[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 On the Desktop
 Development
 Commerce
 Linux in the news
 Announcements
 Linux History
 Letters
All in one big page

Other LWN stuff:
 Daily Updates
 Calendar
 Linux Stocks Page
 Book reviews
 Penguin Gallery

 Archives/search
 Use LWN headlines
 Advertise here
 Contact us

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- GaŽl Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

See also: last week's LWN.

Leading items and editorials


We still haven't made our point. Over the last week, much has been said of Microsoft's new source policy for its Windows operating systems. Many seem to see it as a response to the rise of free software, and even the beginning of an "open source" policy on Microsoft's part. There is little, if any, truth in such speculation.

The new policy allows a small number of very large customers access to the Windows source. Of course, the usual sorts of nondisclosure agreements must be signed, including providing the names of all people who will see the source to Microsoft. But it goes beyond that - no modifications of any sort are allowed. Even if you find a bug, it will be illegal (or, at least, a violation of the license agreement) for you to fix it. With such rules, it would not be surprising if the source distribution lacked a key piece or two, making it impossible to build a new, working system.

This sort of source distribution is not particularly new. Your editor had access to the Vax/VMS source twenty years ago. The fact that it came in the form of a thick stack of microfiche pretty well insured that nobody would try to make changes.

But much of the commentary out there conveys the impression that Microsoft's offering is something different. For a fun time, check out this pronouncement from the Meta Group, which was published by News.com. The Meta Group styles itself as "a leading research and consulting firm, focusing on information technology and business transformation strategies," so one would presume that its output would make some sense. This particular offering, entitled "Microsoft co-opts open source approach," is, instead, a classic example of what comes out when you have no understanding of how free software works.

Consider this quote:

The advantage of providing Windows source code is that Microsoft enlists tens of thousands of software professionals in 1,000 or more of its biggest and best customers to help it test its key operating systems in their unique environments. This will create a flood of bug fixes, improvements and extensions that will flow back to Microsoft to improve those products.

How this "flood" will come about is unclear, given that modification of the source is not allowed. Those who would create all of these goodies will be working in violation of their license, and will be completely isolated from the Windows developers and from like-minded developers elsewhere. They will not be able to distribute their changes, or to benefit from the work of others. How productive, exactly, are these "tens of thousands of software professionals" going to be?

Reading further:

In our opinion, the Windows source code will inevitably end up on the Web--within six months or less--where thousands more hackers will start working on it, exposing weaknesses. This will help Microsoft improve its products further until they are bulletproof.

The source may well end up on the net somewhere. One might guess, however, given Microsoft's rather hard-line position on "piracy," that its reaction would indicate a distinct lack of amusement. In fact, it would probably make the DeCSS witchhunt look like a pretty mild affair. One can only hope that Gnutella and Freenet will be up to handling some seriously large files by the time this source escapes.

What will happen when these "thousands more hackers" start "exposing weaknesses" is unlikely to be pretty. People who find bugs in the Linux source issue press releases to the effect. But even looking at Microsoft's source will be a crime. Given Microsoft's crackdown on those criminals who were redistributing its security alerts, one can imagine that they will not welcome others "exposing weaknesses" by looking at purloined source. Prediction: those who find security bugs from Microsoft's source will not issue press releases. They will make their achievements known in rather less polite ways, and they will not provide patches to fix the problems.

It's not done yet:

In effect, Microsoft is co-opting the open-source approach. It is essentially recruiting the technical staff of its largest customers (and potentially even the entire hacker community) to help it create improved versions of its software that only it will have the right to distribute. This becomes the vehicle that will drive the technical community to its new model for software development and distribution.

The Meta Group thinks that "the entire hacker community" will have no problems with creating "improved versions" of software for the sole benefit of Microsoft. Somehow, thousands of talented engineers are going to do free work for Microsoft, while not being able to (legally) make use of their own enhancements, much less distribute them to others. These engineers, working in isolation without community, communication, or shared goals, are going to create the new software development model.

We don't think so. Read-only access to source for a small number of customers is not going to create a new software development model. And it has nothing to do with free software, or even "open source."

Despite their best efforts, people in the free software community still haven't managed to communicate to much of the world what is really going on here. The creation of great software requires openness, communication, and peer review. It requires that the developers get something back: credit, software that meets their needs, constructive criticism, and the ability to share what they have done. And, of course, it requires freedom. Those who live in the free software community can assume that everybody understands these things. It is sad to see how far from that understanding much of the world still is.

Harlan Ellison vs. the right to code. Speaking of freedom, those who have not yet seen it may want to have a look at Harlan Ellison's rant against those who post copies of his works on the net. And a rant it is; Mr. Ellison, to our knowledge, never published a story written entirely in upper case. Such restraint is not evident here.

Stylistic issues aside, Mr. Ellison is seeking to protect his rights to his work, as provided by copyright law. We wish him luck in that fight; he owns his work, and he should not have to accept its wide distribution on the net if that is not his wish. As LWN has said before, free software licensing, too, depends on copyright law.

Deep down in the article, however, you'll find this chilling statement:

With the second amended complaint, we were able to add a complaint for vicarious infringement against AOL for the development of the Gnutella file transfer protocol by its Nullsoft division. Gnutella is Napster without a central processing hub. By setting up a 'sting' operation, one of our investigators was able to track the infringement of several works by Harlan and Isaac Asimov using Gnutella. This presents interesting issues regarding the responsibility for the release of software which effectively pollutes the intellectual property environment.

If it becomes a crime to "pollute the intellectual property environment," then the freedom to program our computers is truly lost. Why does Mr. Ellison not go after the makers of scanners, optical character recognition software, ethernet interfaces, modems, disk drives, and other tools of "vicarious infringement"? What makes software special? Should the author of GNU "cp" start looking for a lawyer?

Mr. Ellison has shown himself to be a visionary writer over his career, but he now appears to be at a loss as the world changes around him. Distribution networks like Gnutella may well prove to be an important tool of freedom over the coming years. Nobody should have absolute control over the flow of information, after all. An attack on a creator of this sort of technology in the name of "vicarious infringement" is an attack on freedom. We urge Mr. Ellison to adopt a different set of tactics in this fight.

News from the Free Standards Group. After a period of relative quiet, the Free Standards Group has come out with a whole set of announcements. They include:

  • Version 1.1 of the Linux Development Platform Specification has been released. The LDPS provides a set of practices that will help in the creation of applications which are portable across distributions. It serves as a sort of stand-in until the real Linux Standard Base comes out - someday.

    LDPS 1.1 includes information on printing (though the sad fact is that it still has to recommend that applications use "lpr"), an expanded FAQ, information on POSIX threads (and how Linux diverges from that standard), and more.

  • Version 2.2beta of the Filesystem Hierarchy Standard (FHS) has been announced. The FHS specifies where files should be placed in a compliant Linux distribution; it deserves a lot of credit for bringing about a degree of coherence as the distributors move closer to compliance. The beta period for FHS-2.2 lasts through the end of March; if you have comments, now is the time to get them in.

  • The FHS is a lengthy document, but it's just one chapter of the Linux Standard Base, the overall standard we have been expecting for, well, some time. Things have been quiet on the LSB front, but that doesn't mean that nothing is going on; LSB-0.6.2 was recently released. The group hopes to have a 1.0 version out by the end of the year.

  • The LSB also has a new leader. Daniel Quinlan has stepped aside, and George Kraft will be the new chairman of the LSB project. Daniel has led the LSB through a long and difficult process, and he deserves a great deal of credit. Happily, he's not going too far away; he'll still be working with the Free Standards Group, and with the FHS and LDPS standards as well.
All of the above events show a project that is finally coming to fruition. The wide variety of Linux distributions is one of the system's strengths, not a weakness. Nonetheless, a set of standards which promote portability across distributions is very much needed. It is good to see that those standards are coming together at last.

Inside this week's Linux Weekly News:

  • Security: TCP/IP initial sequence number randomization flaws, new vulnerabilities in icecast, XFree86, sgml-tools, slrn, Zope, Mesa, timed, rwhod, and the FTP File System.
  • Kernel: SCHED_IDLE; making the kernel preemptable; changing the kernel configuration system.
  • Distributions: Critera for the LWN Distributions List, Midori, FlightLinux, WinSlack, and more.
  • On the Desktop: Talking with Eazel about Nautilus 1.0.
  • Development: Savannah, MySQL to Oracle, OpenNMS progress, Bio languages, LISA 0.5a.
  • Commerce: The sad story of Linuxgruven; EuroLinux on software patents.
  • History: Attend Linux Expo for $2; Bruce Perens quits Debian; where is that flood of Linux viruses?
  • Letters: Does Mozilla release often enough; free software != socialism.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


March 15, 2001

 

Next: Security

 
Eklektix, Inc. Linux powered! Copyright © 2001 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds