Bobulate


Archive for October, 2009

Roundup of NLUUG Fall Conference

Saturday, October 31st, 2009

Time to put down my NLUUG hat (that’s the purple one, matching the NLUUG color scheme) for this conference round and look back for a moment. It’s good to hear kind words from Sebas about the conference. They pretty much match my impressions of the whole: a conference with strong technical talks (I chaired three, on Legal aspects, Ampache and Midgard2) and a satisfied audience. The coffee was darn good — but you had to order a cappucino (after 11am) to get the full sense of artistry; Schuberg-Philis takes good care of its people. They had a nice talk on data storage tiers at the previous (spring) conference — the same conference where Ben Marin talked about libferris, so I’m happy to see him show up on planet KDE as well, now.

Kudos especially to Jos Poortvliet for filling in on short notice. I fully expect some form of revenge for that, even if the dinner and lengthy discussion about Free Software usability made up for some of it (quoth I “surely someone who drives a car has some mental model of what’s going on?” saith the usability expert “ha ha ha.”).

Thanks too to the programme committee, headed by Armijn, and to Interactie, represented by Andrea, for their dedication to the conference. As they say in Inspector Gadget: “next time” (the topic is “Systems Administration”, nice and traditional, and the call for abstracts is up if you’d like to submit a paper.)

The Economist on Clouds

Tuesday, October 27th, 2009

Last week’s The Economist has a leader article titled “Battle of the Clouds” and a six-page briefing “Clash of the Clouds.” It contains some interesting tidbits, such as labeling Apple’s key market “digital music”, Microsoft’s as “operating systems” (with 93% market share) and Google as “search.” Funny, I would have expected “online advertising” for the latter.

Anyway, there are two key — and somewhat contradictory — parts to the leader article. It starts off like this (edited for brevity):

The new approach has great promise. It makes life easier for consumers and cheaper, too: many cloud services are free, supported by advertising or subsidised by users who pay for a premium service. — The Economist, 17/10/2009, p. 13

I find it hard to believe that a massive shift to cloud computing — as in supporting everyone’s email and document handling — could ever be advertising supported, and the rates for maintaining massive amounts of servers for a broad slice of the population can’t be kept low for very long. Any user is going to consume a non-negligable amount of resources (electricity) in the course of a working day one the server end — that needs to be recouped.

The other end of the same leader article is headed “A storm brewing?” and touches on the issues and social implications of cloud computing. Something the FSF and FSFE have been concerned about as well. Here my feeling is that the article has done reasonably well: it mentions technological lock-in, “favour service providers who allow them to switch between services without too much hassle,” privacy implications, “most users will be happy to trade some privacy for free services,” (cue Ben Franklin) and data integrity and sustainability, “data stored in the cloud may not be safe.” Yes, those are the umbrella problems of clouds. For now, local storage and local computing are the best bet to avoid those problems and keep out of the rain.

We are out of Foz

Sunday, October 25th, 2009

Well, it has been a wild four days here in Foz do Iguacu. This is the social and travel entry, with KDE and FTF related ones to follow. First off, it was fun to see old friends again — Helio in particular, and a belated congratulations to him for joining Collabora. Met many new friends, from Python Brasil, from KDE MG (not the racing car, but Minas Gerais). Heard from Ane Cecilia about her GSOC work on Plasma, watched some Gluon games, saw a bit of Rocs, and had James Italiano explain Fluid to me. All very impressive pieces of technology or innovation. Anne-Marie Mahfouf was here as well, on vacation, and we just kept having to say to various KDE-BR folk “you need to go to Akademy.” Good times.

As for the Iguacu Falls themselves, Eleanor Roosevelt was right. Four of us — Sandro, James, Anne-Marie and myself — went on saturday afternoon. There had been a heavy rain and wind storm in the morning, so there were trees down all over Foz; however, mere rain doesn’t get you nearly as wet as the swollen river thundering over the falls into the Devil’s Throat. Advice: wear sandals and short shorts, and buy the raincoat.

Going to Paraguay for shopping is a popular pastime here, so I joined in an expedition this morning. Expedition is the wrong word, since it’s a ten minute taxi ride across the Friendship Bridge. However, shopping in an area crushed by poverty feels very wrong. The contrast between the two sides of Foz is striking and uncomfortable. The Brasilian side of Foz is relatively clean and neat, and — although I have very little material for comparison — feels safe and somewhat welcoming. I know I’ll be planning for next year.

Free Software but not Open Source

Thursday, October 22nd, 2009

It is possible for software to be Free Software (in the sense of GPL version 2 compatible), and yet not satisfy the requirements of the Open Source Initiative for being an Open Source license. This is an obscure corner case in the GPL, because people usually (not always) mean Free Software when they say “Open Source” — stressing a technical detail that is a prerequisite for Freedom over Freedom itself.

The relevant bit of the GPLv2 is clause 8:

8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.

You could write GPLv2 licensed software whose distribution to the United States is prohibited, for instance. This clause allowing additional restrictions based on geography has not survived in the GPL version 3.

In any case, for a GPLv2 plus geographical restriction license, the problematic requirement is requirement 5, No Discrimination Against Persons or Groups, formulated as: The license must not discriminate against any person or group of persons. Clearly restricting a GPLv2 licensed product to a certain geographical area discriminates against a specific group (i.e. those outside that area).

I’m told — but have not verified — that there are also two Open Source licenses that are not Free Software (i.e. the converse of the compatibility issue pointed out here). I’m also told that they are used by one project each, so it’s not a huge burden on the Free Software community.

A Travelogue

Thursday, October 22nd, 2009

What’s to say about Amsterdam – it’s too far away from my house to be convenient, and then dead boring with its shopping concourse. Even the whisky store is of little interest because it has prices comparable to the local place at home; there is no benefit to “tax-free”.

Paris Charles de Gaulle, though, is arguably worse. Most of the shops are closed at 19:00, and lights go out in parts of the terminal buildings, so it seems empty and deserted. Signposting for the shuttle bus that goes around the six terminal halls is erratic, so I ended up walking. It’s only 15 minutes from one end to the other, but again you need to search every now and then for the next sign to 2A. For those who have gone to FOSDEM by car with me, think “like Brussels, only less grotty.”

The flight with TAM from Paris to Sao Paulo was surprisingly pleasant. Not too cramped, mostly, and that’s important on a 12 hour flight. Watched some movies I otherwise would not have. Wolverine was terribly unfinished, I thought. If you know the comics perhaps it makes a little more sense, or the time jumps are dealt with better. The SFX could be described as “cheesy” at best. Ah well, at least I’ve seen an American comic-based action movie this decade.

Much better — at least until 5 minutes from the end — was Adventureland, one of those comic growing-up movies. Set in 1987, this was terribly recognizable for me. Not the drunk driving and copious use of marijuana, but the rest of the cultural setting. Billy Idol, the Cure and faux-philosophical conversations? Check. The overly feel-good ending felt tacked-on, though. That tied up one loose end that need not have been.

Anyway, Sao Paulo airport is boring like most others. I should go for a coffee. At R$ 2.90 it’s 35% of the price of an espresso in Amsterdam. Probably better coffee, too.

In about an hour I carry on to Foz do Iguacu for Latinoware. I still need to rassle up my slides, but there’s enough time for that — and it looks like a beautiful day now the sun is coming up. [[ Posted much later in the day because I fell asleep once I got to the hotel, and later the ‘net was down. ]]

Going South

Tuesday, October 20th, 2009

Up until today, the furthest south I had been in pursuit of Free Software was Abuja, although that was just a touchdown. I have practiced Free Software in Kano (12.1N) and in Bangalore (13.0N). Today, that barrier gets smashed as I head down to Latinoware in Foz Do Iguacu (25.5S). So that is four continents and the subcontinent (India has a special place in my heart); I have my sights set on Australia this winter, but the Antarctic will probably just not happen.

So, Latinoware. South America’s largest Free Software conference? Eight parallel tracks? I’m tremendously honoured to be giving two talks at the conference. One with my blue hat — KDE — and one with my green hat — FSFE. That’s a technical and project plan talk about what KDE is doing and where it is going, and a project management and legal talk about how Free Software projects can be run. Both topics close to my heart, and I’ll likely talk about what the FSFE does for KDE in the KDE talk and use KDE as an example in the FSFE talk. Hats can be so confusing.

In the meantime, I expect to be slightly out-of-sync with goings-on in Europe. I hope, nay, expect, the network to be better than at some conferences I’ve attended, though. See you soon (Helio, Mauricio, and others).

smbmount functionality

Tuesday, October 20th, 2009

Because I was futzing around with Samba yesterday, I installed smbmount (a shell wrapper around /sbin/mount.cifs). I needed to (briefly) mount a network-based NAS in order to move some files to it. I’ll reconfigure the NAS later to take either FTP (unsecure, but it is on a local wired network) or NFS — although I’m not sure it actually supports NFS. Anyway, apt-get install smbfs on a Kubuntu 9.04 box. So, who’s to be surprised when this happens:

$ /sbin/mount.cifs
Segmentation fault

That is, shall we say, not an ideal response if there are mandatory parameters that have been left out. Good thing it’s Free Software, so you can see the source code and realise that the check for argc < 3 is a little late and that mountpoint = argv[2] might not be a good idea if no arguments are given. Hey, it’s worth a bug report, patch — and then hope for a release faster than when fixing Windows 7 SMB bugs 🙂

SMB2 Security

Monday, October 19th, 2009

While looking to install smbclient on my laptop this morning to talk to some devices on my home network, I was pointed at a security advisory regarding SMB2. It’s about a known defect the SMB2 implementation on Windows 7 — kind of interesting to have pre-release security defects publicised already. The FSFE’s statement is here, and you can find English-language Heise coverage here.

The intermediate work-around — isolate Windows machines from the Internet with a good firewall — is good practice anyway. Do not let SMB traffic escape from your local network.

GPLv2 clause 6

Monday, October 19th, 2009

This week I was in Grenoble for the Embedded Linux Conference Europe. On the seond day of the conference — Friday — I was one of the few people wandering around in a suit. Even the guys who normally wear suits had dressed down to deal with the nitty-gritty of kernel threads, time sources, and boot time optimization.

So I talked about licenses. And license obligations. And interesting bits of the GPL version 2. There’s one clause of the GPL version 2 that I’d like to single out because it’s one that is surprising to me — and rarely mentioned. Clause 6.

6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients’ exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.

So, let’s suppose you (Bob) receive a program under the GPLv2 from the original author (licensor, called Alice), and pass it on unmodified to a third party, Charles. Clause 1 of the GPL applies, because it is verbatim. You just need to give Charles a copy of the license, and Charles receives a license from Alice automatically. There is in my reading no license, no relation whatsoever between you and Charles. Now if Charles distributes the program, the only license he could violate is Alice’s, and it is Alice who would need to enforce any violation.

This is actually how it works, too — suppose Alice wrote a part of the Linux kernel, she grants a license to any recipient (Charles) even though there are second parties involved (Bob); Alice can enjoin Charles to satisfy the requirements of the license. (For Alice perhaps read ‘Arald)

Now suppose you, Bob, modify the program before distributing it. In that case, clause 2b comes into play and the resulting work (based on the program) is also covered by the GPL version 2. When you distribute it, Charles receives a license from you to the modified work, and Charles receives a license from Alice to the original program. This is powerful, because Charles now has two licenses and two licensors that he must satisfy — but also weak, it seems to me, because Charles could violate one of the licenses and still keep the other. So if Bob sues Charles over compliance, Charles could just switch to the original Alice version (unless Alice enforces compliance issues as well).

It’s unlikely that would work in practice, because Charles wants the modifications done by Bob. Probably.

PS. Thanks to Saul Goode for some very careful and relevant comments to my previous writing on the GPL version 2; in particular pointing to the US Copyright Code and how it doesn’t restrict running the program at all — as indeed the GPLv2 itself writes “The act of running the program is now trestricted.”

On damages and responsibility

Sunday, October 18th, 2009

My newspaper — the NRC — contains an item de uitspraak on page two once a week that deals with some recent court ruling. This week it is a copyright-related item, probably spurred on by last week’s controversy about rights payments on embedded videos on personal websites.

I’ll translate and quote parts of the column here, because it is of interest. This is transformative in nature and thus creates a derived work. Let’s think that this particular derivative work falls under “fair use” (which doesn’t exist as such in Dutch copyright law).

To start off, it’s not actually a copyright item; a 15-year old posted a copyrighted photograph which he had found with image search on his own website. He did this twice. An earlier case awarded the rightsholder (the photographer) EUR 4000 in damages. That seems a bit excessive to me, but .. in any case, the kid did not pay, and now the rightsholder is suing the parents for the same damages.

So this case actually is about claiming damages from parents, in particular because of the responsibility that parents have for the actions of their children. Dutch law says “Responsibility for damages caused to third parties by a child, 14 or 15 years old, lies with those who exercise parental control, except if they cannot be blamed for not preventing the actions (causing the damage) by the child.” Ugh, that’s convoluted, and “parental control” is something called “ouderlijk gezag,” which may be exercised by natural parents or foster parents or in some cases an institution.

According to de uitspraak, the considerations in this case were that a 15-year old has a reasonable expectation of autonomy and that non-stop surveillance is not to be expected (heck, I don’t watch non-stop over my kids when they’re surfing, and they are 5 and 6 — but then I do try to start them in a safe place of the net). So letting kids do “stuff” on the net is not a reason in itself a reason to expect surveillance. The judge also states that it need not be considered unusual for kids to maintain a website. As a result the parents are not held responsible for the damages.

Note that this says nothing about the damages awarded earlier: presumably the kid still owes 4k from the original case. It does, however, say something about where parental oversight is expected for kids doing things on the net.