Slashdot Mirror
Slashback: Encumbrance, Silence, Internalization
Different folks, different contributions Dr. Sheueling Chang-Shantz writes:
"Hello, I am the lead researcher/developer of the ECC project at Sun Microsystems Laboratories. I appreciate very much the news you posted on Slashdot regarding 'OpenSSL Gets Cryptography Gift From Sun.'However, your wordings "Sun Microsystems has donated ... developed by Whitfield Diffie ..." seems to be causing some confusion on Slashdot forum. It gave the wrong interpretation that Whit has invented ECC. Sun is definitely making no attempt to claim that Whitfield Diffie has invented the Elliptic Curve Cryptosystem. Technically, neither has Whitfield Diffie developed the ECC technology that Sun has donated to the OpenSSL project recently.
I would appreciate it if you could correct the news before too late.
For clarification, Elliptic curve cryptography was independently invented by Neal Koblitz, Professor of Mathematics at the University of Washington and Victor Miller who was then at IBM.
Whitfield Diffie is Sun's chief security officer who co-invented Diffie-Helman public-key cryptography."
We now go north of the border ...
And further on the topic of that donation by Sun, friscolr writes "In a recent post on misc@, OpenBSD project leader Theo de Raadt states...
OpenSSL is becoming a non-free software project, because the code from Sun contains licenses which invoke patent litigation; the licence on the new code basically builds a contract that says "if you use this code, you cannot sue Sun".
He goes on to say, 'once again, i think it is time to fork OpenSSL.' Thank you, Theo, for always making sure we will have 100% free software at our disposal and for standing by your stated goals."
[Headline redacted] Dotnaught writes "The question of whether British composer Mike Batt's "A Minute's Silence" on the "Classical Graffiti" CD (by The Planets) violated the copyright of John Cage's silent composition " 4'33" " has been resolved in an out-of-court settlement. Batt reportedly paid the John Cage Trust an "adequate sum" (whatever that is). On his site, Batt writes, 'We have now settled the matter of my artless plagiarism of John Cage's silence, by his publishers caving in and us winning! Why didn't I think of that before! We could have saved a lot of time and buggering about, although I must say, the struggle was one of the most amusing disputes I've ever , er, disputed.' Batt may yet have the last laugh. According to the New Yorker, Batt has been busy copyrighting chunks of silence of various lengths other than the four minutes, thirty-three seconds of silence owned by Cage."
Hey, does this guy really work for the government? In response to broadly worded news that the U.S. Department of the Interior was switching to an all-Microsoft computing infrastructure, security architect (and oftc.net honcho) D. Clyde Williamson fired off a well-phrased mail to Hord Tipton, Acting Chief Information Officer for the Department of the Interior. asking for clarification, and urging that the DOI consider advantages of not tying themselves completely to proprietary systems. Tipton's response (posted with his permission) is informative:
"Thanks for your views on the DOI's attempts to standardize operating systems. Whereas it is true we are moving towards enterprise approaches to desktops and operating systems, there will be as you suggest a heterogenous mix at the server level. We have not decided at this point to be 100% Microsoft although that discussion has been entertained. There are certain risks and efficiencies that must be considered regardless of the path taken.Our major concern is interoperability and our current situation is all over the map. Thus standardization is an important step forward for us.
Thanks again for your views.
Hord Tipton
Department of the Interior"
Why relying on a single vendor for such an important aspect of the modern workplace is still considered an "enterprise approach" I'm not sure, but it is certainly true at many companies.
So if Theo or any other 'major' player hadn't said Sun was making OpenSSL non-free and to fork it, we'd still use the Sun OpenSSL?
Right on! They should be 100% *nix! Why don't they see the light?
Facetiousness aside, they're considering it because they should investigate all the alternatives. 100% MS is a viable option, albeit a poor and risky choice for most applications, but a choice nonetheless. One should investigate all the alternatives before coming to a conclusion.
Yes, but he was arguing for interoperability, not consistency. I'm all for consistency, whether it be M$ or *nix. Of course there are advantages to a homogenous environment, but if you go homogenous Microsoft, you're tied to Microsoft, period.
If you run *nix, you can use NFS or a variety of new network filesystems. If you run Windows, you get SMB. But wait -- there's Samba for *nix that lets Windows speak its own little proprietary protocol and interoperate with *nix servers. *nix can speak Windows, but not vice versa.
If you run everything on Apache, you can host your sites on Linux, Windows, Solaris, FreeBSD, what-have-you on a variety of different architectures. If you host on IIS, you're stuck with Windows and the very limited number of platforms it supports. Apache runs on Windows, IIS does not run on *nix.
If you write your website in PHP, you can use it on a variety of Unicies on a variety of different platforms. If you write for ASP dot NET, you're stuck to Windows 2000+ on x86 (and whatever else Redmond feels like supporting). You can run PHP on Windows, but not vice versa.
So... tell me, which is the more flexible solution? Which delivers more interoperability? The open, freely extendable system or the closed and proprietary one? That's why I pointed this out as a no-brainer; it is.
(And yes, I know about Microsoft's UNIX tools, but it's a moot point.)
"Heh, you'd think they'd go with Mac."
I know you meant this sarcastically, but you inadvertently touched on an interesting point: The more interest you have with your computer, the more efficient you'll become with it.
I'm really good with Windows. Always have been. But when I got my first job as an animator, they put me on an Alpha station running NT 3. (yes 3... or was it 3.52 or something like that? All I remember is that the interface resembled Windows 3.0, and I was used to 95.) My boss suggested I find some plugins for Lightwave and get them installed. But I was afraid to mess with this thing! Not only was the interface really different, but it also had an entirely different processor. If it had been NT4 (Umm.. not quite sure if NT4 was ready to go then...) I would have been pretty comfortable in playing with it. Why? Because I used Windows 95 at home and the interface was similar. I had a pretty good idea of what I could do with it and not feel like I'm going to break it.
My point? Well, it's safe to assume most of the people there have a Wintel PC in their house. If the computers they use at work are Wintel as well, they'll be more comfy with it. No matter how good an OS is, it is difficult to support somebody who's unfamiliarity with their system makes them scared to mess with it.
What with all the requests for press he's probably getting,
Ah, yes, another $la$hdot [see how the use of "$" as a substitute for "s" instantly diminishes credibility?] user who overestimates the "gives-a-shit" factor. You think the mainstream press really gives a shit about this?
Do you think Larry King, Bill O'Reilly, Tim Russert, George Stephanopolous, Chris Matthews or any of the talking heads care in the slightest about this?
One of these days you Linux zealots will come to realize that nobody (besides the GNU/Linux fanboys) is outraged over Microsoft's unfair exploitation of its monopoly power--and the sooner that occurs, the better.
Go ahead, mod me down. But it won't make my comments any less valid.
Ok, this is important to me. Yeah, it sounds stupid that the suit was over silence - but what it really was about was that he credited Cage as an author and did not pay the estate. THAT caused the problem. Even Sonic Youth did a track of silence and didn't get sued - because they didn't have the cavalier audacity to credit someone else without checking the ramifications.
So how about we stop making fun of the situation? Cage's estate isn't at fault here. That guy shouldn't pull such stupid shit.
According to Ulf Möller there will be a patch made before the next release to isolate the ECC code in case of patent concerns. The ECC code can be included or excluded based on a configure flag like the present RC5 and IDEA algorithms which are still patented in various parts of the world.
Compile-time flags already exist to turn on and off ECC code in OpenSSL - they are OPENSSL_NO_EC, OPENSSL_NO_ECDH, and OPENSSL_NO_ECDSA. Additionally, there's a compile-time flag to turn on or off the code that is allegedly encumbered by Sun patents and a compile-time flag to turn off code that might be encumbered by another company's patents.
Furthermore, this is not new to OpenSSL nor to the crypto world in general. Lots of algorithms included in OpenSSL are covered by patents, RC5 and IDEA being prime examples. The OpenSSL license and most other open-source licenses only give you rights to copy and distribute the code, not necessarily to use it. Just as it was illegal to use RSA cryptography in the United States before Sept. 2000 without licensing it from RSA Security, so too is it illegal to use RC5 without licensing it. The OpenSSL license does not and cannot grant you those rights.
The Sun provision is there to grant users additional rights. As the previous poster indicates, it allows you to use any algorithm that Sun has a patent on in the context of OpenSSL and be free from threat of patent infringement lawsuit provided you don't sue Sun over a related issue.
Is it reasonable for Sun to ask you to not to sue them for code they gave away for free in return for not suing you? That's a business decision you make when you decide to use OpenSSL code.
Is it reasonable for Sun to say you can use the encumbered code in the context of OpenSSL but not in other contexts (like a hardware accelerator)? Under US law, they've got the right to do that. Whether you agree with patents or not is a different argument.
He had created a pseudonym previously as a Cage with a different first name, that was who the song was co-credited to. The fact that the last name was all that appeared by the song title was just a labeling artifact.