Slashdot Mirror

JayBonci writes "Not popcorn, popcon! (Short for popularity-contest) According to a recent message posted to debian-devel-announce, popcon numbers are being used to determine how things get arranged on the 13 CDs of the upcoming Debian stable release. Participation so far has been good, but the project could use more numbers from a broader user base. Please take a moment to install the package 'popularity-contest,' and help us make the distro better by allowing it to send us anonymous package usage statistics. You can see the results at Popularity Contest page."

JayBonci writes "Not popcorn, popcon! (Short for popularity-contest) According to a recent message posted to debian-devel-announce, popcon numbers are being used to determine how things get arranged on the 13 CDs of the upcoming Debian stable release. Participation so far has been good, but the project could use more numbers from a broader user base. Please take a moment to install the package 'popularity-contest,' and help us make the distro better by allowing it to send us anonymous package usage statistics. You can see the results at Popularity Contest page."

JayBonci writes "Not popcorn, popcon! (Short for popularity-contest) According to a recent message posted to debian-devel-announce, popcon numbers are being used to determine how things get arranged on the 13 CDs of the upcoming Debian stable release. Participation so far has been good, but the project could use more numbers from a broader user base. Please take a moment to install the package 'popularity-contest,' and help us make the distro better by allowing it to send us anonymous package usage statistics. You can see the results at Popularity Contest page."

An anonymous reader writes "MozillaZine reports that the Mozilla Foundation is cracking down on those selling unofficial Mozilla-branded merchandise. This takes the form of an open letter addressed to retailers of goods that bear the Mozilla name or logos. The letter suggests that the Foundation are willing to work with those selling Mozilla wares, as long as they get a cut and the retailer isn't operating in the US, Canada or Mexico, where they would be competing with the Foundation's own Mozilla Store. Threats of legal action for non-compliance are issued, albeit with friendly overtones. This open letter is part of the Mozilla Foundation's campaign to better enforce its trademarks, an effort that began when the Foundation was launched in July. In a related move, the Foundation announced that the new Firefox artwork is not open-source and can only be used in official builds or those sanctioned by the Foundation - this has led to debates about whether Firefox is free enough to be included in the Debian Linux distribution."

An anonymous reader writes "The platforms for the Debian Project Leader candidates are now available here with more information about how votes are tallied. The candidates this year are the incumbent DPL Martin Michlmayr, and developers Branden Robinson, and Gergely Nagy (but if you vote for him, his tamagotchi will sit on you.)" Nagy's platform is interesting reading.

An anonymous reader writes "The platforms for the Debian Project Leader candidates are now available here with more information about how votes are tallied. The candidates this year are the incumbent DPL Martin Michlmayr, and developers Branden Robinson, and Gergely Nagy (but if you vote for him, his tamagotchi will sit on you.)" Nagy's platform is interesting reading.

puriots0 writes "XFree86 version 4.4 is finally out! Grab it while it's still hot, if you don't mind the recent licensing changes... And if you don't care about the license, but the maintainers of your distribution do, this might be the only way to get it for the moment." The XFree86 people seem very eager to claim that the new license is nothing bad; see their FAQ. However, people who have reviewed it, such as RMS and Branden Robinson, think differently. It looks as if the XFree86 people have a short timespan to either rethink their license changes or be dropped from every/almost every Linux distribution in favor of a forked codebase.

DJFelix writes "Manoj Srivastava, Debian Project Secretary, has posted a proposed General Resolution regarding the handling of the non-free section of Debian. This is very important to me, as I am a Debian maintainer who only maintains non-free packages. If you are a Debian non-free maintainer or Debian non-free user who does not want to see the non-free section disappear from Debian, I highly suggest you get involved."

DJFelix writes "Manoj Srivastava, Debian Project Secretary, has posted a proposed General Resolution regarding the handling of the non-free section of Debian. This is very important to me, as I am a Debian maintainer who only maintains non-free packages. If you are a Debian non-free maintainer or Debian non-free user who does not want to see the non-free section disappear from Debian, I highly suggest you get involved."

leandrod asks: "I am in the process of helping a small software company define the infrastructure for their major client's new system. It is a big country, and it is a medium-sized client planning on going big. We are planning to standardize on Debian GNU/Linux. I am aware I can have IBM Tivoli Maestro for GNU/Linux for production scheduling, and BEA's Tuxedo TP monitor, but they are unsupported under Debian. I am also aware of one or two free TP monitors, but they are either incipient or stagnating. I couldn't find a production scheduler. I know I can do lots with the standard tools, but keep in mind I am targeting a transaction-processing bureau for a big operation with hundreds of thousands of terminals and millions of users, something like a poor man's Wal-Mart, or even Visa. Are there vendors out there willing to support Debian or just GNU/Linux in general? If not, are there free software projects that accomplish the same thing?"

SilentBob4 writes "Adam Doxtater of Mad Penguin has published a preliminary layout for his proposed cross-distribution package manager capable of adding/removing software from any locale. He is suggesting the interface will basically allow for installation of several major package formats including RPM, DEB, TGZ, as well as source code with the ability to pass build time options. All of this will come at the price of standards of course, including naming, documentation, and package structuring. If this idea were to catch on, it would signify a major leap in desktop Linux usability. This might be a project that UserLinux might benefit from. Read the full column here (complete with GUI mockups)."

Oskuro writes "According to this story at news.netcraft.com, Debian was the fastest growing distribution in the last 6 months, closely followed by SuSE and Gentoo. RedHat, while still reigning, has started to lose sites in Netcraft's survey after they announced the end of support for their desktop releases. The survey is based on the stats from webservers which include the distribution name in their webserver's header." Maybe it would grow even faster when Java issues are worked out -- read more below on that.

adamy writes "For people like me that use both Free/Open Source software and Java, the two have come together with two major exception: The Java Virtual Machine and the Base Libraries. Seems the folks trying to get Java packages ready for Sarge could have listed the issues. This is an interesting example of dependency tree pruning: Several packages are orphaned because they depend on Ant, which depends on Swing. Swing has been lower priority for the Classpath because most of the java pacakages are server side or lack a UI componenet."

thelenm writes "Red Hat announced today that the 7.x and 8.0 distributions have reached their errata maintenance end-of-life. Red Hat 9 reaches its end-of-life on April 30. The options for those who want to stick with Red Hat are Red Hat Enterprise Linux or the Fedora Project, as described on their Migration Resource Center page. Or of course, you might take this opportunity to select another option." This day's been a long time coming, but it's finally here.

An anonymous reader writes "Guillem Jover announced his plans to take over the non-Debian world and released a tool which converts in runtime any distribution to Debian. It does not convert in the sense of mapping all previous installed packages to the Debian counterparts, but installs a base system or tarball and cleans traces from the previous distribution."

A not-so-anonymous Anonymous Coward asks: "Someone has suggested to make a UserBSD instead of a UserLinux. From what Bruce Perens' anonymous 1-million-$ backers seem to want (no GPL-/Commercial dual-licensed development toolkit like Qt in any library, but only gratis LPGL stuff), this seems to make a lot of sense. After all, only the kernel would be different, the rest of the stuff (including the KDE or GNOME desktops) runs pretty much the same on BSD as it does on Linux. Is it possible to get the legal problems solved with licenses and still create a usable enterprise Unix desktop system on *BSD?" The idea, in and of itself, sounds fine, but does the choice of kernel really matter? What advantages would BSD have over Linux in such a project, and vice-versa?

mbanck writes "The cause of the recent Debian Project server compromise has been published by the Debian security team: 'Forensics revealed a burneye encrypted exploit. Robert van der Meulen managed to decrypt the binary which revealed a kernel exploit. Study of the exploit by the RedHat and SuSE kernel and security teams quickly revealed that the exploit used an integer overflow in the brk system call. Using this bug it is possible for a userland program to trick the kernel into giving access to the full kernel address space'. This issue has been fixed in 2.4.23. Thus, the Linux kernel compromise was not Debian specific."

mbanck writes "The cause of the recent Debian Project server compromise has been published by the Debian security team: 'Forensics revealed a burneye encrypted exploit. Robert van der Meulen managed to decrypt the binary which revealed a kernel exploit. Study of the exploit by the RedHat and SuSE kernel and security teams quickly revealed that the exploit used an integer overflow in the brk system call. Using this bug it is possible for a userland program to trick the kernel into giving access to the full kernel address space'. This issue has been fixed in 2.4.23. Thus, the Linux kernel compromise was not Debian specific."

mbanck writes "James Troup (part of the Debian System administration team) has published more information on the recent compromise of four debian.org machines. The attack vector seemed to be a sniffed password of an unprivileged account, from which the attacker somehow managed to gain root and install the suckit rootkit and crack the other machines. As the machines were fairly uptodate with respect to security, an as-of-yet unknown local root exploit might be in the wild, so keep an eye on your boxen.Note that the main ftp archive running on a sparc machine was not compromised, so the exploit might not yet be ported to non-i386 architectures."

FrankoBoy writes "As announced on DistroWatch, Debian 3.0r2 has been released this weekend, with some security issues fixed... and Rock 'n Diamonds dropped because of license problems. Here's the official announcement. This release had been slowed by an attack on Debian boxes discussed Friday."

FrankoBoy writes "As announced on DistroWatch, Debian 3.0r2 has been released this weekend, with some security issues fixed... and Rock 'n Diamonds dropped because of license problems. Here's the official announcement. This release had been slowed by an attack on Debian boxes discussed Friday."

Rathumos writes "The network security world has been waiting patiently for a definitive study of internet worms and defenses against them. Defense and Detection Strategies against Internet Worms by Dr. Jose Nazario has arrived to fill that space with a clear and concise analysis of the current state of worm defense." Read on for the rest of Rathumos' review. Defense and Detection Strategies against Internet Worms author Jose Nazario pages 322 publisher Artech House rating 10 reviewer Duncan Lowne ISBN 1580535372 summary This book provides a solid approach toward detection and mitigation of worm-based attacks.

Publishing a book on a subject as dynamic as internet worms can never result in a complete volume. The near-weekly outbreaks of modified versions of old worms and completely new designs is enough to frustrate the efforts of even the most prolific anti-virus software developers, let alone those who try to provide an overview of their study.

Nevertheless, Nazario accomplishes a clear and concise summary of the state of worms today. Seeded by a paper ('The Future of Internet Worms', Nazario, Anderson, Connelly, Wash) written in 2001, Defense and Detection Strategies against Internet Worms encourages the reader to focus on the directions worm development might take in the future, with a specific view toward anticipation of, and prepartion for, future attacks.

The book begins with a discussion of the departure worms take from traditional computer virii. An outline of the benefits for the black-hat toward a worm-based attack, as well as a brief analysis of the threat model posed by worms, provide ample reason for the computer security professional to take the study of internet worms very seriously.

Beyond this introduction, the book is laid out in four major sections. The first introduces to the reader some background information crucial to the study of worms. The author discusses the history and taxonomy of past worm outbreaks, from their sci-fi origins (think John Brunner's Shockwave Rider) through modern-day outbreaks. A thorough analysis of various worms' traffic patterns is presented, with data broken down by infection rates, number of infected hosts, and number of sources probing specific subnets. Finally, the construction and lifecycle of worms are presented, with particular attention paid to the interaction between the worms' propagation techniques and the progression of their lifecycles.

The second section of the book (ch. 6 - 8) studies the trends exhibited by past worm outbreaks. Beginning with an examination of the processes and mechanisms of infection, it progresses on to a survey of the network topologies generated by a worm's distribution. Specific infection patterns are examined, along with case studies of worm outbreaks that have exhibited such patterns. Further, this section examines the common characteristics of vulnerable targets, from older UNIX and VMS mainframes through desktop systems onward to infrastructure equipment and embedded systems. A discussion of the payload transmission methods that have made recent worm attacks so devastatingly effective, and an explaination of why liberal use of a clue-hammer on users is not by itself enough to control and prevent further outbreaks, complement chapter nine's analysis and speculation of the future of internet worms.

Section three (ch. 9 - 11) focuses on worm detection strategies, and is more distinctly aimed at the already-overworked network security professional. Effective methods of detecting scans and analyzing a worm's scan engine are presented with a focus on timely and efficient protection from further infection. Monitoring techniques for quickly recognizing, analyzing and responding to worm outbreaks leads into a detailed description of well-placed honeypots and dark network monitors ("black holes"). Discussion of the (so-far) most effective method of worm detection, signature analysis, completes the section, and covers host-based and logfile signatures, along with a brief overview of analyzing logfiles using commonly available utilities.

The final section of the book (ch. 12 - 16), per the book's namesake, aims at defense strategies against worm outbreaks. Beginning with the obvious first steps which anyone reading the book ought to have implemented (firewalls, virus detection software, sandboxing, and patching-patching-patching), the section progresses into less widely used but equally important proxy-based defense methods, and continues on to cover slowing down infection rates and fighting back against existing worm networks. For the sake of thoroughness, an overview of the legal implications of attacking worm nodes receives its fair share of attention simply to alert the reader of the potential pitfalls of proactive defense.

Defense and Detection Strategies against Internet Worms is decidedly aimed at the experienced network security professional, but holds a much broader appeal than most technical books. With its thorough historical analysis of worm progression over the past thirty years, anyone with even a remote interest in the past, present or future of the only network security issues to consistently make headlines in the mainstream press will find this both an entertaining and enlightening read. Overall, it makes a valuable addition to any geek's bookshelf.

You can purchase Defense and Detection Strategies against Internet Worms from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

An anonymous reader writes "The Debian Project, creators of the Debian GNU/Linux distribution, has voted to allow amendments to their Social Contract and Free Software Guidelines, as long as the developers agree with a 3:1 majority. The full text of the various amendments can be found in the original call for votes. Debian developer and XFree86 packager Branden Robinson has already proposed an amendment to the Social Contract that removes the requirement to maintain an archive for non-free software or "contrib" software (free software that depends on non-free software to work). Debian could still maintain this archive, but would no longer be required to do so. The proposal also updates the Social Contract to clearly require all works in Debian to meet the Debian Free Software Guidelines, not just software, which had come up repeatedly in the discussions over the non-free "GNU Free Documentation Licence". Both of these updates have been under consideration for some time, but were waiting on the ratification of the amendment procedure. The Debian Project voted on this amendment using their modified Condorcet voting procedure, which allows voters to rank the choices in order of preference, eliminating the "lesser of two evils" effect common to simple majority voting."

An anonymous reader writes "The Debian Project, creators of the Debian GNU/Linux distribution, has voted to allow amendments to their Social Contract and Free Software Guidelines, as long as the developers agree with a 3:1 majority. The full text of the various amendments can be found in the original call for votes. Debian developer and XFree86 packager Branden Robinson has already proposed an amendment to the Social Contract that removes the requirement to maintain an archive for non-free software or "contrib" software (free software that depends on non-free software to work). Debian could still maintain this archive, but would no longer be required to do so. The proposal also updates the Social Contract to clearly require all works in Debian to meet the Debian Free Software Guidelines, not just software, which had come up repeatedly in the discussions over the non-free "GNU Free Documentation Licence". Both of these updates have been under consideration for some time, but were waiting on the ratification of the amendment procedure. The Debian Project voted on this amendment using their modified Condorcet voting procedure, which allows voters to rank the choices in order of preference, eliminating the "lesser of two evils" effect common to simple majority voting."

An anonymous reader writes "The Debian Project, creators of the Debian GNU/Linux distribution, has voted to allow amendments to their Social Contract and Free Software Guidelines, as long as the developers agree with a 3:1 majority. The full text of the various amendments can be found in the original call for votes. Debian developer and XFree86 packager Branden Robinson has already proposed an amendment to the Social Contract that removes the requirement to maintain an archive for non-free software or "contrib" software (free software that depends on non-free software to work). Debian could still maintain this archive, but would no longer be required to do so. The proposal also updates the Social Contract to clearly require all works in Debian to meet the Debian Free Software Guidelines, not just software, which had come up repeatedly in the discussions over the non-free "GNU Free Documentation Licence". Both of these updates have been under consideration for some time, but were waiting on the ratification of the amendment procedure. The Debian Project voted on this amendment using their modified Condorcet voting procedure, which allows voters to rank the choices in order of preference, eliminating the "lesser of two evils" effect common to simple majority voting."

An anonymous reader writes "The Debian Project, creators of the Debian GNU/Linux distribution, has voted to allow amendments to their Social Contract and Free Software Guidelines, as long as the developers agree with a 3:1 majority. The full text of the various amendments can be found in the original call for votes. Debian developer and XFree86 packager Branden Robinson has already proposed an amendment to the Social Contract that removes the requirement to maintain an archive for non-free software or "contrib" software (free software that depends on non-free software to work). Debian could still maintain this archive, but would no longer be required to do so. The proposal also updates the Social Contract to clearly require all works in Debian to meet the Debian Free Software Guidelines, not just software, which had come up repeatedly in the discussions over the non-free "GNU Free Documentation Licence". Both of these updates have been under consideration for some time, but were waiting on the ratification of the amendment procedure. The Debian Project voted on this amendment using their modified Condorcet voting procedure, which allows voters to rank the choices in order of preference, eliminating the "lesser of two evils" effect common to simple majority voting."

An anonymous reader writes "The Debian Project, creators of the Debian GNU/Linux distribution, has voted to allow amendments to their Social Contract and Free Software Guidelines, as long as the developers agree with a 3:1 majority. The full text of the various amendments can be found in the original call for votes. Debian developer and XFree86 packager Branden Robinson has already proposed an amendment to the Social Contract that removes the requirement to maintain an archive for non-free software or "contrib" software (free software that depends on non-free software to work). Debian could still maintain this archive, but would no longer be required to do so. The proposal also updates the Social Contract to clearly require all works in Debian to meet the Debian Free Software Guidelines, not just software, which had come up repeatedly in the discussions over the non-free "GNU Free Documentation Licence". Both of these updates have been under consideration for some time, but were waiting on the ratification of the amendment procedure. The Debian Project voted on this amendment using their modified Condorcet voting procedure, which allows voters to rank the choices in order of preference, eliminating the "lesser of two evils" effect common to simple majority voting."

JoeBuck writes "According to this message from Ian Murdock on the Debian developer's mailing list, the Progeny folks have ported Red Hat's Anaconda installer to Debian. They have also written a tool that "facilitates the creation of Anaconda-based Debian installation CD sets". They are also engaged in other interesting unification work, and hope to be able to allow collections of managed RPM and .deb packages to coexist side-by-side." uberkludge points out an article with more details at Ars Technica.

Slashback brings you updates tonight on Diebold's attempts to bring undisclosed-source, unauditable black-box voting to a ballot box near you, John Carmack's search for (rocket-fuel, not hair) peroxide, AT&T's (withdrawn) request for its customers' mail server addresses, open source goings on at Comdex, and more -- read on for the details.

Diebold Election Systems Round 2 in MD zznate writes "Looks like Diebold is not going to get off the hook so easily in Maryland after all. For anyone local, feel free to contact delegates Hixson or Hollinger to express your support. Perhaps they could even receive a copy or two (or fifty ;-) of the documents listed here."

Diebold is having an easier time at Swarthmore. yoshi_mon writes "Previously reported on /. was the Swarthmore Students Effort to keep the Diebold leaked memo's online. However that effort has been quashed by one Dean Bob Gross. To quote the dean, "We can?t get out in front in this fight against Diebold." BlackBoxVoting.com reports that '[Swarthmore College] is not willing to take a strong stand against Diebold, and is systematically disabling the network access of any student who hosts the files.'"

AT&T says Ha, just kidding! An anonymous reader writes "In an update to an earlier Slashdot article, Telco giant AT&T rushed to withdraw two notices sent to business partners and customers asking for the IP addresses of all outbound SMTP servers because of a 'human error' gaffe."

All this and cheap shrimp cocktail. blackbearnh writes "While the topic has been raised, I thought I'd mention a few other things going on at COMDEX Open-Source wise.

First off, the Open Source and Linux track has been expanded from a half-dozen sessions last year to nearly twenty this year. These will cover everything from the basics of Open Source (taught by folks like Ken Coar of Apache) to an intro to PHP led by Rasmus Lerdorf.

On the show floor, a massive 2500 sq foot Open Source Innovation Center will serve as the site for hourly talks by Open Source evangelists on business-related topics such as case studios proving the benefits of Open Source. There will also be a staffed "clinic" area where attendees can get advice on what Open Source technologies would work well in their business. There will also be install parties held at noon each day, where attendees can bring their laptops to get help installing MySQL or Debian. And lastly, a .ORG village inside the center will host representitives from more than a dozen prominent Open Source organizations, including OpenOffice and Mozilla.

Also, the COMDEX/ApacheCon exchange program continues this year. COMDEX members can get access to the ApacheCon expo floor and BOF sessions, while ApacheCon member can visit the COMDEX show floor and the Open Source keynotes. Shuttle service will link the two conventions.

James Turner
Co-Chair, Open Source, Fall 2003 COMDEX"

It's a crapshoot, eh. Dick Faze writes " Royal Bank of Canada is part of a $50 Million investment in SCO: Has our communist neighbor to the north finally flipped completely?" (We know Mr. Faze is being facetious, here ... don't we?) This is the same $50,000,000 investment deal in which some people suspected Microsoft's involvment.

Patent Office Cancels Swing Patent An anonymous reader writes "Remember the swing patent issued last year covering the method of swinging a swing? Well, the Patent Office must've taken offense at the amount of criticism it received over this patent. It initiated a reexam proceeding and after a year's worth of reexamination, they cancelled the patent on July 1, 2003."

But all the other patents are up to snuff, don't worry.

Carmack's Peroxide Troubles Over? Rob Jellinghaus writes "John Carmack's aerospace company has had problems getting enough concentrated 90% peroxide for their engines. So they have been working on mixed monoprop engines that would need only 50% peroxide, which would pretty much end their fuel troubles for good. They have had many failures, but they may have just succeeded. In his words: 'This is Very Good.'"

Remember, most of the world is still dial-up, at best. Anothermouse Cowered writes "It's a router, it's a firewall, it's a home gateway it's a... In another giant leap for the Open Source community, you can now hack on your own embedded Linux system for under $70. The source code for the ActionTEC Dual modem previously mentioned on Slashdot ('Hacking the Actiontec 56k Modem/Gateway') in September has now been released under the GPL. Downloads available here."

aws4y writes "Linux Journal is reporting the results of its readers choice awards, among the winners are Slashdot for favorite Linux web site, Debian for favorite distro, Evolution for favorite email client and VIM for favorite editor."

eugene ts wong asks: "Our company is planning on taking care of its own email, by setting up our own server. I've been given the task of researching what is out there. So far, I've got my heart set on an IMAP server that we can install on Gentoo. Unfortunately, email isn't our forte, and I really have no idea of where to start. I've made some google searches, browsed around on the IMAP site, and also found this email. According to the mutt documentation, Cyrus and Courier are the best choices." What IMAP servers have you used, and which ones would you recommend?

"I'm still at a loss for what to do. The documentation of all but uw-imap seem to be a bit complex for me. If it helps, I'd like to point out that I have Mutt and nbsmtp installed, which work fine for connecting to our SMTP and POP servers. How do I know what will serve our needs the best? Also, is there an IMAP server that I could install easily for testing and learning purposes? I'd like to be able to get something installed without much configuration. Security shouldn't be an issue for testing purposes, because it will only be on the local network, and the computer will be turned off when I'm not actively testing it. We're also willing to purchase products as well. We're willing to hire a professional to do it for us, but the boss wanted some research done so that we know what we're getting. Any comments are welcome. Thanks in advance."

feklee writes "The preparations for the rally against software patents on Wednesday are running at full speed. Thanks to announcements in DWN, on KDE, in the Register, and elsewhere, the Online Demo has already more than 600 participants such as Savannah and KDE.de. Now, what about your project?"

And flagboy writes "A group of economists from Europe and the U.S. specialising in patent questions have published a letter to members of the European Parliament calling on them to reject the proposal, accompanied by an analytical paper which casts severe doubts on the reasoning behind the directive and on the methods employed by its proponents." Here's the FFII Press Release.

Peter writes "The Pegasos is an interesting new platform, being one of the very few affordable non-Apple PowerPC systems. But to be a real alternative for me, I want it to run Mac OS X directly (without the need to use Mac-on-Linux or such). Have any of you Slashdot readers done this, and how much hacking did it take?" The Pegasos currently uses a G3/600, and ships with Debian Linux for PowerPC and MorphOS.

Mark Tobenkin writes "Are corporations exploiting the Open Source community? The Linux Public Broadcasting Network has video interviews with Ian Murdock (of Progeny and Debian fame), Martin Roesch (author of Snort), Jeremey White (CEO of CodeWeavers), Bradley Kuhn (FSF), Mike Balma (Linux Business Strategist for HP) and others on the evolving OSS business models. The interviews center around whether integration with proprietary products endangers the Open Source effort or increases consumers' freedom to choose."

Rubbersoul writes "On August 16th, the Debian Project will celebrate its 10th birthday. Check debCONF for the birthday party nearest you!"

[vmlinuz] writes "SitePoint has an article that I wrote that introduces Debian and has guidelines on installing it. This could be usefull for managers, new users and other people that may be interested in using Debian." And honestly, who among us isn't interested in using the obviously superior Linux Distribution against which there can be no other contenders? (Oh dear god don't flame me! It's a joke people!)

MoreDruid asks: "Not long ago, I was asked to do some research for a blind relative from a friend of mine. I tried searching the sites of Red Hat, Debian, and some other distro's, but only SuSe came up with really useful information. I did find Blinux, but I think it's not really mature yet. Do any other Slashdotters have any experience in this field? What is a good distro to start with? This research is geared towards a blind newbie user, so are there any decent resources for vision impaired people so that he can get going with Linux?" This topic was discussed, in a more general sense, some two years ago, and there have since been questions dealing with several pieces of the puzzle. However, is there anything else out there, aside from the developing Blinux, that puts it all together in one nice package?

Dan writes "Matthew Garrett has demonstrated his success in building a Debian operating system on the Sparc architecture on top of the NetBSD kernel. Additionally Joel Baker reported about significant work for the NetBSD/x86 port, such as dpkg and APT, that will work without additional patches. NetBSD runs on hardware unsupported by Linux. Folks working on the project say that porting Debian to the NetBSD kernel increases the number of platforms that can run a Debian-based operating system."

Dan writes "Matthew Garrett has demonstrated his success in building a Debian operating system on the Sparc architecture on top of the NetBSD kernel. Additionally Joel Baker reported about significant work for the NetBSD/x86 port, such as dpkg and APT, that will work without additional patches. NetBSD runs on hardware unsupported by Linux. Folks working on the project say that porting Debian to the NetBSD kernel increases the number of platforms that can run a Debian-based operating system."

Syntaxis writes "There's some considerable argy-bargy in progress over whether or not GNU's own GFDL is a Free documentation license at all. At issue are "invariant sections" which cannot be removed from derivative works. Check out the thread culminating in the proposed motion to take action. The current consensus on Debian-legal does indeed appear to be that one of the FSF's own licenses is non-Free under the terms of the Debian Free Software Guidelines! Well, documentation for GPLed projects countermanding the very freedoms embodied in the GPL certainly seems insane to me."

Syntaxis writes "There's some considerable argy-bargy in progress over whether or not GNU's own GFDL is a Free documentation license at all. At issue are "invariant sections" which cannot be removed from derivative works. Check out the thread culminating in the proposed motion to take action. The current consensus on Debian-legal does indeed appear to be that one of the FSF's own licenses is non-Free under the terms of the Debian Free Software Guidelines! Well, documentation for GPLed projects countermanding the very freedoms embodied in the GPL certainly seems insane to me."

Syntaxis writes "There's some considerable argy-bargy in progress over whether or not GNU's own GFDL is a Free documentation license at all. At issue are "invariant sections" which cannot be removed from derivative works. Check out the thread culminating in the proposed motion to take action. The current consensus on Debian-legal does indeed appear to be that one of the FSF's own licenses is non-Free under the terms of the Debian Free Software Guidelines! Well, documentation for GPLed projects countermanding the very freedoms embodied in the GPL certainly seems insane to me."

rescdsk writes "Raphael Hertzog recently announced Alioth, a SourceForge installation dedicated for Debian use. All developers automatically have accounts, though anyone may get an account. Quoting the front page, the purpose of Alioth is multiple: to provide facilities to free software projects supported by Debian developers, to make it easier for non-Debian developers to contribute to projects initiated by Debian, and to support projects whose goal is to promote Debian or one of its derivatives. Go peer with great wonder!"

rescdsk writes "Raphael Hertzog recently announced Alioth, a SourceForge installation dedicated for Debian use. All developers automatically have accounts, though anyone may get an account. Quoting the front page, the purpose of Alioth is multiple: to provide facilities to free software projects supported by Debian developers, to make it easier for non-Debian developers to contribute to projects initiated by Debian, and to support projects whose goal is to promote Debian or one of its derivatives. Go peer with great wonder!"

Strike writes "The votes for the new Debian Project Leader are in and the tallying is over, results here. Martin Michlmayr comes out on top, winning 4-0 going head to head against the other three candidates (with the fourth win being over "no candidate"). Last year's DPL Bdale Garbee came in 2nd, with Branden Robinson and Moshe Zadka coming in 3rd and 4th. Michlmayr's platform can be seen here."

Strike writes "The votes for the new Debian Project Leader are in and the tallying is over, results here. Martin Michlmayr comes out on top, winning 4-0 going head to head against the other three candidates (with the fourth win being over "no candidate"). Last year's DPL Bdale Garbee came in 2nd, with Branden Robinson and Moshe Zadka coming in 3rd and 4th. Michlmayr's platform can be seen here."

The call for questions went out on Feb. 10. Here are your answers. We'd like to give Prof. Moglen special thanks for taking time out from his busy schedule to do this.

1) Biggest win and loss so far?
by Em Emalb

What would you consider to be your biggest "win" so far?

How about loss?

I am sure a lot of us here think we know, but it would be interesting to hear it directly from you.

thanks for fighting the good fight.

Eben:

When lawyers are engaged in litigation, their work can be judged in terms of wins and losses. But most of the work that I've done for the Free Software Foundation in the past ten years wasn't about litigation. It wasn't about conflict at all; it was about helping people cooperate, so that more high-quality free software came into being, and stayed free. Every time I persuaded someone that it was better to comply with GPL than to fight with the Foundation, everybody won. Every time I helped licensors who couldn't or didn't want to use GPL to use a GPL-compatible free software license, so that their code and all the world's GPL'd code could be freely combined, everybody won. Many of the outcomes I feel most satisfied about over the past decade wouldn't even make a good story: they're just examples of how persistent, patient reasoning with people can convince them to do the right thing. On the other hand, the matters I most regret are places where I failed to persuade people to work together. Everyone in the /. community can think of controversies in the free software world, personality conflicts, failures of cooperation that have impeded progress. I've tried over the years to bridge some of those gaps, sometimes with no success at all.

There have been litigation controversies in which I've been involved over the years, not always for the Foundation, which lend themselves to the calculus of win and loss. I still feel very pleased with the efforts I and others made from '91 to '94 to prevent the United States Government from indicting Phil Zimmerman over PGP. Winning the crypto wars was one of the most important things our side did in the '90s, and it started with Phil. On the other hand, this year's defeat in the Supreme Court in Eldred v. Ashcroft, the copyright term extension case, is an unambiguous loss that's going to hurt the cause of free speech and free culture for years to come. I filed a brief amicus curiae in that case on the Foundation's behalf, and like my friend and colleague Larry Lessig, who argued the case in the Court, I take our defeat rather personally. But no defeat in court can possibly be as important as the victory all of us have won in the world: free software exists, and grows more powerful and more elegant every day. That's a victory of the profoundest consequence that we've all won together, and I'm intensely proud of the small contributions I've made to the cause.

2) Clarifying the GPL
by sterno

One issue that I know has come up for me is how the GPL applies in situations where I'm using GPL software but I'm not actually modifying it. For example, I write a Java application, and it is reliant on a JAR that is GPL'd. Do I then need to GPL my software? I haven't changed the JAR in anyway, I'm just redistributing it with my software. The end user could just as easily download the JAR themselves, it's just a convenience for me to offer it in my package.

Eben:

The language or programming paradigm in use doesn't determine the rules of compliance, nor does whether the GPL'd code has been modified. The situation is no different than the one where your code depends on static or dynamic linking of a GPL'd library, say GNU readline. Your code, in order to operate, must be combined with the GPL'd code, forming a new combined work, which under GPL section 2(b) must be distributed under the terms of the GPL and only the GPL. If the author of the other code had chosen to release his JAR under the Lesser GPL, your contribution to the combined work could be released under any license of your choosing, but by releasing under GPL he or she chose to invoke the principle of "share and share alike."

3) Helping independent developers work with the GPL
by SwellJoe

I've recently been doing some contract development work for other companies. These companies, so far, have all been very friendly to GPLing the work they hire me for that extends existing GPLed work.

However, when I'm preparing contracts I never know just how to specify that wholly original work we do for them will be "Work-for-hire" under whatever license they choose, but code based on and extending GPLed software will be placed under the same license.

I've browsed through the GNU site, in hopes of locating some example contract language that would make this clear to new customers and make it a legally binding aspect of any agreements made, but alas, I could find no help in this regard.

I should point out: my clients know that the GPL is an enforceable copyright, and don't have a problem with that--our work with GPL'ed software is usually the reason they come to us...this isn't a question of companies wishing to steal GPLed software. It is a question of how to make those terms compatible with an agreement that covers both GPLed work and non-GPLed "work-for-hire". Usually we are doing a bit of both types of work, and we'd like the contract to reflect that in a clear and comprehensive manner.

Seems like this would be a common problem for developers, and I was surprised that I couldn't find any documentation about adding this kind of clause to a contract.

Eben:

Two different issues arise here, and I think they're being conflated. One question is who will own the copyright on the code you are producing, and the other is what license terms the owner may use in releasing that code. Whether the code you write involves wholly new programs or modifications to existing GPL'd programs, your code constitutes a copyrightable work of authorship, and the first question is whether copyright will be vested in you or in the party with whom you are contracting. No matter who owns the copyright, however, modifications to or works based on GPL'd works can only be released under GPL. A "work for hire" provision in your agreement addresses the first question, and means that copyright in all the works of authorship will vest in your client. As to the works based on GPL'd code, in response to the second issue, you want your client to acknowledge its responsibility to release that code under GPL and GPL only. Any number of strategies in contract drafting might be appropriate, depending on the circumstances. The Foundation website doesn't make specific recommendations on how to draft contracts because contract law varies from country to country throughout the world, and no suggestion could possibly be right everywhere. Nor can I provide useful legal advice here, given the level of abstraction. On sensible approach, in a US contract, might be to include a provision in which the buyer acknowledges that the works listed in an attached schedule are subject to GPL, and promises that all code delivered under the contract modifying or extending any of the listed works will be released solely under GPL.

4) Put you in my will...
by wowbagger

I'm a single guy, no dependants. I just had to update all my benefits info at work - if I die, who gets my employer-supplied insurance money.

So how would I go about making the FSF a beneficiary? You might want to put that info on the web site.

Right now, the only organization I have listed is the NRA - they make it pretty easy to set this sort of thing up.

Eben:

Without information about the specifics of your employer's insurance program, I can't provide any detailed advice. The Foundation is of course enormously grateful for the support it receives from members of the free software community around the world. As a moderately large donor to the Foundation myself, I want to express my personal appreciation of your willingness to give. Anyone who wishes to donate to FSF, whether through testamentary disposition or direct contribution, can get further information from the Foundation's Director of Communications, Ravi Khanna, ravi@fsf.org.

5) PHB opinions
by Eric Seppanen

My boss' boss (who is quite sharp technically as well as an attorney) thinks that the GPL is stupid because it doesn't read like it was written by a lawyer. He doesn't object to the principles and methods involved-- he's just disgusted by the unlawyerly writing. He says it was written by an amateur, not a lawyer, giving the impression that everyone using it is an amateur, and not serious about their work. What would you say to that?

Eben:

With all due respect to your boss' boss, he may not have appreciated the context in which the GPL is drafted. Most distributors of copyrighted material use a different copyright license for each country in which their work is distributed. That's not feasible for the free software movement: we have no control over the international path that any given piece of code may take, as it is copied and redistributed by its users, and we must therefore do business all over the world on a single license. What would seem good lawyerly drafting to a lawyer in one country might seem like officious or loquacious nonsense to a lawyer in another. Moreover, unlike the licenses written by the legal departments of proprietary content companies, our licenses are meant to be read by individual programmers, who we hope will choose to use those licenses to distribute their own programs. So the GPL is not addressed to lawyers in a single legal system, but to developers in every legal system around the world. Doing optimal drafting for that rather unusual set of needs is plenty serious business, I will say. It isn't work for amateurs. Whether we have been successful in achieving our intentions can only be judged by the results.

6) What can be done about spurious legal threats?
by Tom7

I've noticed a scary trend in "de facto" internet law: Sites are shut down, projects stopped, and ideas silenced because of scary notices from lawyers. Lots of the time, these cease and desist letters don't actually have much to stand on, but they're so cheap to send, and so effective, that any business with a site it doesn't like and a lawyer on salary would be crazy not to do it. The effect of these letters is chilling (so to speak): sites that are probably legal are shut down without the benefit of a trial, and the "precedent" affects the way other laymen interpret the law. I've seen numerous mostly-serious posts on slashdot proclaiming "Wouldn't this be a violation of the DMCA?" when referring to any sort of activity the MPAA or RIAA, etc. wouldn't like. (Speaking of the DMCA -- it has built-in provisions for making precisely this kind of judge-free takedown by an ISP!) This trend seems to be a serious breakdown of the legal system, and I don't like it.

My question is: In your opinion, what can be done to change the way the system operates so that spurious legal threats aren't so economical? What can someone like me do, besides donating to the EFF or going to law school?

Eben:

It's true that it's cheap to write letters threatening legal action, and it's true that many people would prefer to stop doing whatever they're doing that causes them to receive such letters. Bullying of this kind is one of the ways that the rich and powerful oppress the weak and poor. Your question contains specific versions of the only two general answers I know: those of us who are lawyers should fulfill our obligation to provide assistance pro bono publico (for the good of the public, which means without charging fees) to those who need our help and can't pay for it; those of us who aren't lawyers should contribute to organizations, like EFF and FSF, that provide legal support to individuals who need help furthering the causes we believe in.

7) Question
by edward.virtually@pob

Given the failure of the DOJ and other cases against Microsoft (no meaningful penalties, technically incompetent judge overseeing DOJ case, requirement to support Java in IE endlessly held up in court) and the continuing wide-spread abuse of IP law to monopolize cyberspace (patents on obviously invalid claims -- decades of prior art, etc.), do you think Free Software (and it's more "popular" spin-off Open Source) has any chance of long term surival in the United States or it is just a matter of time before it is crushed?

Eben:

Despite the annoyances you mention, which I regard as unfortunate but inessential, I think the position of free software is almost impregnable, both in the United States and everywhere else. The most important threat to the survival of free software is the concept of "trusted computing," which really means the building of hardware you as a user can't trust at all. "Trusted" computers are computers that can be trusted by media companies not to run software that users can modify, so that media company "content" can be delivered without fear that software modified by users will exercise fair use rights that media companies don't want to allow. If the free software movement and its allies can avoid having "trusted" computing forced on PC consumers by either mandatory legislation or industry "consensus," I believe free software will be around forever, and will become the dominant mode of software production and distribution in the course of the next two decades.

8) Being like you.
by Anonymous Coward

As an undergraduate in computer science I have found licensing and intellectual property issues so interesting that I have chosen to go to law school. I would like to advance many of the causes that you support. What advice would you have for an aspiring lawyer who wants to promote freedom and the public domain? What steps would be necessary to support my family and still fight for the cause? How best can a lawyer help society without selling out to big money?

Eben:

There are businesses all over the technology sector that are making money through the employment of free software. They sell hardware, services, solutions, expertise, and even the software itself. They employ lawyers who promote freedom by helping businesses that promote free software. There are going to be businesses all over the media landscape in the next decade that help cultural producers (writers, musicians, videographers, etc.) escape the system of cultural ownership that produces the schlock jamming the eyeballs and eardrums of the world. They're going to need lawyers to resist the onslaught of the "content" oligarchs, who will try to do everything to keep free content from succeeding. There is going to be a major movement in the next two decades to free the electromagnetic spectrum from the iron triangle of the broadcasters, the politicians, and the "campaign contributors," all of whom have tremendous interests in preserving the system where "free speech" means Rupert Murdoch has a million times more right to speak than you and I. Getting back the wireless bandwidth of the world for the people themselves, giving everyone an equal right to communicate, is the next great frontier of freedom. So there are enterprises that need lawyers, provide livings to those lawyers, and further freedom all at once. There are non-profit organizations too that we can work for or donate our time to. Being a young lawyer, as I tell my students at Columbia, is--at its best--an imagination test. We are very fortunate members of this society, in that we can imagine the lives we want and then make them happen. My advice is, aim high.

9) FSF's W3C patent policy position
by The Pim

I sent the following to info@fsf.org on January 1, and have not received a reply. Since it is a legal question, perhaps Professor Moglen would answer it here. Some context:

• Act Now To Sidestep A W3C Patent Pitfall [slashdot.org]
• Please Help Pass W3C Patent Policy [debian.org]

I'm writing because I cannot understand some parts of the "FSF's Position on Proposed W3 Consortium 'Royalty-Free' Patent Policy", at http://www.gnu.org/philosophy/w3c-patent.html .

First, it is quite clear that you believe that software exercising patents with "field-of-use" licenses cannot be distributed under the GPL. However, it is not clear whether you believe that such software could be distributed as free software at all. Paragraph two seems to say that it could not, but it also appears to conflate GPLed software with free software, so I am not sure this is what the author meant. Paragraph three equivocates by saying "licensing under other free software licenses does not imply free", without saying "licensing under other free software licenses implies not free".

The impact of the proposed policy on the free software community obviously depends greatly on whether it could prevent us from implementing some standards at all, or only under the GPL. Which is it? (Since most of the document focuses on the GPL, I assume it is the latter. But it should be stated explicitly, and the hints to the contrary should be cleaned up.)

Second, who exactly would be prevented from distributing software exercising such patents under the GPL? Those in jurisdictions in which the patent applies, or everyone?

Third, why exactly are "field-of-use" patents incompatible with the GPL? The addendum intended to clarify this matter does not succeed. Step 4 in its example says,

C's patent license prohibits folks from taking his URL parsing code and putting it into, say, a search engine.

But C's patent equally prohibits folks from taking a (hypothetical) GPLed search engine and adding URL parsing code. So by that argument, nobody can distribute a GPLed search engine, either. What really is the criterion that prevents distribution under the GPL? Is it that the author "knows" that others will be "tempted" to modify the software such that it no longer meets the "field-of-use" restriction? Is it that the author has accepted the patent license himself?

And how does this differ from the situation of distributing GPLed software that cannot be used in some jurisdictions? If I distribute cryptographic software under the GPL, it will end up in the hands of people in repressive countries who are not allowed to use (never mind redistribute) it. This would seem to imply that such software cannot be distributed under the GPL.

I hope you can answer these questions and update the text on your web site.

Eben:

The question as asked is quite complex. Let me try to simplify it somewhat. Free software should be freely modifiable and redistributable by its users. Of course, any code once modified may practice claims of a patent about which the modifying user is uninformed. So anyone distributing free software is unable to assure his users that each and every modification they may want to make is noninfringing. But when someone distributes apparently-free software under actual but undisclosed legal restrictions preventing modification or redistribution, the software is not really free. GPL tries to deal with this problem through section 7, which says that if code you are distributing is actually under restriction that is incompatible with the terms of the GPL, you can't distribute under GPL at all. So if you have accepted a patent license that prohibits you from reusing some of your code, or code you have received from others, in different contexts, GPL section 7 means that you cannot distribute under GPL, and if the code you received was under GPL, your acceptance of the patent license precludes redistribution altogether. The goal is to ensure that, so far as each redistributor's actual knowledge is concerned, each item of GPL'd software distributed is fairly labeled: it can be freely copied, modified and redistributed.

From the Free Software Foundation's point of view, any code subject to field of use restrictions is not free software, but most free software copyright licenses don't read on the problem at all, and GPL section 7 only addresses one aspect of the problem. With respect to the specific issue involved in your question--the W3C proposed patent policy--GPL section 7 will be relevant in the following circumstances: a patent-holder contributes patent claims to a W3C Recommendation, and requires each implementer to take an explicit license containing a field of use restriction. GPL section 7 will preclude GPL'd implementation of that Recommendation. Apparently-free software can implement that Recommendation under, for example, BSD or X11 licenses, but despite its release under those licenses the software will not, from the Foundation's point of view, be actually and fully free.

10) Legal equivalent of GNU
by nattt

If free software / open source / etc. is seen as the saviour of the computer world, what do you see as the route or force to act towards making a better legal profession?

Eben:

I don't think I would talk about free software as the saviour of the computer world. I would say that free software is an important tool for preserving freedom of speech and freedom of thought in our networked society. The equivalent forces acting to produce a better legal system and a better legal profession are the constitutional norms in the US and other societies that protect freedoms of expression, inquiry, and publication. Our job as lawyers is to defend those freedoms, and to increase the relevance of legal doctrine in new social and technological environments.

neiljt writes "BBC News have a piece on NASA experiments to use IP for space missions. The article is a little low-tech, but more details available from NASA (OMNI). Is this the first Red Hat in space?" It's worth pointing out as well that Debian made the ride nearly six years ago. Still, great news.

protonman writes "A hefty flame war has broken loose on the debian-devel mailinglist about (amongst other things) the legality of mplayer. The interesting part in this conflict is that unlike in previous alledged GPL violations, the culprit is not the unwillingness to provide the source, but the prohibition of the distribution of binaries, thereby violating section 6 of the GPL: 'You may not impose any further restrictions on the recipients' exercise of the rights granted herein.' Read also the blurb on the MPlayer homepage."

Duncan Findlay writes "Network Associates Inc. has just acquired Deersoft, Inc., which is known by many as the creator of SpamAssassin Pro, the proprietary (Windows) version of the GPL/PAL licensed SpamAssassin (Mirrors: Eastern US, Europe). It seems that we may see parts of SpamAssassin under the McAfee name within 6 months. You can also read the story at Yahoo or at Reuters. Unfortunately, the SpamAssassin trademark was owned by Deersoft, so hypothetically, NAI could force us to call the Open Source project something else!"

Jonathan Riddell writes "The FSF have quietly released The GNU Free Documentation License 1.2. There's been some controversy about the creation of this license and possible abuse of non-editable sections to make documents non-Free. A diff shows that there's been a fair number of changes. The FDL is in my opinion the most flexible way to keep documentation Free while preventing abuse from publishers."