Musings on Open Source

Collaboration and art Microsoft Speaks Response to Microsoft

New Developments Pros and Cons Open Directory

The readings on "Open Source" are seemingly endless, covering a wide range of topics, practical aspects, and infighting among the giants of the computer industry and the "upstarts" involved in perfecting and developing new and useful applications. Of those applications, I have discovered "open source" projects in education, music, novel writing, and a host of other areas, including gaming and of course, operating systems. Because there are few monetary rewards when initially working with a large cooperative effort, philosophical reasons for "hackers" to develop software are discussed in depth in Eric Raymond's "Homesteading the Noosphere." http://www.tuxedo.org/~esr/writings/homesteading/homesteading.html#toc8

Within Open Source operating systems, Linux is currently offering more applications, while Solaris is developing its own unique system with programs and shareware. Having attempted to download Linux 6.1, I discovered the lack of "open" in it's offering, with charges of $60.00 or more for startup costs. http://www.redhat.com The economic implications for a free and open market ("the Bazaar") became less of a concern when charges were mentioned. Note that many shareware programs ask for registration fees upon usage, and are dated programs that discontinue after a trial period. Questions posed with a new operating system are:

Would it be to my advantage to use a system that doesn't have consistent and compatible software?

Who has tested the software, and is it free of viruses and/or other problems that would keep me from using my computer to its best capacity?

Must I delete my present system in order to free enough space? And given the space on my hard drive, will competing systems conflict?

Will these systems/programs be outmoded within a short period of time, as many are? Refer to response by fellow student, Gloria Henke. http://webboard.webtech.uiuc.edu:8080/read?22115,1234

And finally, developing alternative systems will be to whose advantage, other than those who wish to create highly individualized programs?

While "Open Source" shareware may cut the burgeoning costs of education, and offer businesses more choices in shareware, the ensuing chaos of non-compatible systems may be to the disadvantage of all.

Is Open Source a panacea for educational research? As explained in the article, Raymond's theory may be too simplistic. http://firstmonday.org/issues/issue4_10/bezroukov/index.html

Technology is moving so rapidly that it is virtually impossible keeping abreast of current trends. However, it becomes important, when making choices that effect your school or business, to study and allow for the new and untried to become standardized, or ultimately, what is "free and open" may become more costly than once imagined.

In closing, I have included a number of articles that cover present philosophies, specific problems and future directions.

Heads turned in June when Linus Torvalds's Linux operating system was awarded first prize by the judges of an international art festival. How far, one wonders, can the open source model go?

by Harvey Blume
http://www.theatlantic.com/free/

August 12, 1999

Where open source is concerned, no hyperbole seems too hyper. The distribution of Linux source code by Linus Torvalds, in 1991, has been compared to Martin Luther's translating the Bible into the vernacular. Larry Wall, the inventor of Perl, declares that open source programming is the expression in software of a fundamental Christian message: creation is not fixed in advance; free will is included and collaboration is encouraged. Even the Chinese Communist Party smiles on open source. China Youth Daily reports that open source programming has met with resistance from "software companies" trying to impose the norms of a "traditional market-economy age upon the new 'age of the information economy.'" Closer to home, but in no less political a vein, FEED's Steven Johnson compares Eric Raymond's open source manifesto, "The Cathedral and the Bazaar," to the Port Huron Statement, Tom Hayden's white paper for 1960s student radicalism.

The Kwakiutl Indians of the Pacific Northwest once flourished with their potlatch (or gift) economy, but other Americans have had little experience with the idea of prospering by giving wealth away instead of hoarding it. No wonder, then, that we're uncertain about how to label open source: whether as animal or vegetable, politics or theology. Open source pits the virtues of collaboration and participation against the habits of consolidation and control -- and, as far as the development of software infrastructure goes, it works. Still, how much cultural significance can be bundled into a software package?

This past June the jury of the Prix Ars Electronica added yet another dimension to open source by awarding Linux a Golden Nica for first prize in the ".net" category. (The 1999 awards will be presented on September 6 as part of the Ars Electronica Festival in Linz, Austria.) For twenty years, Ars Electronica has held festivals on the theme of "cultural transformation from the analog to the digital era." Its jurors are unimpressed by "recycling conventional art forms on the Net (e.g. Web galleries)" and unmoved by brilliant home pages. In Linux they found an alternative form, one that contributes to global networking even as it foments discussion about whether "code itself can be an artwork." At first blush this discussion doesn't seem all that promising. Why shouldn't code be art? From Chartres to the Brooklyn Bridge, feats of engineering have been appreciated for their aesthetic properties. Why should software engineering be any different?

But the Prix Ars Electronica went not only to the content of Linux (those efficient, bug-free lines of C) but also to the process of producing them -- in other words, to open source itself. As Eric Raymond observes in "The Cathedral and the Bazaar," "Linus's cleverest and most consequential hack was not the construction of the Linux kernel itself, but rather his invention of the Linux development model." The Golden Nica invites us to detach the code from the process for the moment and to ask, If open source can lead to computer code worthy of being called art, can it serve as a foundation for other kinds of art as well?

Of course, art has been made along open source lines in the past. In the 1920s, for example, the Surrealists explored a form they called the "exquisite corpse," in which a drawing or poem in progress was circulated to a number of artists for elaboration. (Examples are on display in the Surrealist exhibition at the Guggenheim Museum.) Participants in the project did not get to see the entire work (unlike in open source software development), only the section or line to which they would add -- but that shouldn't prevent us from viewing the exquisite corpse as a way of applying open source to poetry. It's our notion of open source that should be opened up and made flexible. The very market success of open source demands this; as it continues to prove its viability, open source enters into any number of partnerships with traditional forms, without necessarily abandoning its original inspiration. More generally, the open source phenomenon ought to be understood as an electronically networked and rapidly evolving expression of a long-standing collaborationist dream. As the Surrealists put it: "Poetry must be made by all and not by one."

An expanded view of open source sheds new light on one of twentieth-century art's signature techniques: quotation, or, in the digital context, sampling. Quotation is a kind of "open-sourcing" of artistic material. Picasso started by quoting freely from earlier styles (and wound up quoting freely from himself). Copyright was never at issue in Picasso's case -- only originality, its unregulated counterpart. Today, of course, the purview of quotation has expanded enormously. Sampling almost anyone and anything is just a simple cut-and-paste operation. From one point of view this is liberating. From another it is theft. And neatly separating these two aspects of the same process may be well beyond our powers while we are in the midst of it.

Consider the case of John Myatt, described last month in The New York Times Magazine as being part of an art-forgery scam so profound that it was said to have "altered art history." Myatt didn't grow ever more expert in copying one painter, as have forgers before him; he copied many twentieth-century artists, and (in his own opinion) not very adeptly: "There was a negligence to everything I did," he confessed. Your favorite Giacometti could easily be yet another Myatt, and certainly would be if it had any K-Y Jelly slopped on the canvas (the use of fast-drying K-Y being one of Myatt's techniques for increasing his output). Astonishingly, the K-Y almost never tipped off the experts, many of whom now despair of getting the canon right again, separating the real Giacomettis, Braques, and Chagalls from the jellied frauds. But other experts admit that Myatt was doing just what a modern artist should: quoting like crazy and making us think about what artistic originality amounts to in the first place. This is exactly the kind of thing the Ars Electronica jurors like to ponder. Perhaps next year, if he can get online, Myatt will be rewarded with a Golden Nica, making him a hero of the open source underground: the Linus Torvalds of the dark side.

Make no mistake -- there is such a thing as an open source underground, where the distinctions between literature and software, not to mention sharing and stealing, get really and truly fouled. This underground is personified by the legendary figure of Luther Blissett -- "Luther Blissett" being (according to a site called the "Luther Blissett Project: a mythopoetic on-line guide") "a multi-use name that can be adopted by anyone and is used every day and every night in the rest of Europe and the world." When Blissett hijacked a bus in Rome -- "with drums, confetti, drinks and ghetto blasters tuned in to Radio Blissett" -- the hijackers "bought only one ticket, because they all shared the same open identity, that of Luther Blissett." Blissett would just as soon crack Web sites as hijack buses. This past spring he paid a surprise visit to hell.com (an invitation-only portal to select art sites), downloaded all its files, and copied them to a free site. As he put it: "What is a computer if not something that benefits by the free flow of information?"

Blissett is also an open source novelist. Inspired by the papal encyclical Ut Unum Sint ("That all may be one"), he wrote A Survivor From the XVIth Century: Q (not yet in English), announcing that the process of composition requires "no boss, no mysterious scholar," only the contribution of many Blissetts, all of whom would be credited separately if their names were not identical. "Creative writing," Blissett declared, "is an utterly collective operation: concepts can't be anyone's property, the genius doesn't exist, there's just a Great Recombination." Clearly Blissett's idea of recombination owes more than a little to a talent for real and virtual safe cracking. His slogans might be: "Release early, release often -- or we'll do it for you!" and "Open source: by any means necessary!"

But we don't need Blissett to point out that open source practices of one sort or another are more common than might be supposed. There are signs, for example, that computer-game characters are beginning to offer themselves up to the great recombination. Phil Hood, an analyst at the Alliance for Converging Technologies, writes that computer games are "slowly moving to a model in which users and programmers can add characters and actions to existing proprietary games." In his view, game-makers will find it makes good business sense to collaborate with users "to extend, enhance and enlarge a brand." Hood explains that "By acknowledging fans and customers as 'co-owners,' companies open up new opportunities to tap the creative powers of their fan base." Those powers are, of course, the engine of open source. The New York Times recently reported on a game in which "the real action happens in edit mode, where you can customize and choreograph every facet of a fighting character's movement." And there have been reports of players fashioning high-powered characters for existing games, then auctioning them off on eBay.

Perhaps some comparable process will be coming to literature. Fictional characters have long been reused by writers -- think of how many authors have helped themselves to Sherlock Holmes, or how Shakespeare drew on a potpourri of characters as it suited him -- but characters may soon be snatched from author's galleys. Not plots, not whole books, but simply characters: literary action figures drafted into interaction with other such figures. It's relevant that the Nabokov estate has recently settled with Pia Pera, an Italian writer who has rewritten Lolita from Lolita's point of view, while the copyright to the original novel remains in effect. If this deal had followed open source protocol, the character of Lolita would be henceforth available for rewriting by any willing writer. One day, she might encounter Hamlet.

We think of open source as arising on the cutting edge of digital technology -- certainly Linux and, say, Apache, are inconceivable without an Internet. And yet the dream of a vast collaborative and communal enterprise is primal, whether expressed in the dictum that "Poetry must be made by all and not by one," or in recent allusions to an electronic noosphere, a region of ideas that encircles and engages us. Versions of the dream are as likely to turn up in the creation of comics as in the dissemination of scientific information.

Art Spiegelman, for example, based his last book -- The Narrative Corpse: A Chain-Story by 69 Artists! (1995) -- on the idea of the exquisite corpse, with each artist forwarding his contribution to the story line to the next cartoonist in the chain. And, this past June, NIH director Dr. Harold E. Varmus proposed to put all scientific research on what is effectively an open source footing. Under Varmus's plan, which is still being debated, researchers would skip mediation by scientific journals and upload their results directly to the Internet, to be freely examined by anyone. This system would strongly promote the collaborative side of science, upsetting researchers wed to the proprietary approach. According to The New York Times, however, many concede an open source revolution in research is "just a question of when and how."

The conjunction of old dream and new media gives open source redoubled force. Its popularity, and its presence in many fields of intellectual endeavor, make it tempting to look back on the production of cultural goods in the twentieth century as a halting march toward some grand collaborative consummation. Of course, the attractions of this sort of open source utopianism haven't been countered, as yet, with anything like open source realism. Hence the theorists of open source theology, open source politics, and open source business plans. The truth is, we don't know how far the open source model can go. The Golden Nica awarded to Linux reminds us it can go as far as art.

More on Technology and Digital Culture in Atlantic Unbound and The Atlantic Monthly.

Harvey Blume, a writer living in Cambridge, Massachusetts, is a frequent contributor to Atlantic Unbound.

From the Linux Weekly News Solaris

Linux Myths
http://www.burstnet.com/cgi-bin/ads/ad538b.cgi/4302/RETURN-CODE

Posted: October 4, 1999

With all the recent attention around Linux as an operating system, it's important to step back from the hype and look at the reality. First, it's worth noting that Linux is a UNIX-like operating system. Linux fundamentally relies on 30-year-old operating system technology and architecture. Linux was not designed from the ground-up to support symmetrical multiprocessing (SMP), graphical user interfaces (GUI), asynchronous I/O, fine-grained security model, and many other important characteristics of a modern operating system. These architectural limitations mean that as customers look for a platform to cost effectively deploy scalable, secure, and robust applications, Linux simply cannot deliver on the hype.

Myth: Linux performs better than Windows NT
Reality: Windows NT 4.0 Outperforms Linux On Common Customer Workloads

The Linux community claims to have improved performance and scalability in the latest versions of the Linux Kernel (2.2), however it's clear that Linux remains inferior to the Windows NT® 4.0 operating system.

For File and Print services, according to independent tests conducted by PC Week Labs, the Windows NT 4.0 operating system delivers 52 percent better performance on a single processor system and 110 percent better performance on a 4-way system than similarly configured single processor and 4-way Linux/SAMBA systems.

For Web servers, the same PC Week tests showed Windows NT 4.0 with Internet Information Server 4.0 delivers 41 percent better performance on a single processor system and 125 percent better performance on a 4-way system than Linux and Apache.

For e-commerce workloads using secure sockets (SSL), recent PC Magazine tests showed Windows NT 4.0 with Internet Information Server 4.0 delivers approximately five times the performance provided by Linux and Stronghold.

For transaction-orientated Line of Business applications, Windows NT 4.0 has achieved a result of 40,368 tpmC at a cost of $18.46 per transaction on a Compaq 8-Way Pentium III XEON processor-based system. This industry leading price/performance result from the transaction processing council clearly shows how Windows NT can deliver world-class performance for heavy duty transaction processing. It's interesting to note that there is not a single TPC result on any database running on Linux, and therefore Linux has yet to demonstrate their capabilities as a database server.

Linux performance and scalability is architecturally limited in the 2.2 Kernel. Linux only supports 2 gigabytes (GB) of RAM on the x86 architecture,1 compared to 4 GB for Windows NT 4.0. The largest file size Linux supports is 2 GB versus 16 terabytes (TB) for Windows NT 4.0. The Linux SWAP file is limited to 128 MB RAM. In addition, Linux does not support many of the modern operating system features that Windows NT 4.0 has pioneered such as asynchronous I/O, completion ports, and fine-grained kernel locks. These architecture constraints limit the ability of Linux to scale well past two processors.

The Linux community continues to promise major SMP and performance improvements. They have been promising these since the development of the 2.0 Kernel in 1996. Delivering a scalable system is a complex task and it's not clear that the Linux community can solve these issues easily or quickly. As D. H. Brown Associates noted in a recent technical report,2 the Linux 2.2 Kernel remains in the early stages of providing a tuned SMP kernel.

Myth: Linux is more reliable than Windows NT
Reality: Linux Needs Real World Proof Points Rather than Anecdotal Stories

The Linux community likes to talk about Linux as a stable and reliable operating system, yet there is no real world data or metrics and very limited customer evidence to back up these claims.

Microsoft Windows NT 4.0 has been proven in demanding customer environments to be a reliable operating system. Customers such as Barnes and Noble, The Boeing Company, Chicago Stock Exchange, Dell Computer, First Union Capital Markets, Nasdaq and many others run mission critical applications on Windows NT 4.0.

Linux lacks a commercial quality Journaling File System. This means that in the event of a system failure, such as a power outage, data loss or corruption is possible. In any event, the system must check the integrity of the file system during system restart, a process that will likely consume an extended amount of time, especially on large volumes and may require manual intervention to reconstruct the file system.

There are no commercially proven clustering technologies to provide High Availability for Linux. The Linux community may point to numerous projects and small companies that are aiming to deliver HA functionality. D. H. Brown recently noted that these offerings remain immature and largely unproven in the demanding business world.

There are no OEMs that provide uptime guarantees for Linux, unlike Windows NT where Compaq, Data General, Hewlett-Packard, IBM, and Unisys provide 99.9 percent system-level uptime guarantees for Windows NT-based servers.

Myth: Linux is Free
Reality: Free Operating System Does Not Mean Low Total Cost of Ownership

The Linux community will talk about the free or low-cost nature of Linux. It's important to understand that licensing cost is only a small part of the overall decision-making process for customers.
The cost of the operating system is only a small percentage of the overall total cost of ownership (TCO). In general Windows NT has proven to have a lower cost of ownership than UNIX. Previous studies have shown that Windows NT has 37 percent lower TCO than UNIX. There is no reason to believe that Linux is significantly different than other versions of UNIX when it comes to TCO.

The very definition of Linux as an Open Software effort means that commercial companies like Red Hat will make money by charging for services. Therefore, commercial support services for Linux will be fee-based and will likely be priced at a premium. These costs have to be factored into the total cost model.

Linux is a UNIX-like operating system and is therefore complex to configure and manage. Existing UNIX users may find the transition to Linux easier but administrators for existing Windows®-based or Novell environments will find it more difficult to handle the complexity of Linux. This re-training will add significant costs to Linux deployments.

Linux is a higher risk option than Windows NT. For example how many certified engineers are there for Linux? How easy is it to find skilled development and support people for Linux? Who performs end-to-end testing for Linux-based solutions? These factors and more need to be taken into account when choosing a platform for your business.

Myth: Linux is more secure than Windows NT
Reality: Linux Security Model Is Weak

All systems are vulnerable to security issues, however it's important to note that Linux uses the same security model as the original UNIX implementations- a model that was not designed from the ground up to be secure.

Linux only provides access controls for files and directories. In contrast, every object in Windows NT, from files to operating system data structures, has an access control list and its use can be regulated as appropriate.

Linux security is all-or-nothing. Administrators cannot delegate administrative privileges: a user who needs any administrative capability must be made a full administrator, which compromises best security practices. In contrast, Windows NT allows an administrator to delegate privileges at an exceptionally fine-grained level.

Linux has not supported key security accreditation standards. Every member of the Windows NT family since Windows NT 3.5 has been evaluated at either a C2 level under the U.S. Government's evaluation process or at a C2-equivalent level under the British Government's ITSEC process. In contrast, no Linux products are listed on the U.S. Government's evaluated product list.

Linux system administrators must spend huge amounts of time understanding the latest Linux bugs and determining what to do about them. This is made complex due to the fact that there isn't a central location for security issues to be reported and fixed. In contrast Microsoft provides a single security repository for notification and fixes of security related issues.

Configuring Linux security requires an administrator to be an expert in the intricacies of the operating system and how components interact. Misconfigure any part of the operating system and the system could be vulnerable to attack. Windows NT security is easy to set up and administer with tools such as the Security Configuration Editor.

Myth: Linux can replace Windows on the desktop
Reality: Linux Makes No Sense at the Desktop

Linux as a desktop operating system makes no sense. A user would end up with a system that has fewer applications, is more complex to use and manage, and is less intuitive.

Linux does not provide support for the broad range of hardware in use today; Windows NT 4.0 currently supports over 39,000 systems and devices on the Hardware Compatibility List. Linux does not support important ease-of-use technologies such as Plug and Play, USB, and Power Management

The complexity of the Linux operating system and cumbersome nature of the existing GUI's would make retraining end-users a huge undertaking and would add significant cost

Linux application support is very limited, meaning that customers end up having to build their own horizontal and vertical applications. A recent report from Forrester Research highlighted the fact that today 93 percent of enterprise ISVs develop applications for Windows NT, while only 13 percent develop for Linux.3

Summary

The Linux operating system is not suitable for mainstream usage by business or home users. Today with Windows NT 4.0, customers can be confident in delivering applications that are scalable, secure, and reliable--yet cost effective to deploy and manage. Linux clearly has a long way to go to be competitive with Windows NT 4.0. With the release of the Windows 2000 operating system, Microsoft extends the technical superiority of the platform even further ensuring that customers can deliver the next generation applications to solve their business challenges.

Footnotes

1. Siemens & SuSE announced a patch in September 1999 to extend to 4 GB, although this is not part of the 2.2 Kernel or major distributions.

2. Linux: How Good Is It? D. H. Brown Associates Inc. April 1999

3. Forrester Research, Software Vendors Crown Server OS Kings, Aug. 31, 1999

Last Updated: Wednesday, October 06, 1999

A look at Microsoft's 'Linux Myths'

http://www.redhat.com/news/lwn_response.html
This week Microsoft took the gloves off and put up this page about "The Five Linux Myths." It would appear that the long-awaited Microsoft counteroffensive has begun. This is certainly not the last that we will hear from them.

The document makes a number of points, some of which are better than others. Let's look at a few of them.

On performance:

The Linux community claims to have improved performance and scalability in the latest versions of the Linux Kernel (2.2), however it's clear that Linux remains inferior to the Windows NT® 4.0 operating system.

They cite the June PC Week benchmarks which did indeed show NT performing better. They also fail to note that a number of the performance problems found then have since been fixed. Some of those fixes have been put into the latest 2.2 kernels, and are thus widely available; others remain in the 2.3 tree. For now it is true that mainstream Linux contains some performance problems.

Microsoft does not address performance on lower-end hardware.

It is also worth noting that other benchmarks have produced very different results.

Linux only supports 2 gigabytes (GB) of RAM on the x86 architecture, compared to 4 GB for Windows NT 4.0. The largest file size Linux supports is 2 GB versus 16 terabytes (TB) for Windows NT 4.0. The Linux SWAP file is limited to 128 MB RAM. In addition, Linux does not support many of the modern operating system features that Windows NT 4.0 has pioneered such as asynchronous I/O, completion ports, and fine-grained kernel locks.

Linux can support 4GB with a commercially-supported patch. The file size limit is real (on 32-bit systems), and is a bit of a thorny problem - the 2.4 kernel will not fix it. The swap file limit claim is simply false as of 2.2.0 (and even with previous versions one could use multiple swap files). Asynchronous I/O is being worked on, and can also be done now via threads - there is disagreement over whether other approaches such as completion ports truly provide better performance. Locking in the kernel is increasingly fine grained, though there are limits to what can be safely accomplished via that path.

The Linux community continues to promise major SMP and performance improvements. They have been promising these since the development of the 2.0 Kernel in 1996. Delivering a scalable system is a complex task and it's not clear that the Linux community can solve these issues easily or quickly.

2.2 delivered quite a few improvements; 2.4 will deliver quite a few more.

The Linux community likes to talk about Linux as a stable and reliable operating system, yet there is no real world data or metrics and very limited customer evidence to back up these claims.

This seems a little strange, given the large number of high profile, Linux-based web sites out there.

Linux lacks a commercial quality Journaling File System.

True - for now. Shortly Linux will have three such file systems, however. Microsoft also claims that Linux high-availability and clustering are "immature," which has a certain basis in truth. Linux clustering is also highly successful in many situations.

The Linux community will talk about the free or low-cost nature of Linux. It's important to understand that licensing cost is only a small part of the overall decision-making process for customers.

The free (beer) side of Linux is compelling, but is far from the most important feature of the operating system. Nonetheless, it is important. Not only for the reduced direct costs, but also the elimination of the (many) hassles of dealing with proprietary software licenses. Microsoft's claims of lower cost of ownership for NT fly in the face of the experience of large numbers of system and network administrators.

Microsoft, of course, completely avoids the issue of freedom, since they have no answer to that one.

The very definition of Linux as an Open Software effort means that commercial companies like Red Hat will make money by charging for services. Therefore, commercial support services for Linux will be fee-based and will likely be priced at a premium.

...as opposed to the wonderful free support services for Windows NT...

Linux is a higher risk option than Windows NT.

This is the NT that is years late? The one with more than 30 million lines of new code? NT looks pretty risky to many of us.

All systems are vulnerable to security issues, however it's important to note that Linux uses the same security model as the original UNIX implementations- a model that was not designed from the ground up to be secure.

One could also argue that Window - even NT - was not designed for multi-user environments and the the need to protect users - and programs - from each other.

Linux security is all-or-nothing. Administrators cannot delegate administrative privileges: a user who needs any administrative capability must be made a full administrator, which compromises best security practices.

There is some truth here. The "superuser" model has a number of problems, and utilities like "sudo" are a sort of fragile kludge made necessary by this model. The Linux kernel has increasing support for capabilities, which provide the sort of fine-grained privileges needed, but support for capabilities at the user level will be a while in coming. Access control lists (ACLs) are also in development and in a testing mode.

Linux system administrators must spend huge amounts of time understanding the latest Linux bugs and determining what to do about them. This is made complex due to the fact that there isn't a central location for security issues to be reported and fixed.

They must sign up for their distribution's security announcement list, and apply the updated packages when they are released. The time gets significant when there are large numbers of systems to update, but that is true of NT "service packs" as well. Microsoft makes no mention of the difference in turnaround times - Linux bugs are fixed much more quickly.

We also humbly suggest the LWN security page as a central place to look to keep up on security issues.

Linux as a desktop operating system makes no sense. A user would end up with a system that has fewer applications, is more complex to use and manage, and is less intuitive.

Many users find a Linux desktop to be most sensible, and many more will with each new release of the system. The number of applications does not matter - it's whether the particular applications needed by the user are available that makes a difference. For some users, Linux will make a better desktop, for others it "makes no sense."

As can be seen, Microsoft's document is partially truthful, partially not. It is not, in general, blatantly dishonest. It points at places where work needs to be done. There is little here that is not well on the way toward being solved. Given the pace of development in the Linux world, Microsoft's document will be obsolete very soon.

--jc

The Solaris Trap

Sun has announced that the source code to Solaris - its proprietary version of Unix - will be released under the "Sun Community Source License." Much speculation has already happened regarding the effects that this release will have on Linux, but much of that overlooks a serious threat posed by this release. By creating the temptation to incorporate non-free code into parts of Linux, this release could open up the Linux community to a long and crippling series of intellectual property fights and lawsuits.

On the face of it, the release of Solaris seems like a good thing. Solaris has its faults - nobody is likely to try to emulate its approach to modems and serial ports, for example - but it also has a lot of good features. Won't it be great to have all that code out there in the open?

And, in fact, users of Solaris will certainly benefit from this release. They will be able to fix problems and make enhancements so that the system they are already working with will work better. This move may prove to be a good one on Sun's part in that it may help to keep current users from defecting to Linux.

The problem, however, lies in the Sun Community Source License. The SCSL is not a free software license. It provides for three tiers of users, and imposes restrictions on all of them. Redistribution, in particular, is difficult, and commercial use requires that licensing fees be paid to Sun. To mix SCSL and GPL code, in particular, appears to be a violation of both licenses.

And herein lies the danger: the release of Solaris, whenever it actually happens, will make available a large body of code. Much of that code will be potentially useful within the Linux kernel or elsewhere within a larger Linux system. Some of this code will provide invaluable information on how Sun's hardware works.

It seems only a matter of time until some SCSL code leaks into Linux somewhere. Even highly alert maintainers who are determined to keep out incompatibly-licensed code can not be expected to recognize anything that may have had its origins on Solaris somewhere. This sort of leak can happen anywhere in the system and, while the insertion of SCSL code could be done maliciously, it could just as easily happen via laziness or a simple mistake.

That is when the trouble starts. What happens when Sun starts seeking damages against distributors and vendors? When many thousands of CD's are already in circulation, a simple "cease and desist" may not be sufficient - they could go for serious monetary penalties. At a minimum, we are looking at disruptions in Linux distributions and ugly headlines; worse cases could involve some Linux companies going out of business.

It is highly unlikely that Sun is releasing Solaris with this sort of attack in mind. But that does not mean that Sun will not vigorously defend its intellectual property once it sees a violation of the license somewhere. Until such a time as Sun wakes up and puts Solaris under a free software license, freely-available Solaris code is a trap which must be approached most carefully.

http://www.eklektix.com/