For what it may worth, and without entering into a religious war:
The organization for which I work (a governmental agency) uses Debian in all the Linux servers except one (running RH) including some that run Websphere and Tivoli; in all workstations running Linux; and in a partition of the z900 mainframe (under VM). Our Linux policy is , more or less: ``we run Debian. If you, dear vendor, don't support it, we don't want your stuff.''
Our Linux servers run lots of software: sendmail, Apache, CVS, JBoss, Tomcat, Nagios, PostgreSQL, MySQL...
Our decision was based on having better control on updates/upgrades through our own intranet Debian mirror and some nice home-developed tools for controlling the remote workstations. Of course, YMMV.
Yes. Of course! But the issue is that when cryptographers speak of `collissions', they point to collissions in the hashing function that turn the task of finding a collission easier (in computational terms) than it should be according to probability. E.g., in this case:
SHA-0 gives 160-bit-long hashes;
For having a probability better than 0.5 of finding a collission, you should need 2**80 operations (due to birthday paradox) for finding two random messages mapping to the same hash; and 2**159 operations for finding a message mapping to the same hash than a certain message.
These guys have discovered collissions into the hashing function, making the task as easy as 2**51 operations.
Governments should choose the best software for the job, period.
YES. No doubt. But... since when the license is not part of the equation? Any government must weigh the pros and cons of having their hands and feet tied by an abusive license, their data hijacked in arcane formats, and no possibility of finding if the software they're using has backdoors or subliminal channels. All these factors are fundamental issues when considering which software is `the best for the job'.
BTW, did you know that the crypto code in (some?) Microsoft's products is reviewed by the NSA and sent back as object code to MS to be included in the products? The news, published in the online CyberPais edition of the Spanish newspaper El Pais as part of an interview with a cryptographer that used to work for MS, has never been denied neither by MS nor by the NSA. The site is by subscription only, but you can find a copy of the interview (in Spanish) here.
IANAL, and not an US citizen either. So may be the US laws regarding elections are quite diferent from those in other countries. But i wonder if this initiative is sustainable on constitutional grounds.
Strict equality (``one man one vote'', and equal accesibitlity of all citizens to the right of voting) is the basis of all democratic systems. Assuming the U.S. is one of these, having to pay for an O.S. to a certain software company for issuing a vote doesn't seem to hold on that basis.
Besides the TPC benchmark for clustered machines, already mentioned in other posts, there is also a result for a non-clustered machine, HP rx5670 (4 Itaniums 2.1GHz) with Oracle 10i. Same performance than hp/ux on the same platform, at a fraction of the cost. See both results here and here
A gross historical mistake, seen on the Forbes' slideshow:
1954 -- Telstar The first commercial communications satellite is launched ... Three full years before the launch of the first Sputnik (as everybody knows, the first satellite).
A confusing approach: sometimes the "idea" is seen as the first theorethical approach to the problem (as cellphones) and sometimes as the first practical technology (videotape decks).
An many ommisions: if satellites are in fact a bright idea... shouldn't Forbes quote Arthur Clarke's invention of the geosynchronous satellite?? (Wireless World, August 1945)
Oh, well! If History is taught in the U.S. as Forbes' "historians" show it, no wonder why Americans are so unaware of the world's reality.
Besides the problems posed by the identification/ authentication/ authorization triad (often and pitifully confused, but definitely not the same thing), there are no current practical means to conduct an election with large number of voters over the internet (or any network, BTW) with the required assurances: registration, non-individualization, no anticipate results, etc. Most efficient protocol for internet voting is said to be practical for up to 100000 voters (but no empirical evidence exists).
I would really appreciate one (just one) example of two competing applications (one free, the other proprietary) with the same functional features, where the proprietary one is the "best solution".
For this, please take into account that: (a) open formats for storage and transmission of data; (b) assurance of the non-existance of back doors or spy code; and (c) ability to modify the application to suit it to user needsm must be part of the solution.
Despite Tim O'Reilly is confusing (deliberately or not) individual freedom with government responsibilities, let's think about his own words:
Tim O'Reilly's "version of Freedom zero" is: "the freedom to offer your work to the world on the terms that you choose, and for the recipients to accept or reject those terms."
Consistenly with that, governments (as an entity) should be free to accept the license they see more fit to protect the rights of the citizens. Since only availability of source code, free inspection and open standards are compatible with those rights, a government exercises freedom of choice when choosing Free software. Therefore, O'Reilly is contradicting his own words.
for all the information security community. Some of the probable effects have already been discussed in other postings:
Would we believe the seriousness of virus threat anouncements? (BTW, please see the interesting musings of Bruce Schneier in the last issue of CRYPTO-GRAM.
Would we believe in the security of Symantec's products?
Would Symantec take advantage of first hand information before releasing it to public knowledge?
Even if bugtraq keeps its objectivity (and what a big "if" is that!), doubt will ever remain. A critical resource for the security community has been lost, at least because of the lack of credibility in the new owners.
In my previous post, I said Except Mr. Hamilton's talkings, which were not recorded AFAIK, there is written evidence of all the facts stated above. But during his TV program on the night of July 16, Cesar Hildebrandt, one of the most respected (and feared) Peruvian journalists, showed and read a letter purportedly signed by U.S.Ambassador Hamilton, adressed to the President of the Congress.
The letter would have been sent in mid-June, five days after the drafting of the opinion in favor of the Bill by the Committee on Consumer Affairs of the Congress. In the excerpts Mr. Hildebrandt read, Mr. Hamilton states the "concerns" of the U.S. government about the proposed bill which, if passed, would favor "open source software" and harm "patented software". An aide-memoire from Microsoft Corp. is enclosed to the letter. Such aide-memoire repeats the well known (and better refuted) Microsoft's arguments against the Bill.
Hopefully, a transcript of the letter will be available soon. Video from Mr. Hildebrandt's program will be posted (probably today) in Peruvian Linux Users Group site.
Sure, there is development work on it. But even assuming that Office takes a fair share of all M$ expenditure in R&D, which means assuming that there is no dead-end R&D (blatantly false assertion), cost of Office is 10 pct or less of average sales price, which BTW is less than standard street price. You can figure out the same conclusions by reading Micro$oft's financial statements.
Their website defines them as "The American Chamber of Commerce of Peru (AmCham Peru) is an organization that represents Peruvian and foreign companies, advocates and promotes the free-market economy, and strengthens trade, investment and exchange between Peru and the United States within a framework of social responsibility, values and business ethics.
BTW, their website (IIS powered) stinks. They seem to be unable to correctly program ASP.
It is quite curious to know from their mission statement that one of their goals is 6. To promote the existence and development of free enterprise and competition. Why are they lobbying against free competition and on behalf of a convicted monopolist?
I'm not currently authorized to reveal my sources, but have some first hand information about the events surrounding Peru/MS case that could help to clarify things a little bit. The process of countering Dr. Villanueva's bill had several escalation steps; some of them saw the light, and some others didn't. I guess it's time to tell what I know.
Dec 14 2001 - Dr. Villanueva introduces the Bill.
Mar 06 2002 - Public Forum in the House of Congress (attendance > 500), chaired by the President of the Congress.
Mar 08 2002 - Universidad Nacional de Tumbes, a public university in Northwestern Peru, communicate their official support to the bill.
Mar 19 2002 - First counterattack: the Peruvian Software Producers Association (APESOFT)'s Chairman objections to the proposed Bill in "Gestion", a local newspaper.
Mar 20 2002 - Reply by Dr. Villanueva, in the same newspaper
Mar 25 2002 - Second counterattack - The now infamous letter of MS-Peru's General Manager to Dr. Villanueva
Apr 08 2002 - The well known reply of Dr. Villanueva
May 20 2002 - Universidad Nacional de Ingenieria (second largest public university in Peru, specialized in engineering and science) gives official support to the Bill.
May 27 2002 - Third counterattack - The American Chamber of Commerce of Peru (AmCham) sends a letter to the President of the Congress, opposing the bill. Same arguments as MS ones, plus some diplomatic threats as "...negative signals to private investments..." and Godzilla will eat our children.
Jun 07 2002 - Dr. Villanueva replies AmCham's letter.
Jun ?? 2002 - Fourth counterattack - Conversations, informal talks and "occasional meetings" of U.S. Ambassador Hamilton wih several high-ranked Peruvian officials, reminding them the dangers of approving the Bill.
Jun 11 2002 - Fifth counterattack - Letter from the Prime Minister, enclosing a memo of the head of the e-government project objectioning the bill. Same arguments as MS ones, plus "...negative impact in the process of renewing the APTA (Andean Trade Preference Agreement", plus the usual seven plagues of Egypt. Mr. Bermudez, the e-government guy, is known as being closely related to MS. Mr. Dañino, the former Prime Minister, is a lawyer whose law firm has MS-Peru as one of its most prominent clients
Jun 25 2002 - Universidad Nacional Mayor de San Marcos (the largest public university in Peru and the oldest in America [est. 1551]) gives official support to the Bill.
Jul 15 2002 - Sixth Counterattack - President Toledo's pilgrimage to Seattle, to receive the 30 coins (or less) from the hands of Mr. Gates
Except Mr. Hamilton's talkings, which were not recorded AFAIK, there is written evidence of all the facts stated above.
In addition, let me point out that, if Microsoft is pricing its consulting services at the same rate it did for their agreement with the Chilean Ministry of Education, the $550K
"donation" means just 5000 person/hours of consulting.
MS's statement could be valid in the US, but is definitely illegal in other countries. The European Software Directive (91/250/EEC of 14 May 1991 clearly states: Article 6 Decompilation: 1. The authorization of the rightholder shall not be required where reproduction of the code and translation of its form within the meaning of Article 4 (a) and (b) are indispensable to obtain the information necessary to achieve the interoperability of an independently created computer program with other programs, provided that the following conditions are met: (a) these acts are performed by the licensee or by another person having a right to use a copy of a program, or on their behalf by a person authorized to to so; (b) the information necessary to achieve interoperability has not previously been readily available to the persons referred to in subparagraph (a); and (c) these acts are confined to the parts of the original program which are necessary to achieve interoperability. Full text of the Directive in http://europa.eu.int/eur-lex/en/lif/dat/1991/en_39 1L0250.html
It is also of dubious enforceability in countries like mine (Argentina) where software patents are fobidden by law. For something being patentable, it must be an ``invention'', and software is not considered an invention as per Article 6.c) of Law No. 24481
Slashdot Mirror
For what it may worth, and without entering into a religious war:
The organization for which I work (a governmental agency) uses Debian in all the Linux servers except one (running RH) including some that run Websphere and Tivoli; in all workstations running Linux; and in a partition of the z900 mainframe (under VM). Our Linux policy is , more or less: ``we run Debian. If you, dear vendor, don't support it, we don't want your stuff.''
Our Linux servers run lots of software: sendmail, Apache, CVS, JBoss, Tomcat, Nagios, PostgreSQL, MySQL...
Our decision was based on having better control on updates/upgrades through our own intranet Debian mirror and some nice home-developed tools for controlling the remote workstations. Of course, YMMV.
But the issue is that when cryptographers speak of `collissions', they point to collissions in the hashing function that turn the task of finding a collission easier (in computational terms) than it should be according to probability. E.g., in this case:
YES. No doubt. But... since when the license is not part of the equation? Any government must weigh the pros and cons of having their hands and feet tied by an abusive license, their data hijacked in arcane formats, and no possibility of finding if the software they're using has backdoors or subliminal channels. All these factors are fundamental issues when considering which software is `the best for the job'.
BTW, did you know that the crypto code in (some?) Microsoft's products is reviewed by the NSA and sent back as object code to MS to be included in the products? The news, published in the online CyberPais edition of the Spanish newspaper El Pais as part of an interview with a cryptographer that used to work for MS, has never been denied neither by MS nor by the NSA. The site is by subscription only, but you can find a copy of the interview (in Spanish) here.
IANAL, and not an US citizen either. So may be the US laws regarding elections are quite diferent from those in other countries. But i wonder if this initiative is sustainable on constitutional grounds.
Strict equality (``one man one vote'', and equal accesibitlity of all citizens to the right of voting) is the basis of all democratic systems. Assuming the U.S. is one of these, having to pay for an O.S. to a certain software company for issuing a vote doesn't seem to hold on that basis.
Neither do:
Dynix/PTX (Sequent)
MP/RAS (NCR/Teradata)
Reliant (Siemens Nixdorf)
What kind of moron wrote the technical parts of their complaint?
Besides the TPC benchmark for clustered machines, already mentioned in other posts, there is also a result for a non-clustered machine, HP rx5670 (4 Itaniums 2.1GHz) with Oracle 10i. Same performance than hp/ux on the same platform, at a fraction of the cost. See both results here and here
1954 -- Telstar The first commercial communications satellite is launched
Oh, well! If History is taught in the U.S. as Forbes' "historians" show it, no wonder why Americans are so unaware of the world's reality.
Seen on IDG.net: "IDC's findings, published Monday in a study commissioned by Microsoft Corp....."
'Nuff said.
Besides the problems posed by the identification/ authentication/ authorization triad (often and pitifully confused, but definitely not the same thing), there are no current practical means to conduct an election with large number of voters over the internet (or any network, BTW) with the required assurances: registration, non-individualization, no anticipate results, etc. Most efficient protocol for internet voting is said to be practical for up to 100000 voters (but no empirical evidence exists).
I would really appreciate one (just one) example of two competing applications (one free, the other proprietary) with the same functional features, where the proprietary one is the "best solution".
For this, please take into account that: (a) open formats for storage and transmission of data; (b) assurance of the non-existance of back doors or spy code; and (c) ability to modify the application to suit it to user needsm must be part of the solution.
Despite Tim O'Reilly is confusing (deliberately or not) individual freedom with government responsibilities, let's think about his own words:
Tim O'Reilly's "version of Freedom zero" is: "the freedom to offer your work to the world on the terms that you choose, and for the recipients to accept or reject those terms."
Consistenly with that, governments (as an entity) should be free to accept the license they see more fit to protect the rights of the citizens. Since only availability of source code, free inspection and open standards are compatible with those rights, a government exercises freedom of choice when choosing Free software. Therefore, O'Reilly is contradicting his own words.
- Would we believe the seriousness of virus threat anouncements? (BTW, please see the interesting musings of Bruce Schneier in the last issue of CRYPTO-GRAM.
- Would we believe in the security of Symantec's products?
- Would Symantec take advantage of first hand information before releasing it to public knowledge?
Even if bugtraq keeps its objectivity (and what a big "if" is that!), doubt will ever remain. A critical resource for the security community has been lost, at least because of the lack of credibility in the new owners.In my previous post, I said Except Mr. Hamilton's talkings, which were not recorded AFAIK, there is written evidence of all the facts stated above. But during his TV program on the night of July 16, Cesar Hildebrandt, one of the most respected (and feared) Peruvian journalists, showed and read a letter purportedly signed by U.S.Ambassador Hamilton, adressed to the President of the Congress.
The letter would have been sent in mid-June, five days after the drafting of the opinion in favor of the Bill by the Committee on Consumer Affairs of the Congress. In the excerpts Mr. Hildebrandt read, Mr. Hamilton states the "concerns" of the U.S. government about the proposed bill which, if passed, would favor "open source software" and harm "patented software". An aide-memoire from Microsoft Corp. is enclosed to the letter. Such aide-memoire repeats the well known (and better refuted) Microsoft's arguments against the Bill.
Hopefully, a transcript of the letter will be available soon. Video from Mr. Hildebrandt's program will be posted (probably today) in Peruvian Linux Users Group site.
Sure, there is development work on it. But even assuming that Office takes a fair share of all M$ expenditure in R&D, which means assuming that there is no dead-end R&D (blatantly false assertion), cost of Office is 10 pct or less of average sales price, which BTW is less than standard street price. You can figure out the same conclusions by reading Micro$oft's financial statements.
Their website defines them as "The American Chamber of Commerce of Peru (AmCham Peru) is an organization that represents Peruvian and foreign companies, advocates and promotes the free-market economy, and strengthens trade, investment and exchange between Peru and the United States within a framework of social responsibility, values and business ethics.
BTW, their website (IIS powered) stinks. They seem to be unable to correctly program ASP.
It is quite curious to know from their mission statement that one of their goals is 6. To promote the existence and development of free enterprise and competition. Why are they lobbying against free competition and on behalf of a convicted monopolist?
Except Mr. Hamilton's talkings, which were not recorded AFAIK, there is written evidence of all the facts stated above.
In addition, let me point out that, if Microsoft is pricing its consulting services at the same rate it did for their agreement with the Chilean Ministry of Education, the $550K "donation" means just 5000 person/hours of consulting.
MS's statement could be valid in the US, but is definitely illegal in other countries. The European Software Directive (91/250/EEC of 14 May 1991 clearly states: Article 6 Decompilation:9 1L0250.html
1. The authorization of the rightholder shall not be required where reproduction of the code and translation of its form within the meaning of Article 4 (a) and (b) are indispensable to obtain the information necessary to achieve the interoperability of an independently created computer program with other programs, provided that the following conditions are met:
(a) these acts are performed by the licensee or by another person having a right to use a copy of a program, or on their behalf by a person authorized to to so;
(b) the information necessary to achieve interoperability has not previously been readily available to the persons referred to in subparagraph (a); and (c) these acts are confined to the parts of the original program which are necessary to achieve interoperability.
Full text of the Directive in http://europa.eu.int/eur-lex/en/lif/dat/1991/en_3
It is also of dubious enforceability in countries like mine (Argentina) where software patents are fobidden by law. For something being patentable, it must be an ``invention'', and software is not considered an invention as per Article 6.c) of Law No. 24481