taint.org: Justin Mason’s Weblog

Great article from LWN.net regarding the Debian OpenSSL vulnerability:

It is in the best interests of everyone, distributions, projects, and users, for changes made downstream to make their way back upstream. In order for that to work, there must be a commitment by downstream entities — typically distributions, but sometimes users — to push their changes upstream. By the same token, projects must actively encourage that kind of activity by helping patch proposals and proposers along. First and foremost, of course, it must be absolutely clear where such communications should take place.

Another recently reported security vulnerability also came about because of a lack of cooperation between the project and distributions. It is vital, especially for core system security packages like OpenSSH and OpenSSL, that upstream and downstream work very closely together. Any changes made in these packages need to be scrutinized carefully by the project team before being released as part of a distribution’s package. It is one thing to let some kind of ill-advised patch be made to a game or even an office application package that many use; SSH and SSL form the basis for many of the tools used to protect systems from attackers, so they need to be held to a higher standard.

+1.

Tags: debian, linux, lwn, openssl, packaging, security

Software: Great LWN weekly edition last Friday; not only is there a very nice article about SpamAssassin, debunking the ‘open spam filtering rules considered harmful’ myth, but there’s a great tool tip: Meld, a new graphical merging tool.

Basically, when you have two pieces of text, and want to merge them together into one, you need a merge tool. This is a tricky job; most people just get the tool to stick them all in one file, CVS-style, and try to figure it out visually. It’s fraught with problems.

Hence the idea of using a GUI to ease the task. There have been other graphical merge tools before; I know of the proprietary one bundled with ClearCase, and tkdiff. However, both of these just aren’t very good — it’s quite simply too hard to figure out exactly what direction which piece of text came from.

Looks like meld is a fantastic effort to fix this; take a look at the screenshots. The key is the approach they’ve taken of having a drawable area in the middle between the two differing texts; this is used for lines and graphical indications of what came from where. It really seems to work, from what I can see.

Tags: article, edition, friday, great, lwn, software, spam, spamassassin, text, the, tool

Patents: While I was reading LWN’s excellent writeup on the results of the EuroParl patent vote, I came across this very worrying snippet:

Readers in the United States may be interested to know that the U.S. government has chimed in with opposition to article 6a, which states that patents can not be used to block interoperability.

Sure enough, it links to an FFII page noting

‘the US’ believes that conversion between patented file formats should generally not be allowed without a license, and therefore demands deletion of Art 6a.’

‘the US’ is in quotes because FFII reckon that evidence suggests that this is the US Mission’s IPR representatives forwarding the text direct from the US Patent Office, since the USPTO is an agency of the Dept of Commerce.

…. ‘It is part of a US Government ‘Action Plan’ to ‘promote international harmonisation of substantive patent law’ in order to ’strengthen the rights of American intellectual property holders by making it easier to obtain international protection for their inventions’. This plan has been promoted aggressively by top officials of the US Patent Office in international fora such as WIPO, WSIS and OECD as well as through bilateral negotiations.’

BTW, that is exactly the wording used in the USPTO’s 21st Century Strategic Plan paper. FFII go on to comment on their letter, including this note:

‘The US’ is propagating conventional wisdom such as ‘the more patents the more property, the more property the more innovation’, which is in sharp contrast to consensus of all serious scholars of software economics, as expressed in numerous studies conducted in the USA and in reports by the US Academy of Sciences.

Moreover, ‘the US’ has been ignoring the voice of its own software industry, which is, as shown by last year’s FTC hearings, characterised by ‘continued animosity against software patents’ and whose major players, including such companies as Adobe, Oracle and Autodesk, all opposed software patentability at the USPTO hearing of 1994. The same USPTO which is ghostwriting this paper in the name of ‘the US’ today proceded to legalise program claims shortly after the 1994 hearing, thereby completely ignoring the voice of the US software industry.

One comment on the LWN story notes: ‘as the United States is seeking to rewrite European law to their
agenda, what steps can European Citizens take to help turn the USPTO agenda around into something approaching the spirit of the US Constitution and those who wrote it?’

A good question.

Tags: ffii, government, lwn, office, patent, patents, plan, property, software, uspto, writeup

blah blah SCO v IBM blah. Never mind all that — LWN points out some interesting share trading while all this waffles on. And the Google ads have something to say about it, too… ;)

Tags: blah, google, ibm, lwn, mind, sco, share, something, trading

LWN on the case. An excellent commentary, and features this lovely user-posted comment as well:

‘Without access to such equipment, facilities, sophisticated methods, concepts and coordinated know-how, it would be difficult or impossible for the Linux development community to create a grade of Linux adequate for enterprise use.’

Alan Cox wrote the first SMP version of Linux. Do you know who bought Alan the hardware? It was Caldera :-)

Not IBM, after all, but Caldera — who are now part of the SCO group. This usenet posting from 1995 backs that up, as does the Caldera-badged Linux SMP page.

Tags: access, caldera, case, comment, commentary, equipment, know-how, linux, lwn, smp