Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Slashback

Slashback: Encumbrance, Silence, Internalization 213

Slashback with two different updates on the donation by Sun of elliptic-curve cryptographic techniques to the OpenSSL project, the state of Microsoftization of the U.S. Department of the Interior, and the strange outcome of Batt vs. the Cage Trust. Read on below for the details.

Different folks, different contributions Dr. Sheueling Chang-Shantz writes:

"Hello, I am the lead researcher/developer of the ECC project at Sun Microsystems Laboratories. I appreciate very much the news you posted on Slashdot regarding 'OpenSSL Gets Cryptography Gift From Sun.'

However, your wordings "Sun Microsystems has donated ... developed by Whitfield Diffie ..." seems to be causing some confusion on Slashdot forum. It gave the wrong interpretation that Whit has invented ECC. Sun is definitely making no attempt to claim that Whitfield Diffie has invented the Elliptic Curve Cryptosystem. Technically, neither has Whitfield Diffie developed the ECC technology that Sun has donated to the OpenSSL project recently.

I would appreciate it if you could correct the news before too late.

For clarification, Elliptic curve cryptography was independently invented by Neal Koblitz, Professor of Mathematics at the University of Washington and Victor Miller who was then at IBM.

Whitfield Diffie is Sun's chief security officer who co-invented Diffie-Helman public-key cryptography."

We now go north of the border ... And further on the topic of that donation by Sun, friscolr writes "In a recent post on misc@, OpenBSD project leader Theo de Raadt states...

OpenSSL is becoming a non-free software project, because the code from Sun contains licenses which invoke patent litigation; the licence on the new code basically builds a contract that says "if you use this code, you cannot sue Sun".

He goes on to say, 'once again, i think it is time to fork OpenSSL.' Thank you, Theo, for always making sure we will have 100% free software at our disposal and for standing by your stated goals."

[Headline redacted] Dotnaught writes "The question of whether British composer Mike Batt's "A Minute's Silence" on the "Classical Graffiti" CD (by The Planets) violated the copyright of John Cage's silent composition " 4'33" " has been resolved in an out-of-court settlement. Batt reportedly paid the John Cage Trust an "adequate sum" (whatever that is). On his site, Batt writes, 'We have now settled the matter of my artless plagiarism of John Cage's silence, by his publishers caving in and us winning! Why didn't I think of that before! We could have saved a lot of time and buggering about, although I must say, the struggle was one of the most amusing disputes I've ever , er, disputed.' Batt may yet have the last laugh. According to the New Yorker, Batt has been busy copyrighting chunks of silence of various lengths other than the four minutes, thirty-three seconds of silence owned by Cage."

Hey, does this guy really work for the government? In response to broadly worded news that the U.S. Department of the Interior was switching to an all-Microsoft computing infrastructure, security architect (and oftc.net honcho) D. Clyde Williamson fired off a well-phrased mail to Hord Tipton, Acting Chief Information Officer for the Department of the Interior. asking for clarification, and urging that the DOI consider advantages of not tying themselves completely to proprietary systems. Tipton's response (posted with his permission) is informative:

"Thanks for your views on the DOI's attempts to standardize operating systems. Whereas it is true we are moving towards enterprise approaches to desktops and operating systems, there will be as you suggest a heterogenous mix at the server level. We have not decided at this point to be 100% Microsoft although that discussion has been entertained. There are certain risks and efficiencies that must be considered regardless of the path taken.

Our major concern is interoperability and our current situation is all over the map. Thus standardization is an important step forward for us.

Thanks again for your views.

Hord Tipton
Department of the Interior"

Why relying on a single vendor for such an important aspect of the modern workplace is still considered an "enterprise approach" I'm not sure, but it is certainly true at many companies.

This discussion has been archived. No new comments can be posted.

Slashback: Encumbrance, Silence, Internalization

Comments Filter:
  • At the client level (Score:3, Informative)

    by Dancin_Santa ( 265275 ) <DancinSanta@gmail.com> on Tuesday September 24, 2002 @08:03PM (#4323729) Journal
    It makes a lot of sense to have everyone using the same operating system at the user level. Standardize the OS, disallow unapproved app, device, driver installation, and use an OS that doesn't require extensive training.

    Heh, you'd think they'd go with Mac.
    • by mmol_6453 ( 231450 ) <.moc.tenrg.liam. .ta. .tiucric.trohs.> on Tuesday September 24, 2002 @08:09PM (#4323766) Homepage Journal
      (And just to clarify your point)

      That's "at the user level."

      They're still leaving the door way open for running different types of servers.

      I'm rather impressed at the prompt response of a major player at the DOI. What with all the requests for press he's probably getting, he appears to have a great deal of store set in relatively private "public relations."

      Could someone give good, logical reasons? I'm seriously all ears.
    • by Anonvmous Coward ( 589068 ) on Tuesday September 24, 2002 @08:30PM (#4323880)
      "Heh, you'd think they'd go with Mac."

      I know you meant this sarcastically, but you inadvertently touched on an interesting point: The more interest you have with your computer, the more efficient you'll become with it.

      I'm really good with Windows. Always have been. But when I got my first job as an animator, they put me on an Alpha station running NT 3. (yes 3... or was it 3.52 or something like that? All I remember is that the interface resembled Windows 3.0, and I was used to 95.) My boss suggested I find some plugins for Lightwave and get them installed. But I was afraid to mess with this thing! Not only was the interface really different, but it also had an entirely different processor. If it had been NT4 (Umm.. not quite sure if NT4 was ready to go then...) I would have been pretty comfortable in playing with it. Why? Because I used Windows 95 at home and the interface was similar. I had a pretty good idea of what I could do with it and not feel like I'm going to break it.

      My point? Well, it's safe to assume most of the people there have a Wintel PC in their house. If the computers they use at work are Wintel as well, they'll be more comfy with it. No matter how good an OS is, it is difficult to support somebody who's unfamiliarity with their system makes them scared to mess with it.
      • Rightly or wrongly, I think many helpdesks would be happier with machines that users leave well alone!

        Much time, money and effort is often put into locking machines down and making sure the users are anything but comfy.

        Not that that's a reason to recommend one OS over another, but your point can be taken both ways.
      • No matter how good an OS is, it is difficult to support somebody who's unfamiliarity with their system makes them scared to mess with it.

        Back in the good old MS-DOS days, my High School had a Menu system in place on all their machines. (BTW, I heard their MS-DOS days only ended about 2 years ago :-) ) That menu system was incredibly simple. Use the arrow keys, or the mouse to highlight an option, then hit enter, or click the mouse, to run that option. Even if you've never seen a computer before, you could get on one of those systems, and instantly master the art of formatting disks, writing a document (plain text, with a line of instructions across the bottom), and too many things to name.

        Now, the question is, what made those systems so much easier to use than today's systems. Some will say complexity, but I don't think so. I believe that the lack of descriptive text is what kills the computer. I'm not sure who to blame, Xerox, Apple, Microsoft, but the model that was set, was coppied without question, and here we are today.

        So, when someone sits down at a new computer, the colorful icons, and arbitrary names mean nothing to them. It just happens that the more savvy among us may recognize the Netscape icon, and understand how we use it. To a newbie, it's no more descriptive than a red triangle icon labeled 'Fred' would be to you.

        So, my solution, as I've said it before and will say it again, is to include A LOT MORE TEXT in interfaces. Just imagine how easy it would be to use a new computer, with a desktop full of icons that explained themselves. At a glance, you would understand what to do with the lighthouse icon: "Double-Click To Look at Web Sites". (tooltips/baloons aren't the same, and don't work)

        How about GNOME & KDE? Their 'Start' buttons are just arbitrary pictures, that mean no more than anything else on the panel does (as shown by Sun Microsystems' GNOME UI study). Now if they had text below them that said "Main Menu", everyone would know right where to go.

        This isn't limited to window managers either. You just have to guess what a B might mean. Now, if word processors had "Bold Text" on the toolbar, anyone could figure it out in an instant. Icons are still important, as they make good shortcuts. If you know that bold has a blue square next to it, then finding the bold button is much quicker after repition.

        Of course, text does not automatically solve all problems. Take a look at menus. A "File" menu has misc stuff under it. What is needed, is logical organization, then some logical wording along with it. Obviously, a "Text" menu would be a very good start for a word processor.

        One other thing to end this rant... Another absolute DON'T is clearly illustrated by Windows. You should have only ONE WAY to do something. So, if you want to delete a file, going to File-Delete should be the end of it. (Keyboard shortcuts are exempt). If you tell someone how to do something, a different way then they have done it, they might think they are doing something entirely different: "No, I didn't 'delete' it, I 'removed' it."

        So, my point in all this, is simply that interface design is not an enigma, nor a price you have to pay to use a computer. It just seems that people design UIs as they've seen them designed. So, if someone was to make a GUI from scratch, keeping this, and other simple design considerations in mind, I'm convinced that a neanderthal could sit down, and almost instantly feel completely comfortable working on, configuring, and maintaining their system.
  • by Greyfox ( 87712 ) on Tuesday September 24, 2002 @08:06PM (#4323750) Homepage Journal
    The fact that you can copyright silence renders me speechless.

    But only for 2 minutes.

    • Are you sure those two minutes aren't copyrighted?
      • No; I'm pretty sure that it was actually a derivitive of my composition, "Twelve Minutes Without Connecting the Microphone." I'll have my lawyers contact him soon enough to arrange for a reasonable fee.
        • Sorry, but all of that work is derivitive work of my "3810 Minutes and 50 Seconds of Absolutely Nothing at All."

          Ok, its really just my spindle of 50 blank 74 minute CD-Rs.... But still, you all owe me a "reasonable fee!"
          • So, what did you have in mind ... couple million? That might leave you a dime or two when the vult^H^H^H^H lawyers take their cut.
          • I'm sorry, but I hae trumpted you all: I have "6048 Sad, Silent, Lonely Hours" under my name. (This is 36 weeks * 7 days * 24 hours BTW)
            • I'm sorry, but I hae trumpted you all: I have "6048 Sad, Silent, Lonely Hours" under my name. (This is 36 weeks * 7 days * 24 hours BTW)
              You seem to be infringing on my seminal work, The Song of the Universe: A Sixteen Billion Year Retrospective. I'm still looking for a publisher of the 105,193,000,000,000 80-minute CD set, so if you know anybody who's interested, let me know. It really starts off with a bang, and the next few hundred million years are a seething malestrom of pure energy, eventually resolving to a more sedate work. Your "Sad, Silent, Lonley Hours" seem to match a section of my work that started 137,518,824 years 15 weeks two days five hours ago (give or take a little).

              Chris Beckenbach

              (Is the horse dead yet?)

    • Re:I'm speechless (Score:3, Interesting)

      by phil reed ( 626 )
      You ought to know that the John Cage piece 4'33'', which is the length of the piece of silence, is actually made up of 3 movements of 30 seconds, 2 minutes 23 seconds, and 1 minute 40 seconds. The score consists of an appropriate number of pages of (empty) music, and the performer is to signal the end of each movement.


      A history and discussion of the piece can be found here. [mindspring.com]

  • by PD ( 9577 ) <slashdotlinux@pdrap.org> on Tuesday September 24, 2002 @08:10PM (#4323773) Homepage Journal
    I have copyrighted the act of NOT posting on Slashdot. If you don't post, you're in violation. If you don't post twice, you're OK. I haven't copyrighted that. As far as I know, that one's under the GNU copyleft.
  • He goes on to say, 'once again, i think it is time to fork OpenSSL.' Thank you, Theo, for always making sure we will have 100% free software at our disposal and for standing by your stated goals."

    So if Theo or any other 'major' player hadn't said Sun was making OpenSSL non-free and to fork it, we'd still use the Sun OpenSSL?

    • Well, you have a wonderfully obsecure way with words, so I'm guessing your meaning here.

      I would say 'yes'. I can come up with plenty of examples where an I.P. problem with a single portion of code resulted in a whole being on shaky legal ground.

      4.xBSD-lite & 386BSD comes to mind right away.
  • by spun ( 1352 )
    I have copyright on various lengths of passing gas. You may not issue a fart of 3, 4, or 7 seconds without violating my copyright.
  • by plcurechax ( 247883 ) on Tuesday September 24, 2002 @08:21PM (#4323835) Homepage
    In the cryptography [theaimsgroup.com] mailing list, it appears that Theo [theos.com] may not need to declare jihad on licenses he doesn't like.

    According to Ulf Möller there will be a patch made before the next release to isolate the ECC code in case of patent concerns. The ECC code can be included or excluded based on a configure flag like the present RC5 and IDEA algorithms which are still patented in various parts of the world.

    Apparently the patent claim is an additional [theaimsgroup.com] optional provision that companies can use the Sun code under a truce against lawsuits if they agree to not sue about ECC patent infrigement either.
    • by stebilad ( 186865 ) on Tuesday September 24, 2002 @11:42PM (#4324942) Homepage

      According to Ulf Möller there will be a patch made before the next release to isolate the ECC code in case of patent concerns. The ECC code can be included or excluded based on a configure flag like the present RC5 and IDEA algorithms which are still patented in various parts of the world.

      Compile-time flags already exist to turn on and off ECC code in OpenSSL - they are OPENSSL_NO_EC, OPENSSL_NO_ECDH, and OPENSSL_NO_ECDSA. Additionally, there's a compile-time flag to turn on or off the code that is allegedly encumbered by Sun patents and a compile-time flag to turn off code that might be encumbered by another company [certicom.com]'s patents.

      Furthermore, this is not new to OpenSSL nor to the crypto world in general. Lots of algorithms included in OpenSSL are covered by patents, RC5 and IDEA being prime examples. The OpenSSL license and most other open-source licenses only give you rights to copy and distribute the code, not necessarily to use it. Just as it was illegal to use RSA cryptography in the United States before Sept. 2000 without licensing it from RSA Security, so too is it illegal to use RC5 without licensing it. The OpenSSL license does not and cannot grant you those rights.

      The Sun provision is there to grant users additional rights. As the previous poster indicates, it allows you to use any algorithm that Sun has a patent on in the context of OpenSSL and be free from threat of patent infringement lawsuit provided you don't sue Sun over a related issue.

      Is it reasonable for Sun to ask you to not to sue them for code they gave away for free in return for not suing you? That's a business decision you make when you decide to use OpenSSL code.

      Is it reasonable for Sun to say you can use the encumbered code in the context of OpenSSL but not in other contexts (like a hardware accelerator)? Under US law, they've got the right to do that. Whether you agree with patents or not is a different argument.

  • Sympathy... (Score:4, Interesting)

    by Anonvmous Coward ( 589068 ) on Tuesday September 24, 2002 @08:22PM (#4323839)
    "We have not decided at this point to be 100% Microsoft although that discussion has been entertained. There are certain risks and efficiencies that must be considered regardless of the path taken."

    Like or hate their decision, anybody who's ever tried to print from a Linux box to a printer hosted on a Windows machine can sympathize. Technical superiority is fine and all, but ease of use has a larger impact on overall efficiency.
    • I think you are a little out of date. Recent versions of Samba + Cups make this trivial. What distribution / version are you using?

    • Its not hard at all to print to a dozen of windows boxes if you want to. Just put up a SMB printer proxy that relays the linux boxes to the windows boxes. That said i cant remember having seen anything in windows that makes printing from windows to a unix server easier either.

      In a network controlled by proffessionals such "problems" are nobrainers in comparison to security and stability. In linux ease of use is only limited by the administrators imagination.
      • Under 2000, there is the option to install 'Unix Printing'. A download gives 98 this feature as well. It will print directly via CUPS on port 631 of the machine in question.

    • Most companies have at most 5 printer models, and all of them accept Postscript.

      That point is really not valid at a corperation, though linux does have some drawbacks to other OS's, Windows only has the advantage of being "vaugly familar" (tell that to the gal who couldn't minimize windows I talked to earlier today..) with alot of driver support.

      In a corperate setting, especially ones that run *alot* of CITRIX, other solutions are (or at least should be) always being considered.

      To be quite honest, no one does anything except reghost a machine if it's more complex than "my printer is pointing to the wrong JetDirect box", so therefore the cost of support is how often does 1: the printer get redirected 2: how often do you need to reghost. There are no other costs for support client side (users are capable of handling prety much any windowing system with standard titlebars, so thats also fairly moot).

      The real benifit of other OS's is you can cleanly stop users from saving anything locally, this is a major advantage when it comes time for the next reghost and someone dosen't loose 5 hours worth of work.
      • You may be describing where you work quite well, but it doesn't match where I work. We have perhaps 40 printers, and on Windows, at least, there are a multitude of different drivers (10? more?) I suppose that they can all accept postscript, but that will usually result in the special features (which is why we got the special printer) not working. So the approach that you are proposing yields at best a kind of minimal common printer, which is good enough for me, but not for most of the people who work here (appearances are considered *quite* important!).

        Also, many of these printers just aren't visible to Linux systems at all. The Netware queues aren't useable, so one needs to use direct TCP/IP addressing, and not all of the printers have that capability/enabled. (JetDirect assumes one particular kind of connection, which is true for some of the printers, but not for others.) (I think we use a bit of CITRIX, but certainly not much!).

        Perhaps the sysadmin could change this. And only shared files go on the servers. (We keep running out of space.)

        Part of the reason for this is historic. (For years the network would go down at times for reasons that no one ever discovered. We eventually decided that it must have been a hardware problem, because at some point it just stopped happening [hard to pin down exactly] shortly after a round of upgrades. And we still don't know what was [occasionally] bad.) Anyway, so the users had to be at least minimally able to operate with the network down. And they still like that. But windows printer access depends on the Novell network. And on Linux, it appears necessary to use only those printers with TCP/IP active.
    • It only took me two clicks on the KDE printer wizard and I had mine working. Don't know what the heck you must have been doing......
      • "It only took me two clicks on the KDE printer wizard and I had mine working. Don't know what the heck you must have been doing......"

        Ah yes, the "My experience accounts for everybody's experiences" style of debate. Heh.
    • ... anybody who's ever tried to print from a Linux box to a printer hosted on a Windows machine can sympathize.
      FUD alert! I don't understand this at all. How long ago was this situation you're talking about? Under Mandrake 8.2 (and possibly other distributions) if you use "new lpr" as the print system, printtool or the "Control Center" will set up printing to Windows -- just type in a few parameters into a dialog.

  • The reply from the DOI pretty much says almost as much as the 4 minutes of silence that was being used as a PR toy.

    A "heterogenous mix at the server level." could simply mean a mix of NT2000, NT4 and XP. Although one could hope that it really means other manufacturer's systems as well, it doesn't have to.

    For the rest of it, it sounds like they still intend to force the desktop to pure MS.

  • by wfmcwalter ( 124904 ) on Tuesday September 24, 2002 @08:35PM (#4323904) Homepage
    Batt reportedly paid the John Cage Trust an "adequate sum" (whatever that is)
    Apparently Batt gave the Cage Trust a suitcase full of no money.

  • silence (Score:5, Insightful)

    by Satai ( 111172 ) on Tuesday September 24, 2002 @08:38PM (#4323924)
    Ok, this is important to me. Yeah, it sounds stupid that the suit was over silence - but what it really was about was that he credited Cage as an author and did not pay the estate. THAT caused the problem. Even Sonic Youth did a track of silence and didn't get sued - because they didn't have the cavalier audacity to credit someone else without checking the ramifications.

    So how about we stop making fun of the situation? Cage's estate isn't at fault here. That guy shouldn't pull such stupid shit.
    • Next Step: Outlaw all sarcastic humor.

      Watch out, Onion [theonion.com], you're on the hit list. Cuz' I'm pretty sure that Bush didn't actually threaten to invade the West Nile in response to the West Virus.

      Hello? Sarcasm? Where did that go?
    • ...because they didn't have the cavalier audacity to credit someone else without checking the ramifications.

      Excuse me? Let me get your reason straight here...

      It's okay for me to pinch something, so long as I don't give due credit? /Me thinks that's pretty damned twisted.

      My experience has been people are generally much happier with you if you DO give them credit for something they came up with. Usually it gets nasty when you try to pass their idea off as your own.

      Don't get my wrong, the idea that you can copyright silence is ridiculous. Your statement strikes me as even more so.

  • You should all be thankful to the /. lameness filter that filters out empty posts otherwise you'll all be in violation!
  • Batt's settlement (Score:4, Informative)

    by rsidd ( 6328 ) on Tuesday September 24, 2002 @09:33PM (#4324166)
    Batt reportedly paid the John Cage Trust an "adequate sum" (whatever that is).

    He paid them a six figure sum. [bbc.co.uk]

  • enterprise approach (Score:3, Informative)

    by novarese ( 24280 ) on Tuesday September 24, 2002 @09:39PM (#4324202) Journal
    Why relying on a single vendor for such an important aspect of the modern workplace is still considered an "enterprise approach" I'm not sure, but it is certainly true at many companies.

    Ah, grasshopper, you've just labeled yourself a novice. The reason you're not sure why that's considered an enterprise approach is that you have no experience with enterprise-class operations. You can get a vendor to agree to all kinds of massive price reductions on hardware and, more-importantly, the margin-laden services contracts, by agreeing to standardize your entire operation around their products.

  • by nerdsv650 ( 175205 ) <nerdsdNO@SPAMnerdy1.com> on Tuesday September 24, 2002 @10:27PM (#4324509) Homepage
    It would be amusing if he tried to copyright 18:22 of silence, if I rightly recall that is about the length of silence on the Nixon tapes. Of course I doubt that Richard's estate would have the gumption to go after anyone on this .

    -michael

  • by geoswan ( 316494 ) on Tuesday September 24, 2002 @10:35PM (#4324566) Journal
    Cage's work, 4'33", gets performed! Who'd have thought it?

    Here is an account [ncl.ac.uk] of an attempted broadcast of a performance that appeared in the RISKS digest [ncl.ac.uk] in 1992.

    On Peter Ross's ABC-TV arts show on Sunday Afternoon, the avant garde composer John Cage was featured performing his 4'33". It consists of the performer(s), armed with a stopwatch, sitting silently on stage for four minutes 33 seconds, with the music consisting of whatever noises come from the audience or outside the auditorium. The TV performance went well, but the ABC was caught out by technology - a fail-safe device turns off studio transmission if there's more than 90 seconds of silence, and puts up a test pattern. It went into operation three times during the performance.

    • by EvanED ( 569694 ) <evaned.gmail@com> on Tuesday September 24, 2002 @11:28PM (#4324857)
      I've read an account (I can't find it now though) of a performance in a college music building. Normall not a problem. However, withoput any noise, it was possible to hear this one person trying to practice the piano. Quite often he'd goof up, and start to swear. Of course, all this was audible to the audience.

      But the 90 seconds of silence thing reminds me of when I'm watching TV on my computer (Hauppauge card) and the screensaver comes on; it's very annoying.
    • ...a fail-safe device turns off studio transmission if there's more than 90 seconds of silence

      Don't be so easily fooled. It's the RIAA's early implementation of DRM. The transmission equipment knew that the studio hadn't paid for the silence, and it automatically became un-trusted content and was blocked.

  • by istartedi ( 132515 ) on Tuesday September 24, 2002 @10:57PM (#4324689) Journal

    Get Your Silence Now. You'd better move quickly. Time is running out. Most of the coveted 3 and 4 decimal place silences are gone, and 5 decimal place silences are rapidly filling. For just $50 I will reserve your period of silence for a year, or if you choose you can reserve for 2 years for $70. I also provide silence parking for just $5 extra. Ask me about silence hosting, dedicated silence, and full or fractional T-zero service. Don't delay. Today's business demands silence.

  • Victory? (Score:5, Funny)

    by Alsee ( 515537 ) on Wednesday September 25, 2002 @03:16AM (#4325745) Homepage
    Mike Batt paid a 6 figure settlement for violating the copyright on silence. Both sides claim victory. (Don't you just love when both sides in a lawsuit claim victory?)

    Well, in honor of this (ahem) victory, I hereby release my own piece entitled "23 Microseconds of Silence". I would also like to credit John Cage and Mike Batt.

    "23 Microsecods of Silence" is a 44khz .RAW audio file. The file length is 0.001 kilobytes. It consists of a solitary zero. If you would preffer to listen to "23 Microsecods of Silence" in stereo simply make a two byte file containing two zeros.

    As an added bonus you can also hear the 1 minute DJ remix by playing the file at 16.7 millihertz, and the 4 minute 33 second dance mix by playing the file at 3.7 millihertz.

    P.S.
    I strongly suspect I have just composed and implicitly copyrighted the shortest piece of music in history.

    -
  • Miranda Warning [yahooligans.com]
    1. You have the right to remain silent and refuse to answer any questions.
    2. Anything you say may be used against you in a court of law.
    3. ...etc.
  • by zdzichu ( 100333 )
    Despite fact OpenSSL is so widely used, there exist a project to make GPLed replacement for it - GNU Transport Layer Security Library [gnu.org].

    It is useful for all those people, for whom BSD license is not enough free. I think that TLS (the new name for SSL, BTW) library is mandatory for GNU/Operating System. And because of GNU it has to be GPLed - now it means reimplemented from scratch.
    I also fear, that it will be binary incompatible with OpenSSL - if so, it wouldn't gain popularity. It should be drop-in replacement.

    But we will see - right now you can test it [gnutls.org] or go and help developing this crypto library.
  • I pointed out OpenBSD's concerns with OpenSSL on the NetBSD security list, and later summarised the points being made by Theo and others. The subsequent debate highlighted the fact that this is not a copyright issue, but a patent covenant one, and that Theo et. al. had misunderstood the purpose of Suns comments.

    The hope is that the Sun code will be moved into a dedicated directory, as has been done with the problematic idea code. Then the code can be omitted when building binary packages for release. The source can be shipped with the offending code, and the end user can recompile OpenSSL to add it back in if the patent covenant is not an issue for them.

    See the NetBSD mail archives at http://mail-index.netbsd.org/tech-security/2002/09 / for details.

    Chris

  • Would less than 10 seconds of silence be fair use?

When it is not necessary to make a decision, it is necessary not to make a decision.

Working...