See also: last week's Letters page.

Letters to the editor

From:	 "Eric S. Raymond" <esr@thyrsus.com>
To:	 lwn@lwn.net, editors@linuxtoday.com, malda@slashdot.org, editor@linux.com,
	 editors@newsforge.com
Subject: Thank you, Microsoft, but no thanks!
Date:	 Fri, 9 Nov 2001 16:50:08 -0500

In remarks at a Microsoft stockholders' meeting, Bill Gates recently
claimed that Microsoft was responsible for the success of open source.

"Really," he said "the reason you see open source there at all is
because we came in and said there should be a platform that's
identical with millions and millions of machines."

As an exercise in retroactive imperialism, this is little short of
breathtaking.  It ignores the fact that though the open-source culture
wouldn't get public visibility until after 1993, or a name for itself
until 1998, it already existed well before the foundation of Microsoft
in 1975.  Many of today's most active hackers can readily remember a
time when the typical response to the word "Microsoft" was "Who are
they?" -- and some of our most important work (such as the Berkeley
TCP/IP stack that Microsoft itself copied and used) was written years
before the computing landscape flattened into PCs as far as the eye
can see.

But there is one smidgen of truth in this; yes, Mr. Gates, recently you have
helped open source succeed -- in much the same way Osama bin Laden has
helped beef up airport security lately.  

Microsoft's monopolistic, price-gouging, bullying behavior is making
open source more attractive every day.  We'd thank you, except that
you're only accelerating a process that would have happened anyway.
You're a serviceable villain, but not a necessary one; the dedication
to excellence and the sense of worldwide community that are behind the
open-source movement were here long before Microsoft, and will still be here
long after Microsoft is gone.
-- 
		<a href="http://www.tuxedo.org/~esr/">Eric S. Raymond</a>

From:	 Dan Stromberg <strombrg@nis.acs.uci.edu>
To:	 letters@lwn.net
Subject: legal aspects of opensource
Date:	 Thu, 8 Nov 2001 10:33:45 -0800

I sincerely hope you won't stop covering the legal aspects of
opensource.  It's important information, and you cover it well.

-- 
Dan Stromberg                                               UCI/NACS/DCS

From:	 Bruce Ide <greyfox@flying-rhenquest.net>
To:	 lwn@lwn.net
Subject: Redistributing GPL Code
Date:	 Thu, 8 Nov 2001 05:16:43 -0700

> Heres an interesting scenario, though: suppose an unethical vendor 
> obtains a copy of a program licensed under the GPL, makes a change, 
> and resells the product under a proprietary license?  

Then I sue him for distributing a derivative work under the copyright
laws.

Unlike a regular EULA, which takes rights away from the user, the GPL
only grants you rights. If you do not accept the GPL or EULAs get
declared unconstitutional in court, control reverts back to standard
copyright with all the happy copyright protections including the
derivative work clauses.

This of course depends upon the copyright holder defending his
copyright. If the copyright holder happens to be the FSF, I guarantee
you they'll go after the infringer like a rabid pit bull. I'm pretty
sure Stallman's been itching to try the thing out in court. You
know why every company this far has caved when he's gone after
them for similar things? Because those companies have lots of
expensive lawyers who have evaluated the GPL. They've told the
people in charge that it's solid and that the company will lose
in court if the FSF sues them. Check with any big company that
does software and you will find they have a policy that if you
work on a software product, you can't contribute (or even
look at the source for) a similar open source program. Even
in your spare time.

Usual disclaimers apply; I am not a lawyer (But I play one on
TV.)

--
Bruce Ide                               greyfox@flying-rhenquest.net 
Carpe capregenus                        http://www.flying-rhenquest.net

From:	 Chris Brand <Chris_Brand@spectrumsignal.com>
To:	 'Gleef' <gleef@ybten.net>, "'letters@lwn.net'" <letters@lwn.net>,
	 'Alan Cox' <alan@lxorguk.ukuu.org.uk>
Subject: Re: DMCA Issues
Date:	 Fri, 9 Nov 2001 14:38:28 -0800

Gleef wrote:
>Alan is neither a US citizen nor a US resident, and should not bear
>the brunt of fighting a US law; I consider his stance of staying away
>from the US, until the DMCA no longer threatens him, prudent.  
 
Ironic, then, that since the 1988 Copyright, Design and Patents Act became
law in the UK, it has been illegal there to "publish information intended to
enable or assist persons to circumvent that form of copy-protection"
See http://www.hmso.gov.uk/acts/acts1988/Ukpga_19880048_en_21.htm#mdiv296.
 
I suspect that anything that is considered "rights management" could also be
considered "copy-protection", although I'm certainly not a lawyer. Certainly
file permissions and userids may be used for copy-protection, and Alan's far
more vulnerable to UK law than the DMCA.

Chris Brand

From:	 Alan Cox <alan@lxorguk.ukuu.org.uk>
To:	 Chris_Brand@spectrumsignal.com (Chris Brand)
Subject: Re: DMCA Issues
Date:	 Fri, 9 Nov 2001 22:49:07 +0000 (GMT)
Cc:	 gleef@ybten.net ('Gleef'), letters@lwn.net ('letters@lwn.net'),
	 alan@lxorguk.ukuu.org.uk ('Alan Cox')

> law in the UK, it has been illegal there to "publish information intended to
> enable or assist persons to circumvent that form of copy-protection"
> See http://www.hmso.gov.uk/acts/acts1988/Ukpga_19880048_en_21.htm#mdiv296
> <http://www.hmso.gov.uk/acts/acts1988/Ukpga_19880048_en_21.htm#mdiv296>  2b.

Note the "intended to"

The DMCA lacks intent checks. Thats also why thefreeworld.net requires you
promise you arent using the info to commit an offence.

Alan

From:	 Seth LaForge <sethml@ofb.net>
To:	 letters@lwn.net
Subject: Re: bug reporting in noncommercial software
Date:	 Sat, 10 Nov 2001 14:48:01 -0800
Cc:	 debian-debbugs@lists.debian.org, David.Kastrup@t-online.de

Two weeks ago on lwn.net, David Kastrup complained that his users
don't submit bugs, and that the failure of free software to keep bugs
under control is due to lack of bug reports.  This is an area I've
been giving thought to lately.  I think that a large part of the
problem is the great variety of bug reporting and tracking mechanisms
in use.  If I want to report a bug for some program, I have to hunt
down the documentation which describes how to submit a bug, possibly
register with a bug reporting database, figure out what version I have
of the program and all software that it depends on, and coherently
describe the bug.  By this time I've spent half an hour of my life
reporting a bug that may well have already been reported by somebody
else.  This doesn't much encourage me to report bugs.

The Debian Project (<URL:http://www.debian.org/>) has inadvertantly
found a solution for the problem.  They have a bug tracking system
for tracking bugs in packages in the Debian distribution - it's at
<URL:http://www.debian.org/Bugs/>.  The system is primarily for
tracking bugs in the packaging of programs (for example, a package
that doesn't install man pages properly), but it is also used to track
bugs in the actual programs.  Every package has a designated package
maintainer.  When a software bug is reported to a package maintainer,
the maintainer is responsible for forwarding the bug on to the package
author (or bug tracking system, or mailing list, or what-have-you) and
keeping track of its progress.  By routing all bug reports through
maintainers who decide what action to take, Debian has made it much
simpler and more consistent to report a bug.

Further, Debian features the excellent "reportbug" utility.  Suppose I
discover a bug in elvis.  All I have to do is type "reportbug" in a
shell.  I get back a prompt "Enter a package:".  I type "elvis".
reportbug then queries the Debian bug tracking system for existing bug
reports on elvis and displays summaries of all bugs.  I can then view
the full text of any bug report, and if I find one that matches the
bug I'm attempting to report, I can either quit or submit a followup
to the existing bug report.  If I don't find my bug already listed,
reportbug will bring up an editor window in which I can describe the
problem.  report bug then appends information about the version of the
package involved, all packages it depends on, my kernel version, etc.
and sends the report on to the Debian bug tracking system.

reportbug makes it easy for me to discover if my bug has already been
reported.  It makes it sure that all bugs get reported with full
information on version numbers and the status of the system.  I only
have to learn to use a single bug reporting tool rather than learning
a new tool for every program I encounter a bug in.  It's great!

It would be wonderful if a system like this could be extended to free
software in general, rather than just the Debian distribution.
Because there are Debian packages for most free software, there's bug
tracking for pretty much any free program I might run into, but the
system isn't available for users of other distributions, or non-Linux
systems.  I'm not sure how one would generalize the Debian bug
tracking system to extend to all of free software.  One way that comes
to mind is to split the Debian bug tracking system into two halves -
one half for Debian-specific bugs, and the other half for program
bugs.  Then package up reportbug for all of the major Linux
distributions, as well as for *BSD, Solaris, etc.  Encourage the
authors of simple packages to use it as their primary bug tracking
system; I'm sure there are plenty of projects and programs which
currently don't use a bug tracking system out of inertia, but would if
there were a simple standard.

Of course there are currently political and technical obstacles to
splitting the Debian bug tracking system as I propose, but the
fundamental infrastructure is there and ready to go.  I hope this
letter will inspire some thought and perhaps action on the matter.

Seth LaForge

From:	 Scott Johnston <scott@accom.com>
To:	 letters@lwn.net
Subject: ivtools-1.0 release
Date:	 Fri, 09 Nov 2001 15:28:51 -0800

Thanks for the mention of the 1.0 release of ivtools.  I should mention
that Vectaport Inc. is no longer an ongoing commercial concern, but the
ivtools software lives on with a BSD-style license.  This could prove
useful to free software businesses developing custom commercial
applications that require direct-manipulation graphics.

Yes, idraw is ancient by recent standards, but then so is X11, emacs,
TeX, ghostscript, and don't forget the Unix kernel.  Old software does
not necessarily make for useless software.  But you knew that.

Scott Johnston
http://www.ivtools.org

From:	 Nathan Myers <ncm@nospam.cantrip.org>
To:	 letters@lwn.net
Subject: Gartner reports' true meaning
Date:	 Sun, 11 Nov 2001 03:39:55 -0800

To the editors,

The Gartner Group has has published several reports lately touching
on Free Software that must have left many LWN readers confused.  
After years of painfully misleading commentary, suddenly we see a 
few outbreaks of rare good sense, punctuated by more of the customary 
nonsense.

I have been observing "market research" companies for a decade, and 
have learned a lot about what such reports really mean.

Although all "market research" companies claim to do research (and a 
few actually do!), that is not their main job.  They offer their "reports" 
at outrageous prices, but most of their paying customers aren't paying
to learn what's in the reports.  What are the real customers buying?  The 
real customers are what are usually called "corporate communications" 
officers -- less politely, flacks.

The job of a flack is to get her employer's product noticed.  Sending 
press releases is a part of the job, but press releases, when not 
discarded, usually appear where people can safely ignore them.  To get 
a press release noticed, it has to _seem_ to come from somewhere else.  
This is the market researchers' real job.  They gather material sent in
by their real, paying customers into "reports".  They invite cooperative 
magazine columnists to (otherwise) expensive conferences, feed them 
handsomely, and hand them reports.  Columnists regurgitate the reports
in those industry magazines we all get at well below production cost.

When we see a "market research" report, even knowing its true origin,
we can learn something.  We can learn what the big players in a market 
want believed.  More, we can learn what many buyers, as well as investors
and smaller competitors in that market, will do.  Buyers follow the 
recommendations because they believe, or don't know what else to do, 
or are afraid not to.  The smaller competitors have to provide what
the customers think they want (so actually have to buy the reports!).  
Investors put their money where the buyers are.  When this positive-
feedback cycle works just right, everybody makes out fine until somebody 
notices that the products don't work or the consumers aren't interested.
(Even then, nobody has to give any of the money back.)

What does this mean about recent, surprising, reports?  First, the 
market research agencies are in a fix right now.  A big chunk of their 
more generous, naive, and "innovative" customer base just closed its 
collective doors.  Literally thousands fewer corporate communications 
officers are shoveling press releases and checks into their mailboxes.  
Second, just because few are paying to have reports written doesn't 
mean they can stop writing reports; they depend for survival on their 
names appearing in print.  Third, the cheapest, most reliable way get 
mentioned in print is to write controversial things.  Finally, a good 
way to drum up new business is to provoke it by publishing what some 
would pay to have re-spun.

The recent, surprising reports from the Gartner Group could be examples
of this process: maybe Gartner is just stumping for Microsoft business.
More likely, something even more cheesy is going on.  In any case, the 
most sensible response to a Gartner Group report is to ring the spittoon
and move on.

Nathan Myers
ncm@nospam.cantrip.org