Slashback: Mars, Linksys, Torrent

Slashback tonight brings updates and followups on several recent Slashdot postings. Among other things, Linksys says they're not violating the GPL, and Tiger Direct says that Michael Robertson's claims about Microsoft targeting Lindows buyers are way off base. Speaking of which, Microsoft has decided it makes more sense to embrace schools than to alienate them with hard-nosed licensing policies on donated PCs. Also, a torrent file for the Red Hat 9 version of Ximian's latest desktop, and more. Read on for the details.

Fork carefully or be forked preemptively. BSD Forums writes "The leader of the open-source JBoss Java application server environment said that if the group of developers that left his organization attempts to splitâ"or "fork" as it's called in the industryâ"the JBoss code base, he would sue them. Marc Fleury, president of JBoss Group LLC, Atlanta, said he is prepared to take legal action if the group of developers who left the JBoss Group to form a new company, known as Core Developers Network LLC, attempts to diverge from the JBoss code base."

They can learn in the classroom, or outside it. MVP writes "Fridrik "frisk" Skulason, of F-Prot fame (you know, that good old DOS free for personal use antivirus, up-to-date & usable for windows), has a very acid reaction against the decision of University of Calgary to start teaching virus-writing classes (see previous Slashdot thread)."

Just let me control the textbooks ... After a few stories like this one, it may please some people to see at least a partial turnaround from Microsoft on computers donated to schools without Windows licenses. Patrick Cable II writes "I got an interesting letter from Microsoft today at work. Microsoft has started a "Fresh Start" program for educational instutions that basically makes it so schools who have had computers donated to them without licenses or media can get media and a letter stating the computer is licensed to use a Windows operating system (98 or 2000). More information can be found here. Anyone think they're trying to figure out a way to deal with the whole Linux thing?"

Software in the Public Interest has yet to respond with a lower licensing fee for Debian.

More fun than "The Winds of War." For fans of Kim Stanley Robinson, space exploration and colonization, space elevators et cetera, reader Unbeliever writes with new that Hurd will soon meet Mars. "No, not GNU/Hurd, but Gale Ann Hurd. Hurd just signed a deal with Sci-Fi to produce Kim Stanley Robinson's Red Mars as a Sci-Fi 6-hour miniseries. Red Mars is the first of the Robinson's Red/Green/Blue Mars Trilogy, an 'almost plausible sci-fi' future-history approach about Colonizing and Terraforming Mars. The trilogy looks at the technological, sociological, personal, and political challenges of terraforming a different planet. Also of interest to Slashdotters in general is Robinson's ideas on the growth of multi-national corporations into Meta-Nations, and their effects on world politics."

But doesn't that make it radio their way? In the recent Radio Your Way review, our reviewer said of the device that it had "[n]o off button! As far as I can tell, once you turn the device on there is no way to manually turn it off other than to wait for it to enter sleep mode after several minutes. Very annoying."

Another reader writes with this workaround: "In any mode, hold down the stop button (a little square under the play button) for 2-3 seconds to turn off the unit. This is listed in the manual, which you are right, is a very poorly done Korean effort."

Calm down that jerking knee, then apply ice. In response a post which raised the question of whether Linksys was in violation of the GPL by not distributing, nor offering links to, the source code for the software controlling their 802.11g base stations. A representative from Linksys-PR sent in this note about the "missing" source code:

Linksys is a strong proponent of both Linux and the Open Source movement. The code within our routers is using User Space code without linking dynamically or statically to any GPL (GNU GENERAL PUBLIC LICENSE) code. Any code which does not have a static or dynamic link to anything covered by the General Public License is not GPL'ed, and can be considered closed source.

We regret it took some time to respond to this posting. To assure timely responses to inquiries like this in the future, please use the following procedure which complies with the requirements of the General Public License:

1. Please put your request in writing or in an email addressed to info@Linksys.com
2. You have to request the code for the specific modules you want. It is not valid to issue a request for any "code you may be using."
3. Technically, you are also supposed to provide us with a self-addressed stamped envelope, along with funds to cover the cost of providing the code to you. But Linksys will handle requests on a case-by-case basis. Thank you."

Straight from the Tiger's mouth. Tiger Direct Executive Vice President Richard Wallet wrote to contradict Michael Robertson's claims that Microsoft was targeting Tiger Direct customers who purchased Lindows systems to offer them steep discounts on Windows XP. Wallet writes:

"TigerDirect is not selling any version of Windows for $50. We are selling Microsoft Windows XP just like any other reseller and we are in compliance with all of Microsoft's licensing agreements, no better, no worse, and no different.

TigerDirect does sell low-cost systems with the Lindows operating system. TigerDirect also sells low-cost systems with Microsoft Windows XP. TigerDirect even sells systems with NO operating systems. The only parties who can tell us which products are or aren't worth selling are our customers. Neither Microsoft nor Lindows has a significant influence on what we buy and sell. We aim to serve our customers with the products they want at the very best values available and world-class customer service.

TigerDirect did in fact perform a survey of its customers as it does on a regular basis. Contrary to the author's claim, this survey was not only sent to Lindows buyers. It was sent to everybody who bought systems from TigerDirect during a specific time period. The purpose of the survey was to help us better serve the needs of our customers by getting a better understanding of what they're using the systems for, what they're running on them, and why they purchased what they did. The result of the survey is going to be to help us better align our PC product mix to increase sales."

Many monkeys make slick visuals. IamTheRealMike writes "Hi all, there is a BitTorrent of the XD2 RPMs for Red Hat 9 available, please be gentle with it. It comes as a directory that contains a readme and an ISO - make sure you read the readme first as there is a bug in the installer you need to know about. When all is done and you've read the instructions, just mount the ISO using the loopback device and point the installer at it. For all those who have been trying and failing to get it using the mirror network, this might provide a useful alternative."

License protection?

[The+Bungi]

Marc Fleury, president of JBoss Group LLC, Atlanta, said he is prepared to take legal action

JBoss is open source... doesn't the license protect the guys that walked out? Does this mean that Mr. Fleury will sue me as well if I do a JBoss knockoff?

Re:License protection?

[The+Bungi]

Possible. But I wonder how "based on JBoss" or "from the original developers of JBoss" would fly in that situation. After all, if you're taking GPL'ed code (or any other type of license for open software) and aggregating it to create your own (obviously open) software solution, you can't help but say "this is based on the code for product X".

JBoss Certification Hassles

[sbszine]

I've said this before (when the original article was posted), but I still suspect the JBoss split is related to their Sun certification troubles.

There's an interesting ZDnet article here that talks about JBoss not being 100% kosher J2EE, and the main group's ongoing dispute with Sun. I think that the breakaway group intendeds to fork JBoss to make a more easily certified version, and this Slashback seems to support that somewhat.

One more thing

[The+Bungi]

Tiger Direct Executive Vice President Richard Wallet wrote to contradict Michael Robertson's claims

Here's a revolutionary idea. Instead of posting hysterical flamebait stories to the front page, how about you do your homework before the fact? Is it so difficult to email the guy beforehand and ask him for the real story? You sit on submissions for days sometimes, so how problematic would this be?

I know that posting another "M$ is doing evil" story contributes to the bottom line with all the ad impressions and whatnot, but taken as a whole your FUD is no better than Microsoft's. And that puts you on the same ethical bandwagon.

I know it's legal but ...

[Rosco+P.+Coltrane]

2. You have to request the code for the specific modules you want. It is not valid to issue a request for any "code you may be using."

Well then, what if I ask Linksys to send me any GPL code they're using ? is that valid enough ? because mething they'd have to send it to me.

As for asking what modules I want specifically, how would I know without reverse-engineering the product ?

I know the GPL allows users of GPLed code to require people to ask for the source code of whatever GPL stuff they're using, but when Linksys tells you you have to ask in writing, including a self-addressed stamped envolope, I call that bad will. It would show good grace if they provided a link to the sources on their site, and it would cost them less than processing snail mail.

So Linksys, put your money where your mouth is and show you're a real proponent of Linux and OSS. Right now, you look like freeloaders who want to make the process of getting your sources as painful as possible.

As much as I respect Skulason...

[Arker]

...and even though much of what he says is correct (most virus writers, particularly nowadays, are just script-kiddies and not particularly good programmers) I can't agree with his main point. There are very valid reasons to write viruses as learning experiments. And not just for people interested in working in security either - as pure CS there is a lot to be said for it.

He gives the impression that all viruses are harmful, but that's simply not true and he must know that. Many viruses, including all the early ones, were pure CS experiments in artificial life. They had no 'payload', no destructive nature, they just try to survive and reproduce, the basics of biological life transplanted to the digital realm.

Now writing a virus with a destructive payload and spreading it to other people's computers - that is clearly unethical, but I really doubt that's what they have planned in this class.

Problems with Virus rant

[Omnifarious]

"The current approach of reacting to the viruses is simply not working."

While this is true, it has more to do with flaws in human nature - as long as 97.3% (according to the research of Dr. Vesselin Bontchev) of people do not react in an optimal way to a virus infection, viruses will continue to spread. I fail to see how development of more viruses will help in that regard.

I'm pretty tired of programmers who think people should adapt to machines instead of machines to people. So, people don't react in an optimal way to a virus infection. Perhaps someone will have some new ideas about how to create software that either makes the behavior change required easier and less annoying than not changing behavior, or makes it completely unecessary. Software is for people. People aren't for software.

Most virus writers are simply not of that caliber...forgetting the "script kiddies" and those that only modify existing viruses, the remainder write so bad code that (assuming the code shows their true abilities) they would have a hard time getting a real programming job.

This whole section has nothing to do with the point. Sure it takes more skill to write anti-virus software, but that doesn't mean a thorough understanding of how to write a virus wouldn't be helpful. It also doesn't mean that teaching someone how to write a virus turns them into a low skill programmer.

One could argue that all the pieces of source code lying around that are designed to reproduce themselves in their output are a form of virus, yet writing them is considered an interesting intellectual challenge worthy of a serious programmer.

I have a few comments regarding this section. It says that "No removable media will be taken out of the laboratory." I hope that this implies an armed guard at the door, doing a full body search of the students as they depart, because anything else would be insufficient. But what about things like printouts of the virus source code? Assuming that the students are really able to create a working virus, I sincerely hope that they will not be able to take home a printout of it, only to type it back in on their home machine. I would very much like to see some assurances in this area.

This requirement is predicated on the automatically assumed malicious intent of anybody who writes a virus. The school is trying to protect against accidents, not a deliberate attempt to unleash a virus on the net as a whole.

Preventing source code printouts is only a very minor deterrent against such maliciousness. So I don't think think it's worth considering putting into practice as it invites circumvention by treating the people taking the class as if they were criminals. People treated as criminals from the outset are more likely to act like criminals.

The vast majority of the anti-virus community condemns the part that involves writing viruses, considering it ethically unacceptable, pointless, and outright stupid. On all mailing lists in the anti-virus community, all real virus researchers have agreed that what you are doing is unacceptable, and simply stupid.

You may be secure in your academic ivory tower, not caring that your course is going to help legitimize virus writing, and will only lead to more viruses being written in the future - more problems in the real world which YOU will be responsible for.

You create a mess, and then we have to clean up after you.

The only valid point in the entire thing.

The rest of it is all predicated on the assumption that anybody who takes the course automatically has criminal intent. I prefer not calling people criminals until they commit a crime. Writing a virus shouldn't be a crime. Releasing one into the wild should be.

The social consequences of making virus writing seem legitimate is a real consideration. Though, I have an unfounded suspicion that the attitude that it isn't legitimate tends to inhibit a-life research some.

Re:Problems with Virus rant

[Alan+Cox]

Antivirus software ultimately is irrelevant, as is just about every other piece of "after they get in" type software. Security has to be about "they didnt get in" and more importantly "they got in but couldnt do any harm".

Take slammer, mix with chernobyl and add disk firmware erasure. By the time something like that hits you its too late to update your virus scanner.

Re:about Linksys providing source code

[andersen]

Thats fine. But as maintainer of BusyBox, which is being illegally shipped with their router without source in violation of the GPL, I had my lawyer send them a lease-compily-with-the-license letter on May 13th. Then did not respond. So I had my lawyer send them a letter letting them know we will sue them if they have not responded by June 16th. I don't care what their PR department says. I expect a proper response from their legal department or we will see them in court. I am tired of people trampling over the GPL and then giving a lame little "oops, sorry" when they get caught. When I walk into the local CompUSA, there is a isle filled with GPL violating routers. Until each of these routers includes a copy of the GPL'd sources, or includes a written offer to obtain the sources for the cost of the media, they will still be violating the GPL. They do not include the source with these routers. And they do not include a written offer for source. Therefore, they must offer source via their website to comply with the GPL. Anything less then that, and they are what microsft would term "software pirates" -- shipping software in violation of the software license agreement.