See also: last week's Letters page.

Letters to the editor

From:	 Alan Cox <alan@lxorguk.ukuu.org.uk>
To:	 alschair@usenix.org
Subject: Resignation from ALS, Skylarov affair...
Date:	 Fri, 20 Jul 2001 12:31:02 +0100 (BST)
Cc:	 editor@lwn.net, editors@newsforge.com, gnu@eff.org


I hereby tender my resignation to the Usenix ALS committee.

With the arrest of Dimitry Sklyarov it has become apparent that it is not
safe for non US software engineers to visit the United States. While he was
undoubtedly chosen for political reasons as a Russian is a good example for
the US public the risk extends arbitarily further.

Usenix by its choice of a US location is encouraging other programmers, many
from eastern european states hated by the US government to take the same
risks. That is something I cannot morally be part of. Who will be the next
conference speaker slammed into a US jail for years for committing no crime?
Are usenix prepared to take the chance it will be their speakers ?

Until the DMCA mess is resolved I would urge all non US citizens to boycott
conferences in the USA and all US conference bodies to hold their
conferences elsehere.

I appreciate that this problem is not of Usenix making, but it must be addressed

Alan Cox

From:	 "Jon 'maddog' Hall, Executive Director, Linux International" <maddog@li.org>
To:	 alan@lxorguk.ukuu.org.uk
Subject: Your very public message
Date:	 Fri, 20 Jul 2001 14:43:12 -0400
Cc:	 "Bryan C. Andregg" <bandregg@redhat.com>, maddog@linux.local,
	 ellie@usenix.org, editor@lwn.net, editors@newsforge.com, gnu@eff.org

Alan,

Your decision to boycott the ALS event is certainly yours to make, and I
deeply regret the situation that caused you to make it.

However, to chose ALS as the focus of your first message on this I feel is
a little unfair, particularly with the recent steps that USENIX has taken to
working with the EFF to defend the rights of University professors to publish
their research works around DCMA.  These professors were threatened with suit
by various large companies, and through the efforts of EFF and USENIX, these
companies are now backing down from their suits.

Your wording around USENIX "choosing a US location" ignores the fact that
ALS has always been in the US, the same way that Linux TAG has always been
in Germany, and the Linux Kongress has (almost) always been in Germany, with
occasional visits to the Netherlands.  USENIX has co-sponsored in the past
and continues to co-sponsor non-US events.

Also I do object to your statements that the US Government "hates" eastern
european states.  I seem to remember much pressure from the US to
lower the Berlin wall, and to allow more freedoms for eastern european people.

I believe this to be a case where someone broke a US law from afar over
this global thing called the "Internet" and then tried to take advantage of a
US-based conference.  If this is the case, then it may be a mis-directed
legal system, but I doubt that it was fueled by "hate."  Your inference that
"hate" fueled this incident is distasteful.

As I said, your right to leave the ALS program committee, or even to urge
others to boycott US events is yours to make, and I support your right to make
it.  Your points about other developers (foreign or otherwise) who have
violated US laws in their coding is probably more than valid.

I do, however, ask that you direct your venom to those who deserve it.

Warmest regards and greatest respect,

maddog
-- 
=============================================================================
Jon "maddog" Hall
Executive Director           Linux(R) International
email: maddog@li.org         80 Amherst St. 
Voice: +1.603.672.4557       Amherst, N.H. 03031-3032 U.S.A.
WWW: http://www.li.org

Board Member: Uniforum Association, USENIX Association

(R)Linux is a registered trademark of Linus Torvalds in several countries.


-- 
=============================================================================
Jon "maddog" Hall
Executive Director           Linux(R) International
email: maddog@li.org         80 Amherst St. 
Voice: +1.603.672.4557       Amherst, N.H. 03031-3032 U.S.A.
WWW: http://www.li.org

Board Member: Uniforum Association, USENIX Association

(R)Linux is a registered trademark of Linus Torvalds in several countries.

From:	 Shane Kerr <shane@time-travellers.org>
To:	 letters@lwn.net
Subject: MySQL.com seems to have time to hack
Date:	 Thu, 19 Jul 2001 11:52:10 +0200

LWN Editors,

I work at a company that has a support contract from MySQL AB, and I've
had excellent support from them (far better than support from any
proprietary shops I've tried to get support from in the past, e.g.
Oracle, Sun, DEC).  In the midst of all of the MySQL.org fiasco I
discovered a problem with the handling of certain updates in MySQL, and
was sent a patch this morning to fix it.

I've never had any experience with NuSphere, but in my opinion the MySQL
AB folks are Stand Up Guys, and are certainly not too busy fighting
instead of hacking.

Shane
As always, of course, all opinions are my own

From:	 Lucy Brooks <lucy@brooks.fdns.net>
To:	 lwn@lwn.net
Subject: Adobe complaint answers itself
Date:	 Thu, 19 Jul 2001 17:16:50 +0800

One of the first things to strike the eye when reading Adobe's complaint 
against Dmitry Sklyarov is the tricky wording of the DMCA:

    Sec. 1201. (Circumvention of copyright protection systems)
        (a)(2) and (a)(2)(A):

    No person shall manufacture, import, offer to the public,
    provide or otherwise traffic in any technology, product,
    service, device, component, or part thereof that [...] is
    primarily designed or produced for the purpose of
    circumventing a technological protection measure that
    effectively controls access to a work protected under
    this title;

Even if one accepts that Dmitry's program by itself is able to circumvent `a 
technological protection measure' (which the FBI apparently do not), one has 
to wonder if `effectively controls' is a useful phrase, for two reasons.

Firstly, the display of a `protected' work is in itself a demonstration that 
the `technological protection measure' in question does not effectively 
control the work.

Secondly, does `controls access to' including controlling access BEYOND the 
controls offered by copyright? I would think that for free speech reasons 
alone the prevention of excerption would be unlawful, and certainly the 
prevention of much other `fair use' goes well beyond the copyright holder's 
mandate to protect their work. In other words, what the `technological 
protection measure' is ineffectively attempting to control includes acts 
which are not a violation of copyright rights. In other words, this 
`technological protection measure' represents an unlawful extension of 
copyright powers beyond those laid out in copyright legislation.

Even ignoring the basic stupidity of failing to distinguish fair use of their 
copyrighted work, the Affidavit shoots itself in the foot. It asserts that 
Tom Diaz, Senior Engineering Manager for Adobe's eBook Development Group, 
believes that `the Elcomsoft software program, coupled with the Elcomsoft 
unlocking key, circumvents protection'. But Dmitry Sklyarov DID NOT PROVIDE 
Daniel J O'Connell (the swearer of the Affidavit) with an `Elcomsoft 
unlocking key', and so did not provide him with the means of decrypting an 
eBook. In point of fact, as Adobe themselves helpfully point out (and supply 
a copy of the appropriate email), one Vladimir Katarov provided the `key'.

On top of this, although Dmitry is the copyright holder of `the Elcomsoft 
software program' there is no actual evidence that he wrote it and even if 
there were some way of proving this, it would have to be done IN THE UNITED 
STATES to be illegal, nor is there any evidence that Dmitry personally 
provided anything to anyone IN THE UNITED STATES.

All Dmitry has done IN THE UNITED STATES is to make a speech. Neither making 
a speech nor holding a copyright count as any of `manufacture, import, offer 
to the public, or otherwise traffic' in relation to circumventing protection. 
Adobe may be able to hammer Register Now or Elcomsoft, but they cannot touch 
Dmitry unless they are able to prove that he wrote some significant part of 
the `circumvention device' IN THE UNITED STATES.

There are other possible ways to `get' Dmitry but none of them relate to 
1201(b)(1)(A) and all of them are difficult to prove. As has been pointed out 
in detail in many places, the DMCA is a stupid piece of legislation wide open 
to abuse, only capable of protecting technical incompetence (and as I 
mentioned above, may not even protect that) and needs to be repealed.

Cheers; Leon

From:	 Igor Bukanov <boukanov@fi.uib.no>
To:	 letters@lwn.net
Subject: Why applets fail
Date:	 Thu, 19 Jul 2001 11:26:21 +0200

The problem with failed applets you mentioned when tested JRE plugins is 
caused by using JDK 1.1 compiler that generated code JRE 1.3 verifier 
did not like. And although the applets can be recompiled with JDK 1.3 
compiler or IBM's jikes to produce code that is OK for any JDK, the new 
code may not run with Microsoft JVM due to bugs in its JIT. And 
Microsoft JVM now days is used in 90% of cases to run applets.

Regards, Igor

From:	 <mschwarz@alienmystery.planetmercury.net>
To:	 letters@lwn.net
Subject: Java COULD be a good choice
Date:	 Fri, 20 Jul 2001 15:48:59 -0500 (CDT)

I'd like to respond breifly to Gerard Fernandes' letter in the last issue
of lwn.net.  I am presently a 100% Java programmer (with C++, C, perl,
Python, Pascal, and Assembly langauges back to the 8080 in my toolkit) and
I share his enthusiasm for the language.  It gets so much RIGHT.

I would, however, point out that it is the tight legal control that Sun
maintains on Java that holds it back.  Linux implementations of Java are
amongst the pporest performers (although this has seen dramatic
improvements in the last 12 months), and Sun's ongoing refusal to put Java
under a standards body has been the biggest impediment to its universal
adoption as the applications language of choice (IMHO).

Microsoft's .NET would die on the vine tomorrow if Sun would submit both
VM specification and the JDK (language spec and class libraries) to
IEEE and/or ANSI for standardization.  It would REALLY take off (again,
IMHO) if they would put the whole JDK under the GPL.

Perhaps I'm being obtude, but since they give the binraries for these
tools away, I'm not sure how their revenue would be changed if they gave
away the source code as well.

The fear of fragmentation is legitimate, but remote I think.  If they put
up all the infrstructure: Web site, CVS server, developer's forums, etc.,
there would be little incentive for competing versions of the product.  It
would also allow real innovation like http://www.jython.org to have an
easier time of it.

So, I agree about the strengths of Java as a language for many things, but
I disagree that it is a suitable platform for Free Software or Open Source
software, just because Sun could at any time redefine what Java is and
everyone everywhere would have to adapt or die.

Truth is, I can't see why anyone would choose a proprietary product when a
truly open alternative is available.  Java is almost there, but Sun has to
go all the way if they want this heart and mind to adopt Java as a
development standard for Open Source projects.

--
Michael A. Schwarz
mschwarz@sherbtel.net

From:	 Fred Mobach <fred@mobach.nl>
To:	 letters@lwn.net
Subject: This week in Linux history : July 19, 2001
Date:	 Thu, 19 Jul 2001 23:03:34 +0200

Hello,

In "This week in Linux history" you wrote :

> Three years ago ...
>
> Linus made clear his position that 4MB machines would no longer be a development
> priority or interest for the 2.1.X development tree. Nowadays, finding a PC with only
> 4MB of memory might be difficult. Even projects such as TINY Linux, which is
> designed especially for old, recycled computers, requires at least 8MB (but still
> supports the i386 chip).

Surprise, that 4 MB barrier is still valid in at least one case : the
Tomukas distribution. It's a mini-distribution with X11, which happens
to run on a 386 with
4 MB RAM. See http://melkor.dnp.fmph.uniba.sk/~garabik/tomukas/.

Regards,

Fred
-- 
Fred Mobach - fred@mobach.nl - postmaster@mobach.nl
Systemhouse Mobach bv - The Netherlands - since 1976

The Free Transaction Processing Monitor project : http://www.ftpm.org/

From:	 Good Music Canada <goodmusic@canada.com>
To:	 letters@lwn.net
Subject: Cliq software
Date:	 Thu, 19 Jul 2001 09:43:27 -0500 (CDT)

After looking around for Cliq for a few days,
I found out that they changed their domain name 
to www.dr-quad.com and you can now buy their CD-ROM from Ebay.com
for less than downloading it from their site and buying a key.
I bought a copy from Ebay for $11.99 plus $4.00 shipping.

I just thought that someone may like to know this.

George

From:	 "Jay R. Ashworth" <jra@baylink.com>
To:	 lwn@lwn.net
Subject:  Snapgear, Wyse, the GPL, and you
Date:	 Tue, 24 Jul 2001 11:16:05 -0400

The GPL and Commercial Developement, redux
=========================================

A week or so ago, Linux Weekly News announced that SnapGear would be
selling a line of Internet gateways which would include VPN capability.

VPN capability is, of course, becoming more and more popular -- both for
supporting travelling workers, and also for making remote network
support easier.

And it's not surprising that these boxes would include that, because
they're based on Lineo's SecureEdge product line, and, a year or so
back, Lineo bought an Australian firm called Moreton Bay... who
employed the primary developers of PoPToP, a GPL licensed and publicly
available implementation of Point To Point Tunnelling Protocol or PPTP,
which -- well, whaddya know? -- just happens to be embedded in Windows 98.

So, obviously, there ought to be a bit of interest in a freely
available implementation of this protocol, right?  There is, of course,
and therein lies a story.  (You knew there was, right?)

I've set up systems with PoPToP (which, for convenience, I will not
continue to StudlYCapitalisE) for the remainder of this article), and
the results have been uneven.  The documentation is a bit thin, but
that's not all that surprising for open source projects.  It *is* thick
enough to get the program set up, and while that sometimes takes a
kernel patch (to support the most recent version of PPP, which is
required), it's not all that hard.

It's just that it doesn't always *work* all that well.

I have a couple of clients for whom we've set the package up, and it's
worked acceptably.  It's occasionally a bit boggy, but so is SSH, and
PPTP is carrying a bit more overhead.

And then came The Big One.

Client already wasn't happy with us; there had been a bunch of
miscommunication and some personality differences between the client
execs and our guy (the tech guy got along with him just fine).
I went in (as I remember this :-) and saved it; got the architecture
nailed down, designed a network for their two major remote sites and 4
or 5 smaller planned ones, and -- with no particular reason to expect a
problem, I went forth to implement.

And got shot in the back.

It blew entirely to hell.  Wouldn't work worth a crap.  Ate $3000 worth
of unbillable labor and ended up being replaced by WinNT boxes -- which
worked perfectly on the same links (RoadRunner and DSL links).

Obviously, if all I had here was the rant, this wouldn't have sounded
interesting enough for Jon to run, so, where am I going with this?

Well, do the math.  Obviously, neither Snapgear, nor their parent
company Lineo, is going to ship a commercial embedded product with an
implementation this messy, so they have to have cleaned it up, right?

Right.  Unfortunately, they combined the cleanup work with the work
necessary to port the code to the Coldfire processor, which is their
target platform.  So, we are in the interesting situation that there is
a publicly available port that was released under the GPL, and works
sort of half-assedly (that is to say, not really well, sometimes), and
we have a bunch of patches on the website of the vendor who's sponsored
a bunch of clean up work... that don't apply to the last general
release.

Some conversation with Miles Gillham from Snapgear by email (for which
he got extra points for replies that were written at 2300... until I
remembered that he's in Oz :-) clarified the point: a quick chat with
his lead programmer suggests that the patches that fixed the *problems*
aren't expected to conflict all that much with the earlier patches that
made the code portable to smaller, MMUless processors.

So we just have a scheduling and available manpower problem.

We've heard that before, right?

I pointed out to Miles that that "extra work" to do that part of the
job... is much smaller than the "extra work" that Lineo didn't have to
do to write the original code because the original authors wrote and
released it under the GPL.  We'll see what he says.  What he's said so
far amounts to it's more than his life is worth *not* to support the
GPL.

So, does this violate the spirit of the GPL?

It obviously doesn't violate the letter, to the extent that they post
their patches. And I have no reason to believe that the coders have any
hidden agendas.

But <rant type="we're getting precisely what we've asked for"> having
hidden agendas is what we *pay* corporations, especially publicly
held corporations, to do.</rant>

Still, there will come a time when someone does a substiantial amount of
work to a GPL'd product, after porting it to a processor that "no one
uses".  This one boils down, I guess, to a moral question.  The intent
of the GPL was to make people's patch work available back to the
community, as repayment for the work they didn't have to do to write
the code in the first place.  Such a situation  makes it a *necessity*
that such a commercial vendor do actual real (non-)billable work to
backport for general release.  Will they?  Should they?

And in fact, something worse may have already happened. Wyse used Linux
in their (now discontinued, I believe) 5535 Winterm. It ran Xfree, and
a server for AT&T's neato-cool VNC protocol, glued together. That's a
piece of functionality I've wanted to see the VNC people and the Xfree
people get together on for a long time -- it gives the X Window version
of VNC the same useful "copilot" ability that the Windows server has.

But I've never found a location where the results of that merger of two
GPL'd packages by a commercial company can be found, and emails to Wyse
have gone unanswered.

In either event, I think it's probably well that we keep an eye on
what such corporations do with their use of and contributions to
GPL projects, be they as big as IBM, or as small as Moreton Bay
Development... and give some thought to what intermediate answers might
mean, and just what exactly "GPL compliance" *is*.

Yes, it's nice that the commercial computing industry has taken notice
of free software... but I used "free software" on purpose there, as
opposed to "open source" -- let's make sure that software *stays*
free, shall we?  We have Linux, no bones about it, because the GPL
existed to license people's work under.  It works.  But only if we make
it work.