The Register reports: “A vulnerability has been discovered in versions of software development toolkits
from RSA Security, which could allow an attacker to bypass SSL client
authentication.

In a security notice on the issue, RSA said the vulnerability meant that hackers
“might potentially gain access to data intended only for authorised users”. The
company has a patch and it advises customers to apply this to affected software.”

Reuters: “Police have arrested a computer student suspected of littering government-run
Web sites with pornography in China’s first seizure of an Internet hacker, the official Xinhua
news agency reported Friday.

Police in the central province of Hubei detained 19-year-old Wang Qun last month on suspicion
of posting erotica on the homepage of a well-known science Web site.”

– By Bruce Tober –

Let’s see if we can piece this together.
If we’re to believe the putative guru of the Open Source and Linux
movements, somehow there’s a link between further arming a nation
already armed to breaking point and preventing terrorism. And
somehow all of that is linked to the Open Source movement.

Er, excuse me, but … Eric S. Raymond tells us in an article (about Tuesday’s atrocity) that if “we will respond to this
shattering tragedy as well as the Israelis, who have a long history of preventing
similar atrocities by encouraging their civilians to carry concealed
weapons and to shoot back at criminals and terrorists,” then “perhaps
today’s deaths will not have been in vain.”

The absurdity of that statement is unquestionable. The fact that it is
no more than the rants of someone trying to score pro-shoot-em-up
points on the dead and wounded bodies of the thousands of victims of
Tuesday’s tragedy is unmistakable. The fact that neither the Open Source nor the
Linux movement can gain anything but scorn from such comments is
undoubtedly true, if not in the United States, then in the rest of the world
where the gun culture is rather limited.

The man sees what he calls “decentralism” as the way to combat the kind
of insane terrorism which struck the United States on Tuesday. He says, and it’s
usually the first sign of a rather egotistical bent, that “some friends” asked him to “point out in public that a political panic reaction to the 9/11 terrorist attack could do a great
deal more damage than the attack itself.”

Gee, and here we were all thinking that crying “fire” in a crowded
theater was a wonderful thing to do. Of course panic, of any type, is more damaging than calm, reflective, rational, intelligent reaction.

Raymond warns us, “if we reward in any way the Palestinians who are now
celebrating this hideous crime in the streets of the West Bank, that
will have been a victory for terrorism.” And just how did he think
anyone was going to reward the celebrating Palestinians, other than him —
in giving them publicity by mentioning their obscene act? And he made the point in a way so as to convey the idea that all Palestinians celebrated. They did not.

And then he gets to the “meat” of his discourse: “If we accept ‘anti-
terrorism’ measures that do further damage to our Constitutional
freedoms, that will have been a victory for terrorism.”

While the country and most of the rest of the world mourns the loss of
life and limb through insane, self-destructive violence on the part of,
well, we don’t really know who yet, this “expert” proposes the further
expansion of the means of so much violence through the last few hundred
years; the means of so much violence more recently, especially in the
States. We’ve had schools and restaurants, post offices and
neighborhoods shot up, children and other innocent people killed and
maimed by the overwhelming number of guns in the hands of the country’s
citizens, but he wants more.

More of what?

The increased legalization of carrying concealed firearms.

Hell’s bells, concealed or not, there are already far too many firearms
in the hands, pockets, purses, briefcases and bedrooms of far too many
Americans: 1.7 children, aged 14 or below, die daily from gun violence according
to the U.S. Department of Justice.

There are more than 400,000 criminal gun uses per year, compared with
only about 100,000 defensive uses, according to a
U.S. Department of Justice survey.

According to the Journal of Trauma, more than 80% of the medical costs
for treatment of firearm-related injury are paid by taxpayers.
And perhaps most frightening of all, 59% of students in grades six
through 12 know where to get a gun if they want one, and two thirds
of these students say they can acquire a firearm within 24 hours. That,
according to the Harvard School of Public Health.

But, says our expert, “if we learn the right lessons, if we make
policies that preserve freedom and offer terrorists no result but a
rapid and futile death, that will have been a victory for the rest of
us.”

Hmmmm. Seems to me he’s lost the plot somewhere. These were
hijackings of jet airliners in mid-flight. To take a
chance on one of those concealed weapons going off in such an aircraft
would have caused a bit of damage and death, probably not on the scale
seen Tuesday, but then again, who knows where the aircraft would have
come crashing down and how much death and destruction it would have
caused?

Think about the potential for tragedy if nervous airline passengers are allowed to arm themselves. Do we want the Wild West in the air?

Raymond claims one lesson learned on Tuesday was that airport
security doesn’t work. And therefore (exhibiting some rather
flawed logic), “Airport security is not the answer.”

Well, no, it’s not that it
doesn’t work, it’s that it didn’t work.

And why didn’t it work? Well there are several reasons:

1. The airlines have consistently fought against stricter security
on domestic flight, because it would inconvenience passengers and could
cause delays.

2. The security staff at most airports is extremely poorly
paid and poorly trained.

3. The security personnel at most airports exhibit a very rapid
turnover rate, therefore not becoming expert at their jobs.
And no, it’s not that it “is not the answer,” but rather that it wasn’t
the answer in this case, which, is nothing terribly new. No security
system ever was or will be 100% flawless. Nothing is.

Raymond concludes with the anarchic comment, “I have learned that
distributed problems require distributed solutions — that
centralization of power, the first resort of politicians who feed on
crisis, is actually worse than useless, because centralizers regard the
more effective coping strategies as threats and act to thwart them.”

Unfortunately he fails to realize that centralized government, while it
may not be the panacea we’d all like to see, is the best system yet
invented. What Raymond seems to be suggesting is anarchy, a system of vigilante justice.

Decentralizing government, or more specifically the justice system, would result in sheer chaos as each state and county and local municipal government enacts its own, often
contradictory, laws. At which point no one knows what laws pertain and
which don’t and confusion reigns supreme. Raymond seems to even go beyond this, suggesting we all administer our own personal justice.

If such a system existed in
the Linux world, there would be no central kernel and software that
worked on some flavors of Linux wouldn’t work on others.

Raymond, on his Web site, says, “These pages use no
Netscape- or Internet Exploiter-specific tags. Help stamp out stupid
Web design — make your pages interoperable!” One has to wonder how
such interoperability would work when the operating systems, not to mention
the browsers, were all totally independent, rather than interdependent.

Bruce Tober is a veteran American technology journalist now living in the United Kingdom.

Posted at ZDNet, from Gartner Viewpoint: “This Perspective analyzes the Linux operating system support offerings for 12 product support
providers. Support offering characteristics and attributes, such as hours of coverage,
geographical coverage, response time, access to support centers, incident communication media
and entitled Internet-based services, are profiled. This Perspective also reports on the problem
escalation methods and processes used by support providers.”

Xi Graphics offers a beta release of version 2.0 of its 3D OpenGL in demo form for free download and testing. The demo will install and run for 25 minutes, and can be restarted any number of times. The related text file has more information.

Linus posts the latest kernel prepatch; download from your mirror site of choice. Changelog below.

More merging with Alan, and IrDA update (and various smaller things, see
                   log)

                                   Linus

                   -----
                   pre9:
                    - Greg KH: start migration to new "min()/max()"
                    - Roman Zippel: move affs over to "min()/max()".
                    - Vojtech Pavlik: VIA update (make sure not to IRQ-unmask a vt82c576)
                    - Jan Kara: quota bug-fix (don't decrement quota for non-counted inode)
                    - Anton Altaparmakov: more NTFS updates
                    - Al Viro: make nosuid/noexec/nodev be per-mount flags, not per-filesystem
                    - Alan Cox: merge input/joystick layer differences, driver and alpha merge
                    - Keith Owens: scsi Makefile cleanup
                    - Trond Myklebust: fix oopsable race in locking code
                    - Jean Tourrilhes: IrDA update

MSNBC: “President Bush attended a
prayer service at Washington’s National Cathedral, joined
by former Presidents Carter, Clinton, Ford and Bush as
well as former Vice President Al Gore, who returned from
Europe for the service. Nearly all of the nation’s political leadership filed
into the pews of the National Cathedral on Wisconsin Avenue in
Washington, from Federal Reserve Board chairman Alan
Greenspan to Senate Majority Leader Tom Daschle to Gen.
Hugh Shelton, chairman of the Joint Chiefs of Staff.
Gore and Clinton entered the cathedral together,
accompanied by Gore’s wife Tipper and Clinton’s daughter
Chelsea.
Nearly every member of both the House and Senate were
also expected to attend the service.”

Reported at CBC : “The 15-member European Union issued a
joint statement Friday vowing to help hunt down those
responsible for the terror attacks in the United States on
Tuesday. They also said they would hold any country
harbouring them accountable.”

Network World Fusion: “The scam is taking the form of spam, or
unsolicited bulk e-mail, and postings in online
forums, asking for donations either in the name
of the victims or specifically for the American
Red Cross. Margie Arbon, manager of market
and business development for Mail-Abuse
Prevention Systems, an organization that fights
spam, says it started seeing the fraudulent
e-mail messages Wednesday, the day after the
terrorist attacks, but that the number of them has
been picking up over the day Thursday.”

ZDNet Asia reports that an IBM employee has been arrested for allegedly creating a bogus bomb threat: “The New Zealand man allegedly sent an e-mail on the morning after the terrorist hijackings in
the US, claiming there was a bomb on board flight SQ 422 to Johannesburg, South Africa. He
was believed to be a passenger on that flight. It is not known to whom he had directed the
e-mail.”