: (qmail 13889 invoked by alias); 26 Apr 2001 11:04:38 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 13882 invoked from network); 26 Apr 2001 11:04:33 -0000 Date: Thu, 26 Apr 2001 13:02:26 +0200 Message-Id: <200104261102.f3QB2Qg18880@linux.local> From: Norbert Bollow Prefer-Language: de, en, fr To: fsb@crynwr.com In-reply-to: <20010425155732.S14988@alberti.gnupg.de> (message from Werner Koch on Wed, 25 Apr 2001 15:57:33 +0200) Subject: Re: Microsoft: Closed source is more secure References: <200104251308.JAA08118@abyssinian.sleepycat.com> <20010425155732.S14988@alberti.gnupg.de> X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Werner Koch wrote: > Responsible admins don't use wu-ftp or other programs with a large > record of security pitfalls. Well, Bind is a problem because there > is no other conforming and usable alternative available. What is the problem with djbdns (apart from the fact that it is not Free Software)? Greetings, Norbert. -- Norbert Bollow, Weidlistr.18, CH-8624 Gruet (near Zurich, Switzerland) Tel +41 1 972 20 59 Fax +41 1 972 20 69 nb@thinkcoach.com > Currently recruiting: Perl programmers and JSP (JavaServer Pages) > programmers for the "Traffic Building Bulletin Board System" project > at FreeDevelopers.Net ------------------> See http://tbbbs.org From fsb-return-5533-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Wed May 02 23:10:30 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 21142 invoked from network); 2 May 2001 23:10:29 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 2 May 2001 23:10:29 -0000 Received: (qmail 3466 invoked by alias); 2 May 2001 23:10:41 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 3459 invoked from network); 2 May 2001 23:10:40 -0000 Date: Thu, 3 May 2001 00:10:06 +0100 From: Simon Cozens To: fsb@crynwr.com Subject: Re: Apple and Open Source Message-ID: <20010503001006.A4468@netthink.co.uk> References: <20010421114259.A31502@netthink.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.17i In-Reply-To: <20010421114259.A31502@netthink.co.uk>; from simon@netthink.co.uk on Sat, Apr 21, 2001 at 11:42:59AM +0100 X-Operating-System: Linux deep-dark-truthful-mirror 2.4.2 X-POM: The Moon is Waxing Gibbous (75% of Full) X-Addresses: The simon@cozens.net address is deprecated due to being broken. simon@brecon.co.uk still works, but simon-cozens.org or netthink.co.uk are preferred. X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Sat, Apr 21, 2001 at 11:42:59AM +0100, Simon Cozens wrote: > So, what is it with Apple and Open Source? It's not just me, then: http://dailynews.yahoo.com/h/zd/20010502/tc/open_source_s_black_hole_1.html -- Simon Cozens CEO NetThink Open Source Consultancy From fsb-return-5534-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu May 03 00:40:22 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 39124 invoked from network); 3 May 2001 00:40:22 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 3 May 2001 00:40:22 -0000 Received: (qmail 8394 invoked by alias); 3 May 2001 00:40:34 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 8387 invoked from network); 3 May 2001 00:40:33 -0000 Date: Thu, 3 May 2001 01:39:53 +0100 From: Simon Cozens To: Casey West Cc: fsb@crynwr.com Subject: Re: Apple and Open Source Message-ID: <20010503013953.B5239@netthink.co.uk> References: <20010421114259.A31502@netthink.co.uk> <20010503001006.A4468@netthink.co.uk> <20010502193518.A23201@stupid.geeknest.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.17i In-Reply-To: <20010502193518.A23201@stupid.geeknest.com>; from casey@geeknest.com on Wed, May 02, 2001 at 07:35:18PM -0400 X-Operating-System: Linux deep-dark-truthful-mirror 2.4.2 X-POM: The Moon is Waxing Gibbous (75% of Full) X-Addresses: The simon@cozens.net address is deprecated due to being broken. simon@brecon.co.uk still works, but simon-cozens.org or netthink.co.uk are preferred. X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Wed, May 02, 2001 at 07:35:18PM -0400, Casey West wrote: > I'm not suprised a bit. Doesn't MicroSoft hold a fair stake in Apple? > My take on the situation is that even if folks at Apple wanted to give > something back they would be haulted by The Big Bad Machine. That might figure; the "look-but-don't-touch" nature of the APSL finds echoes in Microsoft's planned response to Open Source: http://linuxtoday.com/news_story.php3?ltsn=2001-05-02-019-20-NW-CY-MS -- Sucks really Forth. Ugh. From fsb-return-5535-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu May 03 01:33:26 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 45763 invoked from network); 3 May 2001 01:33:26 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 3 May 2001 01:33:26 -0000 Received: (qmail 11244 invoked by alias); 3 May 2001 01:33:44 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 11236 invoked from network); 3 May 2001 01:33:42 -0000 Date: Wed, 2 May 2001 19:35:18 -0400 From: Casey West To: Simon Cozens Cc: fsb@crynwr.com Subject: Re: Apple and Open Source Message-ID: <20010502193518.A23201@stupid.geeknest.com> References: <20010421114259.A31502@netthink.co.uk> <20010503001006.A4468@netthink.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010503001006.A4468@netthink.co.uk>; from simon@netthink.co.uk on Thu, May 03, 2001 at 12:10:06AM +0100 X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Thu, May 03, 2001 at 12:10:06AM +0100, Simon Cozens wrote: : On Sat, Apr 21, 2001 at 11:42:59AM +0100, Simon Cozens wrote: : > So, what is it with Apple and Open Source? : : It's not just me, then: : http://dailynews.yahoo.com/h/zd/20010502/tc/open_source_s_black_hole_1.html I'm not suprised a bit. Doesn't MicroSoft hold a fair stake in Apple? My take on the situation is that even if folks at Apple wanted to give something back they would be haulted by The Big Bad Machine. Casey West -- "Real programmers don't work from 9 to 5. If any real programmers are around at 9am it's because they were up all night." --Unknown From fsb-return-5536-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu May 03 01:50:23 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 48205 invoked from network); 3 May 2001 01:50:23 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 3 May 2001 01:50:23 -0000 Received: (qmail 12966 invoked by alias); 3 May 2001 01:50:39 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 12959 invoked from network); 3 May 2001 01:50:39 -0000 Sender: crispin@wirex.com Message-ID: <3AF0B93D.23F9C8F7@wirex.com> Date: Wed, 02 May 2001 18:49:49 -0700 From: Crispin Cowan Organization: WireX Communications, Inc. X-Mailer: Mozilla 4.77 [en] (X11; U; Linux 2.2.19-4_rg_imnx i686) X-Accept-Language: en MIME-Version: 1.0 To: Casey West Cc: Simon Cozens , fsb@crynwr.com Subject: Re: Apple and Open Source References: <20010421114259.A31502@netthink.co.uk> <20010503001006.A4468@netthink.co.uk> <20010502193518.A23201@stupid.geeknest.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Casey West wrote: > On Thu, May 03, 2001 at 12:10:06AM +0100, Simon Cozens wrote: > : On Sat, Apr 21, 2001 at 11:42:59AM +0100, Simon Cozens wrote: > : > So, what is it with Apple and Open Source? > : > : It's not just me, then: > : http://dailynews.yahoo.com/h/zd/20010502/tc/open_source_s_black_hole_1.html > > I'm not suprised a bit. Doesn't MicroSoft hold a fair stake in Apple? > My take on the situation is that even if folks at Apple wanted to give > something back they would be haulted by The Big Bad Machine. Microsoft holds a trivial stake in Apple. MS invested $150 million in Apple in 1997, which at the time had a market cap. of approx. $6 billion, giving MS approx. 2.5% of Apple. Source: http://bvsd.k12.co.us/schools/cent/Newspaper/sum97/stories/microsof.html Caveat: I am not a financial analyst, and the market cap. and % equity figures were guesstimated by squinting at the historic chart on Apple's stock http://finance.yahoo.com/q?s=AAPL&d=c&k=c1&a=v&p=s&t=5y&l=on&z=m&q=l Disclaimers: I do not own any shares of Microsoft or Apple. I have no idea what my mutual funds are invested in. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org From fsb-return-5537-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu May 03 04:37:38 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 67451 invoked from network); 3 May 2001 04:37:37 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 3 May 2001 04:37:37 -0000 Received: (qmail 22901 invoked by alias); 3 May 2001 04:37:30 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 22887 invoked from network); 3 May 2001 04:37:29 -0000 Date: Wed, 2 May 2001 21:18:00 -0700 (PDT) From: Brian Behlendorf X-X-Sender: To: Simon Cozens cc: Subject: Re: Apple and Open Source In-Reply-To: <20010503013953.B5239@netthink.co.uk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Apple's been an excellent participant in the Apache Software Foundation, contributing significantly on the httpd project and peripherally on a couple others. They hosted a "hackathon" last month for those attending the ApacheCon conference, where for two days before the show they provided a large room and wireless for about 70 people. Not as significant as a big yummy code drop, perhaps, but still pretty useful. I also think that a substantial portion of the Apple engineering team understand that the only way to build a product on top of open source components is to make sure those components themselves are solid, thus contributing patches back, etc. I don't see too much difference between the mix of open/closed source in Mac OS X and IBM's Websphere, for example. Similar approaches to the open source community, as well. IBM does do more big code drops to the community, but they have an order of magnitude or two more cash to spend on pure R&D than Apple does, and a lot of old tech looking for a new home. =) > That might figure; the "look-but-don't-touch" nature of the APSL finds > echoes in Microsoft's planned response to Open Source: > http://linuxtoday.com/news_story.php3?ltsn=2001-05-02-019-20-NW-CY-MS Whether or not the APSL is truly qualified as Open Source software, I think it's a long way from being a "gated community" as it sounds like MS is proposing. But even if it were the same, access to the source code of a program one still has to pay for is still better than no access at all. Doesn't negate Raymond's other fine points. Brian From fsb-return-5538-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu May 03 04:57:21 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 69763 invoked from network); 3 May 2001 04:57:21 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 3 May 2001 04:57:21 -0000 Received: (qmail 24340 invoked by alias); 3 May 2001 04:57:36 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 24325 invoked from network); 3 May 2001 04:57:35 -0000 From: Lynn Winebarger To: fsb@crynwr.com Subject: Fwd: Re: Microsoft: Closed source is more secure Date: Wed, 2 May 2001 23:58:11 -0500 X-Mailer: KMail [version 1.1.99] Content-Type: text/plain; charset="iso-8859-1" MIME-Version: 1.0 Message-Id: <0105022358110J.01106@locke.free-expression.org> Content-Transfer-Encoding: 8bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Thursday 26 April 2001 06:02, Norbert Bollow wrote: > Werner Koch wrote: > > Responsible admins don't use wu-ftp or other programs with a large > > record of security pitfalls. Well, Bind is a problem because there > > is no other conforming and usable alternative available. > > What is the problem with djbdns (apart from the fact that it is > not Free Software)? (a) personality of the author as seen in Internet postings (usenet/web pages) (b) poor documentation, if qmail is any indicator (c) odd way of writing source code, if qmail is any indicator (d) odd build process, if qmail is any indicator (e) odd license and infrequent updates to official source (if qmail ....), which exacerbate the effects of b,c, and d. Lynn ------------------------------------------------------- From fsb-return-5539-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu May 03 07:54:21 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 86596 invoked from network); 3 May 2001 07:54:21 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 3 May 2001 07:54:21 -0000 Received: (qmail 2032 invoked by alias); 3 May 2001 07:28:27 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 2025 invoked from network); 3 May 2001 07:28:26 -0000 Date: Thu, 3 May 2001 09:23:32 +0200 Message-Id: <200105030723.f437NWn19711@linux.local> From: Norbert Bollow Prefer-Language: de, en, fr To: fsb@crynwr.com In-reply-to: <0105022122370H.01106@locke.free-expression.org> (message from Lynn Winebarger on Wed, 2 May 2001 21:22:37 -0500) Subject: Re: Microsoft: Closed source is more secure References: <200104251308.JAA08118@abyssinian.sleepycat.com> <20010425155732.S14988@alberti.gnupg.de> <200104261102.f3QB2Qg18880@linux.local> <0105022122370H.01106@locke.free-expression.org> X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Werner Koch wrote: > > > Responsible admins don't use wu-ftp or other programs with a large > > > record of security pitfalls. Well, Bind is a problem because there > > > is no other conforming and usable alternative available. I replied: > > What is the problem with djbdns (apart from the fact that it is > > not Free Software)? Lynn Winebarger responded: > (a) personality of the author as seen in Internet postings (usenet/web pages) > (b) poor documentation, if qmail is any indicator > (c) odd way of writing source code, if qmail is any indicator > (d) odd build process, if qmail is any indicator > (e) odd license and infrequent updates to official source (if qmail ....), > which exacerbate the effects of b,c, and d. All of these are valid points even though they don't say anything against djbdns being a secure, very usable and RFC-conforming alternative to BIND. DJB's standards in the area of security are so much higher than those of almost everyone else that I think that it is certainly understandable that he does some things in unusual ways. I am not a fan of DJB, but I feel that we in the Free Software movement should seek ways to raise our standards in the area of security instead of criticising DJB for using "odd" ways. I will continue to use djbdns until a Free Software alternative is available which is at least of similar quality. Greetings, Norbert. -- Norbert Bollow, Weidlistr.18, CH-8624 Gruet (near Zurich, Switzerland) Tel +41 1 972 20 59 Fax +41 1 972 20 69 nb@thinkcoach.com > Currently recruiting: Perl programmers and JSP (JavaServer Pages) > programmers for the "Traffic Building Bulletin Board System" project > at FreeDevelopers.Net ------------------> See http://tbbbs.org From fsb-return-5540-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu May 03 08:41:06 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 88666 invoked from network); 3 May 2001 08:41:06 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 3 May 2001 08:41:06 -0000 Received: (qmail 8559 invoked by alias); 3 May 2001 08:41:16 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 8552 invoked from network); 3 May 2001 08:41:15 -0000 Mime-Version: 1.0 Message-Id: In-Reply-To: <20010503001006.A4468@netthink.co.uk> References: <20010421114259.A31502@netthink.co.uk> <20010503001006.A4468@netthink.co.uk> Date: Thu, 3 May 2001 00:39:32 -0700 To: fsb@crynwr.com From: Rich Morin Subject: Re: Apple and Open Source Content-Type: text/plain; charset="us-ascii" ; format="flowed" X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N At 12:10 AM +0100 5/3/01, Simon Cozens wrote: >It's not just me, then: I generally agree with Brian's comments; here is the response I sent to Evan... >I, too, would like to see Apple open up more of its software and interfaces. >I would also like to see them adopt a license that is more compatible with >Open Source, or better, Free Software. Apple also needs to respect terms >like Open Source (and UNIX :-) and avoid claiming to be what they are not. > >On the other hand, none of this makes Apple a "Black Hole". If they used >free software and didn't give back changes, your accusation would have some >merit, but that is not the case. Apple has given back assorted changes to >the BSD community and is working with assorted Open Source projects on a >cooperative basis. > >The fact they have some proprietary aspects and some (nearly) open source >aspects is well-understood by everyone involved; you don't have to like it, >but it doesn't make them a Black Hole, any more than similar arrangements >do for other vendors (e.g., IBM, Sun, ...). -r -- http://www.cfcl.com/rdm - home page, resume, etc. http://www.cfcl.com/Meta/md_fb.html - The FreeBSD Browser email: rdm@cfcl.com; phone: +1 650-873-7841 From fsb-return-5541-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu May 03 08:55:19 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 89152 invoked from network); 3 May 2001 08:55:19 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 3 May 2001 08:55:19 -0000 Received: (qmail 9874 invoked by alias); 3 May 2001 08:55:33 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 9867 invoked from network); 3 May 2001 08:55:32 -0000 Date: Thu, 3 May 2001 01:53:12 -0700 From: "Karsten M. Self" To: fsb@crynwr.com Subject: Re: Apple and Open Source Message-ID: <20010503015312.B25526@navel.introspect> References: <20010421114259.A31502@netthink.co.uk> <20010503001006.A4468@netthink.co.uk> <20010502193518.A23201@stupid.geeknest.com> <3AF0B93D.23F9C8F7@wirex.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="DBIVS5p969aUjpLe" Content-Disposition: inline User-Agent: Mutt/1.3.17i In-Reply-To: <3AF0B93D.23F9C8F7@wirex.com>; from crispin@wirex.com on Wed, May 02, 2001 at 06:49:49PM -0700 X-Debian-GNU-Linux: Rocks X-Kuro5hin-cabal: There is no K5 cabal X-GPG-Fingerprint: F932 8B25 5FDD 2528 D595 DC61 3847 889F 55F2 B9B0 Sender: X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N --DBIVS5p969aUjpLe Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable on Wed, May 02, 2001 at 06:49:49PM -0700, Crispin Cowan (crispin@wirex.com)= wrote: > Casey West wrote: >=20 > > On Thu, May 03, 2001 at 12:10:06AM +0100, Simon Cozens wrote: > > : On Sat, Apr 21, 2001 at 11:42:59AM +0100, Simon Cozens wrote: > > : > So, what is it with Apple and Open Source? > > : > > : It's not just me, then: > > : http://dailynews.yahoo.com/h/zd/20010502/tc/open_source_s_black_hole_= 1.html > > > > I'm not suprised a bit. Doesn't MicroSoft hold a fair stake in Apple? > > My take on the situation is that even if folks at Apple wanted to give > > something back they would be haulted by The Big Bad Machine. >=20 > Microsoft holds a trivial stake in Apple. MS invested $150 million in > Apple in 1997, which at the time had a market cap. of approx. $6 > billion, giving MS approx. 2.5% of Apple. >=20 > Source: > http://bvsd.k12.co.us/schools/cent/Newspaper/sum97/stories/microsof.html This is also generally acknowledged to have been part of a settlement deal between Apple and MSFT. Hardly an uncoerced investment. I'll dig for details, IIRC, the circumstances were revealed some 6-12 months after the deal. --=20 Karsten M. Self http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org --DBIVS5p969aUjpLe Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE68Rx4OEeIn1XyubARAuqJAJ90cjeivqLKh/y4G1YJ4iOKeffJxgCfQTPa ZMjm5i/UinqQQTg4LhuRm7U= =jtRQ -----END PGP SIGNATURE----- --DBIVS5p969aUjpLe-- From fsb-return-5542-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu May 03 08:57:05 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 89216 invoked from network); 3 May 2001 08:57:04 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 3 May 2001 08:57:04 -0000 Received: (qmail 10165 invoked by alias); 3 May 2001 08:56:30 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 10157 invoked from network); 3 May 2001 08:56:29 -0000 Date: Thu, 3 May 2001 01:54:08 -0700 From: "Karsten M. Self" To: fsb@crynwr.com Subject: Re: Apple and Open Source Message-ID: <20010503015408.C25526@navel.introspect> References: <20010421114259.A31502@netthink.co.uk> <20010503001006.A4468@netthink.co.uk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="7gGkHNMELEOhSGF6" Content-Disposition: inline User-Agent: Mutt/1.3.17i In-Reply-To: <20010503001006.A4468@netthink.co.uk>; from simon@netthink.co.uk on Thu, May 03, 2001 at 12:10:06AM +0100 X-Debian-GNU-Linux: Rocks X-Kuro5hin-cabal: There is no K5 cabal X-GPG-Fingerprint: F932 8B25 5FDD 2528 D595 DC61 3847 889F 55F2 B9B0 Sender: X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N --7gGkHNMELEOhSGF6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable on Thu, May 03, 2001 at 12:10:06AM +0100, Simon Cozens (simon@netthink.co.u= k) wrote: > On Sat, Apr 21, 2001 at 11:42:59AM +0100, Simon Cozens wrote: > > So, what is it with Apple and Open Source? >=20 > It's not just me, then: > http://dailynews.yahoo.com/h/zd/20010502/tc/open_source_s_black_hole_1.ht= ml Evan, bless his soul, is a staunch defender of the GPL. Often expressed as attacks on BSD-style licenses. Don't read _too_ much into this. --=20 Karsten M. Self http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org --7gGkHNMELEOhSGF6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE68RywOEeIn1XyubARAqXVAJ9nV6vZZ5JnsG5TC31rn94dE7t+rQCfXiti gWo+x9H+s89Qvt+ZXopk9ns= =GXpd -----END PGP SIGNATURE----- --7gGkHNMELEOhSGF6-- From fsb-return-5543-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu May 03 13:46:32 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 28851 invoked from network); 3 May 2001 13:46:32 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 3 May 2001 13:46:32 -0000 Received: (qmail 24399 invoked by alias); 3 May 2001 13:46:49 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 24390 invoked from network); 3 May 2001 13:46:46 -0000 From: Lynn Winebarger To: fsb@crynwr.com Subject: Re: Microsoft: Closed source is more secure Date: Thu, 3 May 2001 08:47:20 -0500 X-Mailer: KMail [version 1.1.99] Content-Type: text/plain; charset="iso-8859-1" References: <200104251308.JAA08118@abyssinian.sleepycat.com> <0105022122370H.01106@locke.free-expression.org> <200105030723.f437NWn19711@linux.local> In-Reply-To: <200105030723.f437NWn19711@linux.local> MIME-Version: 1.0 Message-Id: <0105030736230K.01106@locke.free-expression.org> Content-Transfer-Encoding: 8bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Thursday 03 May 2001 02:23, Norbert Bollow wrote: > Lynn Winebarger responded: > > (a) personality of the author as seen in Internet postings (usenet/web > > pages) (b) poor documentation, if qmail is any indicator > > (c) odd way of writing source code, if qmail is any indicator > > (d) odd build process, if qmail is any indicator > > (e) odd license and infrequent updates to official source (if qmail > > ....), which exacerbate the effects of b,c, and d. > > All of these are valid points even though they don't say > anything against djbdns being a secure, very usable and > RFC-conforming alternative to BIND. > They don't say anything against djbdns being RFC-conforming, and nothing either for or against its security. However, when they are combined, they do say something very negative about its usability. (b) alone is enough to make usability a problem. However, neither it nor (c) and (d) would prevent me from using djbdns (or qmail) without the presence of (e). I can only tell of my experience looking at qmail to justify this. Qmail lacks a features that are necessary for running an effective and secure mail exchange/relay operation "out of the box". By secure, I particularly mean supporting authorization and starttls. By effective, I mean configuration by means other than file editing (such as LDAP). Because of the license, remedying this requires sifting though a multitude of patches, which may or may not be well-documented, and for which there are no well-established trust relationships. Furthermore, the oddness factors (c) and (d) start taking a larger role here, because now I personally have to take an interest in the source code. Not only that, I have to look at a wide variety of feature adders because the author, because of some political game he wants to play (it's in his docs, "can't add this feature because it would expose me to this security-related criticism"), won't. Furthermore, the license is imposed (as far as I can tell) to maintain the specious "reward for finding a security hole" "guarantee". Bah! Now, you may say this is how it should be. I should be familiar with every line of source code for every package I run on the systems I maintain. I should put security absolutely above features. The reality is, it's not a real option. I would be proud to be at the point to tell you that I know all the build-time options of every piece of software run on the machines I maintain. But I don't (though I almost do). That in itself requires a hefty investment of time that some would tell me I shouldn't have made in a pragmatic world. And they may be right. But I certainly don't have the time to delve through a mound of source code to add features and documentation I (and possibly others) need in order to effectively use it. If I could redistribute the whole package, or if I could rely on the author to take an interest in these features, I might consider it a worthwhile investment of my time. But he's made it clear he's not. He's made it quite clear he's more interested in winning a technical victory (and I mean one on technicalities, not on technical virtues), rather than one on being both featureful and secure. And this makes me say, why am I wasting my time? Now, I know, qmail has its adherents, and Russ Nelson, notably, provides support for it. Presumably they have found its virtues worth investing their time on. Of course, Russ consults on qmail, so one can guess that his time investment gaining expertise in the details of qmail is well-spent. I, and I assume many (but not all) sysadmins out there, do not have that luxury. I'm not saying other free mail server implementations (or BIND) are really easy to use and troubleshoot, or add features to. But at least I'm pretty sure that if it came to that, either the maintainers of the software would have some interest in incorporating my work (depending on quality) or I would have the option of forking if I disagreed with their evaluation or if there were some political game being played. Either way, my attempt to contribute and my needs (or the needs of my employer) get a fair shake. Here ends my rant on why "oddness" matters, particularly when the software isn't free. Maybe I'm just not diligent enough, but I doubt it. Or maybe I'm an odd sysadmin. Hard for me to tell. Lynn From fsb-return-5544-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Thu May 03 14:04:52 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 30164 invoked from network); 3 May 2001 14:04:51 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 3 May 2001 14:04:51 -0000 Received: (qmail 26529 invoked by alias); 3 May 2001 14:04:20 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 26521 invoked from network); 3 May 2001 14:04:19 -0000 Subject: Re: Fwd: Re: Microsoft: Closed source is more secure To: Lynn Winebarger Cc: fsb@crynwr.com From: Ben_Tilly@trepp.com Date: Thu, 3 May 2001 10:05:28 -0400 Message-ID: X-MIMETrack: Serialize by Router on T1/Trepp(Release 5.0.6a |January 17, 2001) at 05/03/2001 10:05:29 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Lynn Winebarger wrote: > On Thursday 26 April 2001 06:02, Norbert Bollow wrote: > > Werner Koch wrote: [...] > > What is the problem with djbdns (apart from the fact that it is > > not Free Software)? > > (a) personality of the author as seen in Internet postings (usenet/web pages) Don't look a gift horse in the mouth. > (b) poor documentation, if qmail is any indicator That has been used as a business opportunity before. > (c) odd way of writing source code, if qmail is any indicator You mean securely? The usual ways of writing C imply that you will be fighting buffer overflows forever. But this odd way of writing C doesn't suffer from that... > (d) odd build process, if qmail is any indicator Don't look a gift horse in the mouth. > (e) odd license and infrequent updates to official source (if qmail ....), Yeah, that one bothers me as well. But what works... > which exacerbate the effects of b,c, and d. I note that security is not on your list of reasons not to use the package. I note that security is a huge issue for bind. What are your priorities? Cheers, Ben From fsb-return-5545-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri May 04 13:04:39 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 6493 invoked from network); 4 May 2001 13:04:39 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 4 May 2001 13:04:39 -0000 Received: (qmail 1803 invoked by alias); 3 May 2001 14:53:39 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 1796 invoked from network); 3 May 2001 14:53:38 -0000 Date: Thu, 3 May 2001 07:53:49 -0700 (PDT) From: Brian Behlendorf X-X-Sender: To: Lynn Winebarger cc: Subject: Re: Microsoft: Closed source is more secure In-Reply-To: <0105030736230K.01106@locke.free-expression.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Thu, 3 May 2001, Lynn Winebarger wrote: > Qmail lacks a features that are necessary for running an effective and > secure mail exchange/relay operation "out of the box". By secure, I > particularly mean supporting authorization and starttls. There are third-party patches for both of these things available from qmail.org. Yes, applying third-party patches can be a pain. I've thought about starting a "qmail-unoff" project that would be an unofficial set of patches to qmail, distributed as a set, with QA and integration and all that. Then, someone takes the official qmail and applies a megapatch and gets a set of useful features, nicely integrated. This is cumbersome, but doable, and even with a tool like CVS not unreasonable at all (releases are a matter of taking a diff from the original import). Yes, it does mean a rework with a new Qmail release since DJB doesn't have a public CVS tree, but that happens like once a year so it wouldn't be too bad. At the very least, qmail is compilable from its non-open open source code. My prediction would be that if MS were to release source code, it would not be practically compilable, be poorly documented, and so voluminous in size as to be unusable for anything other than... PR. This would also prevent the possibility of patches floating around to fix bugs, as patches are meaningless if you can't compile it. Brian From fsb-return-5546-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri May 04 13:29:51 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 8500 invoked from network); 4 May 2001 13:29:51 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 4 May 2001 13:29:51 -0000 Received: (qmail 7290 invoked by alias); 3 May 2001 16:24:53 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 7283 invoked from network); 3 May 2001 16:24:52 -0000 Mail-Followup-To: fsb@crynwr.com To: fsb@crynwr.com Subject: Re: Fwd: Re: Microsoft: Closed source is more secure References: <0105022358110J.01106@locke.free-expression.org> From: Ian Lance Taylor Date: 03 May 2001 09:04:28 -0700 In-Reply-To: <0105022358110J.01106@locke.free-expression.org> Message-ID: Lines: 32 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Lynn Winebarger writes: > On Thursday 26 April 2001 06:02, Norbert Bollow wrote: > > Werner Koch wrote: > > > Responsible admins don't use wu-ftp or other programs with a large > > > record of security pitfalls. Well, Bind is a problem because there > > > is no other conforming and usable alternative available. > > > > What is the problem with djbdns (apart from the fact that it is > > not Free Software)? > > (a) personality of the author as seen in Internet postings (usenet/web pages) > (b) poor documentation, if qmail is any indicator > (c) odd way of writing source code, if qmail is any indicator > (d) odd build process, if qmail is any indicator > (e) odd license and infrequent updates to official source (if qmail ....), > which exacerbate the effects of b,c, and d. None of these say that djbdns is non-conforming or non-usable. The problem to be addressed is bind. If there were a better alternative, we could use that. But, as far as I know, there is only djbdns, which does work, and is secure. (I use it myself, and I've read the code--once adjusted to the style, it's a heck of lot easier to read than the bind code.) I will note that your points (a), (c), and (d) seem irrelevant, and that I disagree with your feelings on (b). I agree that (e) is a problem. With respect to the interaction of (e) and (b), I note that the documentation is on the web, and is updated rather more frequently than the code. Ian From fsb-return-5547-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri May 04 13:47:41 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 9600 invoked from network); 4 May 2001 13:47:41 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 4 May 2001 13:47:41 -0000 Received: (qmail 8871 invoked by alias); 3 May 2001 16:56:06 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 8864 invoked from network); 3 May 2001 16:56:05 -0000 Mail-Followup-To: fsb@crynwr.com To: fsb@crynwr.com Subject: Re: DJB [Was Re: Microsoft: Closed source is more secure] References: <200104251308.JAA08118@abyssinian.sleepycat.com> <0105022122370H.01106@locke.free-expression.org> <200105030723.f437NWn19711@linux.local> <0105030736230K.01106@locke.free-expression.org> From: Ian Lance Taylor Date: 03 May 2001 09:55:28 -0700 In-Reply-To: <0105030736230K.01106@locke.free-expression.org> Message-ID: Lines: 28 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Lynn Winebarger writes: > Not only that, I have to look at a wide variety of feature adders > because the author, because of some political game he wants to play > (it's in his docs, "can't add this feature because it would expose > me to this security-related criticism"), won't. I don't know what feature this refers to. However, although I've never met DJB, he doesn't strike me as playing political games. Anybody with an ounce of political sensibility would not act the way he does. He certainly does play personal games: he attacks people who have offended him, and he uses harsh language (e.g., http://cr.yp.to/qmail/venema.html). He has no flexibility on issues like security and his opinion of good design. This leads him directly to his licensing terms; see, e.g., http://cr.yp.to/compatibility.html. I recall that he once argued that a different license wasn't necessary since qmail was wide-spread anyhow, and the existing license ensured a single consistent interface; however, I can't find that quote. These characteristics make him difficult to like and difficult to work with. Sadly, they greatly inhibit distribution of his code. If I met somebody in person who acted the way DJB does on the net, I would assume a mild case of autism. But of course DJB probably has a different persona in real life. Ian From fsb-return-5548-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri May 04 13:58:59 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 10461 invoked from network); 4 May 2001 13:58:58 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 4 May 2001 13:58:58 -0000 Received: (qmail 11648 invoked by alias); 3 May 2001 18:00:58 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 11637 invoked from network); 3 May 2001 18:00:55 -0000 Date: 3 May 2001 18:00:14 -0000 Message-ID: <20010503180014.17269.qmail@horse-nettle.ropine.com> From: Seth Gordon To: fsb@crynwr.com In-reply-to: <0105022358110J.01106@locke.free-expression.org> (message from Lynn Winebarger on Wed, 2 May 2001 23:58:11 -0500) Subject: Re: Fwd: Re: Microsoft: Closed source is more secure References: <0105022358110J.01106@locke.free-expression.org> X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Speaking as someone who uses djbdns and subscribes to the dns@cr.yp.to mailing list... > What is the problem with djbdns (apart from the fact that it is > not Free Software)? (a) personality of the author as seen in Internet postings (usenet/web pages) Fortunately, once I figured out how to get the software working, I didn't have to depend on the author's personality to keep it working. (b) poor documentation, if qmail is any indicator I will admit that the following dialogue on the list seems all too common: "How do I get djbdns to do X?" "You fool! Just read http://cr.yp.to/djbdns/random-page.html#random-section!" "The documentation sucks!" "If you can't read the documentation, you're too stupid to run a DNS server!" However, I did manage to go from virtual ignorance of DNS to a server that works well enough for my needs without pestering the list too much, and I got sick enough of the above dialogue to volunteer to write better documentation. (If anyone on this list tried installing or using djbdns and gave up because of the documentation, email me; you'll make perfect test subjects, bwah-hah-hah.) And lousy documentation seems to be a curse of the whole software industry, not just djbdns. (c) odd way of writing source code, if qmail is any indicator I've never tried reading the source, but the djbdns.org page lists a number of patches that others have contributed to enhance the program, so it can't be *too* incomprehensible. (d) odd build process, if qmail is any indicator I installed djbdns as an OpenBSD port and had no trouble with it. (e) odd license and infrequent updates to official source (if qmail ....), which exacerbate the effects of b,c, and d. If there was a DNS server that had djbdns's reputation for security and reliability *and* was distributed under a mainstream open-source license, I would probably use it. However, I'd rather use a program barely outside of the Open Source Definition than use a program with BIND's security record. Lynn ------------------------------------------------------- -- "Rav would never cross a bridge when an idolator was on it; he said, 'Maybe he will be judged and I will be taken with him.' Shmuel would only cross a bridge when an idolator was on it; he said, 'Satan cannot rule two nations [at once].' Rabbi Yannai would examine [the bridge] and cross." --Shabbat 32a == Seth Gordon == sethg@ropine.com == http://ropine.com/ == std. disclaimer == From fsb-return-5549-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri May 04 14:35:00 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 13203 invoked from network); 4 May 2001 14:35:00 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 4 May 2001 14:35:00 -0000 Received: (qmail 18785 invoked by alias); 3 May 2001 20:44:59 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 18778 invoked from network); 3 May 2001 20:44:58 -0000 Date: Thu, 3 May 2001 16:42:58 -0400 From: Rafe Colburn To: fsb@crynwr.com Subject: Re: Apple and Open Source Message-ID: <20010503164258.A68232@umbar.pair.com> References: <20010421114259.A31502@netthink.co.uk> <20010503001006.A4468@netthink.co.uk> <20010502193518.A23201@stupid.geeknest.com> <3AF0B93D.23F9C8F7@wirex.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3AF0B93D.23F9C8F7@wirex.com>; from crispin@wirex.com on Wed, May 02, 2001 at 06:49:49PM -0700 X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Wed, May 02, 2001 at 06:49:49PM -0700, Crispin Cowan wrote: > Casey West wrote: > > > I'm not suprised a bit. Doesn't MicroSoft hold a fair stake in > > Apple? My take on the situation is that even if folks at Apple > > wanted to give something back they would be haulted by The Big Bad > > Machine. > > Microsoft holds a trivial stake in Apple. MS invested $150 million > in Apple in 1997, which at the time had a market cap. of approx. $6 > billion, giving MS approx. 2.5% of Apple. It's worth pointing out that those shares were also special non-voting shares (not plain old common stock), so it wasn't an investment in the traditional sense anyway. --Rafe -- rc3.org Daily - http://rc3.org From fsb-return-5550-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri May 04 14:49:45 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 14530 invoked from network); 4 May 2001 14:49:45 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 4 May 2001 14:49:45 -0000 Received: (qmail 24127 invoked by alias); 3 May 2001 23:01:17 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 24120 invoked from network); 3 May 2001 23:01:14 -0000 Sender: shap@eros.cs.jhu.edu Message-ID: <3AF1E20D.80379792@cs.jhu.edu> Date: Thu, 03 May 2001 18:56:13 -0400 From: shap@cs.jhu.edu Organization: Johns Hopkins University X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.16-3 i686) X-Accept-Language: en MIME-Version: 1.0 To: fsb@crynwr.com Subject: Quote of the day Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Quote of the day: The minute you give one professor the keys to the kingdom, you're going to be ransacked. - Jack Valenti, in a speech claiming that DeCSS is terrorware. Works for me. :-) From fsb-return-5552-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri May 04 17:31:01 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 31867 invoked from network); 4 May 2001 17:31:00 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 4 May 2001 17:31:00 -0000 Received: (qmail 1962 invoked by alias); 4 May 2001 04:14:53 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 1946 invoked from network); 4 May 2001 04:14:16 -0000 From: "Stephen J. Turnbull" MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15090.11045.381376.710851@turnbull.sk.tsukuba.ac.jp> Date: Fri, 4 May 2001 13:08:05 +0900 To: Lynn Winebarger Cc: fsb@crynwr.com Subject: Re: Microsoft: Closed source is more secure In-Reply-To: <0105030736230K.01106@locke.free-expression.org> References: <200104251308.JAA08118@abyssinian.sleepycat.com> <0105022122370H.01106@locke.free-expression.org> <200105030723.f437NWn19711@linux.local> <0105030736230K.01106@locke.free-expression.org> X-Mailer: VM 6.92 under 21.4 (patch 1) "Copyleft" XEmacs Lucid X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N >>>>> "Lynn" == Lynn Winebarger writes: >> > (e) odd license and infrequent updates to official source Lynn> Qmail lacks a features that are necessary for running an Lynn> effective and secure mail exchange/relay operation "out of Lynn> the box". So hire Russ Nelson. Or any of the dozen or score of companies on the www.qmail.org page. Russ is a good dude; if you can't afford him, but have a good cause, he might throw in some pro bono consulting. (That's based on his "good dude"-ness, I don't know what his personal policy on pro bono is. He may have already "given at the office".) An alternative way of looking at (e) would be that DJB has an odd way of saying "'running an effective and secure mail exchange/relay operation' is a job for professionals, and cannot be done 'out of the box', _any_ box.. Kids, don't try this at home." Lynn> By secure, I particularly mean supporting authorization and Lynn> starttls. Merely supporting A & S is "secure"? You have to know how to use them! That's non-trivial. Among other things, it involves user education and transitive trust, long known to be the weakest single links in security. "Don't try this at home." Yes, I know what you "really meant". But I think your argument as stated depends on what you wrote, not on what you meant. Lynn> I should be familiar with every line of source code for Lynn> every package I run on the systems I maintain. I should put Lynn> security absolutely above features. Straw man. If you really are interested in maintaining a secure effective mail operation, investing the time or money to become or hire a professional is the ante. Otherwise I, for one, simply do not believe you are serious. "They" _are_ out to get us. I've been "got", so have many of my friends, including people running what they thought were "secure" operations. I have not made the investment to become a pro, nor do I plan to immediately, because only I am at risk. But I know what my responsibility is if I extend my operations to serve people who don't even have the minimal knowledge I do. That doesn't mean I expect you to know how to deal with the legion of holes opened up on systems that have Emacs or a C compiler available -- you deal with those by not having them on the mail host. Security above features, absolutely. :^) Lynn> Maybe I'm just not diligent enough, but I doubt it. Or Lynn> maybe I'm an odd sysadmin. Hard for me to tell. I don't think you're odd, or lack diligence, at all. I think you're mixing "free speech" with "free beer" once again, as many (including experienced sysadmins) do. But in a very subtle way. No question, DJB's license does not qualify as a free software license. Your real complaint, however, seems to be that you can't get qmail levels of security plus the features you want cheaply by piggybacking on DJB's code. As we get extremely high quality, plus features, through other (free) software. _But that has nothing to do with the license._ You couldn't get that anyway, even if it were a free license. Security does not work that way; mix and match inherently implies much lower levels of reliability in the security domain than it does in others. The "other side" is actively seeking exploits, so unity of design and implementation is much more important. Yes, it would be cheaper if the software were free. But nowhere near as cheap as you suggest, because you have to include the cost of all the "rm -rf /" exploits that happen to people who trusted "secure" derivatives before hackers other than DJB get it as right as he has on his limited domain. The (high) probability of those is inherent in free software. The above expresses no opinion about whether DJB is playing political games or what their motivation might be. ***** That said, I agree that the restrictions are political; I think the motivation is basically as stated -- he does not want to open himself up to _any_ security-related criticisms. Call it egotism if you like; it's his software (assuming you don't go down rms's `no such thing as IP' road) and he is welcome to put what restrictions on it he likes. But there is also the argument that DJB has created what is, as far as possible, a provably secure mail system, on a limited security domain. He's backed it up with his bet. That's a non-negligible contribution to a more capable system. (Eg, somebody could invent a secure protocol for doing auth and starttls then handing them off to qmail, then implement it.) I see no reason why he should degrade his trade name (not to mention one crucial to Russ Nelson's business) by opening it up to "addition of features required" for _some_ applications. Others (Russ!) may prefer the minimal "maximum security" implementation. -- University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN Institute of Policy and Planning Sciences Tel/fax: +81 (298) 53-5091 _________________ _________________ _________________ _________________ What are those straight lines for? "XEmacs rules." From fsb-return-5551-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri May 04 17:38:50 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 32935 invoked from network); 4 May 2001 17:38:50 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 4 May 2001 17:38:50 -0000 Received: (qmail 32625 invoked by alias); 4 May 2001 03:10:44 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 32618 invoked from network); 4 May 2001 03:10:42 -0000 From: "Stephen J. Turnbull" MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15090.6428.477297.114317@turnbull.sk.tsukuba.ac.jp> Date: Fri, 4 May 2001 11:51:08 +0900 To: Brian Behlendorf Cc: Simon Cozens , Subject: Re: Apple and Open Source In-Reply-To: References: <20010503013953.B5239@netthink.co.uk> X-Mailer: VM 6.92 under 21.4 (patch 1) "Copyleft" XEmacs Lucid X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N >>>>> "Brian" == Brian Behlendorf writes: Brian> But even if it were the same, access to the source code of Brian> a program one still has to pay for is still better than no Brian> access at all. It may in fact be the best of the _possible_ worlds. A world in which all participants have a perfect understanding of the needs of all others, and the ability to compromise among them appropriately is not possible. (A world without greed? _Much_ easier; greed is _not_ the central problem.) The price mechanism is still the most accurate way we have of eliciting consumer valuations. -- University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN Institute of Policy and Planning Sciences Tel/fax: +81 (298) 53-5091 _________________ _________________ _________________ _________________ What are those straight lines for? "XEmacs rules." From fsb-return-5553-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri May 04 18:31:41 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 39665 invoked from network); 4 May 2001 18:31:41 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 4 May 2001 18:31:41 -0000 Received: (qmail 8644 invoked by alias); 4 May 2001 18:28:42 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 8632 invoked from network); 4 May 2001 18:28:41 -0000 X-Authentication-Warning: queso.onshore.com: Host krazykat.onshored.com [206.69.90.46] claimed to be krazykat Sender: craig@adsl-63-195-82-35.dsl.snfc21.pacbell.net To: "Stephen J. Turnbull" Cc: Brian Behlendorf , Simon Cozens , Subject: Re: Apple and Open Source References: <20010503013953.B5239@netthink.co.uk> <15090.6428.477297.114317@turnbull.sk.tsukuba.ac.jp> From: Craig Brozefsky Date: 04 May 2001 13:30:53 -0500 In-Reply-To: <15090.6428.477297.114317@turnbull.sk.tsukuba.ac.jp> Message-ID: <87zoctotk2.fsf@piracy.red-bean.com> Lines: 33 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N "Stephen J. Turnbull" writes: > >>>>> "Brian" == Brian Behlendorf writes: > > Brian> But even if it were the same, access to the source code of > Brian> a program one still has to pay for is still better than no > Brian> access at all. > > It may in fact be the best of the _possible_ worlds. A world in > which all participants have a perfect understanding of the needs of > all others, and the ability to compromise among them appropriately > is not possible. (A world without greed? _Much_ easier; greed is > _not_ the central problem.) I'm inclined to think it isn't tho. My primary reason is that pricing for the software is still based on the idea of the program's scarcity. So you have a price analysis tied to an artificial scarcity, which is divorced from the labor that went into the production of the software. The two are indeed tied together, a company selling licenses must make enough to pay for it development costs, but it's mediated by all the profit taking and internal machinations of businesses. The invisible hand becomes as indiscriminant as ever. > The price mechanism is still the most accurate way we have of > eliciting consumer valuations. But it does us no good if you're measuring variable X, which has only a marginal connection to your goal state. -- Craig Brozefsky http://www.red-bean.com/~craig In the rich man's house there is nowhere to spit but in his face -- Diogenes From fsb-return-5554-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri May 04 19:17:02 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 46118 invoked from network); 4 May 2001 19:17:02 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 4 May 2001 19:17:02 -0000 Received: (qmail 15357 invoked by alias); 4 May 2001 19:17:22 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 15350 invoked from network); 4 May 2001 19:17:20 -0000 X-Authentication-Warning: queso.onshore.com: Host krazykat.onshored.com [206.69.90.46] claimed to be krazykat Sender: craig@adsl-63-195-82-35.dsl.snfc21.pacbell.net To: "\"Stephen J. Turnbull\" " Subject: Re: Apple and Open Source (in private) References: <20010503013953.B5239@netthink.co.uk> <15090.6428.477297.114317@turnbull.sk.tsukuba.ac.jp> <87zoctotk2.fsf@piracy.red-bean.com> From: Craig Brozefsky Date: 04 May 2001 14:22:24 -0500 In-Reply-To: <87zoctotk2.fsf@piracy.red-bean.com> Message-ID: <87u230q5qn.fsf_-_@piracy.red-bean.com> Lines: 61 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Craig Brozefsky writes: Hey Stephen, I now we've gotten into some flame wars in the past, but I wanted to let you know that in this thread I have no intention of continuing those, and I would appreciate your commentary or correction of my assumptions, reasoning here. One of the things I've been thinking about is how to better tie the costs of software to the labor it takes to develop and support it. It's something that my own company is dealing with at the moment in trying to come up with a pricing model for our software package (large parts of it are available as Free Software). Also, on your advice from a year or so ago, I started doing more reading in economics. I'm reading "Economics: A New Introduction" by Hugh Stretton presently, and have also read some works on the economic issues of Intellectual Property specifically, such as "The Economics of Intellectual Property in a World Without Frontiers" by Meheroo Jussawalla. > "Stephen J. Turnbull" writes: > > >>>>> "Brian" == Brian Behlendorf writes: > > > > Brian> But even if it were the same, access to the source code of > > Brian> a program one still has to pay for is still better than no > > Brian> access at all. > > > > It may in fact be the best of the _possible_ worlds. A world in > > which all participants have a perfect understanding of the needs of > > all others, and the ability to compromise among them appropriately > > is not possible. (A world without greed? _Much_ easier; greed is > > _not_ the central problem.) > > I'm inclined to think it isn't tho. My primary reason is that pricing > for the software is still based on the idea of the program's scarcity. > So you have a price analysis tied to an artificial scarcity, which is > divorced from the labor that went into the production of the software. > The two are indeed tied together, a company selling licenses must make > enough to pay for it development costs, but it's mediated by all the > profit taking and internal machinations of businesses. The invisible > hand becomes as indiscriminant as ever. > > > The price mechanism is still the most accurate way we have of > > eliciting consumer valuations. > > But it does us no good if you're measuring variable X, which has only > a marginal connection to your goal state. > > -- > Craig Brozefsky > http://www.red-bean.com/~craig > In the rich man's house there is nowhere to spit but in his face > -- Diogenes > -- Craig Brozefsky http://www.red-bean.com/~craig In the rich man's house there is nowhere to spit but in his face -- Diogenes From fsb-return-5555-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri May 04 19:23:28 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 47223 invoked from network); 4 May 2001 19:23:27 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 4 May 2001 19:23:27 -0000 Received: (qmail 15920 invoked by alias); 4 May 2001 19:23:49 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 15913 invoked from network); 4 May 2001 19:23:48 -0000 Sender: shap@eros.cs.jhu.edu Message-ID: <3AF30053.A071847C@cs.jhu.edu> Date: Fri, 04 May 2001 15:17:39 -0400 From: shap@cs.jhu.edu Organization: Johns Hopkins University X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.16-3 i686) X-Accept-Language: en MIME-Version: 1.0 To: Seth Gordon CC: fsb@crynwr.com Subject: Re: Fwd: Re: Microsoft: Closed source is more secure References: <0105022358110J.01106@locke.free-expression.org> <20010503180014.17269.qmail@horse-nettle.ropine.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N I don't have an opinion about the merits of djbdns. Having read the comments by others, however, I want to point something out. Djbdns may or may not be secure, but it is decidedly *not* high assurance. Auditability and documentation of code are *essential* to high assurance. If the documentation is poor, if the design is not clearly articulated and published, and if the code is substantially difficult to comprehend and to cross-check against the design, then djbdns *cannot* be a high assurance system. That is: we don't *know* if it is secure. What we have is (a) a strong assertion by the author and a couple of supporters, and (b) a software artifact for which few (if any) security flaws have been reported. These assertions *may* be correct. I have no contrary evidence from personal experience. What I *do* know is that djbdns has not been through any rigorous evaluation process that would lead me to confidence about its security, and that there are several quirks about the software, its build environment, and its documentation that would lead me to initial skepticism. Jonathan From fsb-return-5556-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri May 04 19:27:57 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 47883 invoked from network); 4 May 2001 19:27:57 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 4 May 2001 19:27:57 -0000 Received: (qmail 16329 invoked by alias); 4 May 2001 19:28:20 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 16322 invoked from network); 4 May 2001 19:28:20 -0000 X-Authentication-Warning: queso.onshore.com: Host krazykat.onshored.com [206.69.90.46] claimed to be krazykat Sender: craig@adsl-63-195-82-35.dsl.snfc21.pacbell.net To: Subject: Re: Apple and Open Source (in private) References: <20010503013953.B5239@netthink.co.uk> <15090.6428.477297.114317@turnbull.sk.tsukuba.ac.jp> <87zoctotk2.fsf@piracy.red-bean.com> <87u230q5qn.fsf_-_@piracy.red-bean.com> From: Craig Brozefsky Date: 04 May 2001 14:33:26 -0500 In-Reply-To: <87u230q5qn.fsf_-_@piracy.red-bean.com> Message-ID: <87pudoq589.fsf@piracy.red-bean.com> Lines: 43 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Craig Brozefsky writes: Woowoo! Gnus complications and improper header editing. Sorry guys. Well, at least I was being freindly. Let's consider this a public apology to Stephen and the list at large for the flame wars I participated in last year, as well as some on topic FSB discussion and some reading reccomendations. Both of the books I mention below, in particular Jussawalla's survey, are good reads. One thing about the Jussawalla that I dug is that it presents a fairly balanced account of 1992 IP law, as well as a short history of the various global organizations attempting to unify IP law around the globe. It's bibliography is very valuable as well since it has references to alot of economic arguments/essays that we see rehashed on this list and elsewhere quite frequently. > Craig Brozefsky writes: > > > > Hey Stephen, I now we've gotten into some flame wars in the past, but > I wanted to let you know that in this thread I have no intention of > continuing those, and I would appreciate your commentary or correction > of my assumptions, reasoning here. One of the things I've been > thinking about is how to better tie the costs of software to the labor > it takes to develop and support it. It's something that my own > company is dealing with at the moment in trying to come up with a > pricing model for our software package (large parts of it are > available as Free Software). > > Also, on your advice from a year or so ago, I started doing more > reading in economics. I'm reading "Economics: A New Introduction" by > Hugh Stretton presently, and have also read some works on the economic > issues of Intellectual Property specifically, such as "The Economics > of Intellectual Property in a World Without Frontiers" by Meheroo > Jussawalla. -- Craig Brozefsky http://www.red-bean.com/~craig In the rich man's house there is nowhere to spit but in his face -- Diogenes From fsb-return-5557-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri May 04 19:31:56 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 48614 invoked from network); 4 May 2001 19:31:55 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 4 May 2001 19:31:55 -0000 Received: (qmail 16873 invoked by alias); 4 May 2001 19:30:17 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 16866 invoked from network); 4 May 2001 19:30:16 -0000 Sender: novalis Message-ID: <3AF2FEA7.3EAAA1C6@novalis.org> Date: Fri, 04 May 2001 15:10:31 -0400 From: Dave Turner X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.4.2 i686) X-Accept-Language: en,pdf MIME-Version: 1.0 To: fsb@crynwr.com Subject: Re: Fwd: Re: Microsoft: Closed source is more secure References: <0105022358110J.01106@locke.free-expression.org> <20010503180014.17269.qmail@horse-nettle.ropine.com> <3AF30053.A071847C@cs.jhu.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N shap@cs.jhu.edu wrote: > > I don't have an opinion about the merits of djbdns. Having read the > comments by others, however, I want to point something out. Djbdns may > or may not be secure, but it is decidedly *not* high assurance. > Auditability and documentation of code are *essential* to high > assurance. If the documentation is poor, if the design is not clearly > articulated and published, and if the code is substantially difficult to > comprehend and to cross-check against the design, then djbdns *cannot* > be a high assurance system. The code is not very difficult to comprehend. It's just stylistically quite different from typical C code. > That is: we don't *know* if it is secure. What we have is (a) a strong > assertion by the author and a couple of supporters, and (b) a software > artifact for which few (if any) security flaws have been reported. > > These assertions *may* be correct. I have no contrary evidence from > personal experience. What I *do* know is that djbdns has not been > through any rigorous evaluation process that would lead me to confidence > about its security, and that there are several quirks about the > software, its build environment, and its documentation that would lead > me to initial skepticism. Actually, I suspect that lots of people have gone over the source, because of this: http://cr.yp.to/djbdns/guarantee.html He's offering $500 for bugs. Granted, that's not much, but when you count in the fame... well, I think there's more assurance than you think. -- -Dave Turner Stalk me: (215)-545-2859 -------------------------------------------------------------------- Insert here the quote from Stations Of The Tides that goes something like: "I'll tear down the stars themselves and put up something worth looking at in their place". I'll fix it when I find my copy. From fsb-return-5558-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri May 04 19:42:40 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 49979 invoked from network); 4 May 2001 19:42:40 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 4 May 2001 19:42:40 -0000 Received: (qmail 18765 invoked by alias); 4 May 2001 19:39:08 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 18757 invoked from network); 4 May 2001 19:39:08 -0000 Sender: shap@eros.cs.jhu.edu Message-ID: <3AF30427.721BB9D7@cs.jhu.edu> Date: Fri, 04 May 2001 15:33:59 -0400 From: shap@cs.jhu.edu Organization: Johns Hopkins University X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.16-3 i686) X-Accept-Language: en MIME-Version: 1.0 To: Dave Turner CC: fsb@crynwr.com Subject: Re: Fwd: Re: Microsoft: Closed source is more secure References: <0105022358110J.01106@locke.free-expression.org> <20010503180014.17269.qmail@horse-nettle.ropine.com> <3AF30053.A071847C@cs.jhu.edu> <3AF2FEA7.3EAAA1C6@novalis.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Dave Turner wrote: > Actually, I suspect that lots of people have gone over the source, > [of djbdns] because of this: > > http://cr.yp.to/djbdns/guarantee.html > > He's offering $500 for bugs. Granted, that's not much, but when you > count in the fame... well, I think there's more assurance than you > think. This is *definitely* better than nothing, but I think you missed the point. The question is not whether the code has been haphazardly examined. The question is whether there is an appropriately detailed specification that meets the security objectives, and whether the code has then been *systematically* examined by knowledgeable readers to determine whether it satisfies this specification. I'm not knocking bounties -- we're going to put one out on EROS one of these days, and I hope it will help. I'm saying that bounties do not take the place of a proper assurance evaluation. Jonathan From fsb-return-5559-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Fri May 04 20:05:04 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 52979 invoked from network); 4 May 2001 20:05:04 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 4 May 2001 20:05:04 -0000 Received: (qmail 20974 invoked by alias); 4 May 2001 20:04:41 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 20967 invoked from network); 4 May 2001 20:04:39 -0000 Mail-Followup-To: fsb@crynwr.com To: fsb@crynwr.com Subject: Re: Fwd: Re: Microsoft: Closed source is more secure References: <0105022358110J.01106@locke.free-expression.org> <20010503180014.17269.qmail@horse-nettle.ropine.com> <3AF30053.A071847C@cs.jhu.edu> From: Ian Lance Taylor Date: 04 May 2001 13:04:00 -0700 In-Reply-To: <3AF30053.A071847C@cs.jhu.edu> Message-ID: Lines: 27 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N shap@cs.jhu.edu writes: > I don't have an opinion about the merits of djbdns. Having read the > comments by others, however, I want to point something out. Djbdns may > or may not be secure, but it is decidedly *not* high assurance. > Auditability and documentation of code are *essential* to high > assurance. If the documentation is poor, if the design is not clearly > articulated and published, and if the code is substantially difficult to > comprehend and to cross-check against the design, then djbdns *cannot* > be a high assurance system. I don't want to get into a mode of defending DJB. But I have looked at the djbdns code (and, for that matter, the code for qmail, daemontools, and ucspi-tcp). It is small, highly modular, and reasonably straightforward to understand. The security design is clearly articulated: http://cr.yp.to/djbdns/ad/security.html In particular, it's straightforward to verify that dnscache and tinydns run under a non-root UID in a chroot jail. That in itself provides a very high level of security. I believe it ensures that no root exploit is possible except by playing off some hypothetical bug in the operating system itself. Would that the same were true of bind. Ian From fsb-return-5560-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sat May 05 19:38:17 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 88919 invoked from network); 5 May 2001 19:38:16 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 5 May 2001 19:38:16 -0000 Received: (qmail 20237 invoked by alias); 5 May 2001 19:38:31 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 20230 invoked from network); 5 May 2001 19:38:30 -0000 Date: Sat, 5 May 2001 15:40:27 -0400 (EDT) Message-Id: <200105051940.PAA23943@kirk.dnaco.net> From: kragen@pobox.com To: shap@cs.jhu.edu Subject: Re: Fwd: Re: Microsoft: Closed source is more secure Cc: sethg@ropine.com, fsb@crynwr.com, djb@cr.yp.to X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N [I'm Ccing Dan to give him a chance to rebut my comments, because a lot of this post consists of me putting words in his mouth. Since the post I'm responding to was posted on an open-membership, publicly-archived mailing list, I'm assuming it's OK to quote it.] shap@cs.jhu.edu writes: > I don't have an opinion about the merits of djbdns. Having read the > comments by others, however, I want to point something out. Djbdns may > or may not be secure, but it is decidedly *not* high assurance. > Auditability and documentation of code are *essential* to high > assurance. If the documentation is poor, if the design is not clearly > articulated and published, and if the code is substantially difficult to > comprehend and to cross-check against the design, then djbdns *cannot* > be a high assurance system. Dan has a tendency to write things in weird ways because he has come to the conclusion that those weird ways are less likely to lead to bugs than the more normal ways of doing things. For example, he doesn't use functions from the standard C library, other than Unix system calls, because he thinks their design tends to produce and hide bugs in programs that use them. He also has a tendency to write software that is much smaller and simpler than other similar software. The source code to all of djbdns, including several clients and several servers, totals 177 printed pages --- less than the BIND Operations Guide. It might be desirable to have documentation of the design that was smaller than that, but that's still small enough to be easily understood. I generally don't find his code particularly difficult to comprehend, and I'm mystified by people who do. I wonder if they're the same people who have a hard time reading code with a different brace style than they're used to. DJB's code is, if anything, far simpler, terser, and better-commented than most C code. > That is: we don't *know* if it is secure. What we have is (a) a strong > assertion by the author and a couple of supporters, and (b) a software > artifact for which few (if any) security flaws have been reported. None, as far as I know. http://cr.yp.to/djbdns/guarantee.html seems to imply that any reported security holes will be listed there (although it actually only says that disputes will be reported there); none are listed. Two 'bug' items are listed in the CHANGES file, which goes back to 1999-11-24. Neither is a security flaw. While Dan can be an asshole, it appears to me that he's a lot more interested in the truth than in appearing to have been right; so I think that the lack of listed security flaws there means there haven't been any. I have a lot more confidence in code that has been written and released by Dan than in code that has been carefully audited by the OpenBSD team. This confidence comes from the years-long bug-free history of qmail and ezmlm. In fact, Dan's software is the only reason I believe there is an alternative to the security-patch treadmill. > These assertions *may* be correct. I have no contrary evidence from > personal experience. What I *do* know is that djbdns has not been > through any rigorous evaluation process that would lead me to confidence > about its security, and that there are several quirks about the > software, its build environment, and its documentation that would lead > me to initial skepticism. Now you know why those quirks are there. From fsb-return-5561-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sun May 06 05:21:14 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 26934 invoked from network); 6 May 2001 05:21:14 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 6 May 2001 05:21:14 -0000 Received: (qmail 13934 invoked by alias); 6 May 2001 05:21:30 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 13926 invoked from network); 6 May 2001 05:21:28 -0000 From: Russell Nelson MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Sun, 6 May 2001 01:21:26 -0400 (EDT) To: fsb@crynwr.com Subject: Re: Fwd: Re: Microsoft: Closed source is more secure In-Reply-To: <0105022358110J.01106@locke.free-expression.org> References: <0105022358110J.01106@locke.free-expression.org> X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs Lucid Message-ID: <15092.56245.121654.74813@desk.crynwr.com> X-Face: $K'YURj"g6ImvqTS_=]8)gqh!5;ElY<[.Rao%j8r+]iUfE{%|v%F<=mcq<6l{K=~mf&#:?" nslS]U~|x{2V=Eex_I#"9K~9)>?m7Lm={(j_&)SX~fzg&ST~P%QUhc{1p]c3@Zn1u*PZlkHM**X^vV l>GkB5y^Kz%w5p~^uDue]hL&ke,N;+Q > What is the problem with djbdns (apart from the fact that it is > > not Free Software)? > > (a) personality of the author as seen in Internet postings (usenet/web pages) > (b) poor documentation, if qmail is any indicator > (c) odd way of writing source code, if qmail is any indicator > (d) odd build process, if qmail is any indicator > (e) odd license and infrequent updates to official source (if qmail ....), > which exacerbate the effects of b,c, and d. Lynn, I personally don't evaluate software based on the personality of the author. I've heard that some people do, but I think it's rather childish. The documentation for djbdns is in fact rather well written, however in order to appreciate this, you have to read it. Many people simply Fail to Read The Manual (FRTM), which is probably the source of the common reply they get: RTFM. Yes, djbdns avoids using many functions in the C library, for good reason: they produce unreliable code. Take, for example, strchr. What it returns (a pointer to the first-found character in a string) is useless without first checking it to see if it's null. The ideom looks like this: x = strchr(s, c); if (x) /* x points to c */; else /* there is no c in s */; Any time you see strchr used outside of that ideom, you have unreliable code. Dan uses instead str_chr, which returns the offset from the beginning of the string to the first character, or to the first null. Such a value can be used without first testing to see if it is null. The "odd build process" that you refer to involves downloading the tarball, extracting it, and running "make". IMHO, having to run "./configure" first is part of an even odder build process. As far as infrequent updates to qmail goes, you must understand that qmail is a Unix program. It does not come tailored to your environment, nor to anybody's environment. Neither do cat, tail, grep, sed, awk, or any other of the standard Unix tools. You should expect to have to configure qmail to your environment. This is the Unix philosophy; stop acting so helpless. That gets us down to the license. Yes, qmail and djbdns are not open source, nor free software by RMS's definition. However, you have the source, and you are free to redistribute it, you are free to distribute patches (but not pre-patched source), and you are even free to distribute binaries produced from unmodified source. The only thing that stops Dan's software from being open source is his refusal to allow distribution of modified source or binaries. If everyone produced software of equal security and reliablity as Dan Bernstein, then Open Source would have no legs. -- -russ nelson will be speaking at http://www.osdn.com/conferences/handhelds/ Crynwr sells support for free software | PGPok | Mailing lists should not set 521 Pleasant Valley Rd. | +1 315 268 1925 voice | Reply-To: back to the list! Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | http://russnelson.com/rt.html From fsb-return-5562-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sun May 06 05:25:56 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 27934 invoked from network); 6 May 2001 05:25:55 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 6 May 2001 05:25:55 -0000 Received: (qmail 14461 invoked by alias); 6 May 2001 05:26:14 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 14454 invoked from network); 6 May 2001 05:26:13 -0000 From: Russell Nelson MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Sun, 6 May 2001 01:26:12 -0400 (EDT) To: fsb@crynwr.com Subject: Re: Microsoft: Closed source is more secure In-Reply-To: <0105030736230K.01106@locke.free-expression.org> References: <200104251308.JAA08118@abyssinian.sleepycat.com> <0105022122370H.01106@locke.free-expression.org> <200105030723.f437NWn19711@linux.local> <0105030736230K.01106@locke.free-expression.org> X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs Lucid Message-ID: <15092.57198.982139.69685@desk.crynwr.com> X-Face: $K'YURj"g6ImvqTS_=]8)gqh!5;ElY<[.Rao%j8r+]iUfE{%|v%F<=mcq<6l{K=~mf&#:?" nslS]U~|x{2V=Eex_I#"9K~9)>?m7Lm={(j_&)SX~fzg&ST~P%QUhc{1p]c3@Zn1u*PZlkHM**X^vV l>GkB5y^Kz%w5p~^uDue]hL&ke,N;+Q Now, I know, qmail has its adherents, and Russ Nelson, > notably, provides support for it. Presumably they have found its > virtues worth investing their time on. Of course, Russ consults on > qmail, so one can guess that his time investment gaining expertise > in the details of qmail is well-spent. I, and I assume many (but > not all) sysadmins out there, do not have that luxury. I'm not > saying other free mail server implementations (or BIND) are really > easy to use and troubleshoot, or add features to. Exactly. A complicated email system is hard to install and troubleshoot. There is no way around that. At least with qmail, the software does what the man pages say, and ONLY what the man pages say. No undocumented remote debug-as-root options. > But at least I'm > pretty sure that if it came to that, either the maintainers of the > software would have some interest in incorporating my work > (depending on quality) or I would have the option of forking if I > disagreed with their evaluation or if there were some political > game being played. Either way, my attempt to contribute and my > needs (or the needs of my employer) get a fair shake. Feel free to contribute. http://www.qmail.org contains many people's contributions. So does http://www.djbdns.org, but fewer so because it's only a little over a year old. If you don't like their contributions, well, you should feel free to fork them, and produce your own. As so many free software developers have had to say in the past, "send code." -- -russ nelson will be speaking at http://www.osdn.com/conferences/handhelds/ Crynwr sells support for free software | PGPok | Mailing lists should not set 521 Pleasant Valley Rd. | +1 315 268 1925 voice | Reply-To: back to the list! Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | http://russnelson.com/rt.html From fsb-return-5563-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sun May 06 05:31:40 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 29107 invoked from network); 6 May 2001 05:31:40 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 6 May 2001 05:31:40 -0000 Received: (qmail 14986 invoked by alias); 6 May 2001 05:31:56 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 14978 invoked from network); 6 May 2001 05:31:54 -0000 From: Russell Nelson MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Sun, 6 May 2001 01:31:53 -0400 (EDT) To: fsb@crynwr.com Subject: Re: Microsoft: Closed source is more secure In-Reply-To: <15090.11045.381376.710851@turnbull.sk.tsukuba.ac.jp> References: <200104251308.JAA08118@abyssinian.sleepycat.com> <0105022122370H.01106@locke.free-expression.org> <200105030723.f437NWn19711@linux.local> <0105030736230K.01106@locke.free-expression.org> <15090.11045.381376.710851@turnbull.sk.tsukuba.ac.jp> X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs Lucid Message-ID: <15092.57592.297293.469846@desk.crynwr.com> X-Face: $K'YURj"g6ImvqTS_=]8)gqh!5;ElY<[.Rao%j8r+]iUfE{%|v%F<=mcq<6l{K=~mf&#:?" nslS]U~|x{2V=Eex_I#"9K~9)>?m7Lm={(j_&)SX~fzg&ST~P%QUhc{1p]c3@Zn1u*PZlkHM**X^vV l>GkB5y^Kz%w5p~^uDue]hL&ke,N;+Q That said, I agree that the restrictions are political; I think the > motivation is basically as stated -- he does not want to open himself > up to _any_ security-related criticisms. Call it egotism if you like; > it's his software (assuming you don't go down rms's `no such thing as > IP' road) and he is welcome to put what restrictions on it he likes. He could get the same results by using a certification process, something I've tried but failed to convince him of. > But there is also the argument that DJB has created what is, as far as > possible, a provably secure mail system, on a limited security domain. > He's backed it up with his bet. That's a non-negligible contribution > to a more capable system. Particularly given the state of the art in 1996 when Dan wrote qmail. > (Eg, somebody could invent a secure protocol for doing auth and > starttls then handing them off to qmail, then implement it.) Yup. > I see no reason why he should degrade his trade name (not to mention > one crucial to Russ Nelson's business) by opening it up to "addition > of features required" for _some_ applications. Others (Russ!) may > prefer the minimal "maximum security" implementation. It's not just security. It's the fact that qmail is a tool that I use to create an email system. The fact that it's not highly adapted to any one environment makes it easy for me to adapt it to the environment I need it to be in. Simplicity and flexibility count. -- -russ nelson will be speaking at http://www.osdn.com/conferences/handhelds/ Crynwr sells support for free software | PGPok | Mailing lists should not set 521 Pleasant Valley Rd. | +1 315 268 1925 voice | Reply-To: back to the list! Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | http://russnelson.com/rt.html From fsb-return-5564-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sun May 06 07:26:53 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 54530 invoked from network); 6 May 2001 07:26:53 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 6 May 2001 07:26:53 -0000 Received: (qmail 23971 invoked by alias); 6 May 2001 07:27:09 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 23963 invoked from network); 6 May 2001 07:27:07 -0000 Date: Sun, 6 May 2001 00:26:34 -0700 From: Seth David Schoen To: fsb@crynwr.com Subject: Re: Quote of the day Message-ID: <20010506002634.J5636@zork.net> Mail-Followup-To: Seth David Schoen , fsb@crynwr.com References: <3AF1E20D.80379792@cs.jhu.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3AF1E20D.80379792@cs.jhu.edu>; from shap@cs.jhu.edu on Thu, May 03, 2001 at 06:56:13PM -0400 X-Accept-Language: en,la,eo Sender: Seth David Schoen X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N shap@cs.jhu.edu writes: > Quote of the day: > > The minute you give one professor the keys to > the kingdom, you're going to be ransacked. > > - Jack Valenti, in a speech claiming > that DeCSS is terrorware. If you saw that quoted in my message on interesting-people, please note that Valenti's speech is distinct from Alter's court arguments. Valenti didn't advance the idea that DeCSS was like a terrorist weapon, but he does say that it's like a lock pick, or a tool for committing burglaries. Alter's statements seem more extreme than Valenti's, in this case. The "keys to the kingdom" was quoted in a few places at the time, explaining why Valenti was afraid of research exemptions to the DMCA. It is true that professors usually like to publish their results, and, in the computing world, even reference implementations. -- Seth David Schoen | And do not say, I will study when I Temp. http://www.loyalty.org/~schoen/ | have leisure; for perhaps you will down: http://www.loyalty.org/ (CAF) | not have leisure. -- Pirke Avot 2:5 From fsb-return-5565-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sun May 06 09:56:07 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 8663 invoked from network); 6 May 2001 09:56:07 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 6 May 2001 09:56:07 -0000 Received: (qmail 22872 invoked by alias); 6 May 2001 09:56:21 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 22846 invoked from network); 6 May 2001 09:56:18 -0000 From: Lynn Winebarger To: "Stephen J. Turnbull" Subject: Re: Microsoft: Closed source is more secure Date: Sun, 6 May 2001 04:56:50 -0500 X-Mailer: KMail [version 1.1.99] Content-Type: text/plain; charset="us-ascii" References: <200104251308.JAA08118@abyssinian.sleepycat.com> <0105030736230K.01106@locke.free-expression.org> <15090.11045.381376.710851@turnbull.sk.tsukuba.ac.jp> In-Reply-To: <15090.11045.381376.710851@turnbull.sk.tsukuba.ac.jp> MIME-Version: 1.0 Message-Id: <01050401104412.01106@locke.free-expression.org> Content-Transfer-Encoding: 8bit Cc: fsb@crynwr.com X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N I don't know if this is going off-topic or not. Let's also keep in mind I'm trying to answer the original question of "why isn't this used". Giving me all the reasons I'm wrong (while they may be valid and instructive to me) is probably not so interesting to people on this list as looking at the question of (a) "are these typical views", and (b) "if I design the most secure known application, how can I avoid being marginalized in the marketplace" or similar. On Thursday 03 May 2001 23:08, Stephen J. Turnbull wrote: > Lynn> I should be familiar with every line of source code for > Lynn> every package I run on the systems I maintain. I should put > Lynn> security absolutely above features. > > Straw man. Actually, I believe I've seen this view expressed before, but I may be imagining remembering it. ["this view" being the double quoted one]. In my more delusional moments, I may feel it's the right requirement. It may have been something in Vixie's cron build docs that said something along the lines of "If saying 'su to root and type make' was enough to get you to su to root and type make, you've got a security problem. You should look into it", where I saw the first sentence as an implication. > If you really are interested in maintaining a secure > effective mail operation, investing the time or money to become or > hire a professional is the ante. Otherwise I, for one, simply do not > believe you are serious. Changing the financial situation is not directly within my power. As for the time, it's a limited resource, and mail is far from the only service I have to oversee. I imagine we're not the only ones in this situation. > "They" _are_ out to get us. I've been "got", so have many of my > friends, including people running what they thought were "secure" > operations. There are different gradations of "they". "Secure" depends on the analysis of the risks involved in a particular operation, and is not limited to merely the source of a particular application. I don't expect I'll ever run machines with the security requirements of the military, NSA, or a major financial institution. My desire is simply to provide a reasonable level of confidentiality while providing _necessary_ features, along with enough monitoring and record-keeping to pursue (legal) remedies if security is breached. That's my view on what security means. > Your real complaint, however, seems to be that you can't get qmail > levels of security plus the features you want cheaply by piggybacking > on DJB's code. As we get extremely high quality, plus features, > through other (free) software. > > _But that has nothing to do with the license._ You couldn't get that > anyway, even if it were a free license. Security does not work that > way; mix and match inherently implies much lower levels of reliability > in the security domain than it does in others. The "other side" is > actively seeking exploits, so unity of design and implementation is > much more important. > No, you don't seem to understand. Qmail's level of security is irrelevant if it does not provide necessary features for the needs of the organization looking at it. Essentially, _it_ is a straw man of a sort. If I have to choose between 2 calculator programs, one of which provides only + and - but absolutely, positively no exploits - and the other of which provides multiplication and division as well - but likely some unknown exploits; I'd have to choose the latter and try to set up external barriers or otherwise minimize the effects of the potential exploits. Note I left out the option of writing my own calculator program deliberately (writing a calculator is significantly easier than writing a complete RFC-conformant mail system). Obviously qmail provides sufficient functionality to satisfy many purposes, so this may seem an unfair comparison - I'm just trying to illustrate the point, though. And while I am cheap (attempt to provide cost-effective solutions is the nicer way of putting it), if we had the money to hire outside parties to modify source code, I would not choose qmail as the starting point unless we truly had boatloads of money to throw at the problem. And the license is the reason. I'd instead start with a piece of free software, add the feature set we need (or some subset thereof) and redistribute it so others with similar needs could make adaptations and contribute them back (if they wanted to). It's a way for small organizations like the one I work for to informally pool our resources. And the license for qmail (in concert with the other factors I mentioned originally) makes this a difficult thing to do. As well as the infrequent updates that would probably neither include these features (with contributed code) or try to address them in other ways. [given a piece of software with all the required features but serious compromises, I'd consider contracting or doing some security auditing, but it's an iffy thing since, as you mentioned, there may be inherent security flaws in the design of the software]. And yes, this is still seeking free beer, but it's not _only_ seeking free beer. > up to _any_ security-related criticisms. Call it egotism if you like; > it's his software (assuming you don't go down rms's `no such thing as > IP' road) and he is welcome to put what restrictions on it he likes. I agree it's his software and he can do with it as he likes; I'm just not inclined to invest or advise investing resources into it. While qmail is no toy program, the apparent interest in political goals gives me the same feeling about it. [The water is murky here because part of the political goal involves providing a "reasonably" featureful mail program, which is the same way academic toy programs get designed and written - specify a limited problem domain and address it]. Without an effective way of getting a secondary (trusted, but not necessarily as much) source and a snowball effect, that makes me very wary. Lynn PS - I'm not mailing from my work email address, if you're wondering. From fsb-return-5566-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sun May 06 10:51:12 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 20604 invoked from network); 6 May 2001 10:51:12 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 6 May 2001 10:51:12 -0000 Received: (qmail 28779 invoked by alias); 6 May 2001 10:51:33 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 28761 invoked from network); 6 May 2001 10:51:31 -0000 From: Lynn Winebarger To: fsb@crynwr.com Subject: Re: Fwd: Re: Microsoft: Closed source is more secure Date: Sun, 6 May 2001 05:52:04 -0500 X-Mailer: KMail [version 1.1.99] Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Message-Id: <0105060552041A.01106@locke.free-expression.org> Content-Transfer-Encoding: 8bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Thursday 03 May 2001 11:04, Ian Lance Taylor wrote: > Lynn Winebarger writes: > > (a) personality of the author as seen in Internet postings (usenet/web > > pages) (b) poor documentation, if qmail is any indicator > > (c) odd way of writing source code, if qmail is any indicator > > (d) odd build process, if qmail is any indicator > > (e) odd license and infrequent updates to official source (if qmail > > ....), which exacerbate the effects of b,c, and d. > > None of these say that djbdns is non-conforming or non-usable. The > problem to be addressed is bind. If there were a better alternative, > we could use that. But, as far as I know, there is only djbdns, which > does work, and is secure. (I use it myself, and I've read the > code--once adjusted to the style, it's a heck of lot easier to read > than the bind code.) Can't speak directly to djbdns (that's why there's all those "if qmail is any indicator"'s up there). I wouldn't doubt that bind code would be harder to read, though. > I will note that your points (a), (c), and (d) seem irrelevant, and > that I disagree with your feelings on (b). I agree that (e) is a > problem. With respect to the interaction of (e) and (b), I note that > the documentation is on the web, and is updated rather more frequently > than the code. I unintentionally misconstrued the original question as "Why don't more people use djbdns?" rather than "Why don't _you_ [whoever he was replying to] use djbdns?". I agree (a) is irrelevant if the software is complete enough that you don't have to work with the author to add features (which appears to be the case for djbdns). If you have to modify the code and want it put in the main distribution, (a) is a _factor_. It's a greater factor when forking is not an option. (c) and (d) were factors for me once I decided I would have to read the source code to qmail to choose among the multitude of patches, or if I wanted to do it myself. The fact that I had to read C code to see how the programs were built I took to be a bad portent of things to come. I could not see (and still do not see) any good reason not to use a standard Makefile for the entire build process. At this point I re-evaluate the question of whether the time it'll take to read the source and judge patches will be worth the payoff, or whether it'd be better to work with a free solution that had all the necessary C code and just needed the right configuration. Perhaps I mis-estimated, but I don't think so yet. The time it takes to develop good C with non-buggy memory management is almost always going to be greater than writing a configuration file, even if that file uses its own programming language. And (c) does exacerbate that until you've adjusted to the style (which is just odd, not obfuscated). Is it common now for the sysadmins (or whoever will be implementing an org's mail system) to be C programmers? Of course, larger organizations can afford to pay for mail specialists to do this, but the question isn't restricted to them. Lynn ------------------------------------------------------- From fsb-return-5567-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sun May 06 12:12:14 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 36318 invoked from network); 6 May 2001 12:12:13 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 6 May 2001 12:12:13 -0000 Received: (qmail 31494 invoked by alias); 6 May 2001 12:12:34 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 31487 invoked from network); 6 May 2001 12:12:33 -0000 Date: Sun, 6 May 2001 13:11:59 +0100 From: Simon Cozens To: fsb@crynwr.com Subject: Re: Fwd: Re: Microsoft: Closed source is more secure Message-ID: <20010506131159.A32434@netthink.co.uk> References: <0105060552041A.01106@locke.free-expression.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.17i In-Reply-To: <0105060552041A.01106@locke.free-expression.org>; from owinebar@free-expression.org on Sun, May 06, 2001 at 05:52:04AM -0500 X-Operating-System: Linux deep-dark-truthful-mirror 2.4.2 X-POM: The Moon is Waxing Gibbous (99% of Full) X-Addresses: The simon@cozens.net address is deprecated due to being broken. simon@brecon.co.uk still works, but simon-cozens.org or netthink.co.uk are preferred. X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Sun, May 06, 2001 at 05:52:04AM -0500, Lynn Winebarger wrote: > Can't speak directly to djbdns (that's why there's all those "if qmail > is any indicator"'s up there). I wouldn't doubt that bind code would be > harder to read, though. I'll call the bluff. Have you read qmail, djbdns or bind code? I wouldn't like to think you were talking about things you have no experience of. -- Familiarity breeds facility. -- Megahal (trained on asr), 1998-11-06 From fsb-return-5568-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sun May 06 13:07:00 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 46732 invoked from network); 6 May 2001 13:06:59 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 6 May 2001 13:06:59 -0000 Received: (qmail 1071 invoked by alias); 6 May 2001 13:06:12 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 1058 invoked from network); 6 May 2001 13:06:11 -0000 From: Lynn Winebarger To: Simon Cozens , fsb@crynwr.com Subject: Re: Fwd: Re: Microsoft: Closed source is more secure Date: Sun, 6 May 2001 08:06:44 -0500 X-Mailer: KMail [version 1.1.99] Content-Type: text/plain; charset="us-ascii" References: <0105060552041A.01106@locke.free-expression.org> <20010506131159.A32434@netthink.co.uk> In-Reply-To: <20010506131159.A32434@netthink.co.uk> MIME-Version: 1.0 Message-Id: <0105060806441B.01106@locke.free-expression.org> Content-Transfer-Encoding: 8bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Sunday 06 May 2001 07:11, Simon Cozens wrote: > On Sun, May 06, 2001 at 05:52:04AM -0500, Lynn Winebarger wrote: > > Can't speak directly to djbdns (that's why there's all those "if > > qmail is any indicator"'s up there). I wouldn't doubt that bind code > > would be harder to read, though. > > I'll call the bluff. Have you read qmail, djbdns or bind code? I wouldn't > like to think you were talking about things you have no experience of. I read a small amount of qmail code, none of djbdns or bind. I haven't made any claims about djbdns or bind (except as above), and only that the qmail source is "odd" (compared to most source I've read). That did assume it was written consistently in the same style. Of course, the issue wasn't whether qmail had merits, it was how much time I was going to spend on evaluating it for fitness for my purposes. I certainly haven't claimed qmail is unreadable or of poor quality. I did spend a fair amount of time reading the documentation included with the package itself, including the "notes" file. In other words, I attempted to read enough to estimate whether a full reading would be worth the effort and fit within the time I had/have for it. I generally don't read large quantities of source code unless I've found some reason I must modify it (and have no less time-consuming, reasonable alternative - e.g. other software). The major exception to this is when it's for educational purposes (for which DJB's code might well qualify). Or for purely recreational purposes (but that's not on my employer's time). Were you under the impression I was comparing the quality of bind and djbdns source code (or qmail vs sendmail source for that matter)? I wasn't and haven't. At worst I expressed my faith in Ian's ability to tell which source was easier to comprehend - given that the one he evaluated as more difficult is many times larger and older. Lynn From fsb-return-5569-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sun May 06 13:47:17 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 54998 invoked from network); 6 May 2001 13:47:17 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 6 May 2001 13:47:17 -0000 Received: (qmail 3203 invoked by alias); 6 May 2001 13:47:36 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 3196 invoked from network); 6 May 2001 13:47:35 -0000 Message-ID: <017901c0d61e$64f40310$806810ac@vmware> From: "Jonathan S. Shapiro" To: , , References: <5.1.0.14.2.20010505174626.039b5300@linc.cis.upenn.edu> Subject: Re: Brett Glass on MS/GPL Date: Sun, 6 May 2001 07:19:18 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N [Original note posted on Farber's "interesting people" list] [Brett Glass wrote:] > >Microsoft is not arguing against the sharing or giving > >away of code, but rather against the GPL, which is intended > >to turn shared code into a weapon against the interests of > >legitimate software businesses and even the programmers who > >wrote it. As opposed to, say, predatory and monopolistic licensing practices, which are supposed to turn unshared money into a weapon against the interests of legitemate software businesses, programmers, and the population at large. Or as opposed to, say, manipulating market perceptions by releasing low-function products in a competitor's area in order to lower the share price of the competitor as a first step to acquisition, using sheer size as a weapon against everyone and cheating the shareholders of the acquired company in the process. Clearly I don't agree with Brett about GPL, but whatever our respective views of open source may be, his defense of Microsoft on these grounds demands loud objections. Jonathan S. Shapiro From fsb-return-5570-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sun May 06 14:03:34 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 58180 invoked from network); 6 May 2001 14:03:34 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 6 May 2001 14:03:34 -0000 Received: (qmail 4467 invoked by alias); 6 May 2001 14:03:54 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 4460 invoked from network); 6 May 2001 14:03:52 -0000 Message-ID: <019601c0d61f$3ac20d20$806810ac@vmware> From: "Jonathan S. Shapiro" To: , Cc: , , References: <200105051940.PAA23943@kirk.dnaco.net> Subject: Re: Fwd: Re: Microsoft: Closed source is more secure Date: Sun, 6 May 2001 07:25:15 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N > [I'm Ccing Dan to give him a chance to rebut my comments...] Then by all means let us also give him some context. Dan: I have sent about three notes to FSB at this point trying to clarify what it means to say that something is high-assurance software. This followed a discussion about djbdns in which several unusual attributes of the implementation and documentation were outlined by others. Most of these unusual attributes have now been explained on the list. I have said nothing negative about the security of djbdns. In fact, I've agreed that based on the reported bugs it looks pretty good, and that the reward offer is certainly a good and useful thing to have. What I *have* said is that based on the descriptions on FSB to date, [and also based on my own examination of the qmail package at one point, though I didn't mention this on the list,] I am aware of no evidence that would support a claim for high assurance. In particular, I am not aware that any rigorous and proper evaluation process has been done for either piece of software. If I am mistaken about this, I would be *delighted*, and I hope that you will correct me. I want to emphasize that when I use the term "high assurance", I am speaking in the context of security standards and processes such as Common Criteria (and friends). I am not trying to make any claim about djbdns. Rather, I am trying to point out some deficiencies in people's understanding of the term "security". Jonathan From fsb-return-5571-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sun May 06 17:09:03 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 2673 invoked from network); 6 May 2001 17:09:03 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 6 May 2001 17:09:03 -0000 Received: (qmail 12142 invoked by alias); 6 May 2001 16:42:42 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 12135 invoked from network); 6 May 2001 16:42:39 -0000 Message-ID: <3AF57ECC.B5DE7B4C@oreilly.com> Date: Sun, 06 May 2001 09:41:48 -0700 From: "Tim O'Reilly" Organization: O'Reilly & Associates, Inc. X-Mailer: Mozilla 4.6 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: fsb@crynwr.com Subject: [Fwd: Why Microsoft Shouldn't Spurn Open-Source Code] Content-Type: multipart/mixed; boundary="------------348828D19E7606A3BA76B7B9" X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N This is a multi-part message in MIME format. --------------348828D19E7606A3BA76B7B9 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I thought this was a useful perspective. -- Tim O'Reilly @ O'Reilly & Associates, Inc. 101 Morris Street, Sebastopol, CA 95472 +1 707-829-0515, FAX +1 707-829-0104 tim@oreilly.com, http://www.oreilly.com --------------348828D19E7606A3BA76B7B9 Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: inline Return-Path: Received: from mark2 (dhcp-251-67.west.ora.com [172.16.251.67]) by smtp.oreilly.com (8.11.2/8.11.2) with SMTP id f45M61M09471; Sat, 5 May 2001 15:06:01 -0700 (PDT) Message-Id: <3.0.5.32.20010505150627.01a10b60@rock.west.ora.com> X-Sender: mark@rock.west.ora.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Sat, 05 May 2001 15:06:27 -0700 To: alert@oreilly.com From: Mark Brokering Subject: Why Microsoft Shouldn't Spurn Open-Source Code Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Mozilla-Status2: 00000000 INTERNET WORLD NEWS Monday, May 7, 2001 Vol. 3, Issue 87 http://www.internetworld.com Postscript: Why Microsoft Shouldn't Spurn Open-Source Code By Jonathan Hill Craig Mundie, a senior vice president at Microsoft ( http://www.microsoft.com ), set off a firestorm earlier this week with a speech given at the New York University school of business. The text of his talk, available online at http://www.microsoft.com/presspass/exec/craig/05-03sharedsource.asp, contains a passionate defense of intellectual property rights as they relate to commercial software and goes on to take some potshots at the Open Source Software (OSS) model, reserving special ire for software that depends on the GNU General Public License, or GPL. Predictably, open-source adherents jumped all over Mundie, and just as predictably, the buzz in the press and in technology chat rooms seemed largely to consist of objections to things that Mundie didn't say. Strange, because there are a lot of real issues here. Let's start with some Microsoft context. Microsoft is busy reinventing its target audience. Mundie refers to the company's .Net Web services initiative as a change in strategy, a move away from device-centric applications to user-centric services. This requires overhauling the company's business model. Microsoft has, for some years now, concentrated its application development efforts on tight integration with the operating system -- and no, we will not veer off into Justice Department territory here. We're talking about MS Office applications that are designed to take advantage of Windows services like the Taskbar and 3-D and multimedia applications that can assume the existence of a HAL (Hardware Abstraction Layer). To be sure, most of the back end of .Net, the various enterprise servers, for example, is designed to work in the same way, taking advantage of things like Windows 2000 security services. In Internet World magazine's extensive coverage of .Net in March, we pointed out that this tie may well slow the adoption of the .Net servers, certainly within current non-Microsoft shops. But the Web services part of .Net need to be designed around the idea that support services may or may not be available. Web services applets need to be explicitly hardware independent, hence the push to adopt SOAP/XML. Whether Microsoft can create compelling hardware-independent software is a subject of some debate, but at a minimum, .Net services must -- simply must -- work within an undefined hardware and software environment. This is a market that has already been the subject of countless man-hours of application development, and, to a large extent, that development has been accomplished using open-source tools. The bulk of Mundie's talk was devoted to an alternative development model, newly defined "Shared Source," which extends Microsoft's current model of strong support for the Microsoft-based developer community and provides a broader range of support services. As Mundie pointed out, to a limited extent Microsoft has been doing this for years: Big hardware manufacturers routinely get to look at OS source code, for example. More important, big hardware vendors and ISVs can be trusted to scrupulously honor Microsoft's intellectual property rights and their contractual obligations. And here's where things get a bit tricky. In the abstract, it's easy to understand why the software giant is so concerned about intellectual property. Microsoft wants to become "the" provider of building blocks for complex applications. To compete, its blocks need to provide an advantage over other blocks. Microsoft is not about to become a giant consulting company putting together complex applications to drive cozy partner relationships. To get a return on its investment, Microsoft needs to get paid directly for its tools-creation efforts. Current software property rights law is on its side, but it remains to be seen how well current law can be implemented within the amorphous, anonymous Web. The problem is that .Net applications may be based on a wide variety of programming languages, tools, and libraries. Thus, GPL's mandate that "any software that incorporates source code already licensed under the GPL will itself become subject to the GPL" means that if someone creates a .Net application that contains GPL open-source code, all of the rest of the application becomes open source, and you can say goodbye to competitive advantage and all those MS dollars thrown into creating .Net building blocks. Mundie errs, however, when he tries to tie the use of GPL to the "dot-com business models that proved least successful" last year. His audience -- an audience that Microsoft desperately needs to court -- knows better. From IBM to one-person shops, developers are making money by developing complex applications using open-source tools. They're not trying to make "sole source tool provider" into a business plan, and they're not trying to walk a tightrope, but they are almost universally tired of being treated like fools. Considering the extent to which all of these parties rise and fall together on the strength of the new business-focused Internet, some give-and-take, and a reappraisal of the workings of intellectual property rights law, would seem to be in order. Send this newsletter to a friend http://www.cheetahmail.com/c/s/friends/f.cgi?aid=64551872&uid=64602213&p=4ck uc6jvi.eam&pid=76106038 *Sound Off What is your stance on Microsoft's recent remarks about open-source development? Send us your thoughts at mailto:letters@iw.com. Further reading "Dissecting .Net" Internet World Magazine, March 1, 2001 http://www.internetworld.com/dotnet/ (Postscript appears weekly in this newsletter. This week's column was written by Jonathan Hill, technology editor of Internet World magazine. E-mail: mailto:jhill@iw.com .) ------------------------------------------------------------ -------------------------------------------------------------- Mark Brokering O'Reilly & Associates 101 Morris Street Sebastopol CA 95472 Tel 707-829-0515, Fax 707-829-0104 mark@oreilly.com http://www.oreilly.com --------------348828D19E7606A3BA76B7B9-- From fsb-return-5572-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sun May 06 17:41:32 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 10676 invoked from network); 6 May 2001 17:41:32 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 6 May 2001 17:41:32 -0000 Received: (qmail 14829 invoked by alias); 6 May 2001 17:41:48 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 14822 invoked from network); 6 May 2001 17:41:45 -0000 Sender: craig@adsl-63-195-82-35.dsl.snfc21.pacbell.net To: "Tim O'Reilly" Cc: fsb@crynwr.com Subject: Re: [Fwd: Why Microsoft Shouldn't Spurn Open-Source Code] References: <3AF57ECC.B5DE7B4C@oreilly.com> From: Craig Brozefsky Date: 06 May 2001 12:46:50 -0500 In-Reply-To: <3AF57ECC.B5DE7B4C@oreilly.com> Message-ID: <87k83umktx.fsf@piracy.red-bean.com> Lines: 52 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N "Tim O'Reilly" writes: > The problem is that .Net applications may be based on a wide > variety of programming languages, tools, and libraries. Thus, > GPL's mandate that "any software that incorporates source > code already licensed under the GPL will itself become > subject to the GPL" means that if someone creates a .Net > application that contains GPL open-source code, all of the > rest of the application becomes open source, and you can say > goodbye to competitive advantage and all those MS dollars > thrown into creating .Net building blocks. I don't understand this assesment. I don't see how MS building blocks would lose their advantage here, as they would never be "forced" into being GPLed by someone else using GPLed code in an application that also uses them. The person in question would not be allowed to distribute their application using GPLed code that also used proprietary code. They however could still use it themselves. Also, if the inter-component communications method is SOAP/XML, it's arguable that you could combine GPLed components and non-Free components across such an RPC mechanism. I believe that alot of this has been hashed out in the GNOME discussion lists because of their use of CORBA. Linking, the dominant criteria for "dependency" upon GPL code, and therefor required release of source if publically distributing binaries, seems to have become out-dated in the .NET model. It seems to me that the GPL has more to lose from the direction .NET is going in, wether it's ultimately .NET that is the dominant architecture or not. In this model software components are no longer tied to being libraries or applications publically distributed. They can be code sitting on a server somewhere with a published interface. These components can even use GPLed code without having to distribute the entire component, since the GPL distribution clause does not apply unless the binary is publically distributed. My understanding is that the next version of the GPL is going to have some clauses to address this situation. I fear that it will bring about a rift in the community tho, since coming up with a useful clause that doesn't alienate people who are already using GPLed code in their web application services or SOAP components is going to be quite difficult. -- Craig Brozefsky http://www.red-bean.com/~craig In the rich man's house there is nowhere to spit but in his face -- Diogenes From fsb-return-5573-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sun May 06 17:51:11 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 13219 invoked from network); 6 May 2001 17:51:11 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 6 May 2001 17:51:11 -0000 Received: (qmail 16177 invoked by alias); 6 May 2001 17:51:28 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 16167 invoked from network); 6 May 2001 17:51:25 -0000 Sender: craig@adsl-63-195-82-35.dsl.snfc21.pacbell.net To: "Tim O'Reilly" Cc: fsb@crynwr.com Subject: Re: [Fwd: Why Microsoft Shouldn't Spurn Open-Source Code] References: <3AF57ECC.B5DE7B4C@oreilly.com> <87k83umktx.fsf@piracy.red-bean.com> From: Craig Brozefsky Date: 06 May 2001 12:56:36 -0500 In-Reply-To: <87k83umktx.fsf@piracy.red-bean.com> Message-ID: <877kzumkdn.fsf@piracy.red-bean.com> Lines: 25 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Craig Brozefsky writes: > "Tim O'Reilly" writes: Actually the fragment below was written by Johnathan Hill and not Tim O'Reilly. Sorry Tim for the misattribution in my previous post. > > The problem is that .Net applications may be based on a wide > > variety of programming languages, tools, and libraries. Thus, > > GPL's mandate that "any software that incorporates source > > code already licensed under the GPL will itself become > > subject to the GPL" means that if someone creates a .Net > > application that contains GPL open-source code, all of the > > rest of the application becomes open source, and you can say > > goodbye to competitive advantage and all those MS dollars > > thrown into creating .Net building blocks. -- Craig Brozefsky http://www.red-bean.com/~craig In the rich man's house there is nowhere to spit but in his face -- Diogenes From fsb-return-5574-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sun May 06 17:52:54 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 13470 invoked from network); 6 May 2001 17:52:53 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 6 May 2001 17:52:53 -0000 Received: (qmail 16754 invoked by alias); 6 May 2001 17:53:14 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 16743 invoked from network); 6 May 2001 17:53:12 -0000 Date: Sun, 6 May 2001 18:52:35 +0100 From: Simon Cozens To: fsb@crynwr.com Subject: Re: [Fwd: Why Microsoft Shouldn't Spurn Open-Source Code] Message-ID: <20010506185235.A2923@netthink.co.uk> References: <3AF57ECC.B5DE7B4C@oreilly.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.17i In-Reply-To: <3AF57ECC.B5DE7B4C@oreilly.com>; from tim@oreilly.com on Sun, May 06, 2001 at 09:41:48AM -0700 X-Operating-System: Linux deep-dark-truthful-mirror 2.4.2 X-POM: The Moon is Waxing Gibbous (99% of Full) X-Addresses: The simon@cozens.net address is deprecated due to being broken. simon@brecon.co.uk still works, but simon-cozens.org or netthink.co.uk are preferred. X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N On Sun, May 06, 2001 at 09:41:48AM -0700, Tim O'Reilly wrote: > GPL's mandate that "any software that incorporates source > code already licensed under the GPL will itself become > subject to the GPL" means that if someone creates a .Net > application that contains GPL open-source code, all of the > rest of the application becomes open source No, it does not. If .NET is working around services. One can mix GPL'ed and non-GPL'ed services. If I use proprietary-foo | sort | proprietary-bar I don't have to open source my foo and bar applications just because I use GNU sort. -- All the good ones are taken. From fsb-return-5575-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sun May 06 18:32:09 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 24248 invoked from network); 6 May 2001 18:32:09 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 6 May 2001 18:32:09 -0000 Received: (qmail 21102 invoked by alias); 6 May 2001 18:32:22 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 21079 invoked from network); 6 May 2001 18:32:21 -0000 Date: Sun, 6 May 2001 11:29:54 -0700 From: "Karsten M. Self" To: fsb@crynwr.com Subject: Re: Brett Glass on MS/GPL Message-ID: <20010506112954.C8585@navel.introspect> References: <5.1.0.14.2.20010505174626.039b5300@linc.cis.upenn.edu> <017901c0d61e$64f40310$806810ac@vmware> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="k4f25fnPtRuIRUb3" Content-Disposition: inline User-Agent: Mutt/1.3.17i In-Reply-To: <017901c0d61e$64f40310$806810ac@vmware>; from shap@eros-os.org on Sun, May 06, 2001 at 07:19:18AM -0400 X-Debian-GNU-Linux: Rocks X-Kuro5hin-cabal: There is no K5 cabal X-GPG-Fingerprint: F932 8B25 5FDD 2528 D595 DC61 3847 889F 55F2 B9B0 Sender: X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N --k4f25fnPtRuIRUb3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable on Sun, May 06, 2001 at 07:19:18AM -0400, Jonathan S. Shapiro (shap@eros-os= .org) wrote: > [Original note posted on Farber's "interesting people" list] >=20 > [Brett Glass wrote:] > > > Microsoft is not arguing against the sharing or giving > > > away of code, but rather against the GPL, which is intended > > > to turn shared code into a weapon against the interests of > > > legitimate software businesses and even the programmers who > > > wrote it. >=20 > As opposed to, say, predatory and monopolistic licensing practices, which > are supposed to turn unshared money into a weapon against the interests of > legitemate software businesses, programmers, and the population at large. >=20 > Or as opposed to, say, manipulating market perceptions by releasing > low-function products in a competitor's area in order to lower the share > price of the competitor as a first step to acquisition, using sheer size = as > a weapon against everyone and cheating the shareholders of the acquired > company in the process. >=20 > Clearly I don't agree with Brett about GPL, but whatever our respective > views of open source may be, his defense of Microsoft on these grounds > demands loud objections. Brett's translogical opposition to the GPL is stuff of legends. --=20 Karsten M. Self http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org --k4f25fnPtRuIRUb3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE69ZghOEeIn1XyubARAmOgAJ9RTjioFOoi/HmKHcATMXQzeSOoagCfYTTu 4jYpR8LzKU22XhhpMrEbipo= =dh4k -----END PGP SIGNATURE----- --k4f25fnPtRuIRUb3-- From fsb-return-5576-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sun May 06 18:32:57 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 24310 invoked from network); 6 May 2001 18:32:56 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 6 May 2001 18:32:56 -0000 Received: (qmail 21133 invoked by alias); 6 May 2001 18:32:26 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 21092 invoked from network); 6 May 2001 18:32:22 -0000 Message-ID: <3AF5985C.4AC3753@oreilly.com> Date: Sun, 06 May 2001 11:30:52 -0700 From: "Tim O'Reilly" Organization: O'Reilly & Associates, Inc. X-Mailer: Mozilla 4.6 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: Craig Brozefsky CC: fsb@crynwr.com Subject: Re: [Fwd: Why Microsoft Shouldn't Spurn Open-Source Code] References: <3AF57ECC.B5DE7B4C@oreilly.com> <87k83umktx.fsf@piracy.red-bean.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Please be careful in the attributions. I didn't write that. I just forwarded Jonathan Hill's comments so that people would see the discussion. Please don't spread the idea that I am the source of these comments. Craig Brozefsky wrote: > > "Tim O'Reilly" writes: > > > The problem is that .Net applications may be based on a wide > > variety of programming languages, tools, and libraries. Thus, > > GPL's mandate that "any software that incorporates source > > code already licensed under the GPL will itself become > > subject to the GPL" means that if someone creates a .Net > > application that contains GPL open-source code, all of the > > rest of the application becomes open source, and you can say > > goodbye to competitive advantage and all those MS dollars > > thrown into creating .Net building blocks. > > I don't understand this assesment. > > I don't see how MS building blocks would lose their advantage here, as > they would never be "forced" into being GPLed by someone else using > GPLed code in an application that also uses them. The person in > question would not be allowed to distribute their application using > GPLed code that also used proprietary code. They however could still > use it themselves. > > Also, if the inter-component communications method is SOAP/XML, it's > arguable that you could combine GPLed components and non-Free > components across such an RPC mechanism. I believe that alot of this > has been hashed out in the GNOME discussion lists because of their use > of CORBA. Linking, the dominant criteria for "dependency" upon GPL > code, and therefor required release of source if publically > distributing binaries, seems to have become out-dated in the .NET > model. > > It seems to me that the GPL has more to lose from the direction .NET > is going in, wether it's ultimately .NET that is the dominant > architecture or not. In this model software components are no longer > tied to being libraries or applications publically distributed. They > can be code sitting on a server somewhere with a published interface. > These components can even use GPLed code without having to distribute > the entire component, since the GPL distribution clause does not apply > unless the binary is publically distributed. > > My understanding is that the next version of the GPL is going to have > some clauses to address this situation. I fear that it will bring > about a rift in the community tho, since coming up with a useful > clause that doesn't alienate people who are already using GPLed code > in their web application services or SOAP components is going to be > quite difficult. > > -- > Craig Brozefsky > http://www.red-bean.com/~craig > In the rich man's house there is nowhere to spit but in his face > -- Diogenes -- Tim O'Reilly @ O'Reilly & Associates, Inc. 101 Morris Street, Sebastopol, CA 95472 +1 707-829-0515, FAX +1 707-829-0104 tim@oreilly.com, http://www.oreilly.com From fsb-return-5577-brian-fsb-archive=taz3.hyperreal.org@crynwr.com Sun May 06 21:26:43 2001 Return-Path: Delivered-To: brian-fsb-archive@taz3.hyperreal.org Received: (qmail 69417 invoked from network); 6 May 2001 21:26:42 -0000 Received: from ns1.crynwr.com (HELO ns.crynwr.com) (192.203.178.14) by taz3.hyperreal.org with SMTP; 6 May 2001 21:26:42 -0000 Received: (qmail 7012 invoked by alias); 6 May 2001 21:26:58 -0000 Mailing-List: contact fsb-help@crynwr.com; run by ezmlm Delivered-To: mailing list fsb@crynwr.com Received: (qmail 6995 invoked from network); 6 May 2001 21:26:56 -0000 Date: 6 May 2001 21:26:18 -0000 Message-ID: <20010506212618.14082.qmail@horse-nettle.ropine.com> From: Seth Gordon To: fsb@crynwr.com In-reply-to: <20010506112954.C8585@navel.introspect> (kmself@ix.netcom.com) Subject: Re: Brett Glass on MS/GPL References: <5.1.0.14.2.20010505174626.039b5300@linc.cis.upenn.edu> <017901c0d61e$64f40310$806810ac@vmware> <20010506112954.C8585@navel.introspect> X-Spam-Rating: taz3.hyperreal.org 1.6.2 0/1000/N Brett's translogical opposition to the GPL is stuff of legends. For those of you unfamiliar with the legends: Brett argues (until his opponents are blue in the fingers) that since the GPL is a cornerstone of RMS's plot to destroy the "commercial" (this is the word that Brett uses, don't blame me) software industry, any programmer who releases code under the GPL is participating in an immoral conspiracy in restraint of trade. Karsten M. Self http://kmself.home.netcom.com/ -- "Rav would never cross a bridge when an idolator was on it; he said, 'Maybe he will be judged and I will be taken with him.' Shmuel would only cross a bridge when an idolator was on it; he said, 'Satan cannot rule two nations [at once].' Rabbi Yannai would examine [the bridge] and cross." --Shabbat 32a == Seth Gordon == sethg@ropine.com == http://ropine.com/ == std. disclaimer ==