"Chilling Effects" paper at USENIX UPSEC
C. Scott Ananian
cscott at laptop.org
Fri Apr 11 09:16:02 EDT 2008
On Thu, Apr 10, 2008 at 3:08 AM, John Gilmore <gnu at toad.com> wrote:
> > 4. It is unfortunate that a respected conference did not do a
> > better job at vetting this paper.
I don't know who wrote the response that you are replying to, John,
but I for one welcome both the paper and broader discussion of our
security plans & implementations in general. We can't be so sensitive
about things!
> I have given generously of my time to OLPC by following the project
> for some three years now; testing B1, B2, B4, and MP machines;
> supporting G1G1 users; recruiting and paying others to contribute;
> researching SD card protocols; contributing to discussions by email,
> phone, and IM; and filing dozens of bug reports. OLPC has seldom
> graciously "addressed my concerns" on fundamental design issues, such
> as BitFrost, activation, developer keys, GPL compliance, game keys, or
> anything else. When I wasn't ignored, I was criticized for attacking
> OLPC, or for failing to write up my concerns as a properly tested
> source code patch. It has been hard -- indeed, impossible -- for me
> to gin up the requisite perseverence to actually implement anything
> for OLPC, except small patches to SimCity. (Making those patches
> turned up numerous bugs, which I reported, which are still largely
> being ignored.)
First: Thank you! It's hard to say what "OLPC" feels about things,
but I for one certainly appreciate all you've done for the project.
(If you get a chance, could you post a pointer to the bugs you
referenced? Or should I just search trac for gnu at toad.com? It's true
that SimCity is not high on our priority list right now, but I know
that our trac triage has not lacking recently and your bugs tend to
deserve close attention.)
> The BitFrost spec was so clearly a personal hobbyhorse of Ivan that
> questioning its basic assumptions was heresy, grudgingly tolerated due
> to my reputation, but otherwise ignored. I decided very early on that
> it wasn't worth wasting my time and making people mad by criticizing
> BitFrost in detail, partly because I expected it to fall flat on its
> face. The parts that were worth focusing on were the pervasive DRM
> (maybe now that Ivan's gone, I can go back to using the right name for
> "crypto that disables the owner's control"). And I was ignored and
> vilified on *that* until I escalated the DRM issue to Richard Stallman
> over OLPC's ongoing non-compliance with GPLv3 (and also pointed out
> non-compliance with GPLv2, which is ongoing).
Mako's been your liason on these issues -- I didn't know that we were
still deficient. Please follow up, either to me or to Mako.
> OLPC staff are overworked and underappreciated. Working in the glare
> of publicity has not made their jobs easier. But giving OLPC an
> opportunity to address your concerns is pretty much a null concept.
> OLPC barely has the opportunity to address its own opportunities.
This is true, but OLPC is hiring again, which means that hopefully
soon we will only be underappreciated, not quite so much overworked.
We're more than doubling our devel team, hiring QA folk (finally!),
and I'm excited. If y'all have high quality candidates, send them our
way!
--scott
--
( http://cscott.net/ )
More information about the Devel
mailing list