Greg Luck's Blog

On Security

Brian Behlendorf thinks that computer systems are going to be
understood in far more biological terms in the future. We talk about
viruses and anti-viruses. How about vaccines? He points out that many
viruses and worms are not harmful but they could be. In this way they
are like vaccines, where an infectious agent spreads and causes an
immune response. Perhaps the best way to provide security is to send
out harmless but annoying viruses to keep the computing immune system
well-primed.

Linus thinks if you are paranoid about security, as one foreign defense
force person in the audience asking the question was, you would feel
safer examining the code for trojans. While a lot of work, in open
source it is always possible, while with proprietary systems, it is not
always. Also, in terms of stupidity in coding he points out that a lot
of corners are cut where the developer knows no one can see the code.
In open source “if you see someone has a comment that it does  not
work in a particular case, you ask yourself What drugs is he on?”.

continue reading…

The first question on my mind about MSN’s new search engine is whether it provides an unbiased view of the Internet. Judge for yourself

“java sucks”

Google: 410,000
MSN: 846,373

“.net sucks”

Google: 3,000,000
MSN: 245,041

I am attending the OSDL Linux Enterprise Summit in Burlingame, just south of San Francisco. Interestingly a good proportion of the attendees are corporte lawyers. The focus right now is on getting the law right to avoid future difficulties. Following are some highlights from day one.

Open Source Licensing, Larry Rosen

1. Used to be mainly about copyright, but is now needing to deal with patents as well.
2. The differences of Composite versus Derivative works and the exact legal meaning of many others terms are being defined. Their is a lack of case law (a good thing!) which makes it a challenge.
3. Larry has a book called Open Source Licensing. He is hoping Justice Scalea of the Supreme Court reads it when considering open source.

Reviewing Use of OSS in the Enterprise, Karen Copenhaven>

1. Most organisations have a contingent liability due to breach of open source licenses.
2. Session mainly on the need for and conduct of a Legal Review process
   .e.g. Product contains OSS with breach who in turn distributes that to another customer, thus propogating the breach

3. Potentially a big threat to OSS use, because it may be easier to just say no to OSS. In reality most organisations are spinning up their lawyers instead.
4. Commercial software companies are starting to offer indemnities. 5 years ago no one did. HP is an example of providing indemnities for Linux.
5. A common approach is to get the lawyers to review a project and put it on an approved list. It is not sufficient to have a list of approved licenses. The pedigree of the source must be examined.
6. Black Duck makes tools to automate open source review.

Andrew Morton

I ran into Andrew who I have met before. We talked about adoption of the 2.6 kernel. He is the maintainer of 2.6. He moved over to the US from Wollongong, Australia about 4 years ago and is doing some work for the OSDL for his employer Digio. His quote, which is the quote of the day – “Open source is inevitable”.

Novell

Plenty of Novell people were on hand today. The head of server marketing thinks that 20% worldwide desktop use is achievable in the next 5 years. Currently it is at 3.5% but just a few years ago it was barely measurable.