Very unlikely. No-one says the QPL is not open source, the only complaint is that some allege it is incompatible with the GPL. If that is so, then it is KDE and not Trolltech who are violating the GPL.
Personally I think Erik is right: there is no GPL violation involved. Still, I really don't understand why Trolltech don't release Qt under the GPL if the aim is to stop their code being used in closed-source products: that is precisely what the GPL is supposed to achieve.
This is also purely legal hairsplitting. Surely no-one objects on moral grounds to linking two pieces of open source code together!
Maglev train: aren't the Japanese the only people who have invested in this? Deutsche Bahn might not be perfect, but they're a damn sight better than Amtrak.
Turkish human rights are appalling, quite as bad as Iraq. Turkey has refused to make effective promises that the military hardware will not be used against Kurds. The US is not interested in Turkish human rights violations, because of Turkey's importance to their Mid. East strategy. I rather hope that being pro-technology does not require one to be pro-genocide:-I guess a point I should have made is that German high school is really excellent. The failure of German higher education is that they work with great human material, spend a long time on it (many British scientists have PhDs younger than Germans finish their first degree), and still fail to provide a first-rate education. Enthusiasm amongst German faculty is definitely poorer than in the US. Still, respect for academic standards is very high in Germany, I think better than the US, though that's a judgement call.
I'm unconvinced about the claim that Germany's long-term finances are in a mess. The problem they face is a shrinking population, which is a demographic problem that hits privatised pension schemes just as hard as public schemes (because a big retirement population realising their investments will cause a downwards pressure on prices). A demographic problem calls for a demographic solution: higher immigration.
Bavaria is Germany's best performing region economically, but the rest is a mixed bag. Culturally, it's very conservative. The Oktoberfest are at best a mixed blessing: who wants 1 million foreigners puking in your front garden? Food is great though, as is the beer (though my preference is for the North German stuff).
Hmmm... As a Brit, I find Germans far less conservative than Americans. Well, these things are pretty hard to be objective about, I guess. Plusses for Berlin in my experience:
Superb public transport. I can drive, but I prefer not to have to.
Really active and exciting social scene. Lots of big, fun events. Music is truly superb, for classical (Simon Rattle conducts the Berlin Philharmonic), ethnic/world and techno (perhaps the techno capital of the world?). Germans value their free time highly, this makes a big difference to ones social life.
I'm living in Boston, so the weather would be an improvement for me...
Surprisingly, there is overcapacity in housing at the moment in Berlin, so accomodation is pretty cheap at the moment, despite the influx of bureaucrats. This cannot last, though.
Politically liberal, good privacy safeguards in law. Most varieties of pilitical activism are healthier in Germany than in US, libertarianism being the notable exception. Germans seem more willing to embrace different lifestyles than Americans (and far, far more likely than Brits...).
Beer is wonderful, second only to Yorkshire, UK;->
And some minusses:
Germany is pretty sophisticated tech-wise by European standards, but it dfinitely lags behind US. Telecoms is the big exception: mobile phones are more common and cheaper than in the US, ISDN has been well-priced for a long-time, so is widely used, and DSL is becoming available, with probably better penetration in the short-term than in the US.
The academic system in Germany does very well by a small proportion of the people who pass through, and pretty much doesn't work for the rest. Undergraduate teaching typically takes the form of impressively qualified but distant professors giving lectures to huge theatres of undergraduates, with almost no opportunity for personal contact. Though I'm not all that impressed by the US higher education system, I think it probably has the edge on the German one for the bulk of people who pass through it.
In the pre-GUI days (1982), the Lisp machine allowed you to do this. Emacs allows you to treat ftp addresses and files in the same way, and has for donkeys years. But Iguess some folk think if it isn't GUI, then it doesn't `count'.
Anti-trust law is not cherry picking. Even Friedrich Hayek supported legal restrictions on monopolies. Read some basic economics before saying that anti-trust law is anti-competition.
Ummm... UNIX is kind of a counterexample - it was initially developed commercially, but became more or less free software due to anti-trust law against Microsoft. (Then it became two families of proprietary OS again and now both are free...).
One of the points of the article is that software doesn't need to be restricted to be commercial: IBM's software was both open and proprietary. It's just that they (= business) need to make money *somewhere*. UNIX was like that in the pre-OSF days.
Well...not really. Smart cards are kind of an unfortunate example, because there have been so many `out of the box' attacks launched against them. Eg. it is perfectly practicable to crack codes in most RSA-based smart cards by analysing their power consumption.
That's not really the point you are making, but it shows a problem with pure hardware-based systems. It may well be the case that the highly modular designs in PC systems might be harder to attack with these kind of attacks due to their complexity, but saying so seems to be anathema to many in the security industry...
I think there are a mix of advantages and disadvantages to open source development from the point of view of secure development. I don't think there are any `contradictions', however.
I'm not sure what to make about the red book criteria: does `in a trusted facility' mean that if I have some ideas about design of the code while at home in the shower that the criteria is invalidated? I can't comment since I am not familiar with its trust model, but it smacks of `security through obscurity' to me. I doubt that it could be made to work outside of an organisation like NSA or GCHQ, which is interesting, but not really the topic under consideration.
I think that the TCSEC criteria are likely consistent with open source development. What standards happen to prevail in `many' open source projects really is irrelevant: of course all of what you describe must take place, and with proper tools. I think I could imagine a plausible such group of open-source developers.
I have a dim idea that we may have met: did you apply for the MSc a few years back (1994/5/6?) and then switch to a law course?
It is ambiguous, and non-trivially so: the implementor will have to make decisions about how to channel bureaucratic authorisation into a permissions model, and these kind of matters can involve subtle security issues.
The kind of disambiguation you describe is very simple minded: it is simply schematic ambiguity, of which the `explicitly authorised' is not an instance. Even so, I don't think that `most restrictive disambiguation' is an effectively applicable criteria.
To put it bluntly, the kind of informal specification you advocate I think is likely to reduce the visibility of potential security vulnerabilities.
Nice post, but I'm not sure what you mean when you say the `open source development model does directly contradict most of the software enginerring principles that are called upon in the development of trusted systems'. Do you have a specific contradiction in mind, or are you just making a an assertion about hacking culture? The latter, I think, is as irrelevant as an analogous generalisation about most commercial software development would be.
PS. I note your email address is in Oxford: are you a member of Roscoe's group?
Well, if you want a software system to be secure, then there's a lot of components you have to trust, like OS kernels and compilers. No one designs and implements these on a per contract basis, so everyone depends on properties of generic tools.
Spafford surely is right: security can't come just from being open source. But I think being able to look at the relevant source code is a very powerful advantage when trying to design secure systems.
Re:Another attack on open source from RMS
on
RMS On 'Open' Motif
·
· Score: 2
I'm not saying people shouldn't use it. I'm saying that people shouldn't be mislead into thinking it is free software.
You don't need vague words like `spirit'. The principle behind the GPL is that the software is free in the sense that you can do what you like with it, so long as you don't infringe anyone elses freedom in so doing.
It's odd that the bonus is a default, then. I used to try to suppress the bonus when I thought it was inappropriate, but I failed to come up with any good demarcation of when to apply the bonus and when not to, so now out of laziness I normally don't suppress it.
Maybe there should be a karma cost associated with use of the +1 bonus?
Re:Another attack on open source from RMS
on
RMS On 'Open' Motif
·
· Score: 4
RMS thinks freedom can be measured by the bucket? On the contrary RMS is very systematic in the criteria he uses to distinguish open source from not open source.
I entirely agree with RMS on this one. Restrictions on use are obnoxious and aginst the spirit of free software.
It does not discriminate against closed-source software in matters of use, and closed source software writers are free to use insights gleaned from looking at open source code.
The money is to the KDE team, an incentive for them to carry out the tiresome task of contacting all of the contributors and asking them to change the license provided with their source code. There is no bribe here.
I am unaware of any rules governing the use of +1 karma bonus. To what are you referring to when you talk of the lack of justification for using the +1 bonus?
If it supports impure features then it is an impure functional prgramming language.
A functional programming language is a programming language that supports a purely functional programming style. Ocaml is widely used as a langugae to teach people functional programming: see the book `The Functional Approach to Programming by Cousinot and Mauny.
Ummm... if you mean that this consideration is always correct in a free market, then that's a very strong claim that the existence of market failure shows to be untrue. It would be better to say that, provided that environmental and other side-effects are properly compensated, and so long as markets are not prevented from moving towards equilibrium positions (which they can be stopped from doing by macroeconomic effects or by failure of market signals to make themselves, without government interference), that prices reflect all of the costs that environmentalists are concerned about.
I don't believe that even this weaker statement is true. A better argument for free markets is that its alternatives do a worse job of reflecting environmental costs in business decisions. But that is a long way from saying that free markets generate optimal allocations of resources.
Time to plug Objective CaML (ocaml): possibly the top performing functional programming languages, with one of the worlds most talented compiler teams, a really nice way of combining functional programming and object orientation, an elegant language kernel, and superb supporting libraries and tools.
Slashdot Mirror
complaint is that some allege it is incompatible with the GPL. If
that is so, then it is KDE and not Trolltech who are violating the
GPL.
Personally I think Erik is right: there is no GPL violation involved.
Still, I really don't understand why Trolltech don't release Qt under
the GPL if the aim is to stop their code being used in closed-source
products: that is precisely what the GPL is supposed to achieve.
This is also purely legal hairsplitting. Surely no-one objects on
moral grounds to linking two pieces of open source code together!
invested in this? Deutsche Bahn might not be perfect, but they're a
damn sight better than Amtrak.
has refused to make effective promises that the military hardware will
not be used against Kurds. The US is not interested in Turkish human
rights violations, because of Turkey's importance to their
Mid. East strategy. I rather hope that being pro-technology does not
require one to be pro-genocide
really excellent. The failure of German higher education is that they
work with great human material, spend a long time on it (many British
scientists have PhDs younger than Germans finish their first degree),
and still fail to provide a first-rate education. Enthusiasm amongst
German faculty is definitely poorer than in the US. Still, respect
for academic standards is very high in Germany, I think better than
the US, though that's a judgement call.
are in a mess. The problem they face is a shrinking population, which
is a demographic problem that hits privatised pension schemes just as
hard as public schemes (because a big retirement population realising
their investments will cause a downwards pressure on prices). A
demographic problem calls for a demographic solution: higher
immigration.
Bavaria is Germany's best performing region economically, but the rest
is a mixed bag. Culturally, it's very conservative. The Oktoberfest
are at best a mixed blessing: who wants 1 million foreigners puking in
your front garden? Food is great though, as is the beer (though my
preference is for the North German stuff).
Americans. Well, these things are pretty hard to be objective about,
I guess. Plusses for Berlin in my experience:
to.
Music is truly superb, for classical (Simon Rattle conducts the Berlin
Philharmonic), ethnic/world and techno (perhaps the techno capital of
the world?). Germans value their free time highly, this makes a big
difference to ones social life.
me...
Berlin, so accomodation is pretty cheap at the moment, despite the
influx of bureaucrats. This cannot last, though.
varieties of pilitical activism are healthier in Germany than in US,
libertarianism being the notable exception. Germans seem more willing
to embrace different lifestyles than Americans (and far, far more
likely than Brits...).
And some minusses:
but it dfinitely lags behind US. Telecoms is the big exception:
mobile phones are more common and cheaper than in the US, ISDN has
been well-priced for a long-time, so is widely used, and DSL is
becoming available, with probably better penetration in the short-term
than in the US.
proportion of the people who pass through, and pretty much doesn't
work for the rest. Undergraduate teaching typically takes the form of
impressively qualified but distant professors giving lectures to huge
theatres of undergraduates, with almost no opportunity for personal
contact. Though I'm not all that impressed by the US higher education
system, I think it probably has the edge on the German one for the
bulk of people who pass through it.
In the pre-GUI days (1982), the Lisp machine allowed you to do
this. Emacs allows you to treat ftp addresses and files in the same
way, and has for donkeys years. But Iguess some folk think if it
isn't GUI, then it doesn't `count'.
Anti-trust law is not cherry picking. Even Friedrich Hayek supported
legal restrictions on monopolies. Read some basic economics before
saying that anti-trust law is anti-competition.
commercially, but became more or less free software due to anti-trust
law against Microsoft. (Then it became two families of proprietary OS
again and now both are free...).
One of the points of the article is that software doesn't need to
be restricted to be commercial: IBM's software was both open and
proprietary. It's just that they (= business) need to make money
*somewhere*. UNIX was like that in the pre-OSF days.
because there have been so many `out of the box' attacks launched
against them. Eg. it is perfectly practicable to crack codes in
most RSA-based smart cards by analysing their power consumption.
That's not really the point you are making, but it shows a problem
with pure hardware-based systems. It may well be the case that the
highly modular designs in PC systems might be harder to attack with
these kind of attacks due to their complexity, but saying so seems to
be anathema to many in the security industry...
development from the point of view of secure development. I don't
think there are any `contradictions', however.
I'm not sure what to make about the red book criteria: does `in a
trusted facility' mean that if I have some ideas about design of the
code while at home in the shower that the criteria is invalidated? I
can't comment since I am not familiar with its trust model, but it
smacks of `security through obscurity' to me. I doubt that it could
be made to work outside of an organisation like NSA or GCHQ, which is
interesting, but not really the topic under consideration.
I think that the TCSEC criteria are likely consistent with open
source development. What standards happen to prevail in `many' open
source projects really is irrelevant: of course all of what you
describe must take place, and with proper tools. I think I could
imagine a plausible such group of open-source developers.
I have a dim idea that we may have met: did you apply for the MSc a
few years back (1994/5/6?) and then switch to a law course?
make decisions about how to channel bureaucratic authorisation into a
permissions model, and these kind of matters can involve subtle
security issues.
The kind of disambiguation you describe is very simple minded: it
is simply schematic ambiguity, of which the `explicitly authorised' is
not an instance. Even so, I don't think that `most restrictive
disambiguation' is an effectively applicable criteria.
To put it bluntly, the kind of informal specification you advocate I
think is likely to reduce the visibility of potential security
vulnerabilities.
explicitly authorized to use" is a formal spec.
Does that mean you see no ambiguity in the phrase `explicitly
authorised', or that you think that any way of disambiguating it is
equally good?
source development model does directly contradict most of the software
enginerring principles that are called upon in the development of
trusted systems'. Do you have a specific contradiction in mind, or
are you just making a an assertion about hacking culture? The latter,
I think, is as irrelevant as an analogous generalisation about most
commercial software development would be.
PS. I note your email address is in Oxford: are you a member of
Roscoe's group?
So far as I know, no one has ever proven a usable compiler correct. So a fully formal proof is just not an engineering feasible.
of components you have to trust, like OS kernels and compilers. No
one designs and implements these on a per contract basis, so everyone
depends on properties of generic tools.
Spafford surely is right: security can't come just from being open
source. But I think being able to look at the relevant source code is
a very powerful advantage when trying to design secure systems.
shouldn't be mislead into thinking it is free software.
You don't need vague words like `spirit'. The principle behind the
GPL is that the software is free in the sense that you can do what you
like with it, so long as you don't infringe anyone elses freedom in so
doing.
It's odd that the bonus is a default, then. I used to try to suppress
the bonus when I thought it was inappropriate, but I failed to come up
with any good demarcation of when to apply the bonus and when not to,
so now out of laziness I normally don't suppress it.
Maybe there should be a karma cost associated with use of the +1
bonus?
RMS thinks freedom can be measured by the bucket? On the contrary RMS
is very systematic in the criteria he uses to distinguish open source
from not open source.
I entirely agree with RMS on this one. Restrictions on use are
obnoxious and aginst the spirit of free software.
use, and closed source software writers are free to use insights
gleaned from looking at open source code.
Restrictions on use are really obnoxious.
The money is to the KDE team, an incentive for them to carry out the
tiresome task of contacting all of the contributors and asking them to
change the license provided with their source code. There is no bribe
here.
I am unaware of any rules governing the use of +1 karma bonus. To
what are you referring to when you talk of the lack of justification
for using the +1 bonus?
Not true. Haskell encapsulates side effects in monads, allowing the
sequencing of side effects to be described in purely functional code.
If it supports impure features then it is an impure functional prgramming language.
A functional programming language is a programming language that
supports a purely functional programming style. Ocaml is widely used
as a langugae to teach people functional programming: see the book
`The Functional Approach to Programming by Cousinot and Mauny.
free market, then that's a very strong claim that the existence of
market failure shows to be untrue. It would be better to say that,
provided that environmental and other side-effects are properly
compensated, and so long as markets are not prevented from moving
towards equilibrium positions (which they can be stopped from doing by
macroeconomic effects or by failure of market signals to make
themselves, without government interference), that prices reflect all
of the costs that environmentalists are concerned about.
I don't believe that even this weaker statement is true. A better
argument for free markets is that its alternatives do a worse job of
reflecting environmental costs in business decisions. But that is a
long way from saying that free markets generate optimal allocations of
resources.
Time to plug Objective CaML (ocaml): possibly the top performing
functional programming languages, with one of the worlds most talented
compiler teams, a really nice way of combining functional programming
and object orientation, an elegant language kernel, and superb
supporting libraries and tools.
What's broken in the language?