Slashdot Mirror

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872.

Bruce Perens writes: Here's the IBM ad used to open their Think 2019 conference, featuring Buzz Aldrin, Arianna Huffington, Janelle Monae, Miaym Bialik, and astonishingly: me. Interesting of IBM to have an ad including Open Source, security, and data rights as human rights!

Web version with subtitles. Version used to open the Think conference, on Youtube..
"I would like to make open source software the standard..." Perens says in the video, adding "Let's champion data rights as human rights," and asking "How do we bake security into everything we do?" But it's a montage of different speakers who each begin their comments by saying "Dear Tech," offering open letters with their hopes for the entire industry.

"Let's use blockchain to help reduce poverty."

"Let's use IoT to help victims of natural disasters."

"I feel like you have the potential to do so much more."

"Are you working for all of us, or just a few of us?"

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. But this week he wrote in with some news from the world of amateur (or "ham") radio: ARRL has been the USA's representative organization for Amateur Radio for over a century. More recently, the organization has replaced transparency and democratic representation of its membership with confidentiality, policies to stifle dissent, and punishment of their own leadership when they get out of line. A vote happening this month offers members a chance to get back in control.
The open letter at that link -- signed by several AARL life members (including Perens), argues that "The members are not currently represented as they should be, due to the continued application of a policy meant for a for-profit corporate board," adding that "The only whistle-blower on the board was publicly castigated for informing us."

"The currently-suspended rules that go against the member's interest are temporarily suspended, and could be restored."

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. "The Electronic Frontier Foundation has filed an answering brief in defense of Bruce Perens in the merits appeal of the Open Source Security Inc./Bradley Spengler v. Bruce Perens lawsuit," reads his latest submission -- with more details at Perens.com: Last year, Open Source Security and its CEO, Bradley Spengler, brought suit against me for defamation and related torts regarding this blog post and this Slashdot discussion. After the lower court ruled against them, I asked for my defense costs and was awarded about $260K for them by the court.

The plaintiffs brought two appeals, one on the merits of the lower court's ruling and one on the fees charged to them for my defense... The Electronic Frontier Foundation took on the merits appeal, pro-bono (for free, for the public good), with the pro-bono assistance of my attorneys at O'Melveny who handled the lower court case...

You can follow the court proceedings here
"Sorry I can't comment further on the case," Perens writes in a comment on Slashdot, adding "it's well-known legal hygiene that you don't do that." But he's willing to talk about other things.

"Valerie and I are doing well. I am doing a lot of travel for the Open Source Initiative as their Standards Chair, speaking with different standards groups and governments about standards in patents and making them compatible with Open Source."

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. "The Electronic Frontier Foundation has filed an answering brief in defense of Bruce Perens in the merits appeal of the Open Source Security Inc./Bradley Spengler v. Bruce Perens lawsuit," reads his latest submission -- with more details at Perens.com: Last year, Open Source Security and its CEO, Bradley Spengler, brought suit against me for defamation and related torts regarding this blog post and this Slashdot discussion. After the lower court ruled against them, I asked for my defense costs and was awarded about $260K for them by the court.

The plaintiffs brought two appeals, one on the merits of the lower court's ruling and one on the fees charged to them for my defense... The Electronic Frontier Foundation took on the merits appeal, pro-bono (for free, for the public good), with the pro-bono assistance of my attorneys at O'Melveny who handled the lower court case...

You can follow the court proceedings here
"Sorry I can't comment further on the case," Perens writes in a comment on Slashdot, adding "it's well-known legal hygiene that you don't do that." But he's willing to talk about other things.

"Valerie and I are doing well. I am doing a lot of travel for the Open Source Initiative as their Standards Chair, speaking with different standards groups and governments about standards in patents and making them compatible with Open Source."

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. "The Electronic Frontier Foundation has filed an answering brief in defense of Bruce Perens in the merits appeal of the Open Source Security Inc./Bradley Spengler v. Bruce Perens lawsuit," reads his latest submission -- with more details at Perens.com: Last year, Open Source Security and its CEO, Bradley Spengler, brought suit against me for defamation and related torts regarding this blog post and this Slashdot discussion. After the lower court ruled against them, I asked for my defense costs and was awarded about $260K for them by the court.

The plaintiffs brought two appeals, one on the merits of the lower court's ruling and one on the fees charged to them for my defense... The Electronic Frontier Foundation took on the merits appeal, pro-bono (for free, for the public good), with the pro-bono assistance of my attorneys at O'Melveny who handled the lower court case...

You can follow the court proceedings here
"Sorry I can't comment further on the case," Perens writes in a comment on Slashdot, adding "it's well-known legal hygiene that you don't do that." But he's willing to talk about other things.

"Valerie and I are doing well. I am doing a lot of travel for the Open Source Initiative as their Standards Chair, speaking with different standards groups and governments about standards in patents and making them compatible with Open Source."

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. "The Electronic Frontier Foundation has filed an answering brief in defense of Bruce Perens in the merits appeal of the Open Source Security Inc./Bradley Spengler v. Bruce Perens lawsuit," reads his latest submission -- with more details at Perens.com: Last year, Open Source Security and its CEO, Bradley Spengler, brought suit against me for defamation and related torts regarding this blog post and this Slashdot discussion. After the lower court ruled against them, I asked for my defense costs and was awarded about $260K for them by the court.

The plaintiffs brought two appeals, one on the merits of the lower court's ruling and one on the fees charged to them for my defense... The Electronic Frontier Foundation took on the merits appeal, pro-bono (for free, for the public good), with the pro-bono assistance of my attorneys at O'Melveny who handled the lower court case...

You can follow the court proceedings here
"Sorry I can't comment further on the case," Perens writes in a comment on Slashdot, adding "it's well-known legal hygiene that you don't do that." But he's willing to talk about other things.

"Valerie and I are doing well. I am doing a lot of travel for the Open Source Initiative as their Standards Chair, speaking with different standards groups and governments about standards in patents and making them compatible with Open Source."

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. "The Electronic Frontier Foundation has filed an answering brief in defense of Bruce Perens in the merits appeal of the Open Source Security Inc./Bradley Spengler v. Bruce Perens lawsuit," reads his latest submission -- with more details at Perens.com: Last year, Open Source Security and its CEO, Bradley Spengler, brought suit against me for defamation and related torts regarding this blog post and this Slashdot discussion. After the lower court ruled against them, I asked for my defense costs and was awarded about $260K for them by the court.

The plaintiffs brought two appeals, one on the merits of the lower court's ruling and one on the fees charged to them for my defense... The Electronic Frontier Foundation took on the merits appeal, pro-bono (for free, for the public good), with the pro-bono assistance of my attorneys at O'Melveny who handled the lower court case...

You can follow the court proceedings here
"Sorry I can't comment further on the case," Perens writes in a comment on Slashdot, adding "it's well-known legal hygiene that you don't do that." But he's willing to talk about other things.

"Valerie and I are doing well. I am doing a lot of travel for the Open Source Initiative as their Standards Chair, speaking with different standards groups and governments about standards in patents and making them compatible with Open Source."

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. "The Electronic Frontier Foundation has filed an answering brief in defense of Bruce Perens in the merits appeal of the Open Source Security Inc./Bradley Spengler v. Bruce Perens lawsuit," reads his latest submission -- with more details at Perens.com: Last year, Open Source Security and its CEO, Bradley Spengler, brought suit against me for defamation and related torts regarding this blog post and this Slashdot discussion. After the lower court ruled against them, I asked for my defense costs and was awarded about $260K for them by the court.

The plaintiffs brought two appeals, one on the merits of the lower court's ruling and one on the fees charged to them for my defense... The Electronic Frontier Foundation took on the merits appeal, pro-bono (for free, for the public good), with the pro-bono assistance of my attorneys at O'Melveny who handled the lower court case...

You can follow the court proceedings here
"Sorry I can't comment further on the case," Perens writes in a comment on Slashdot, adding "it's well-known legal hygiene that you don't do that." But he's willing to talk about other things.

"Valerie and I are doing well. I am doing a lot of travel for the Open Source Initiative as their Standards Chair, speaking with different standards groups and governments about standards in patents and making them compatible with Open Source."

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. "The Electronic Frontier Foundation has filed an answering brief in defense of Bruce Perens in the merits appeal of the Open Source Security Inc./Bradley Spengler v. Bruce Perens lawsuit," reads his latest submission -- with more details at Perens.com: Last year, Open Source Security and its CEO, Bradley Spengler, brought suit against me for defamation and related torts regarding this blog post and this Slashdot discussion. After the lower court ruled against them, I asked for my defense costs and was awarded about $260K for them by the court.

The plaintiffs brought two appeals, one on the merits of the lower court's ruling and one on the fees charged to them for my defense... The Electronic Frontier Foundation took on the merits appeal, pro-bono (for free, for the public good), with the pro-bono assistance of my attorneys at O'Melveny who handled the lower court case...

You can follow the court proceedings here
"Sorry I can't comment further on the case," Perens writes in a comment on Slashdot, adding "it's well-known legal hygiene that you don't do that." But he's willing to talk about other things.

"Valerie and I are doing well. I am doing a lot of travel for the Open Source Initiative as their Standards Chair, speaking with different standards groups and governments about standards in patents and making them compatible with Open Source."

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. "The Electronic Frontier Foundation has filed an answering brief in defense of Bruce Perens in the merits appeal of the Open Source Security Inc./Bradley Spengler v. Bruce Perens lawsuit," reads his latest submission -- with more details at Perens.com: Last year, Open Source Security and its CEO, Bradley Spengler, brought suit against me for defamation and related torts regarding this blog post and this Slashdot discussion. After the lower court ruled against them, I asked for my defense costs and was awarded about $260K for them by the court.

The plaintiffs brought two appeals, one on the merits of the lower court's ruling and one on the fees charged to them for my defense... The Electronic Frontier Foundation took on the merits appeal, pro-bono (for free, for the public good), with the pro-bono assistance of my attorneys at O'Melveny who handled the lower court case...

You can follow the court proceedings here
"Sorry I can't comment further on the case," Perens writes in a comment on Slashdot, adding "it's well-known legal hygiene that you don't do that." But he's willing to talk about other things.

"Valerie and I are doing well. I am doing a lot of travel for the Open Source Initiative as their Standards Chair, speaking with different standards groups and governments about standards in patents and making them compatible with Open Source."

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. "The Electronic Frontier Foundation has filed an answering brief in defense of Bruce Perens in the merits appeal of the Open Source Security Inc./Bradley Spengler v. Bruce Perens lawsuit," reads his latest submission -- with more details at Perens.com: Last year, Open Source Security and its CEO, Bradley Spengler, brought suit against me for defamation and related torts regarding this blog post and this Slashdot discussion. After the lower court ruled against them, I asked for my defense costs and was awarded about $260K for them by the court.

The plaintiffs brought two appeals, one on the merits of the lower court's ruling and one on the fees charged to them for my defense... The Electronic Frontier Foundation took on the merits appeal, pro-bono (for free, for the public good), with the pro-bono assistance of my attorneys at O'Melveny who handled the lower court case...

You can follow the court proceedings here
"Sorry I can't comment further on the case," Perens writes in a comment on Slashdot, adding "it's well-known legal hygiene that you don't do that." But he's willing to talk about other things.

"Valerie and I are doing well. I am doing a lot of travel for the Open Source Initiative as their Standards Chair, speaking with different standards groups and governments about standards in patents and making them compatible with Open Source."

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. Now he's just won a legal victory in court. "Open Source Security, maker of the grsecurity Linux kernel patches, has been directed to pay Bruce Perens and his legal team almost $260,000 following a failed defamation claim," reports The Register. Slashdot reader Right to Opine writes: The order requires Spengler and his company to pay $259,900.50, with the bill due immediately rather than allowing a wait for the appeal of the case. The Electronic Frontier Foundation's attorneys will represent Perens during OSS/Spengler's appeal of the case.

Perens was sued for comments on his blog and here on Slashdot that suggested that OSS's Grsecurity product could be in violation of the GPL license on the Linux kernel. The court had previously ruled that Perens' statements were not defamatory, because they were statements by a non-attorney regarding an undecided issue in law. It is possible that Spengler is personally liable for any damages his small company can't pay, since he joined the case as an individual in order to preserve a claim of false light (which could not be brought by his company), removing his own corporate protection.

An anonymous reader quotes CNBC: A bullish call from a Wall Street analyst capped off a rough week for Tesla short sellers, with Nomura Instinet advising clients that the electric car maker's shares could rally 42 percent over the next year. The stock rose 1.7 percent Friday and is now up 10 percent on the week. One of the most shorted stocks in the United States, Tesla shares cost investors betting against the company more than $1 billion in losses on Wednesday alone after the stock rallied 9.7 percent. Adding to the short woes, the stock is up 13.5 percent in June and up 21 percent since April. More than 30 percent of Tesla's floating stock is currently sold short, according to FactSet.
Last week long-time Open Source advocate Bruce Perens (Slashdot reader #3,872) argued this is fueling Musk's anger at the press: [A] great many investors are desperate to see Tesla's stock reach a much lower price soon, or they'll be forced to buy it at its present price in order to fulfill their short positions, potentially bankrupting many of them and sending some out of the windows of Wall Street skyscrapers. These investors are desperately seeding, feeding, and writing negative stories about Tesla in the hope of depressing the stock price. Musk recently taunted them by buying another 10 million dollars in stock, making it even more likely that there won't be enough stock in the market to cover short positions. If that's the case, short-sellers could end up in debt for thousands of dollars per shorted share -- as the price balloons until enough stockholders are persuaded to sell. Will short-sellers do anything to give Tesla bad press? You bet.... Musk is stuck with a press that feeds negative stories about Tesla seeded by short-sellers, business competitors and the petroleum industry, and even the U.S. Government...

Musk is far from the only one who suffers from this abuse. I was personally involved while the Linux developers were hounded by bad press for years from Forbes and lesser entities, backed by a large software company we all know (and who is, surprisingly, funding more Open Source these days), based on SCO's unfounded lawsuit. Time proves them wrong, but don't expect them to admit it, nor should you hold your breath for an "I'm sorry".
And on Musk's plan to rate the credibility of news sites, Perens writes that "The world would be a better place if this was done honestly, with integrity, and well. Musk is one who has improved the world by going where conventional wisdom said he'd fail..."

Long-time Slashdot reader SlaveToTheGrind writes: As previously discussed on Slashdot, Grsecurity developer Open Source Security sued Bruce Perens for allegedly defamatory statements about Grsecurity's licensing policies. Thursday, Magistrate Judge Laurel Beeler of the District Court for the Northern District of California dismissed the lawsuit, holding that Perens's statements were not libelous:

"Mr. Perens counters, and the court agrees, that the blog posts are opinions about a disputed legal issue, are not false assertions of fact, and thus are not actionable libel. . . . Mr. Perens -- who is not a lawyer — voiced an opinion about whether the Grsecurity Access Agreement violated the General Public License. No court has addressed the legal issue. Thus, his "opinion" is not a "fact" that can be proven provably false and thus is not actionable as defamation."

While Open Source Security technically has the ability to amend its complaint to allege a new legal theory, Judge Beeler said any amendment likely would fall under California's anti-SLAPP statute: "Mr. Perens's statements were made in a public forum and concern issues of public interest, and the plaintiffs have not shown a probability of prevailing on their claims."

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. Bruce Perens writes: Red Hat, IBM, Google, and Facebook announced that they would give infringers of their GPL software up to a 30-day hold-off period during which an accused infringer could cure a GPL violation after one was brought to their attention by the copyright holder, and a 60 day "statute of limitations" on an already-cured infringement when the copyright holder has never notified the infringer of the violation. In both cases, there would be no penalty: no damages, no fees, probably no lawsuit; for the infringer who promptly cures their infringement.
Perens sees the move as "obviously inspired" by the kernel team's earlier announcement, and believes it's directed against one man who made 50 copyright infringement claims involving the Linux kernel "with intent to collect income rather than simply obtain compliance with the GPL license."

Unfortunately, "as far as I can tell, it's Patrick McHardy's legal right to bring such claims regarding the copyrights which he owns, even if it doesn't fit Community Principles which nobody is actually compelled to follow."

An anonymous reader shares a report from The Register: In late June, noted open-source programmer Bruce Perens [a longtime Slashdot reader] warned that using Grsecurity's Linux kernel security could invite legal trouble. "As a customer, it's my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog. The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may have helped him draft that post, for defamation and business interference. Grsecurity offers Linux kernel security patches on a paid-for subscription basis. The software hardens kernel defenses through checks for common errors like memory overflows. Perens, meanwhile, is known for using the Debian Free Software Guidelines to draft the Open Source Definition, with the help of others.

Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code -- a right under the GPLv2 license -- will no longer be customers and will lose the right to distribute subsequent versions of the software. According to Perens, "GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition." A legal complaint (PDF) filed on behalf of Grsecurity in San Francisco, California, insists the company's software complies with the GPLv2. Grsecurity's agreement, the lawsuit states, only applies to future patches, which have yet to be developed. Perens isn't arguing that the GPLv2 applies to unreleased software. Rather, he asserts the GPLv2, under section 6, specifically forbids the addition of contractual terms.

Bruce Perens co-founded the Open Source Initiative with Eric Raymond. Now he's sharing a "strong opinion" that companies should avoid the Grsecurity security patch for the Linux kernel "because it presents a contributory infringement and breach of contract risk." Slashdot reader NewGnu shared Bruce's comments: [I]t would fail a fair-use test... Because of its strongly derivative nature of the kernel, it must be under the GPL version 2 license, or a license compatible with the GPL and with terms no more restrictive than the GPL. Earlier versions were distributed under GPL version 2... My understanding from several reliable sources is that customers are verbally or otherwise warned that if they redistribute the Grsecurity patch, as would be their right under the GPL, that they will be assessed a penalty: they will no longer be allowed to be customers, and will not be granted access to any further versions of Grsecurity. GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition...

This is tantamount to the addition of a term to the GPL prohibiting distribution or creating a penalty for distribution. GPL section 6 specifically prohibits any addition of terms. Thus, the GPL license, which allows Grsecurity to create its derivative work of the Linux kernel, terminates, and the copyright of the Linux Kernel is infringed. The contract from the Linux kernel developers to both Grsecurity and the customer which is inherent in the GPL is breached.
Perens advises companies to discuss his position with their attorneys, adding "In the public interest, I am willing to discuss this issue with companies and their legal counsel, under NDA, without charge."

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3,872. Bruce Perens writes: There's been a lot of confusion about the recent Artifex v. Hancomcase, in which the court found that the GPL was an enforceable contract. I'm going to try to explain the whole thing in clear terms for the legal layman.
Two key quotes:

• "What has changed now is that for the purposes of the court, the GPL is both a license, which can be enforced through a claim of copyright infringement, and a contract, which can be enforced through a claim of breach of contract. You can allege both in your court claim in a single case, and fall back on one if you can't prove the other. Thus, the potential to enforce the GPL in court is somewhat stronger than before this finding, and you have a case to cite rather than spending time in court arguing whether the GPL is a contract or not..."
• "Another interesting point in the case is that the court found Artifex's claim of damages to be admissible because of their use of dual-licensing. An economic structure for remuneration of the developer by users who did not wish to comply with the GPL terms, and thus acquired a commercial license, was clearly present."

Creator of The Open Source Definition and longtime Slashdot reader Bruce Perens writes: MariaDB is releasing MaxScale 2.1, a new version of their database routing proxy, and has modified its timed-transition-to-Open-Source "Business Source License" to make it more acceptable to the Open Source community and more easily usable by other companies. I've blogged the issues I had with the license and how MariaDB has fixed them, and Kaj Arno has blogged the MariaDB side of the story. Here's an excerpt from Perens' blog post: "The BSL is a parameterized license. The licensor chooses the license which is transitioned to, the date of the transition, and the limitation. The problem with this is that it was so parameterized that if you told someone the license was 'BSL 1.0,' they would not have any idea what license they really had. It might transition to any of 100 Open Source licenses, or to a non-Open-Source license. The transition might happen in a month, or next century. The limitation might be that you could only have three commercial servers, or that you indentured your firstborn son (OK, that's going overboard, but you get the picture)." He continues, "So, I didn't like that 'BSL' didn't really say what the license did, and I didn't feel that was the best thing for the users or the community. I asked MariaDB to fix it. Together we have arrived at constraints on the parameters and minimum privileges that will take the new BSL much closer to being one license while still allowing licensors some latitude to choose parameters."

An anonymous reader writes: Shortly after the death of Debian founder Ian Murdock, Bruce Perens, who succeeded Murdock as Debian Project Leader in 1996 and was also Murdock's employer for a period of time, claimed very publicly that Murdock died of mental illness, although no evidence has been provided. Without referencing Murdock or Perens, another prominent Debian Developer, Daniel Pocock, has asserted that discussion about who has or had a mental illness is a step too far. To be fair, it sure doesn't sound like Perens was trying to do other than express sympathy in light of a tragic death.

Bruce Perens writes: There's no shortage of stories of horrible treatment of women in Open Source projects. But how did we get here? How did we ever get a community where a vocal minority of males behave in the most boorish, misogynistic, objectifying manner toward women? I have a theory: "It’s unfortunately the case that software development in general and Open Source communities are frequented by males who have social development issues. I once complained online about how offended I was by a news story that said many software developers were on the autism spectrum. To my embarrassment, there were many replies to my complaint by people who wrote 'no, I really am on the spectrum and I’m not alone here.'

It’s still an open issue whether males and females have built-in biases that, for example, lead fewer women to be programmers, or if such biases only develop as a response to social signals. There is more science to be done. But it’s difficult to do that sort of science because we can’t separate the individuals from the social signals they’ve grown up with. Certainly we can improve the situation for the women who would be programmers except for the social signals."

Bruce Perens writes "The Codec2 project has developed FreeDV, a program to encode digital voice on two-way radio in only 1.125 KHz of bandwidth. But FCC regulations aren't up-to-speed with the challenges of software-defined radio and Open Source. A 24 page FCC filing created by Bruce Perens proposes that FCC allow all digital modulations and published digital codes on ham radio and switch to bandwidth-based regulation."

Bruce Perens writes "I found myself alone in a room, in front of a deep square or rectangular pool of impressively clear, still water. There was a pile of material at the bottom of the pool, and a blue glow of Cherenkov radiation in the water around it. To this day, I can't explain how an unsupervised kid could ever have gotten in there."

Bruce Perens writes "I found myself alone in a room, in front of a deep square or rectangular pool of impressively clear, still water. There was a pile of material at the bottom of the pool, and a blue glow of Cherenkov radiation in the water around it. To this day, I can't explain how an unsupervised kid could ever have gotten in there."

Bruce Perens writes "Clover Trail, Intel's newly announced 'Linux proof' processor, is already a dead end for technical and business reasons. Clover Trail is said to include power-management that will make the Atom run longer under Windows. It had better, since Atom currently provides about 1/4 of the power efficiency of the ARM processors that run iOS and Android devices. The details of Clover Trail's power management won't be disclosed to Linux developers. Power management isn't magic, though — there is no great secret about shutting down hardware that isn't being used. Other CPU manufacturers, and Intel itself, will provide similar power management to Linux on later chips. Why has Atom lagged so far behind ARM? Simply because ARM requires fewer transistors to do the same job. Atom and most of Intel's line are based on the ia32 architecture. ia32 dates back to the 1970s and is the last bastion of CISC, Complex Instruction Set Computing. ARM and all later architectures are based on RISC, Reduced Instruction Set Computing, which provides very simple instructions that run fast. RISC chips allow the language compilers to perform complex tasks by combining instructions, rather than by selecting a single complex instruction that's 'perfect' for the task. As it happens, compilers are more likely to get optimal performance with a number of RISC instructions than with a few big instructions that are over-generalized or don't do exactly what the compiler requires. RISC instructions are much more likely to run in a single processor cycle than complex ones. So, ARM ends up being several times more efficient than Intel."

Bruce Perens writes "Clover Trail, Intel's newly announced 'Linux proof' processor, is already a dead end for technical and business reasons. Clover Trail is said to include power-management that will make the Atom run longer under Windows. It had better, since Atom currently provides about 1/4 of the power efficiency of the ARM processors that run iOS and Android devices. The details of Clover Trail's power management won't be disclosed to Linux developers. Power management isn't magic, though — there is no great secret about shutting down hardware that isn't being used. Other CPU manufacturers, and Intel itself, will provide similar power management to Linux on later chips. Why has Atom lagged so far behind ARM? Simply because ARM requires fewer transistors to do the same job. Atom and most of Intel's line are based on the ia32 architecture. ia32 dates back to the 1970s and is the last bastion of CISC, Complex Instruction Set Computing. ARM and all later architectures are based on RISC, Reduced Instruction Set Computing, which provides very simple instructions that run fast. RISC chips allow the language compilers to perform complex tasks by combining instructions, rather than by selecting a single complex instruction that's 'perfect' for the task. As it happens, compilers are more likely to get optimal performance with a number of RISC instructions than with a few big instructions that are over-generalized or don't do exactly what the compiler requires. RISC instructions are much more likely to run in a single processor cycle than complex ones. So, ARM ends up being several times more efficient than Intel."

Bruce Perens writes "Open Hardware Journal is a new technical journal on designs for physical or electronic objects that are shared as if they were Open Source software. It's an open journal under a Creative Commons license. The first issue contains articles on 'Producing Lenses With 3D Printers,' 'Teaching with Open Hardware Submarines,' 'An Open Hardware Platform for USB Firmware Updates and General USB Development,' and more." Mr. Perens has promised to be around tonight to answer any questions readers might have.

Bruce Perens writes "Oracle has brought a lawsuit against Google claiming that Google has infringed patents on the Java platform in Android. Scribd has a copy of the complaint. But there's a patent grant that should allow Google to use Java royalty-free. Has Google failed to meet the terms of the grant?"

Bruce Perens writes "I'm the creator of the Busybox program. I have released a statement on the past and current Busybox lawsuits, which do not represent my interest."

Bruce Perens writes "A Berkeley, California, burglar engineered his own arrest, and that of his girlfriend, when he stole a laptop and used it as his personal computer. He didn't realize that the laptop had an automatic backup program, and that the photos he took were being copied to his victim's backup repository. Berkeley police recognized him, and his location, from the photos."

Bruce Perens writes "A Berkeley, California, burglar engineered his own arrest, and that of his girlfriend, when he stole a laptop and used it as his personal computer. He didn't realize that the laptop had an automatic backup program, and that the photos he took were being copied to his victim's backup repository. Berkeley police recognized him, and his location, from the photos."

Bruce Perens writes "The World Health Organization will no longer refer to Virus A(H1N1) as 'Swine Flu,' citing ethnic reactions to 'swine,' for example among middle-eastern cultures who feel that swine are unclean. Or, is it because meat packers are concerned that people might stop eating pork in fear of the virus? WHO suggests that the public select a new name for the virus. I suggest that we all start calling it The Colbert Flu, after the comedian and fake pundit who asked his audience to stuff a NASA poll so that a Space Station module would be named after him. What can we do to make the name stick?"

Bruce Perens writes "Just after midnight on Thursday, April 9, unidentified attackers climbed down four manholes in the Northern California city of Morgan Hill and cut eight fiber cables in what appears to have been an organized attack on the electronic infrastructure of an American city. Its implications, though startling, have gone almost un-reported. So I decided to change that."

Bruce Perens writes "Just after midnight on Thursday, April 9, unidentified attackers climbed down four manholes in the Northern California city of Morgan Hill and cut eight fiber cables in what appears to have been an organized attack on the electronic infrastructure of an American city. Its implications, though startling, have gone almost un-reported. So I decided to change that."

Bruce Perens writes "Saturday is the 10-Year Anniversary of Open Source, the initiative to promote Free Software to business. Obviously, it's been incredibly successful. I've submitted a State of Open Source message discussing the anniversary of Open Source, its successes, and the challenges it will face in the upcoming decade."

goombah99 writes "The Open Voting Consortium has announced that California Secretary of State Bruce McPherson is forming a panel to investigate using open source software in elections. Suggested Panel members include Security expert Bruce Perens and Python guru David Mertz who is associated with the sourceforge EVM2003 voting machine project. This is big since a favorable outcome could help fund prototypes of true open source election equipment and systems."

StromPetroke writes "On August 9th, online Linuxzine Mad Penguin conducted an interview with veteran Open Source advocate Bruce Perens on the DCC (Debian Common Core) Alliance. According to Bruce, the DCC will provide a way to "be able to certify to a Linux distribution, and then there will be multiple support providers who can support that same platform and who differentiate themselves at a higher level up the stack.""

ficken writes "Open source activist Bruce Perens has dismissed as inadequate a new IP initiative backed by Linus Torvalds. The Open Source Development Labs' (OSDL) patent commons project is intended to provide patent protection to open source developers. Perens, speaking at LinuxWorld, compared the patent pool to "spitting in the wind" -because the patents it contained come from "the wrong people.""

An anonymous reader writes "There hasn't been much said about this, but HP's new z545 Digital Entertainment Center appears to be a Windows-based re-spin of an earlier Linux-based model that HP unveiled three years ago at the Tech X NY trade show in New York, and which was sold for some time as the de100c Digital Entertainment Center. Seems like the joint's gone downhill ever since Perens left."

Performer Guy writes "This SCO press release indicates that they are offering a $250,000 reward for information leading to the arrest & conviction of the MyDoom DDoS worm authors. Let's hope they catch them. Not merely because MyDoom is one of the most mindless attacks on our internet infrastructure in memory, but also when they pay up it'll be less cash for SCO's litigation engine." Thanks to Tin Foil Hat and prostoalex for pointing out links at ComputerWorld and CNET, too. Related to this: stealth.c writes "Bruce Perens has written a letter to the Open Source community, discouraging us from cheering on the MyDOOM virus, as it would falsely implicate the FOSS communities and almost certainly cause the success of the virus writer's mission of discrediting these movements. This letter is also posted on NewsForge and on Groklaw." Unfortunately, with columns like this one blaming the worm on "some ticked-off Linux fan", it needs to be said.

Arker writes "Bruce Perens has now obtained a copy of the entire slide show from which the recently scrutinized SCO-related Linux code excerpts came, and has analyzed the remainder of the 'evidence' they presented there. Their other code exhibit turns out to have been the venerable Berkeley Packet Filter(!), and their revised line-counts are consistent with simply adding together all the lines of code that have been contributed by Unix licensees." Also, Iphtashu Fitz writes "A new interview with Linus Torvalds has been posted on eWeek.com. In it he slams SCO over the recently leaked source code. Among other things, he points out in the interview that some of the code in question has been removed from the 2.6 kernel ['because developers complained about how "ugly" it was'] before SCO even started complaining."

Eric Stats writes "Working as a Network Engineer for web-hosting company that prides itself on uptime and network availability, and moonlighting as a part-time Linux administrator, my managers and clients are starting to expect a level of information security knowledge from me. I decided that if I wanted to take my career to the next level, I needed to develop some security-specific skills. I heard a lot about the open source Intrusion Detection System (IDS), Snort from friends and co-workers (mostly that it was a pain to get running, and an even bigger pain to understand what it was doing)." To get past those frustrations, Eric looked at two more books on Snort (and compares them to the already-reviewed Intrusion Detection with Snort ); read on below for his take on what each offers. Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID; Intrusion Detection with Snort; Snort 2.0 Intrusion Detection author (See each) pages (See each) publisher (See each) rating (See each) reviewer Eric Stats ISBN (See each) summary (See each)

I ran Snort at home for a while, using the online docs, but I could never get a handle on which output plugin to use (When to log? When to alert?), how to email alerts to myself (I later found out Snort doesn't natively do this), and how to create signatures from packet captures (no online docs at all for this). When I did get The Pig running, it filled up my log directory with thousands of small alert files, which ended up being in tcpdump format. This frustrated the hell out of me, so I decided I needed to find a good book on Snort, as the online docs simply did not describe how to use Snort from start to finish.

In the past few months, an assortment of books have come out on Snort. Because it has begun to eclipse closed-source, multimillion dollar IDSes in terms of raw performance and features, much attention is currently focused on Snort. Naturally, when an open source project achieves this level of notoriety, publishers, venture capitalists, and corporations want to get in on the game. The flood of Snort books is a testament to this, but it doesn't mean they were all created equally. This book review covers the three books on Snort currently available (we will see another two Snort books later this winter). It covers what is good about them, what is bad, and who the target audience is for each. If you are looking to learn intrusion detection the open source way, or simply do not have a million-dollar IT security budget, these books are a good starting point.

Each of these three books serves a different purpose and consequently is appropriate for a different reader. In summary, Rafeeq Rehman's Intrusion Detection with Snort: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID presents a concise, quick-start guidebook to getting Snort up and running fast. He doesn't delve into the details of Snort, and this book makes a perfect choice for a reader who wants to get The Pig up and running quickly and move on to something else.

The whole gaggle of authors that put together Snort 2.0 Intrusion Detection created a much-needed user manual for Snort. This book makes for good desktop reference, but assumes you understand the core concepts of intrusion detection, or have significant field experience with Snort. It is also somewhat convoluted to read; I suppose it's inevitable when you have 12 authors working on a single book, it is going to come out somewhat disjointed and jumbled. If I hadn't read the other two books first, I doubt I would have been able to piece together what this book is talking about in places. (Such as referring to Barnyard logs in one chapter and "unified binary format" in another; how is the reader going to know they are the same?)

Lastly, Jack Koziol's Intrusion Detection with Snort is a guidebook for using Snort in the real world, either on small networks or in large corporate settings. Like any security tool, Snort is only as effective as its operator. Snort can do an enormous number of things, but if you don't understand the "how and why" you aren't going to be able to apply your knowledge in unexpected, different, or new situations. Koziol's book bridges the gap and teaches you the nitty-gritty Snort details not found in online docs, as well as how to apply your newfound IDS knowledge in practice. This book does lack in terms of screenshots and diagrams, which can be frustrating at points. Instead of a paragraph of text, a simple diagram would have sufficed.

Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID author Rafeeq Rehman pages 288 publisher Prentice Hall rating 7/10 ISBN 0131407333

I first picked up Rehman's Intrusion Detection with Snort: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID. Rehman's book is also a member of the Bruce Perens Open Source Series. All of the books in his series are published under the OPL. Overall, Rehman's book served as a good intro to Snort. I followed the examples, used some of the custom startup and log-rotation scripts, and got Snort working for the first time. I also learned of ACID, which is a PHP-based GUI for Snort, put out by Carnegie Mellon's CERT/CC. It makes managing alerts from Snort much less time-intensive. It was an exciting experience, but the book left me in the dark on a number of concepts that I knew I needed to learn. I still didn't understand what I was getting out of Snort; I had so many alerts I couldn't "tune out the noise." I didn't know when to use log or alert plugins, so I just turned on both for safety's sake. I also found that Snort was dropping packets (meaning it wasn't able to keep up with the traffic load going to my webservers hosted at home), but didn't find any way to fix this problem. This setup was fine for experimenting at home, but I didn't feel I would be able to use Snort in a mission-critical corporate setting yet.

Intrusion Detection with Snort author Jack Koziol pages 400 publisher SAMS Publishing rating 9/10 ISBN 157870281X

I thumbed through Jack Koziol's Intrusion Detection with Snort at the bookstore, and it seemed to have some more detailed descriptions of using Snort. It also had a lot of the planning, deployment, and maintenance activities you never think of until you are faced with one at 2 a.m. (such as how to upgrade Snort in an organized manner after a vicious integer overflow exploit is released for a core Snort component). It is also the most popular Snort book, so I figured I would buy it. When I took it home, I learned where to place Snort on a network, and what advantages and disadvantages there are to different IDS sensor placement strategies, something I had never considered.

Koziol's book also had the technical detail I was in desperate need of. I learned how to use Barnyard to spool alerts, which keeps Snort from dropping packets. I got to write my own attack signatures from scratch by using Ethereal packet captures in an controlled lab environment. I created a targeted ruleset; it enables specific attack signatures based on what I actually have running on my network, simply using nmap and some complicated perl scripts. The targeted ruleset went a long way to reducing false alerts, and is now a selling product from the Snort commercial vendor, Sourcefire. I finally got email alerts working using syslog-ng with Snort. The book ends with some more advanced content, namely using Snort as an Intrusion Prevention device. You can setup Snort to block packets that match a signature, using Inline Snort, or you can have Snort reconfigure routers and firewalls to block offending IP addresses, using SnortSam. I've experimented with Inline Snort as part of a honeypot, but, as the author points out, this is not yet production-safe, as it can easily be used by attackers to disrupt network availability.

Snort 2.0 Intrusion Detection authors Jay Beale, Anne Carasik, Aidan Carty, Scott Dentler, Adam M. Doxtater, Wally Eaton, Jeremy Faircloth, James C. Foster, Vitaly Osipov, Jeffrey Posluns, Ryan Russell, Brian Caswell pages 485 publisher Syngress rating 4/10 ISBN 1931836744

The final Snort book in this review is Snort 2.0 Intrusion Detection. This book has a lot of the screenshots and figures that the Koziol and Rehman books leaves out. It also contains a lot of useful diagrams, about one for every other page, and a CD-ROM with all of the Snort source and a pdf version of the book. This book, and the Koziol book, cover Snort version 2.0, which isn't all that much different from version 1.9 covered in the Rehman book. Still, it is nice to have the most up-to-date documentation, but it doesn't make the Rehman book any less effective. This book has the most reference material in it, over 500 pages' worth, and it has very organized user manual-like descriptions of important Snort components (preprocessors, output plugins, and rules). Keep in mind that this book was created more as a user manual rather than an implementer's guide. You aren't going to see planning, deployment, and maintenance activities as well as technical deployment examples, as in the Koziol book. And, you aren't going to find a concise quick-start guide such as the Rehman book.

In summary, you aren't going to find anything in this book that isn't in the other two. What you will find is lengthy descriptions, and a lot more screenshots. As stated before, Snort 2.0 Intrusion Detection was written by 12 different people (one of them a Sourcefire employee and Snort.org website maintainer, Brian Caswell). This is obviously done by the publisher to get the book out as fast as possible, which is important for technology book publishers as books are outdated quickly, but has the end result of a disjointed book that contradicts itself in many areas. An example: one author stresses how deadly important it is for us to only use the latest Snort version, while another tells us to use the CDROM that comes with the book, which contains an outdated version of Snort.

You can clearly tell a different authors worked on different chapters, as the style and format change frequently. You can also tell that the authors didn't talk to each other much, as you will find one author referring to something in one chapter (unified binary format) that he expected to have been explained in a previous chapter. In print, the concept was not explained until later, which can be really frustrating if you are not a Snort pro. Additionally, there are enough grammatical errors in the book to be distracting, and, much like a vendor-provided user manual, the chapters don't logically flow from one to the next. If you do purchase this book, this slashdotter would recommend it as a supplement to either the Rehman or Koziol book.

You can purchase Intrusion Detection with SNORT: Advanced IDS Techniques Using SNORT, Apache, MySQL, PHP, and ACID , Intrusion Detection with Snort , and Snort 2.0 Intrusion Detection from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

A lot is going on these days, ranging from the endlessly amusing SCO soap opera to plenty of mostly positive news about Linux and Open Source adoption by both corporate and government users, not to mention an increasing number of commercial applications being ported to Linux. And, of course, LinuxWorld is right around the corner. Bruce Perens is certainly as appropriate a person as any to help us get a handle on the current (and possibly future) state of Linux and Open Source. We'll send him 10 of the highest moderated questions, and post his answers as soon as he gets them back to us. As usual, one question per post, please, and don't bother asking questions that can easily be answered with a couple of minutes' worth of online research.

Novell has put out a press release this morning unequivocally claiming that they, and not SCO, own the patents and copyrights to UNIX System V. If true, this would torpedo SCO's claims over the last few months about intellectual property infringement in the Linux kernel, GNU/Linux distributions, etc. News.com has a story from last night, prior to this press release. SCO is releasing quarterly financial results today, including their notes about how much they've made from their licensing claims. You can join their conference call (mirror) if you like, and Bruce Perens weighs in below with a strongly-worded statement about SCO and Novell. Update: 05/28 14:22 GMT by M : SCO issued a response.

Bruce Perens writes:

"We knew that SCO's attack on Linux was a lie. But we never dreamed of the big lie behind it.

"This morning, Novell announced some of the terms of the company's 1995 agreement to sell its Unix business to SCO. The shocking news is that Novell did not sell the Unix intellectual property to SCO. Instead, they sold SCO a license to develop, sell, and sub-license Unix. The title to Unix copyrights and patents remains with Novell. To back up this assertion, Novell refers to public records at the Library of Congress Copyright Office and the U.S. Patent Office.

"In their announcement, Novell refers to recent letters from SCO asking Novell to assign the Unix copyrights to SCO. So, apparently SCO's management team knew that they did not own Unix while pursuing their sham campaign against Linux.

"Along with this revelation, Novell is reiterating its support of the Linux and Open Source developer community, and its status as a partner in that community. Novell rejects SCO's accusations of plagiarism. Novell management says they do not intend to stand in the way of the development of the Linux kernel, its companion GNU system, and other Free Software.

"It would be an understatement to say that this leaves SCO in a bad position. The company has loudly and repeatedly asserted that they were the owner of the Unix intellectual property, all of the way back to AT&T's original development of the system 30 years ago. They've lied to their stockholders, their customers and partners, the 1500 companies that they threatened, the press, and the public. Their untruthful campaign caused the loss of sales and jobs, and damaged Linux companies and developers in a myriad of ways. And now, SCO will be the lawsuit target. SCO's quarterly earnings conference call is this morning, at 9 AM MST (11 AM EST, 8 AM PST). Call 800-406-5356, toll-free, to participate. You might even get to ask a question. It should be fun to watch them try to weasel out of this one.

"Microsoft executives also have egg on their faces. The company self-servingly rushed to buy an SCO license one business day after the threat letter, bringing a senior attorney to the office on a Sunday to tell the press how much Microsoft values intellectual property. Microsoft's management could have taken the time to analyze SCO's claims, if the company had wanted this license for practical and technical reasons. Their decision to buy when they did must have been motivated by a desire to add to SCO's fear campaign. Of course they'll grab any opportunity to spread fear about Linux, but this time Microsoft bought a pig in a poke.

"SCO management, if they insist on standing in the way of a train, could still claim that software they developed in the years since 1995 is being infringed by the Open Source developers. That claim, always a dubious one, will be difficult to take seriously now that their prevarication throughout this campaign has come to light. SCO would be well advised to drop their suit against IBM in exchange for IBM's agreement not to counter-sue. But IBM might not feel that charitable toward SCO.

"In contrast to SCO, Novell's made a friend among the Free Software developers. We're always happy to see people using our software. But a real partnership between an IT vendor and our community is an equal partnership, with the company donating services and new software in exchange for the value it receives. Novell has already placed important software under Open Source licenses. Today, the company has done us a tremendous service, by stomping upon an obnoxious parasite."

Onno writes "Bruce Perens claims in this article That a false free software/open source advocate claims to EU parlement that software Patents are ok. " This is a strange article on a lot of levels so I'm gonna avoid commentary. You definitely should read it though- it's just that odd.

Onno writes "Bruce Perens claims in this article That a false free software/open source advocate claims to EU parlement that software Patents are ok. " This is a strange article on a lot of levels so I'm gonna avoid commentary. You definitely should read it though- it's just that odd.

lma writes "Bruce Perens has convinced Prentice Hall to publish a series of books under an Open Source license. The 'Bruce Perens' Open Source Series' will be available first as hardcopy in bookstores, and the Open Source text will be available electronically a few months later. Prentice Hall is counting on people buying the books even though the electronic version will be freely available later. I like the model, since I prefer to read paper, but like the electronic version for reference."

jalefkowit writes "Looks like Bruce Perens has found something to keep him occupied, now that he's parted ways with HP: the Register is covering his launch of a new political platform, "Sincere Choice", which he wrote to clarify the distinctions between the values of the open-source community and the Microsoft-funded Institute for Software Choice. Sincere Choice addresses several issues in critical to open software, including interoperability, competition by merit, open standards, and copyright."

willo asks: "I recently built an on board computer for my Grand Cherokee. The initial uses for it include music, gps navigation, on board diagnostics and a baby cam so I can see how my kid is in that rear facing seat. After lots of research and testing, I'm really disappointed with the mapping software out there for Linux. Gpsdrive provides the basic functionality I need, but the street names are built into the image and are difficult to read at a glance while driving. Not to mention that it has to download the maps it needs ahead of time. Xastir can handle almost any map out there, but it reads through every map for each redraw! It also seems to lack the ability to zoom intelligently based on location. Note that it's not really designed to be a navigation aid, but rather a ham radio APRS tool. (I am a ham). Delorme Street Atlas USA does what I really want, but it's been a pain to make run properly under wine. Is anyone else out there working on a decent navigation application?"

"To be really usable navigation software should do the following:

• handle maps efficiently and draw them quickly
• have intelligently organized map sets for countries/states. (You can't download a friggin map in the middle of Montana!)
• include serial gps/gpsd support. (just about everyone has this)

I've found a few references to mapping projects that seem to just be vaporware.

Map Sources do exist for this! Bruce Perens made TIGER/line data availible. NAVTECH is the map source for pretty much all the vehicle navigation systems out there, and high resolution maps are availible from the Geographical Information Survey."

Bruce Perens writes: "At the San Francisco Chronicle's SF Gate, Hal Plotkin points to Sincere Choice as the right compromise for an IT renaissance in Government including both Open Source and proprietary software. The article is extremely flattering to yours truly, but a good push in the right direction from a well-respected commentator."