Talk:Daniel J. Bernstein

Needs to be added to article: http://cr.yp.to/mac.html

Salsa20, DJB's semi-finalist for ECRYPT stream cipher recommendation, is probably more interesting than Poly1305. — Preceding unsigned comment added by Tqbf (talk • contribs)

• I would like to see some discussion of djb's stance on software licenses, since this seems to be at the core of any controversy about using his software on Linux. I can't add this myself, simply because I'm not informed on the situation. --138.236.250.141 16:38, 28 Feb 2005 (UTC)
  • (I'm not very informed either!)...djb appears to have a very individual position on software licenses; the interpretation of whether his software is "free" or not seems to have been the cause of at least one flame war, between djb and Rick Moen: [1], [2]. — Matt Crypto 17:13, 28 Feb 2005 (UTC)
    • Follow the hyperlinks from this very article to qmail and djbdns, and thence to the Licence-Free Software article already sitting right here in Wikipedia, and you will both become informed. ☺ Uncle G 19:19, 2005 Feb 28 (UTC)
      • Great! I've added a link to it from this article. — Matt Crypto 21:48, 28 Feb 2005 (UTC)

I dispute the accuracy/validity of the "license free software" article in its entirety, but I'm not crazy enough to go tilting at that windmill and disrupt someone else's work. In this article, I'll make the point that DJB has never referred to "license free software", and that DJB's copyright strategy involves more than just thinking that licenses are redundant: DJB takes away the right to redistribute modified source or binaries in order to maintain compatibility. That's more than a superficial difference from the GPL, no matter what the "license free" article says. Do I believe qmail and djbdns are open source? Of course I do. But there's a nonnegligable difference between the OSI def and the terms on djbdns. I'm guessing DJB doesn't give a $&^@ that that's the case.

There's an interesting graf to write about Bernstein's copyright strategy, but no facsimile of it appears in the edit history for this page.

I've added a new Software licensing section to the article. The content is OpenBSD-heavy right now, and is taken from that article since Bernstein played a significant role in a high-profile licensing issue of that project. There may non-OpenBSD content we can include in this section also, but at least this is a start and it's well referenced. --Ds13 18:52, 10 April 2006 (UTC)[reply]

The licensing section was removed by an anonymous editor but I have replaced it. Facts and claims in the section are referenced (as before), so if you have an issue with something, rather than deleting the entire section, let's engage in discussion here. Cheers. --Ds13 15:56, 15 July 2006 (UTC)[reply]

I'm not the anonymous editor and I don't have time to fix it right now, but the section is highly-misleading. The article implies that Bernstein's code was found scattered throughout the system and removed; instead what happened was they removed the installers for his software from the ports tree. AaronSw 23:17, 15 July 2006 (UTC)[reply]

Sounds good. Feel free to update as necessary. My intent behind the section certainly isn't to mislead, but to acknowledge that Bernstein has some notability (and a notable position) in a sofware licensing skirmish. Aiming for a neutral picture of what happened, but most importantly, that the facts are linked or referenced so they're verifiable. --Ds13 23:26, 15 July 2006 (UTC)[reply]

There is no way to make this section make any sense. It has almost nothing to do with Bernstein's take on software licensing. Portions of OpenBSD reject GPL code, to the point where it's end-user-visible, for similar practical reasons. Do I have a problem with these decisions? No.

Bernstein's take on licensing is nuanced. It is very different from the BSD license and the GPL. You could write a section on it. But you can't do it by consing up an anecdote about why qmail isn't in the ports tree (I mean, really --- qmail. the ports tree. OpenBSD. ALL BETTER SECTIONS FOR THIS CONTENT THAN THE DJB ARTICLE.) Especially! not when you get the details wrong (the Netscape comment on DJB's website is about LINUX, not OpenBSD). tqbf

The section is a start. If it makes a claim that's not referenced (or incorrectly referenced), let's talk about it. One at a time. Which claim is false? Blanking a section because you think it could be done better isn't a good solution. --Ds13 03:26, 20 July 2006 (UTC)[reply]

Sorry. When you "finish" what you've "started", then I'll bet the section will be defensible. Right now, there is more valuable information in this talk page than there is on the article itself. Worse, the article is not NPOV. It creates the impression of a conflict between OpenBSD and DJB when a neutral perspective would hold that simply not allowing software to be bundled into OpenBSD is not the equivalent of a conflict, and that a single circumstance in which qmail was not bundled with an operating system does not constitute an entire perspective on software licensing.

I'm happy to wait a day to see what you can do with this section, but failing any changes, the article is MORE VALUABLE WITHOUT THIS SECTION than with it, and I'll keep pushing to scrub this material out.

Not for nothing, but the NPOV marker on the page and the wholesale reverts over the past few weeks deter any serious writing on my part for this page, which is why you see more commentary from me on the talk page than contributions on the main page. When I get a better sense of why people are messing with this article so much, I'll stop talking here and start contributing in the article. — tqbf

Sorry. When you "finish" what you've "started", then I'll bet the section will be defensible.

Being "finished" is not a criteria for remaining in WP. Being verifiable and NPOV is.

Worse, the article is not NPOV. It creates the impression of a conflict between OpenBSD and DJB when a neutral perspective would hold that simply not allowing software to be bundled into OpenBSD is not the equivalent of a conflict,

I've removed the word "clash" and emotional speculation as POV. Is your "conflict" impression coming from somewhere else? The references (here's one) show that there was a philosophical and/or semantic disagreement there. That's pretty clear. It's history and represented accurately. It's relevant and notable to Daniel J. Bernstein that one of his greatest works ran into philosophical issue which prevented its inclusion in a notable OS. Nothing more is implied, just a verifiable fact. I'm sure others will contribute more to paint a wider picture of Bernstein.

Here are things you are unable to verify: (1) that software written by DJB was actually used by the OpenBSD project, (2) that "hundreds of files" related to DJB's code were found with ambiguous licensing, (3) that DJB's code has ambiguous licensing, (4) that "all software" produced by DJB was removed from the tree (DJB has produced public domain software that likely remains in the tree), (5) that complying with DJB's copyright requirements were an issue of "time" or "effort", rather than the BSD-license principles of the project, (6) that DJB was accusing OpenBSD developers of hypocricy (he clearly accused Theo of it, echoing a web page he wrote criticizing Red Hat), and (7) that Netscape's license was "much" easier to deal with than DJB's.

Talking about OpenBSD's ports-tree issue with qmail is implicitly POV, because (1) lots of other software isn't distributed with OpenBSD, and the circumstances of all that isn't recorded here, (2) because the paragraph doesn't put the OpenBSD situation in perspective (and couldn't do so without spending 4-6 more grafs of information about qmail licensing in an article about a famous cryptographer and mathematician, known better for other things), and (3) because the qmail/OpenBSD situation is not representative of DJB's stance on copyright, despite the section title.

I am going to revert the section. Sorry. I'll listen to any responses you might have. — tqbf

there is more valuable information in this talk page than there is on the article itself

Okay, so move it into the article. I don't know what valuable information you're talking about, but I'm in favor of more content in the article, just as you are (as long as it's all sourced to a publication and verifiable). --Ds13 17:01, 20 July 2006 (UTC)[reply]

I've restored the section that was deleted describing Bernstein as a "controversial figure". I'm open to seeing it significantly re-written, but the article is pretty incomplete without some mention of the way that he's not scared of controversy and strong words in online discussion. I have to say, though, he is absolutely charming company in person. — ciphergoth 08:13, 29 April 2006 (UTC)

Find a way to write it directly, instead of letting the article imply things. I killed the section because it was badly written and vague. I don't disagree with the premise. But if the best thing you can write is, "DJB gets in arguments with people who disagree with him", where "s/DJB/A man" produces a semantically reasonable sentence, maybe the point is better left unmade.

My other problem is that the examples are really bad. There's a cool graf in there somewhere, but it certainly doesn't include Rik Moen (wtf is Rik Moen and why is he in the same sentence as Arjen Lenstra). DJB's argument with Vixie isn't about BIND's quality, it's about vendor-biased standardization. I'm not sure an argument with Schneier about "computational cost" is the same as an argument with Lenstra. I could go on and on and on, but who cares? — Preceding unsigned comment added by Tqbf (talk • contribs)

So obviously this is where the POV issue comes from.

Two problems with these grafs: (1) the notion that there has ever been an exploitable bug in qmail is heavily disputed (you'd need to specify a 64-bit arch/os in which qmail installs in a vulnerable configuration), and (2) the weight that this debate puts on qmail security in a biographical article. — Preceding unsigned comment added by Tqbf (talk • contribs)

Just a sidenote: the exploitability of the bug seems to be disputed even assuming all those preconditions. Since i'm not knowledgeable enough to personally verify the claim, i've been scouring the web for any definitive citations on the issue, but all i can seem to find are people questioning Guninski's claim. (See the references i added to the article for example, as well as Len Budney's this mini-essay.) What people do seem to agree on is that (a) the bugs are real, and can be used to mount a DoS, and (b) they might allow privilege escalation in theory, but Guninski has yet to demonstrate a sufficient exploit in practice.

To the anonymous editor(s) who seem convinced that this bug is actually exploitable (62.231.175.204, 124.51.45.37, 193.170.41.235, 217.10.60.85): can you settle the question by providing a credible citation, or demonstration? --Piet Delport 23:43, 24 July 2006 (UTC)[reply]

In fairness, the bug is definitely exploitable in theory (it's a textbook integer overflow). The problem is that it requires the server to consume more data than the standard/default install of qmail on any well-known platform. Unless it doesn't, in which case I'll have been corrected, and we can work out a way to get the claim into the article.

Meanwhile --- why bother with the conflict? There are more important things in DJB's bio than qmail security. Tqbf 01:06, 25 July 2006 (UTC)[reply]

Apart from edit history relative to the obscurity of the topic, is there a reason why this article is marked NPOV? — Preceding unsigned comment added by Tqbf (talk • contribs)