Contents: |
Submitters, send your News Bytes items in PLAIN TEXT format. Other formats may be rejected without reading. You have been warned! A one- or two-paragraph summary plus URL gets you a better announcement than an entire press release.
The October issue of Linux Journal is on newsstands now. This issue focuses on Engineering. Click here to view the table of contents, or here to subscribe.
All articles through December 1999 are available for
public reading at
http://www.linuxjournal.com/lj-issues/mags.html.
Recent articles are available on-line for subscribers only at
http://interactive.linuxjournal.com/.
Behold the debut of a new News Bytes section.
This is the third month in a row that the legal landscape surrounding Linux users and programmers has been rapidly changing. We want to give adequate coverage to these changes--new laws and proposed laws--around the world. Since we have personal knowledge only of the US and Ireland, we'll need readers to tell us what's happening in their countries. This is important because anything that gets enacted in one country is often held up as an example to encourage similar legislation in other countries.
For any new law, one must ask: Who is pushing it? What will they gain? Who will lose under it (re fines or jail time)? Why? Do the proponents have a secret agenda to use the law in ways the legislature didn't intend? Do they have a not-so-secret agenda to push for bigger laws after this one is passed and accepted by the public? What unintended effects will the law have that even its proponents did not predict? We can't answer all these, but hopefully we can start asking the questions.
Especially the last question. This section is partly an Ode to the Law of Unintended Effects, because there are so many of them recently.
Foreign programmers like Alan Cox (#2 Linux kernel developer and former Usenix coordinator) are avoiding the US in order not to fall into the same trap Dmitry did. American programmers are looking for jobs elsewhere -- anywhere -- now that normal and necessary practices in security development and security certification are illegal. Not that there may be many places to go: the major proponents of the DMCA (the five biggest media-publishing and software-publishing conglomorates) are using the established US law as an example to push for similar laws in Canada, Europe and the FTAA (a possible future free-trade zone covering North and South America), saying: "See, they did it, so you should too."
"Security systems standards" means software that enforces digital copyrights. Remember CRPM, the aborted effort to put non-bypassable rights management into the firmware of all new IDE hard drives? That was scrapped because too many customers would refuse to buy such products. But SSSCA would make this or the equivalent mandatory.
Linux Weekly News writes, "The definition of a 'digital device' is just as broad as it sounds - essentially, anything--hardware or software--that is capable of moving and storing bits. In particular, a computer running Linux is certainly such a digital device, as is Linux itself or any of a number of other free programs." Free-software advocates are concerned, because is it even possible for Linux to be compliant? Linus could implement some rights-management code in the kernel, but because it's open source, any programmer could just comment it out. And the companies would presumably want to keep their (shoddy?) rights algorithm secret, so it would be available only in binary form. Would they even make a Linux version? If they did, would Linus have to link a proprietary, binary-only library into the standard kernel and change Linux's license to allow and mandate this? Would the kernel have a new module "digirights.o" with the help text, "If you are outside the United States, choose 'N' for maximum flexibility, reliability, speed and security. If you are inside the US, be aware that choosing 'N' may be a felony, and you should consult a lawyer before proceeding."
Another problem is that the technical standard is to be determined by "representatives of interactive digital device manufacturers and representatives of copyright owners". What about representatives of the public? The constitutional right of copyright is a balance between the author's interests (payment) and the public's interests (the "progress of science and useful arts" by having everything become public domain after a limited time, and fair-use rights in the meantime). But this law is one-sided in favor not even of the authors, but of the big publishing houses.
There is also a certain antitrust exemption in the bill.
One concession to fair use remains: TV time-shifting. People will be allowed to record a TV show if it's an "over-the-air broadcast, non-premium cable channel or non-premium satellite channel". Recording a Showtime movie would become illegal since it's on a premium cable channel. Note that there's no provision for radio, webcasting or future technologies, so there would be no fair use at all for those.
The SSSCA is not law yet. In fact, as of early September it had not even been introduced in Congress, just debated informally. More happened later, but let's keep things chronological....
Of course, there are the usual arguments against encryption back doors:
Exactly one week after the terror attacks, the Nimda worm/virus appeared, the son of Code Red. The Justice Department included in its Anti-Terrorism Act language that would define hackers, virus-writers and web site defacers as "terrorists", eligible for life imprisonment without parole. "Cracking a computer for the purpose of obtaining anything of value, or to deliberately cause damage" would carry the same penalties as assassinating a public official or dropping a chemical weapon. The law would be retroactive to the beginning of time, so even crimes committed long ago could be tried under it. Fortunately for Kevin Mitnick, he's already received his sentance. But those who break into a grocery store's web site and order a pack of gum for free had better watch out. And those who provide "'advice or assistance' to cyber crooks, or harbor or conceal a computer intruder" would receive the same punishment as the intruders themselves. "DNA samples would be collected from hackers upon conviction, and retroactively from those currently in custody or under federal supervision. The samples would go into the federal database that currently catalogs murderers and kidnappers."
What happens if you cross an Anti-Terrorism Act with a Digital Millenium Copyright Act? Answer: Dmitry goes to prison for life. No, that hasn't been proposed. But watch out for that definition of "hacking" and see what exactly it includes, and whether it expands later. Remember the law of Unintended Effects.
Larry Ellison, the head of Oracle, is calling for national ID cards. This may sound like merely the musings of a concerned citizen until you remember that an ID-card system needs a database, and why not an Oracle database? Ellison is offering to give the government the software for free, but still, what a PR bonanza for Oracle it would be. (Like when Microsoft "gives" software to schools. Of course, nowadays it "sells" software to schools....) Regarding identity cards themselves this report looks at countries that use them and countries that don't use them, and notes the differences between what each country originially intended its card for vs how it's being used now. (Again, the Law of Unintended Effects.)
There is one bright side: Congress is considering splitting up the omnibus Anti-Terrorism bill. That would allow it to pass the most urgent portions right away, but hold off on the more controversial measures until they can ascertain which ones would cause more harm than good.
In late September, the SSSCA was introduced in the Senate. It has a long way to go before it becomes law, since it has not even been introduced in the House yet. Most are predicting it has too many critics to pass this year, but portions of it could crop up in future years.
Linux Journal's Don Marti chided Michael Eisner, the Charman and CEO of the Walt Disney Company, for planning a trip to Washington, DC, to "close the deal on a computer censorship bill, the SSSCA, you're buying from Congress." He also chided Senator Fritz Hollings (D-SC) under the headline, "Senator Hollings Cheaper Than We Thought", saying that Eisner had paid Hollings $18,500 to get the bill introduced. (And not the $25,000 LJ had previously reported.) Of course, the payment was in the form of cumulative campaign contributions, not a direct bill payment (pun intended).
The Register notes in "Copy-Control Senator Sleeps While Fair-Use Rights Burn" that the Big 5 media companies are among the top 20 contributors to Hollings' election campaigns: AOL Time Warner, the Murdoch-owned News Corporation, Viacom's CBS, the National Association of Broadacsters, and Walt Disney Company. If you type "senator hollings campaign contributions disney" into Yahoo, several other articles come up, including this one. (Yes, you can try this at home. Type "senator <NAME> campaign contributions" and see what comes up for your favorite Congresscritter. Or "representative <NAME>" for members of the House.)
Here's an article that looks at SSSCA from the manufacturer's standpoint: Bill Could Force Copy Control On IT Firms. It says the SSSCA "could slow the development of the technologies it seeks to regulate by shifting the attention of the industry from product development to lobbying." One attorney comments, "Telling us what systems to pay for and implement to protect someone else's property doesn't make sense."
Another Register article says the SSSCA "would close all the irritating little loopholes in the DMCA right around the necks of consumers, where, the industry reckons, the pressure rightly belongs." And, "Conveniently, and by design, the words 'fair use' appear nowhere in the draft. The industry lobbyists never liked that troublesome phrase in the DMCA, so now it's gone." The article also points out that the SSSCA does not require new complient hardware to be backward-compatible with older hardware, meaning another round of buying the same content again.
The role of the Electronic Frontier Foundation (EFF) emerged as a topic in activists' discussions. Many people think of the EFF as a lobbying organization, but its mission is actually to defend individuals who have been unjustly accused. Taking on full-scale lobbying of Congresscritters would require significant changes to EFF's structure, tarnish its reputation among those who raise their noses at "lobbyists", place the organization in a different tax category, and distract it from defending individuals.
Thus, the free-software and "free Dmitry" groups are debating whether they should start a lobbying organization themselves. Of course, one's first knee-jerk reaction is to stay as far the h*ll away from Washington as possible, but if we don't do it, who will? Of course, it would mean doing some distasteful things. Like (gasp) making campaign contributions to influence a Congresscritter's votes. Is the free-software community ready to sponsor a PAC? (PAC = Political-Action Committee, a fancy term for "lobbying group".) Even though freeniks have some of the highest noses and loudest sneers against "lobbying scum"? Some are considering it, thinking it's the only way make a dent in the rapidly-accelerating onslaught against our rights. Obviously it's something that it will take a long time to come to consensus on.
Or if artists start giving away all their music for free. That would generate more fans at shows, and bands receive much more money from one concert patron ($5-10, plus $10 if she buys a T-shirt) than they do from one CD purchase (less than $1). And if she buys a CD at a show, they both win: she gets a discounted price (often $10), and the band get a few dollars rather than the 25 cents they would get from a retail sale.
Then we would see corporate profits drop.
This, coupled with the crypto back door and hacking-considered-terrorism proposals and others, foreshadow a society fifty years from now vastly different than now, where everything is pay-per-view, fair use is forgotten, all available computer hardware enforces this, and Linux has been illegal for so long that nobody remembers what it was. But the biggest companies will still have familiar names--AOL Time Warner, Walt Disney, Microsoft. The laws give a competitive advantage to the companies that were dominant at the time of the laws' adoption, since they can use the laws to sue everybody else out of existence. (Why else do you think they pushed so heavily for the laws in the first place?) Perhaps many people in today's computer field will drop out in disgust and switch to other professions, and shun e-mail and the phone in favor of face-to-face activities. Farfetched? Perhaps, but we've learned and not to trust the CEOs and politicos any farther than we can throw them, and to expect the worst because it will turn out worse than that.
Of course, one wonders whether the needs of the publishers for strong encryption and the needs of the FBI for weak encryption are on a collision course. We've already seen that the needs of the FBI (to catch bad guys) and the needs of e-commerce (to promote a healthy economy) are opposite: that's why the Clinton administration weakened crypto export laws, and why the FBI is now pushing back.
"Anticircumvention Rules: Threat to Science" (Science magazine) argues that the DMCA is a threat to all scientists, not just those in computer security and encryption research. "Virtually all computer scientists, as well as many other scientists with some programming skills, find it necessary on occasion to reverse engineer computer programs. Sometimes they have to bypass an authentication procedure or some other technical measure in order to find out how the program works, how to fix it, or how to adapt it in some way. The act of bypassing the authentication procedure or other technical measure, as well as the making of a tool to aid the reverse engineering process, may violate the DMCA. Although the DMCA also has an exception for reverse engineering of a program, it too is narrow. It only applies if the sole purpose of the reverse engineering is to achieve program-to-program interoperability and if reverse engineering is necessary to do so. Trying to fix a bug or understand the underlying algorithm does not qualify. Information even incidentally learned in the course of a privileged reverse engineering process cannot be divulged to any other person except for the sole purposes of enabling program-to-program interoperability." The article also speculates about a pharmaceutical company that "produces data to prove that a new drug is safe but technically protects it so that only certain tests can be performed on the data, all of which support the safety claim. A scientist who doubted the safety claim and tried to process the data by additional tests would violate the DMCA if he or she bypassed the access control system restricting use of the data."
Lawrence Lessig, who wrote _Code and Other Laws of Cyberspace_, is interviewed by LWN's Dennis Tenney. He gives his perspective on the DMCA, Dmitry Sklyarov's case, Hailstorm, international jurisdiction, etc.
Background on the DeCSS case.
A Slashdot post that describes some of the lesser-known provisions of the DMCA.
Phil Zimmerman, creator of PGP encryption, explains how he was misrepresented by the Washington Post. The Post reported that he was "overwhelmed with feelings of guilt" over the fact that the September 11th terrorists may have used PGP in planning their attack. Zimmerman reiterates that he thinks the public having access to strong encryption without back doors is a good idea, and that PGP is a good tool for human rights around the world. He also insists he will not allow any back doors in PGP.
The following articles are in the September-October issue of the multilingual
ezine Linux Focus.
In case you missed some of
Linux Journal's technical web articles over
the past few months here are some links to
System Administration articles by Marcel Gagné
Linux Journal also has an online Review of the book Linux Administration: A Beginner's Guide, Second Edition.
Linux Magazine have an article on MySQL performance tuning. Much of the information could be applied to any SQL database.
The Duke of URL has
The Linux Review have taken a look at the new KDE 2.2 and its applications. The review points out missing features that allegedly make the corresponding Windows and Macintosh applications superior (even MS Outlook!). There is also a follow up. Courtesy LWN.
Could DMCA be outflanked by new cosmogeny and quest for meaning of life ;-).
There is an interview with the creator of MenuetOS over at OS News. MenuetOS is a small assembly-language OS that fits on a floppy with room for a few applications. The video driver has 16.7 million colours.
Some links courtesy of Slashdot:
In industry bad news, Linux Weekly News have reported that Great Bridge has closed its doors. Great Bridge was the company that brought LG the article The Opening of the Field: PostgreSQL's Multi-Version Concurrency Control.
Listings courtesy Linux Journal. See LJ's Events page for the latest goings-on.
Cluster 2001 | October 8-11, 2001 Newport Beach, CA http://www.cacr.caltech.edu/cluster2001/ |
Linux Lunacy Co-Produced by Linux Journal and Geek Cruises | October 21-28, 2001 Eastern Caribbean http://www.geekcruises.com |
LinuxWorld Conference & Expo | October 30 - November 1, 2001 Frankfurt, Germany http://www.linuxworldexpo.de |
5th Annual Linux Showcase & Conference | November 6-10, 2001 Oakland, CA http://www.linuxshowcase.org/ |
Strictly e-Business Solutions Expo | November 7-8, 2001 Houston, TX http://www.strictlyebusinessexpo.com |
LINUX Business Expo Co-located with COMDEX | November 12-16, 2001 Las Vegas, NV http://www.linuxbusinessexpo.com |
15th Systems Administration Conference/LISA 2001 | December 2-7, 2001 San Diego, CA http://www.usenix.org/events/lisa2001 |
The Tenth International Python Conference (Python 10) will be held on February 4-7, 2002, at the Hilton Alexandria Mark Centre in Alexandria, Virginia. The Call for Papers for the Refereed Paper Track, and the Call for Tutorials can be found at www.python10.org/p10-callpapers.html, and www.python10.org/p10-calltutorials.html, respectively. The deadline for submitting a paper to the Refereed Paper Track is Monday, October 8, 2001. The deadline for submitting a proposal for Tutorials Day is Monday, October 1, 2001.
SGI Federal, a subsidiary of SGI, has teamed up with Linux NetworX to win a bid to build three Parallel Capacity Resource (PCR) Linux cluster computing systems totalling 472 Pentium 4 processors for the National Nuclear Security Administration's Accelerated Strategic Computing Initiative (ASCI). ASCI is a program to reach 100-trillion calculations per second by 2005 that will help scientists to maintain the safety and reliability of the U.S. nuclear stockpile by simulating the aging and operation of nuclear weapons. With a theoretical peak performance of 857 gigaFLOP/s, the largest of the three systems with 252 Pentium 4 processors, named PCR P4A, will be one the fastest Linux clusters ever built.
Landmark Graphics Corp., a wholly owned business unit of Halliburton Company, today announced plans to offer its full suite of integrated UNIX exploration and production applications on a range of Linux platforms with rollout beginning in the fourth quarter of 2001. This marks the most significant commitment to date by a major technology provider in the oil and gas industry to support the "open source" Linux operating system. Compaq, Dell, EMC, IBM, Intel and Network Appliance are working with Landmark to offer a broad range of optimized Linux solutions, including workstations, servers and storage.
Adam Di Carlo announced that version 3.0.14 of the boot floppies are available for testing for powerpc and i386. Hammer on them and send reports, comments or praise to debian-boot@lists.debian.org. Original story.
Debian Security is crucial to users and should be managed properly. Recently, to help improve the situation, Joey Hess has asked for a Security Secretary, who will help the Debian Security Team doing their work.
Reports taken from Debian Weekly News.
From the end of August, SuSE Linux Enterprise Server 7 will be available for Intel's 32-bit architecture (x86), Intel's 64-bit architecture (Itanium processor family), and IBM's mainframe platform S/390. Versions for IBM's iSeries, pSeries, and zSeries will follow in late autumn. Included in the purchase price, are maintenance services that make sure that SuSE Linux Enterprise Server 7 is always up-to-date, stable, and tested. SuSE regularly informs users by e-mail and makes the respective patches, fixes, and updates available via FTP server. For more information please refer to http://www.suse.de/en/sles/
SuSE Linux have also announced that SuSE Linux Database Server combines the operating system platform of SuSE Linux Enterprise Server with IBM's DB2 Database to form a complete solution for professional users. In mid September, SuSE Linux will present an updated version of the solution package.
MEN Micro have released a new CompactPCI single board computer (SBC). The SBC comes in three versions, and each version includes a 300 MHz PowerPC XPC8245. The D3, as the new SBC is designated, is a one-slot 6U CompactPCI board. In CompactPCI systems it operates as a master system-slot board, but in embedded applications it can also operate as a standalone processing unit without a bus connection. As a computer, the D3 comes with up to 256K of DRAM in a SODIMM slot, two megabytes (MB) of flash memory and an ATA-compatible CompactFlash site, in addition to numerous other I/O features. The D3 can run either the VxWorks or Linux operating systems. For more information on the D3 including a data sheet, go to www.men.de/products/press.
Rackspace, who hosts more than 2,500 Linux servers, has earned the title of "Best Dedicated Host", as judged by the editors of Web Hosting Magazine, because of their dedication to customer service.
Recently, to assist in promoting the Linux+ certification effort, SAIR Linux and GNU Certification has released a version of its Fundamentals course-ware, which doubles as preparation course-ware for CompTIA's Linux+ Certification exam. SAIR Linux and GNU was contacted by CompTIA� to aid in the development of CompTIA's Linux+ Certification exam. The course title is SAIR Linux and GNU Fundamentals/Linux+.
Media Technology have launched their new product, the VT900 Set Top Box. The VT900 enables Ethernet 10/100 data streams to be converted to composite analog RF data streams or digital S-Video data streams compatible with all standard TV sets. Over 250 channels of various forms of TV-format data have been successfully tested with the VT900. Implementing Linux, the VT900 incorporates a full browser, and supports all plug-ins. Partnerships have been established with both Century Embedded Software Inc., and Enreach Technology Inc, to further develop application software. The VT900 is designed using the National Semiconductor Geode processor in conjunction with the Sigma Design EM8400 MPEG Decoder and the Macphyter Ethernet adapter. Optionally available are DVD Player, CDRW, Floppy and standard IDE Hardware.
Team ASA's NPWR is a Single Board Computer (SBC) designed for manufacturers and OEMs in the Network Attached Storage (NAS), RAID, and Personal Server marketplaces. It is now available with dual Gigabit Ethernet ports. The NPWR is powered by the Intel XScale processor, the XScale is a RISC CPU with clock rates reaching as high as 733 MHz. NPWR's standard configuration includes 160 Mbytes per Second (LVD) SCSI port, 8 Mbytes of FLASH ROM, 128 Mbytes of SDRAM and a Gigabit Ethernet port.
Command Prompt, Inc. is pleased to announce DocPro, the "professional DocBook tool set". DocPro is a compilation of tools designed to allow technical writers to effectively process their DocBook SGML and XML layout. DocBook itself is a powerful markup language. However, the tools are painful to compile, configure and work with. Command Prompt, Inc. has eliminated the problems associated with the integration of these tools into a production environment. DocPro comes in Basic and Deluxe versions, and should work with all RedHat 6.2 and later compatible distributions of Linux.
Tarantella, Inc. has announced the availability of Tarantella Enterprise 3 Starter for Linux software. The product makes it possible to publish Windows, Web, Java, AS/400, Linux and UNIX applications securely to client devices anywhere. It can be used for a wide range of tasks, such as remote system administration or accessing company applications and services from home.
Opera Software have announced that future versions of its browser will support the new and improved Wireless Application Protocol (WAP) 2.0 standard.
Opera Software have also opened the revamped MyOpera community and released the second edition of their popular Opera Composer, inviting users to join an Opera community or create their own. In this new version, users can customise their own Web browser for the Linux platform as well as for Windows,
Alabanza has launched version 4.1 of of its Automated Web Hosting Software Suite, which was originally built on and still runs on the Linux operating system. The latest version of the software suite includes a new Web Site Builder tool it acquired from OnNet Web Hosting. Version 4.1 automates administrative Web hosting tasks, empowers users to update sites, provides for complete security and furnishes electronic commerce services for small businesses. Alabanza's Automated Web Hosting Software Suite 4.1 is the most proven, reliable and secure solution on the market for hundreds of Web designers and developers, systems integrators, Internet service providers and telecommunications carriers. It allows end users to automate administrative tasks, manage content, and update Web sites with a significant decrease in time and costs; all within a secure environment.
BrainT@GS has released NetRelay. This software-tool automates processes between web client, server and databases. This includes automatic record creation, deletion, display and up-date and integration of a template-engine. The intelligent and structured architecture of NetRelay makes the development of dynamic web applications more transparent and structured. NetRelay creates a clear separation between logic and presentation and also generates automatic XML documents, enabling easy data-transfer. NetRelay is database independent. NetRelay runs on any server platform supporting the JDK, and has been tested on Linux.