Posts by Vic

Preventing errors

> But how can a mistake like this ... be prevented?

Sensitive data should go by a different route that other data - a dedicated email system or fax machine.

And you lock down the number of possible recipients very carefully.

It won't entirely prevent sensitive data being sent to the wrong person - but at least you know that it will go to someone with whom you already have a reasonable trust relationship.

Sending sensitive data through the "normal" fax machine => instant dismissal.

Vic.

@Peter...

Of course MS wants to kill other OSes. But that doesn't mean they can.

> If they can go in to any procurement with organisations by starting with "Of course,

> you know that we MAY still sue users of Linux for use of OUR copyrighted material"

If they try that, they will be ignored, for the most part.

The arguments have been thrashed out. World+Dog now knows that any necessary Unix copyrights - and there are almost certainly none, as we'll see in SCO vs. IBM - have been licenced under the GPL. Such a threat will only be useful when dealing with the terminally incompetent - and such PHBs rarely need such threats to be swayed anyway.

But such behaviour could also land MS in very hot water: knowingly making false claims is a tort, and would land MS with a very hefty bill in the courts. There is no way, post SCO vs. Novell, that MS could claim to believe that owning any Unix copyrights could affect Linux. Threats like this would be corporate suicide.

> I don't see this as being illegal under current unfair trading practices legislation

It is most certainly illegal under US legislation. That would do...

> Do you think that you would pay, say, £100 a year per PC just for the right to use it?

No, I won't. And, because of the Freedoms granted me by the myriad FLOSS developers, I don't need to.

You are imagining difficulties where there are none. If you want to get excited, worry about US patent law, and how it affects software - that's a threat for all software writers, both Free and proprietary. But Unix copyrights - they just don't matter to Linux. There is no AT&T Unix in Linux, and it would be legitimately licenced if there were.

Vic.

Forgot the footnote...

> Aside from this not necessarily being a particularly good idea[1]

[1] One of the major elements of an Enterprise distribution is stability: you test your installation at rollout, and you know that there aren't going to be any significant changes throughout the lifetime of the distro. Apps that worked properly initially will continue to work all the way through. By making such a step-change in the kernel, this proposition is no longer known; Oracle runs the risk of breaking lots of stuff for its users.

Vic.

Really?

> Oracle is forking Linux with their own non-compatible version.

Errr - you sure about that?

Last time I looked, they were basically just rebuilding RedHat Enterprise.

They did announce they were going to use a different kernel - but that's basically just the upstream latest kernel. Aside from this not necessarily being a particularly good idea[1], they're also obliged to release the source to whatever they ship (it's GPL), so anyone that wants to do the same can do so.

> Expect Linux to be the same as Unix with multiple slightly non-compatible versions.

From a kernel perspective, the only difference will be in terms of which kernel each distro chooses to use. That's no biggie.

The difference is predominantly in the userland stuff - and that's just down to where the maintainers =make the trade-off between conservative stability and bleeding-edge risk.

> So much for standards....the $$ always wins.

Not so.

Vic.

Re: Wouldn't work

> I just don't see the facts getting in the way of the PR.

That boat's already sailed.

SCO made a huge noise about how Linux infringed on everything. The world and his dog heard the story - and now the world and his dog know it's untrue.

Attempting to do the same thing again just isn't going to work. That FUD has dispersed...

Vic.

Current state of play

> What's the currently claim anyways?

SCO are currently reduced to the Gollum defence in their appeal pleading to the 10th Circuit Court of Appeals :-

"But we *wants* it, my precioussss"

Vic.

@Peter...

> if MS can kill alternative operating systems

You haven't mentioned how they would achieve that.

Vic.

+1

> I hope MS does get the Unix rights.

As do I, actually.

They can't harm any of the incumbent Unix operators - IBM, Oracle and HP have all got paid-up, permanent licences, so they can carry on knocking out their own flavours of Unix.

Linux, BSD, etc. can carry on doing what they are doing - MS can't affect that, as it doesn't hold copyrights to any code there that isn't properly licenced.

Microsoft, on the other hand, could chop out the core of Windows, and replace it with a proper Unix. They could leave the Windows skin over the top, port their Windows API layers to Unix, and serve up a robust POSIX core with pretty pictures over the top.

That would benefit all of us - Microsoft probably the most, as it could make Windows into something really quite special, but the rest of us would gain from MS becoming more standards-compliant, and if nothing else, a better Windows would mean fewer botnets and less spam.

I'm definitely hoping that MS are getting ownership of Unix.

Vic.

Wouldn't work.

> In that case they could sell^Wgive them to SCO and turn up the FUD machine to 11

Too late.

Even if SCO acquired all Unix copyrights now, it would do them no good at all. They didn't own the copyrights when they allege that part of Unix was put into Linux. Novell did, and Novell have licenced any such code under the GPL. So even if SCO got the code now, they can't remove the licence for any of it that might be in Linux (and nor have they demonstrated that any such code exists).

Being given the Unix code now would actually be disastrous for SCO - there's nothing left there now but the litigation, and the litigation hinges on an appeal against a judge and jury telling them they never owned the copyrights. To accept them from a benefactor like MS would be an admission that they did not own them - and that would destroy any faint hope they might have of getting this appeal.

Vic.

It really isn't a problem.

> This could be verrrrrry bad news for the Open Source movement,

Not at all.

Suppose Microsoft *do* get Unix. What would that matter to FLOSS people?

To re-run the SCO shake-down, you need to prove two things :-

- that there is AT&T-copyrighted Unix code in Linux

- that it was put there improperly

Despite years of shouting its FUD from the rooftops, SCO singularly failed to prove the former - they found a load of BSD-copyrighted stuff, but a quick glance at the BSD licence shows that that is perfectly acceptable.

The latter is an even higher hurdle; if Novell owned the copyrights (as two judges and a jury have declared they do), then if any such code is eventually found, it is now perfectly permissible, because the copyright owner has deliberately released it under the GPL. Any new owner may not revoke that licence.

And remember - *both* of the above need to be proven for a SCOSource Mk. 2. Some infringing material would need to be found, and it would have to be put into Linux without the copyright owner's consent. If either of these fail, the whole scam fails.

The only way this could be a problem is if the new owners of Novell declare that Novell perjured itself in the SCO vs. Novell trial, and it was actually SCO that owned the copyrights all along. Besides the array of lawsuits such behaviour would bring into existence, it would also likely mean real jail time for a number of individuals, and disbarment for certain lawyers. I can't see that happening, myself.

Vic.

Security.

> And if such a system can be built, why not build it?

We're talking about a gateway machine here. If you follow the (flawed) advice in the article, this is the piece of kit taking a heavy daily assault from ne'er-do-wells on the Intertubes.

If this is set up by someone who doesn't want to understand what he's doing, what chance security? This is an arms race; someone who wants to set up a box and forget it *will* get pwned eventually.

Alternatively, you could buy the same hardware, and spend fifty quid with a local Linux support company who will install the box properly, and either tell you what you need to do in the future, or sell you ongoing support. You could even watch the installation and learn a bit while he does it - most engineers are glad to impart a little knowledge, as it means an easier time in the future.

Linux maintenance is easy. Initial roll-out takes a bit more planning and experience; by far the cheapest way to do it it to spend a few quid with an expert.

Vic.

Re: But...

> Code under the GPL is protected from patent.

Not entirely.

GPLv2 only has an implicit patent grant from the code originator - that's one of the drivers for GPLv3, which has an explicit grant. It would be possible - if completely crazy - for Oracle to claim to release under GPLv2, but withhold a necessary patent licence such that no downstream users can redistribute (per Section 7). But that would destroy Oracle's reputation entirely, destroy Java entirely, and leave Oracle in the firing line for all sorts of legal difficulties. It would be absolute madness.

> If you remove the license, it's not just open to copyright infringment,

> but now that patent protection is lost. Possibly that's the logic?

That logic is flawed; the Classpath Exception does more than permit you to ascribe your own licence to the resultant Derived Work, it allows you to distribute under "the terms of your choice". Thus if a patent right was distributed by the GPLv2 grant, that same right could clearly be redistributed with whatever licence you choose for the CE-derived object. Indeed, it is quite possible that the Classpath exception makes the explicit patent grant that the GPLv2 omits - but you'd need to check with someone more intimately acquainted with the law in that area than I to be sure.

Vic.

No.

> Obviously JCP is set up so you are actually allowed to implement your own version of Java,

Not so.

This is what's behind Apache's recent problems - they cannot certify as Java because of the field-of-use restrictions that Oracle maintains on the TCK - which restrictions Oracle agreed were unacceptable when it was Sun doing the restricting.

> Java isn't in the hands of just one company. It isn't the IPR of Oracle.

Yes, it is. And Oracle currently seems to want to exercise those rights to the detriment of the JCP. This is probably a mistake.

Vic.

Be careful with the word "ignorance"...

> Ah, in what way have they fulfilled the GPL?

I'm not claiming they have.

But the file in question is licenced under GPLv2 *** with Classpath Exception ***.

That exception is important. It is worth reading what it says before alleging ignorance in others. One especially important phrase is :-

"to copy and distribute the resulting executable under terms of your choice"[1]

(referring to an object derived from the GPL + CE code).

"Terms of your choice" is a very powerful phrase.

> They put an Apache license on a GPL'ed file.

They put the Apache licence on something derived from a binary which was derived from a GPL+CE source file.

Now read the Classpath Exception to see why that is perfectly permissible.

> They can't do that.

They can. It is expressly permitted by the licence.

What they cannot do is to take the *original* source and slap a different licence on it. And they didn't.

> Just because code is open-source doesn't mean you

> can rip it off and do what you like with it.

Correct. Isn't it good that that hasn't happened?

> Do you know anything about the GPL or open-source software?

Yes, quite a bit, actually. And I know what the Classpath Exception says.

Vic.

[1] The CE can be found at http://www.gnu.org/software/classpath/license.html . I strongly suggest reading it before making claims about what can be done with compiled objects derived under that exception.

Re: GPL + ClassPath Exception copyright notice

> The android version has a Apache license on it

Now all that's needed is for someone to prove that that is an unlawful action.

The ClassPath Exception is *very* permissive...

Vic.

Defending patents...

> If you don't sue all those who allegedly infringe you are not

> 'defending your patent' and the patent is void.

You're thinking of trademarks,

Laches are rather more complicated under US patent law.

Let's hope Willets[1] doesn't get his way and import all that nonsense over here.

Vic.

[1] For a man with two brains, why does he never seem to use either of them?

Someone is jesting :-(

> First, in the US you can't sue anyone over anything. It has to pass

> a sniff test otherwise the lawyer bringing the lawsuit can be disbarred.

Prior to Iqbal, that was a very low bar indeed. Even now, it's little more than "would the world's most stupid man believe this for a fraction of a second, if we medicated him highly enough?"

> Removing the copyright notice which is a comment isn't doctoring the code.

Yes it is. It's a clear attempt to disguise the fact that this was distributed - both by Google and by Oracle - under GPLv2.

Vic.

Re: Ah, but then again

> they released their version under a different licence

That's one of the things that Oracle will need to prove, should they go for that approach. Remember that this is not a file that will ever make it into a handset...

Vic.

@Gumby Nope...

> Understanding the law isn't one of your strengths now is it?

Is it yours?

> Google can call their version of Java 'Tim' for all anyone cares, but its still a derivative of Java.

That is completely wrong in every respect. Dalvik is *not* Java. Java is not appropriate for the platform, so Google used something else.

The closest it comes to Java is that some of the application code running on it will initially be coded in the Java language - but all the patents Oracle has asserted read on the JVM, not the Java language. Although both language and VM use the word "Java" in their names, these are most assuredly not the same thing.

> Oracle is correct that Google did in fact copy code.

Oracle has, to date, come up with one file in a test directory that they claim is close to a file that they themselves distributed under GPLv2 with ClassPath Exception. I can see three reasons why that would constitute lawful redistribution - two of which are sure to work, the other one being a "probably".

Vic.

Re: Commitment to partners?

> Wow - way to backstab your business partners!

Not so. This is simply a "safety in numbers" defence.

Google's statement here boils down to "we didn't do this - and it's up to you to find out which of your customers actually did".

It's a neat trick, because it means that even if Oracle were to be successful in their suit (and not this one - a suit against someone else), any victory would be entirely Pyrrhic.

Of course, it's just one defence of many in Google's filing. I suspect there is a pitched battle ahead of us - and I don't rate Oracle's chances that much. Google will undoubtedly take some pain - I think they will consider that a bargain price for what they will achieve.

Vic.

Whole point of *** AGPL ***

> Basically you just described the main push behind GPL version 3

No he didn't.

> which would basically require any public web software as

> a service source code to be released

No it doesn't.

Vic.

Title

> Will it spy on me ? Steal my passwords?

Why don't you take a look and find out?

This is one of the major strengths of Open Source software - if you have concerns, you have both the right and the capability to inspect the source code. If it doesn't do exactly what you want, Free Software (which this is) gives you the right to change it so that it does.

> You almost expect any Google product to have some built in surveillance function.

If it does - take it out.

> All your privacy belong to us.

All your privacy belong to whomever you give it to. If you look after it yourself, that could be you...

Vic.

I don't..

> As Java is under GPL 2 and Android is under Apache. I don't

> think they are compatible licenses.

http://www.java2s.com/Open-Source/Java-Document/6.0-JDK-Modules-sun/security/sun/security/provider/certpath/PolicyNodeImpl.java.htm

http://www.gnu.org/software/classpath/license.html

Enjoy :-)

Vic.

Re: Open source version

> Given that there are open source versions

The open-source version of Java is OpenJDK.

There's also Apache Harmony, but since that hasn't been certified to be fuly compliant[1], it's not *technically* Java.

> is it not possible that this code they are showing to be the

> same is in fact derived from the open source versions?

No.

OpenJDK is GPL. If Android were derived from OpenJDK, it would also have to be GPL (and Google clearly didn't want to mandate the GPL on Android).

It remains to be seen whether Oracle's latest claims have any legs. I really doubt they do, but I've not actually checked yet.

Vic.

[1] Because SnOracle refused to release the TCK under a Free licence except in the OpenJDK context ...

Your granny *could* use it.

What you see above is a method to turn off user verification on machines that permit it.

This is not something you'd want in a GUI app - it's only something to be done by someone who knows what they are doing, and in certain very specific situations (e.g. lost root password). It's not *supposed* to be easy...

Vic.

Incorrect...

You have assumed that grub was installed without a password.

If a machine is installed somewhere that untrusted people have console access, that would be a mistake. A password would be used, and that would completely prevent such an approach.

Vic.

"The Sun" wouldn't know a shark from a shopping trolley...

> The Sun "reported" the same story in 2007.

They do it every few years, it seems.

> Didn't it turn out to be a hoax?

It usually turns out to be a Basking Shark. Again. And an idiot who can't tell the (particularly distinctive) Basking Shark's fin from a Great White's. Again.

Vic.