linuxmafia.com · Domains · Slashdot Mirror

boring ... argumentum ad hominem by goon · 2003-12-07 10:49 · Score: 1 · on Top 10 Personal Computers, Revised

this is such a lame response.

so what if the article is *local rag* article and the user responds about a vintage, dare I say limey computer . I've seen/read many a US home computer user talk of Sinclairs, Amigas, bbc or acorns.

How about, 'never saw one of those machines', 'yeah i remember those amiga machines playing kings quest 2' .... no we resort to argumentum ad hominem .

nb: moderators: dont feed the trolls - this article is neither informative nor worthy of points.

Is there anything to stop you copying RHEL? by Plug · 2003-08-15 14:25 · Score: 4, Insightful · on The Increasing Cost of Red Hat Linux?

I've been trying to figure this out, and it would seem that there is nothing in the license that stops you being able to legally give me a copy of (say) RHES, and for me to run that copy, with no access to up2date and no support contract. (Like a lot of the other posts say, I am the support - my only concern is having a platform that commercial software supports!)

The license seems to refer to the services that come bundled with the software, not the software itself. I believe that the JVM cannot be copied from the standard distribution but removing is trivial.

Interesting notes: to summarise, it's probably perfectly legal for you to copy me RHEL ES, however you would probably also have to provide me all the updates if I wanted them (which may violate your license to receive them). The big dollars is with regard to the updates, and I believe they are made publically available by SRPM - and even then, its probably also technically allowable for you to mirror all the update RPMs somewhere.

I installed Lotus Domino recently on a Debian server because I didn't trust the machine with a consumer Red Hat and it wasn't cost effective enough to get RHEL. I'd be very interested to hear if you can or can't just copy/mirror RHEL.

Linux Licensing? by slewfo0t · 2003-08-05 07:08 · Score: 2, Informative · on SCO Wants $699 for Linux Systems

What SCO is trying to do is forever change the way Linux is licensed. They basically stated this in their conference call. They claim that Linux developers want to have their work protected and that the GPL is not really the way to go anymore. (at least if your SCO) Then, to top that off, they want to make their few lines of code worth more than the punch card it was written on! It's no wonder Microsoft paid for a license... It's the same kinda philosophy Micro-Soft came out with in 1976 in Bill's Open Letter to Hobbyists. It was just as misguided then as it is now.

SCO even went on to say that they would eventually target end-users as well. I guess they are taking lessons form the RIAA now too.

- Slew -

WP for Linux resources by rickmoen · 2003-07-22 00:47 · Score: 1 · on Corel Ousted From Public Life?

aussersterne wrote:

Fast-forward to 2003... The products are orphaned. They have been removed from the Corel Web site without a trace.

It's certainly true that they've been orphaned, but WP8 for Linux Download Personal Edition remains available at a large number of sites, listed in my WordPerfect for Linux FAQ. You can also find PhotoPaint9 (Winelib) tarballs, here and there, if so interested.

The open-source linux.corel.com site that contained Corel's WINE tree is gone.

Substantially all of the former linux.corel.com Web site remains mirrored on http://corellinux.com/. The Corelwine fork remains maintained, for now, by Michael Torrie at http://students.cs.byu.edu/~torriem/.

And no service packs for the Linux versions of these programs ever got released!

Torrie's third-party updates to Corelwine, the Fontastic server, and other support code are said to make WP9 for Linux almost acceptable, although I find WP8 generally superior in fundamental ways. Valentijn Sessink has contributed a third-party fix to the Filtrix date-rollover problem, and there are numerous Corel-issued fixes to little bugs at http://corellinux.com/.

Your point generally is well taken: The corellinux.com site even enshrines Corel's lastingly broken promise to post an "Update coming soon for Corel WordPerfect 8 for Linux/UNIX import/export filter issue", which failure Sessink eventually worked around for the user community's benefit without Corel's help. However, I just wanted to point out that many problems can be fixed to a significant degree, despite Corel having cast the entire thing to the winds.

Library-support problems for WP8.x on modern Linux distributions can be fixed, given varying amounts of determination. In extreme cases, you can install all needed libs from a tarball available for that purpose. My FAQ has details.

I suspect you'd find WP8.x much less frustrating than the lamentable WP9, especially if you acquire a copy of the WP8.1 Personal Edition -- the best release by far of WP for Linux -- still sometimes available (on eBay and other places) bundled as part of Corel Linux OS Standard or Deluxe Editions.

But the long term answer is to realise that proprietary codebases are prone to being here today, gone tomorrow, and to realise that AbiWord 1.9.1 is starting to look awfully good and cannot suffer that same fate. (OpenOffice.org Writer 1.1 beta 2 is useful, too.)

Rick Moen rick@linuxmafia.com

Re:A list of candidates by rickmoen · 2003-07-01 17:37 · Score: 1 · on Open Source Microsoft Exchange Replacements?

I did a few minutes of research, and answered my own question: Client access to MS-Exchange Server's optional Microsoft Outlook Web Access connector (gateway) should work from basically any Web browser supporting frames and Javascript.

(I've amended the entry for MS-Exchange at http://linuxmafia.com/~rick/linux-info/groupware accordingly -- along with fixing errors or omissions in the entries for Kroupware, Novell Groupwise, SuSE Openexchange Server, and EasyGate Workgroup.)

Rick Moen
rick@linuxmafia.com

A list of candidates by rickmoen · 2003-06-30 13:36 · Score: 5, Informative · on Open Source Microsoft Exchange Replacements?

There tends to be confusion in these discussions because of lack of agreement on what the term "Exchange replacement" means. At one extreme, something qualfies only if it accepts Microsoft-proprietary RPC connections from MS-Outlook for MAPI transactions providing 100% of the functions the Outlook / Exchange Server combination du jour supports. At the other extreme, Web-based access (e.g., Sherpath) and glorified BBSes (First Class, Citadel/UX) are deemed worthy of consideration. Anyhow, here's a list I maintain as part of http://linuxmafia.com/~rick/linux-info/groupware:

MS Exchange Server (server end; NT only), MS Outlook (client end; Win32, MacOS). Very limited support of open-protocol clients (IMAP, webmail?). Microsoft Corp. wants to sell you Exchange 2000, these days, but Exchange 5.5 is still very common.
Lotus Notes / Domino (server end, Linux supported), Lotus Notes (client end; Win32, MacOS). Limited webmail access (iNotes).
Novell Groupwise. http://www.novell.com/products/groupwise/ Server end runs on either Novell NetWare 5/6 or WinNT. Client end is proprietary Win32 client or webmail. A native Linux client is under development.
SuSE Linux Openexchange Server (formerly SuSE Linux eMail Server). Standard, good open-source components (Postfix, Apache, Cyrus IMAP, OpenLDAP, OpenSSL) preconfigured to work well with one another, plus a couple of proprietary components: YaST2 for graphical administration, and SkyrixGreen for integrated scheduling and group discussions (shared folders). Client access from any OS, including but not limited to webmail. A full-functional trial version (lacking only "maintenance") is available for US $20 at http://www.suse.com/openexchange/slox_eval_form.ht ml . Sites are known to scale well to at least 1,000 users per site. The largest deployment yet known (March 2003) is 1,900 users.
Bynari Insight Server, http://www.bynari.net/ . Server end is Linux-based. Intended as a plug-compatible replacement for MS-Exchange Server, based on POP3, IMPA, SMTP, and LDAP, but also with full support for all the special, proprietary MS-Exchange Server RPC-based protocols for group discussion, scheduling, contact management, task lists, etc., when used with MS-Outlook clients. Review: http://linuxjournal.com/article.php?sid=6734
Bynari InsightConnector, http://www.bynari.net/ . Extensions that load into MS-Outlook clients to let them perform MS-Exchange-type functions (scheduling, contact-management, public folders) without needing an MS-Exchange server, using only open-standard IMAP, SMTP, and LDAP servers, instead.
Samsung Contact (formerly HP Openmail), http://samsungcontact.com/en/ . Server end can be Linux-based (or Solaris/AIX). Based on SMTP, IMAP, POP3, LDAP. Supports proprietary protocols for e-mail, scheduling, etc. native to Samsung's Contact client (which is available on Linux and Win32). Webmail access. Implements Microsoft's (documented, for a change) MAPI protocol for scheduling, public folders, offline folders.
Oracle Collaboration Suite, http://www.oracle.com/ip/deploy/cs/ . Formerly Steltor CorporateTime, http://www.steltor.com/, until that firm's recent acquisition by Oracle. (That product is said to have emerged from Netscape Calendar.) Does IMAP, POP3, SMTP, E-mail, real-time conferences, voicemail, scheduling. Apparently implements all of the special, proprietary MS-Exchange Server RPC-based protocols for group discussion, scheduling, contact management,

example of the marketing problem by brlewis · 2003-06-30 02:43 · Score: 1 · on Debian And The Rise of Linux

See, here's another person who thinks stable and unstable are your only Debian choices. See also the earlier posts about stable servers vs less stable desktops. Nobody knows about the Debian testing distribution unless they hear about it from somebody else. Rather than write a long essay about how everybody needs to market Debian better, volunteer time to change Debian's web site to make the testing distribution more prominent. Then watch Debian's reputation change. The Debian testing distribution rocks.

Re:It isn’t the future… by gidds · 2003-06-06 11:30 · Score: 1 · on A Night in the Hotel of the Future

.pdb (aka Palm DOC) isn't just for Palm-like devices; there are readers for many platforms.Â And it's freely convertible to/from plain text - there are loads of utilities to do the job.

<Airplane>So there.</Airplane>

Re:Another wheel to re-invent? by rickmoen · 2003-03-26 08:53 · Score: 1 · on New Mozilla-based Mail Client: Minotaur

m1chael wrote:

one mua is enough for everybody.

Why have one when you can have 115?

Rick Moen
rick@linuxmafia.com

Nameservers for Linux and *BSD by rickmoen · 2003-03-10 19:04 · Score: 3, Informative · on Linus Comments on SCO v IBM

evilpenguin wrote:

BTW, what alteratives to BIND exist for Linuxand *BSD? I actually don't know and would like to know.

There are now a number of alternative packages that may have advantages for many deployments. E.g.:

MaraDNS is a general-purpose, fast DNS server package (doing recursive, authoritative, and caching roles, plus fully supporting zone transfers):
http://www.maradns.org/

pdnsd is a small caching-only DNS server with a disk-based cache, suitable for small networks and workstations:
http://home.t-online.de/home/Moestl/

Dnsmasq is a small authoritative and caching DNS server for a group of NATted / IPmasqued machines (optionally pulling names from DHCP leases):
http://www.thekelleys.org.uk/dnsmasq/

DNRD is a small caching-only DNS server for NAT / IPmasq networks:
http://dnrd.nevalabs.org/

MyDNS is a MySQL-based authoritative and caching server (no recursive service) suitable for very large sites. In such roles, it's faster and more responsive than BIND9, even though the latter uses a RAM-based cache:
http://mydns.bboy.net/

ldapdns implements the same idea, except out of an LDAP database. Again, much faster than BIND9:
http://nimh.org/code/ldapdns/

GnuDIP is an authoritative server for Dynamic DNS:
http://gnudip2.sourceforge.net/gnudip-www/

NSD is a high-performance authoritative-only daemon:
http://www.nlnetlabs.nl/nsd/

PowerDNS (open source as of 2002-11-25) is an authoritative-only daemon with a modular structure supporting various back-end information stores such as SQL databases (MySQL, PostgreSQL, Oracle 8i, Oracle 9i, IBM DB2, and others via ODBC), BIND zonefiles and other file formats, and LDAP directories. Supports AXFR zone transfers.
http://www.powerdns.com/products/powerdns/

CustomDNS is a authoritative-only daemon for both static addresses and its variant form of dynamic DNS:
http://customdns.sourceforge.net/

lbnamed is a similar authoritative-only daemon for static and dynamic information, with a load-balancing multi-machine architecture:
http://www.stanford.edu/~riepel/lbnamed/

Posadis is another fast authoritative-only daemon:
http://posadis.sourceforge.net/

dents is another general-purpose DNS server, but is perenially unfinished, and is probably dead, at this point:
http://sourceforge.net/projects/dents/

Pliant DNS Server is another general-purpose DNS server, although it may not support zone transfers:
http://pliant.cx/pliant/protocol/dns/

Yaku-NS is another small, fast general-purpose DNS server:
http://www.kyuzz.org/antirez/ens.html

Twisted Names is an authoritative and caching DNS server, written in Python:
http://twistedmatrix.com/documents/howto/names

Oak DNS Server is an authoritative and caching DNS server, supporting dynamic DNS updates and AAAA records. It's written in Python, and doesn't need to run privileged:
http://www.digitallumber.com/oak

dnsjava is a minimal, authoritative-only server, a resolver library, and a set of DNS utilities, all written in Java:
http://www.xbill.org/dnsjava/

FireDNS is a client library for DNS requests, with emphasis on speed and asynchronous processing. Written in C, and has low-timeout blocking functions. Can be used to relace standard libc resolver library functions like getbyhostname with much faster equivalent code:
http://ares.penguinhosting.net/~ian/

GNU adns is a resolver library for C (and C++) programs, and a collection of useful DNS resolver utilities:
http://www.chiark.greenend.org.uk/~ian/adns/

Proprietary packages include:

UltraDNS (UltraDNS Corporation)
djbdns/tinydns
ATLAS (Verisign)
BINDPlus (Information Network Eng. Group, Inc.)
Global Name Service (Nominum, Inc.)
NeDNS (Neteka, Inc.)

I maintain this list at http://linuxmafia.com/~rick/linux-info/dns-servers

Rick Moen
rick@linuxmafia.com

Re:Supplying source code on demand to end users by Minna+Kirai · 2003-03-02 13:30 · Score: 1 · on U.S. Army's Future Combat System Will Run Linux

But that's just it, my employer does not "give" me the binaries.

They do "give" it to you (English definition), just like they "give" you many tools, although neither employee nor boss expects him to keep permanent possession- but that's not the point. Office furniture, computer hardware- they're physical goods. Whoever bought them can transfer them wherever he wants, but there's no law against copying them, since that's impossible.

When giving software to employees, however, the employer will have committed an act of copyright violation, unless he abides by the license. And if the license is the GPL, that means that anyone with access to the binaries can freely spread them far and wide.

Imagine if someone from the corporate IT department is called to the witness stand:

"Fred, did you on the date of March 1st, distribute or cause to be distributed to your co-employees Carol, Betty, and Alice, the software labelled exhibit A, which you have already admitted contains substantial portions of the plaintiff's source code?"

Fred cannot honestly deny he "distributed" the code. Then the only question is, was he violating copyright when he did so? Or, in doing so, had he consented to the GPL? In the first case, "Go directly to punitive damages". In the second case, Carol, Betty, and Alice are free to pass out further GPLed copies to the 4 corners of the earth.

The software installed on the computer remains the property of my employer

It was never the property of the employer. It belongs to the author and copyright holder the entire time.

The employer had permission to use it under certain conditions. If the software was GPL, those conditions included never restricting anyone from sharing copies of the software.

And I'm envisioning a kiosk that would be set up in a public place to say give directions to anyone who wishes to use it. By the definition of user you are attempting to assert, I would.

No, because the kiosk user doesn't have access to the filesystem. An employee of a corporation does. Maybe not the end-user who runs the program each day, but the IT dept who installed it certainly does.

And anyway, the FSF is considering extending the GPL to ensure that the user is entitled to the source code even if he's using a program running on someone else's computer. That won't matter for a while yet, though. (An example of a license that moves towards this goal is here)

but I think the same case law that allows a software publisher to go after a business that has illegal copies of software installed on the businesses systems governs here.

That is a more general thing, and relates to the definition of incorporation. If a crime is committed by a person acting on behalf of a corporation, liablity will be assessed against the corp. as a whole, rather than against any person within it.

But, laws like that only shift around who gets punished for any particular offense. It doesn't change what things are illegal for a corporation to do, which includes everything a private citizen can't do, and more.

So in my example of Fred above, if he turns out to be guilty, the corporation will pay the damages, if he was acting under their orders.

not the first time by nf · 2003-01-29 15:42 · Score: 2, Insightful · on MPlayer Licence Trouble With A Twist

the root of it all is that the mplayer team seems to want to protect their "brand name" in the same way that djb held a grip on qmail et all with his weirdo license (or lack thereof). they seem quite proud of mplayer's abilities and performance and the inclusion of a "crippled" mplayer in debian would certainly defy that. my suggestion was to create an mplayer debian package that can only play .au, just to piss them off. you'll notice there is no qmail/djbdns in debian or OpenBSD for similar reasons. (see http://www.linuxmafia.com/~rick/faq/#djb and http://www.sigmasoft.com/~openbsd/archive/openbsd- ports/200108/msg00461.htmlfor further clarification). instead of wacky configuration file pathnames and installation locations, the mplayer group seems convinced that their system for providing one binary for multiple sub-architectures is right.

but unlike djb, the mplayer group utilizes the standard GPL license (probably because they were too lazy to write their own crazy license) and seems to think they can utilize the GPL as a shield for protection of their illegal software.

in short, this isn't the first case of killer-app type software that is written by immature and/or wacky authors with questionable licensing terms (bitchx, qmail/djbdns, glftpd, vision-x, etc.)

if anything, their messages to debian-devel and the retalliatory flames are certainly entertaining reading.

Re:Linux zealots tend to work for microsoft by rickmoen · 2002-12-27 08:39 · Score: 2 · on The Age Interviews Linux Advocate Rick Moen

Ilan Volow wrote:

Such callous attitudes towards end users and the "linux does not entitle you to a usable interface, so shut up and quit whining" mantra only further strengthen Microsofts hold on desktop computing and chase away people who want to make linux more usable.

That's an odd way to characterise the referenced essay, since that's not what it says. In fact, it actively encourages people who're crafting variant forms of the usual Linux distributions to meet the needs of particular user communities.

It says that computer users merely coming onto Linux mailing lists and newsgroups, and demanding that randomly selected Linux people "must" change their existing Linux distributions to meet the speaker's preferences simply doesn't work, and is likely to mostly get you politely filtered out and ignored. It says that, instead, you might want to look around and see if there's a different packaging of Linux that suits you better. And it makes a few other points about systems perceived as being "simple" usually are anything but that, and tend to just have their complexity better concealed than typical Linux people prefer.

That strikes me as being the simple truth. I doubt people who would otherwise "make Linux more usable" are "scared away" by hearing it -- in the unlikely event of their seeking it out. I suppose people wander across the page occasionally -- but you're really going a bit far out of your way to misread what I wrote.

Rick Moen
rick@linuxmafia.com

Linux zealots tend to work for microsoft by Ilan+Volow · 2002-12-27 04:50 · Score: 2 · on The Age Interviews Linux Advocate Rick Moen

Mr Moen, when his character is attacked in a public forum, has a right to defend himself. If I'm ever covered in Slashdot, I'll do the same.

Mr. Moen has the right to any opinion he wants and he should be able to express it.

That being said, I feel that Kernigheze such as Mr. Moen have effectively done more to crush linux on the desktop than Bill Gates ever could. Such callous attitudes towards end users and the "linux does not entitle you to a usable interface, so shut up and quit whining" mantra only further strengthen Microsofts hold on desktop computing and chase away people who want to make linux more usable.

Re:Rick Moen is a liability, not an asset by rickmoen · 2002-12-27 00:51 · Score: 3, Interesting · on The Age Interviews Linux Advocate Rick Moen

Well, I'm sorry you feel that way (whoever you are).

I've certainly been known to tell people they "don't have to load Red Hat", if they seem to have picked up that impression and are asking my advice. For most people running desktop setups, if they ask, I tend to recommend Libranet, Lycoris Desktop/LX, Linux-Mandrake, or SuSE.

But I'm glad to help people with RH. I think three people at the last SVLUG installfest used my CDs of RH 8.0, and I duplicated a set on the spot for someone else. Currently, I also have ISOs of the post-8.0 "Phoebe" beta. A couple of days ago, I invited anyone interested to visit and make copies.

Rick Moen
rick@linuxmafia.com

Listing of all known SCM software for Linux by rickmoen · 2002-12-21 14:39 · Score: 2 · on Multi-User Subversion

Ian --

Subversion is indeed already a giant step better than CVS in all the areas where CVS was painful, while having a good migration path. Arch, OpenCM, and PRCS2 could be in the running, and Arch has that multi-repository support going for it. But I'd say Subversion is the best thing going as of right now.

I have a listing of all known SCM software for Linux at http://linuxmafia.com/~rick/linux-info/scm.html, in case it will help.

Rick Moen
rick@linuxmafia.com

Re:NT, as in Not Today by Anonymous Coward · 2002-12-07 01:46 · Score: 5, Informative · on TheOpenCD Launches First Edition

But openoffice already HAS Access functionality, and it's relatively painless to setup.

it requires an external database, anything that can be used via odbc, basically. unfortunately, i don't think it handles access files themselves *yet*.
see here: on linuxmafia for more information on this topic.

ashridah

Re:Escape by rickmoen · 2002-11-12 13:28 · Score: 2 · on Bind 4 and 8 Vulnerabilities

blakestah wrote:

It is just not even close to true. Changes FOR YOUR OWN PERSONAL USE do not come close to the issues related to copyright violation.

You know, pounding on the table does rather little to settle questions of law. Let's review this, shall we? The USA Copyright Act (17 USC 117, if memory serves) states that right to modify a covered work is a right reserved to the copyright owner. Prof. Bernstein's softwarelaw.html page claims that, however, the related legislative history (redacted into the CONTU Final Report) makes clear that such rights are nonetheless intended to be included, and that a court would thus apply the law.

John Cowan, in a post to license-discuss@opensource.org, said he'd looked into the language Bernstein quoted from the CONTU Final Report, and found it to be distortively selective. He furnished a more-complete quotation, arguing that it, with the full wording included, contradicts Bernstein's assertion.

Now, if you wish to argue with Cowan and his more-complete quotation of the legislative history, feel free to do so. I'd love to see you do that on license-discuss. But repetitive denials to Slashdot in all capital letters really don't qualify.

I DO prefer code open source code that can also be forked. But I do not think that is necessary for something to be FREE (as in GNU free)....

Well, the FSF doesn't agree with you, and never has. Read Stallman's "four freedoms" essay more attentively, and he specifically states there (in the FSF's standard definition, if you can call it that, of "free software") that free software must be freely redistributable in either source or binary form.

More to the immediate point than appeal to yet another authority figure, it seems perfectly obvious to me that the right to fork is an inherent quality of what anyone would logically mean by the term free (or open-source) software: Without it, the project effectively ceases to be maintainable, the moment its owner hangs up his hat. Free? Open source? I really don't think so. If open source is to mean anything at all, it can't encompass software that automatically becomes effectively a dead project the moment its copyright owner retired, dies, or switches to a different hobby.

"P.S.: I'm sure you'll be equally offended by http://linuxmafia.com/~rick/linux-info/mtas"

Not really.

You could have been offended by the numerous examples detailed there of intellectually dishonest arguments typically put forward by (many, not all) DJBware fans -- which, curiously enough, have shown up in today's discussion, too. But if you aren't, then great.

The line was actually a running gag from my old long-vanished dial-up bulletin-board system, whose sign-off screen said "If you didn't enjoy this BBS, you'll probably be equally offended by any of these others", followed by a list of other recommended systems.

Rick Moen
rick@linuxmafia.com

Re:QPL? by rickmoen · 2002-11-12 11:46 · Score: 4, Informative · on Bind 4 and 8 Vulnerabilities

An anonymous coward wrote:

First there was sendmail. Then qmail. Then, a long time later, other options.

Noted. But I'm talking about how DJB groupies tend to behave today. See for yourself: Look on the various Qmail pages. Read the Qmail HOWTO.

That might have been a reasonable excuse years ago. Today, it looks a whole lot like intellectual dishonesty: Beating up on monolithic Sendmail, especially in the usual fashion that fails to credit it for the major improvement of dropping privilege according to role, is a whole lot more facile rhetoric than comparing it against the similarly-designed Postfix (ne Vmailer) codebase.

First, there was BIND. Then, djbdns. And now, VERY recently, other replacements.

Actually, some (such as Dents) have been around for quite a long time. Most people were not aware of them until after I expanded my essay to include open-source alternatives to all the proprietary DJB packages. Which in turn I was motivated to do out of annoyance at Prof. Bernstein sending me belligerent e-mails essentially making legal threats (talking about my essay being "against the law" and containing "libel"). Funny how these things work out, isn't it?

I don't think proprietary is appropriate.

That's too bad, because that's what the word means. One key element whose absence makes us consider a package proprietary is not having the right to fork. Not having that possibility as a safety valve means that the package is at risk of becoming effectively unmaintainable if its copyright holder stops issuing new versions (and doesn't grant additional rights to fix the problem).

Prof. Bernstein is certainly under no obligation to grant such rights, and he's quite generous in granting those he does -- but the only fitting term for the result is "proprietary code".

DJB software provides the user ALL of the GNU freedoms.

That, sir, is simply wrong. Hmm, I don't usually pay a whole lot of attention to Stallman's "four freedoms" essay, since it's a bit too vague to be useful. I prefer the DFSG and OSD, generally.

However [rummaging through the FSF propaganda], Prof. Bernstein doesn't choose to meaningfully grant FSF freedom #4. To quote that essay: "The freedom to redistribute copies must include binary or executable forms of the program, as well as source code, for both modified and unmodified versions. (Distributing programs in runnable form is necessary for conveniently installable free operating systems.) It is ok if there is no way to produce a binary or executable form for a certain program (since some languages don't support that feature), but you must have the freedom to redistribute such forms should you find or develop a way to make them."

His software works dern well, and is free enough for anyone whose concern is getting their work done.

Until the day Prof. Bernstein hangs up his hat, at which point the projects basically become unmaintainable. (Maintaining a codebase solely through source patches against a legacy final-version source tarball wouldn't really be feasible for long.) And that is of course the prospect that hangs over users of all such software.

Rick Moen
rick@linuxmafia.com

Re:QPL? by rickmoen · 2002-11-12 11:46 · Score: 4, Informative · on Bind 4 and 8 Vulnerabilities

An anonymous coward wrote:

First there was sendmail. Then qmail. Then, a long time later, other options.

Noted. But I'm talking about how DJB groupies tend to behave today. See for yourself: Look on the various Qmail pages. Read the Qmail HOWTO.

That might have been a reasonable excuse years ago. Today, it looks a whole lot like intellectual dishonesty: Beating up on monolithic Sendmail, especially in the usual fashion that fails to credit it for the major improvement of dropping privilege according to role, is a whole lot more facile rhetoric than comparing it against the similarly-designed Postfix (ne Vmailer) codebase.

First, there was BIND. Then, djbdns. And now, VERY recently, other replacements.

Actually, some (such as Dents) have been around for quite a long time. Most people were not aware of them until after I expanded my essay to include open-source alternatives to all the proprietary DJB packages. Which in turn I was motivated to do out of annoyance at Prof. Bernstein sending me belligerent e-mails essentially making legal threats (talking about my essay being "against the law" and containing "libel"). Funny how these things work out, isn't it?

I don't think proprietary is appropriate.

That's too bad, because that's what the word means. One key element whose absence makes us consider a package proprietary is not having the right to fork. Not having that possibility as a safety valve means that the package is at risk of becoming effectively unmaintainable if its copyright holder stops issuing new versions (and doesn't grant additional rights to fix the problem).

Prof. Bernstein is certainly under no obligation to grant such rights, and he's quite generous in granting those he does -- but the only fitting term for the result is "proprietary code".

DJB software provides the user ALL of the GNU freedoms.

That, sir, is simply wrong. Hmm, I don't usually pay a whole lot of attention to Stallman's "four freedoms" essay, since it's a bit too vague to be useful. I prefer the DFSG and OSD, generally.

However [rummaging through the FSF propaganda], Prof. Bernstein doesn't choose to meaningfully grant FSF freedom #4. To quote that essay: "The freedom to redistribute copies must include binary or executable forms of the program, as well as source code, for both modified and unmodified versions. (Distributing programs in runnable form is necessary for conveniently installable free operating systems.) It is ok if there is no way to produce a binary or executable form for a certain program (since some languages don't support that feature), but you must have the freedom to redistribute such forms should you find or develop a way to make them."

His software works dern well, and is free enough for anyone whose concern is getting their work done.

Until the day Prof. Bernstein hangs up his hat, at which point the projects basically become unmaintainable. (Maintaining a codebase solely through source patches against a legacy final-version source tarball wouldn't really be feasible for long.) And that is of course the prospect that hangs over users of all such software.

Rick Moen
rick@linuxmafia.com

Re:QPL? by rickmoen · 2002-11-12 11:04 · Score: 3, Informative · on Bind 4 and 8 Vulnerabilities

Electrum wrote:

He doesn't need to. djbdns doesn't have a license and doesn't need one: http://cr.yp.to/softwarelaw.html

It would be more accurate to say that djbdns has the default licence that implicitly attaches to creative works by default application of copyright law -- in the absence of an explicit licence grant. The terms of that default licence, described by Prof. Bernstein mostly accurately (other than, according to John Cowan, those concerning modifications) at the URL you posted, are those of proprietary software, rather than open source. (Thus, any software instance issued without an explicit licence is proprietary by default.)

BIND 9 has had security holes.

Tell the whole truth, please: A BIND9 version was subject to one type of DoS attack. Sending a specific DNS packet to the daemon triggered that instance going into some sort of test mode where it performed an internal consistency check, effectively shutting it down.

Rick Moen
rick@linuxmafia.com

Re:QPL? by rickmoen · 2002-11-12 10:36 · Score: 3, Insightful · on Bind 4 and 8 Vulnerabilities

yerricde wrote:

Has Bernstein put permission to redistribute any patches against djbdns in writing? If so, then the license becomes roughly equivalent to the Trolltech QPL.

As Prof. Bernstein himself has pointed out, as a matter of copyright law, patches are considered analogous to commentary on the original work, and not as derivative works. Thus, the author of the original work has no claim upon them.

So, with a source-available proprietary software package like djbdns, you can end up with a quasi-free software ecology based around distribution of patches and compile-time modification. Inevitably, those patches end up being very seldom regression-tested against one another. Also, if the base package ever ceases to be maintained, continuing development via patch-distribution alone isn't really very practical. It would rapidly become such a hassle that I'm pretty sure the project would effectively die, at that point.

The fix for that problem is of course licensing that includes a right to fork. But that's possible only if the copyright holder is willing to grant that right, which Prof. Bernstein (for most of his project) is not.

That is not intended as a criticism of Prof. Bernstein (whom I admire for his dogged defence of crypto rights), nor of his software (even though I don't like or use the latter). It's just the facts of copyright law and licensing as I understand them.

Buggy? At least the vulnerability mentioned in the article does not affect most recent version of BIND 9.x.

Indeed. One of the most distressing aspects of Prof. Bernstein's flying squadron of groupies is their characteristic shading of the truth on well-known key issues. One of those issues is the vital distinction between BIND8 and BIND9, which by and large they're fully aware are distinct codebases following a from-scratch rewrite specifically to jettison the inherent unmaintainability of the legacy BIND8 codebase -- but they find it convenient to slur the new codebase with the old one's faults. Another is their characteristic refusal to compare the Qmail MTA against anything other than Sendmail -- when the obvious comparisons are Qmail/Postfix/Courier (all modular designs) and Sendmail/Exim (both monolithic designs where process instances drop privilege according to role). A third is their curious inability to ever say the words "proprietary" or "not open source", instead making excuses, changing the subject, and talking around that point.

(I'll hasten to add that Prof. Bernstein clearly isn't responsible for his acolytes' conduct.)