Your shout! On why Linux code does not have to be rewritten

In response to the news that the Linux community could be forced to rewrite code after IBM hands over its operating systems to SCO (Computer Weekly, 1 February)

SHOUT_150X150.JPG  
   

Have your say at computerweekly.com

 

 

 

 

 

On why Linux code does not have to be rewritten

In response to the news that the Linux community could be forced to rewrite code after IBM hands over its operating systems to SCO (Computer Weekly, 1 February)

In respect to Linux, surely it does not matter whether SCO finds any of its code in the earlier and inter-release versions of its AIX and Dynix source code?

SCO have been asked repeatedly (and in fact have been compelled on two occasions by the courts) to produce evidence of copyright infringement in any version of Linux. Thus far they have failed to do so.

There is no code in Linux to which SCO can claim title - a fact verified by Randall Davis of Massachusetts Institute of Technology, who undertook extensive analysis of the code in September 2004.

Could lawyer Roger Bickerstaff please explain how copyrighted code in AIX/Dynix can require a rewrite of Linux code - when the Linux code is nether identical nor substantially similar to the AIX/Dynix code in question?

Bickerstaff suggested that the open source community will need to take code out of the Linux operating system. I contend that the open source community has, since 2003, all but begged SCO to point out exactly where in Linux is SCO's copyrighted code so that such excision can be done. SCO has so far failed to oblige.

Richard Heggs

 

On products other than WEP for encryption

In response to reports that many in the IT industry believe WEP is not adequate to protect companies against network intrusion (Computer Weekly, 25 January)

I think IT directors are all aware of the inherent weaknesses in WEP (Wired Equivalent Privacy). This often causes concern within IT departments, even to the extent of abandoning roll-outs.

I find that the market is generally unaware that products exist that can simply be connected to the network to provide very strong encryption. This can be on top of or in place of the "standard" relatively weak algorithms.

Wi-Fi networks can even be secured to government, MoD-restricted or even confidential levels assuming CESG Assisted Products Scheme-accredited encryption is used as provided by systems such as the X-Kryptor range of virtual private networks. These are fully integrated with RSA Security's two-factor SecurID system.

Neil Whitehead, security division, BMc Technology

 

On why security cannot be viewed as an island

In response to reports that a group of information security professionals are setting up the UK's first body to regulate the IT security industry (Computer Weekly, 18 January)

I would like to point out that information security is only part of the overall IT service management and service delivery and is not an isolated island.

If information security departments are to succeed, they would better spend their time ensuring the IT Infrastructure Library is adopted across the UK and that information security professionals are trained in the competencies, frameworks and inter-dependencies of ITIL/ BS15000.

That way we might deliver successful implementations and effective security, instead of just "talking the talk" of wanting Rolls-Royce systems and always re-inventing rather than building on what already exists; ie CISSP, CISM and CISA and mature organisations such as ISSA.

If we want to demonstrate our skills it needs to be much wider than simply security-centric and, god forbid, UK-centric regulation.

As an IT manager with 30 years' experience and an information security professional for 12 years, it seems somewhat conceited that information security has elevated itself above the management team, the networks team, the platforms team and the desktop team. I do not see anyone advocating a regulatory body for these or for IT management?

Louis Gamon, regional director EMEA Information Systems, Security Association


Open the door to a secure career >>

 

LETTERS

For first impressions a suit does nicely

I think James Watson (Letters, 25 January) missed the point about why - at least if you are male - you should wear a suit and tie to a job interview.

When attending an interview you have something like nine seconds to impress the interviewers, no matter what your technical skills are. Remember that not all interviewers, especially on the first interview, will be technically based. It is more likely to be the human resources manager, because there is no IT manager. So the idea is to create a good impression from the outset.

I agree that once you are in the job a more casual dress code should be applied in most cases, but remember that all IT workers do not build servers, or relocate PCs or trace cabling, so it is horses for courses.

I have been in the business for more than 20 years and have seen company representatives turn up in ripped jeans and scruffy t-shirts and needless to say that company lost customers.

Stephen Lewis, MS server administrator, Friends Provident International
 

 

The training rules are there for a good reason

In the letter asking why the UK adds pain with a European computer driving licence time limit (Letters, 25 January), I am sorry but Phil Collins seems to have been misinformed about the regulations covering the running of the ECDL and international computer driving licence examinations.

It is quite clear to all national licensees of the ECDL Foundation that candidates should undertake the qualification within a three-year timespan. The actual ECDL Foundation regulation states the following:

"Each candidate must present a valid skills card to the authorised tester who must check that not more than three years has elapsed since the candidate first passed a test module."

This regulation was made so that an ECDL certificate would be seen as relevant and up to date. With syllabuses updated every two or three years, allowing no more than three years between the first and last test, a certificate is seen to reflect the current state of such a fast-moving area as IT.

As part of its audited agreement with the ECDL Foundation, the British Computer Society is following these standard regulations as it would be expected to do. It is always possible for an individual to extend the three years by repeating an early "out of date" test. I hope this clarifies the confusion.

Peter Bayley, director qualification products, British Computer Society

 

Let the obfuscators do battle with the bad guys

I was interested to read Pete Simpson's article on the rise of computer crime (Computer Weekly, 25 January).

With such increasingly sophisticated criminal activities, I am frequently surprised that so many companies in the UK continue to ignore the threat to their intellectual property held in source code.

Corporations spend huge amounts of money on IT systems to gain a leading edge over their competitors. However, once this work is complete, the source code sits in relatively unprotected libraries waiting to be accessed by the next moderately competent hacker.

Even more ridiculous are the companies that are only too happy to send these systems offshore to save a few pence on their maintenance bill every year.

Offshore software houses derive their competitive advantage by being cheaper than the next guy, not by being immune from hackers or corruptible employees.

What this industry needs to see is a rise of the obfuscators. Obfuscators (originally developed to prevent the reverse-engineering of objects) make source code unintelligible to human beings but make no difference to the functioning of the program when it is compiled. Code containing sensitive intellectual property should be locked away in secure offline environments while the obfuscated versions are accessed from source code libraries or exported to suppliers.

Dave Overall, Redvers Consulting
 

 

Flexibility should be an ongoing concern

It was interesting to read Nick Huber's article on flexibility being the key to successfully beating a possible downturn (Computer Weekly, 11 January).

Flexibility or agility should not only be seen as something that should be done in reaction to a possible downturn, but as a business benefit that can aid a company to lead its market rather than just follow the crowd.

A truly flexible organisation is one where people and the infrastructure are fully aligned, executing and delivering processes according to leadership and strategy, and can immediately re-align whenever changes are made.

Although IT can play a key role, as highlighted in the article by Alex Robinson, IT director at Norwich Union, its primary focus has been as a data tool supporting business processes.

True agility is concerned with the quality and speed of processes within the organisation and the ability to align these processes according to executive strategy quickly and efficiently.

By examining and simplifying an organisation's business processes, much like Norwich Union has done, there becomes a clearer understanding of how the business functions, and therefore how the business, can drive the market through organisational changes, as well as react to changes such as a downturn.

Simplifying processes not only provides the benefits of an agile business but also aids another IT director's headache for 2005 - cost savings - through the improvements of process efficiencies.

By careful application of enterprise-class business process management technologies to the right processes, the heat on IT directors to boost the business is reduced from boiling hot to a tepid - therefore easing the pressure on all those involved.

Kim Lewin, CommerceQuest

Read more on Business applications

SearchCIO
SearchSecurity
SearchNetworking
SearchDataCenter
SearchDataManagement
Close