Older blog entries for hacker (starting at number 127)

Update: Microsoft Security

raph, I share the exact opposite view that you do, and I think that this could definately be a bad thing. I posted a quick comment on it a few days ago under that same Slashdot story you referenced in your recent diary entry.

Open Directory Project

softkid, your Open Directory Project seems mighty similar to the DMOZ Open Directory Project. Why noit just join them as an editor. They have quite a big jump on you already. I have one of my own for Palm-related content (ala AvantGo), but the code driving it is not complete yet.

More GPL Violations

A company based in San Francisco called Bluefish, has taken Plucker source code in full, and used it to create a product they sell (quite expensively). This isn't bad, but "their" application states clearly in the About box, that it is "Free Software" and covered under the GPL (as does the About box found in Plucker). They have removed all attributions and references to the original authors of the source code they are using, and replaced them with their own, which is very misleading. They have also taken custom artwork without permission, and used it on their application.

Here's a quick screenshot comparison Bluefish versus Plucker:

[main screen] from Bluefish's application (note the graphics on the toolbar)
[main screen] from Plucker, note the graphcs again

[preferences screen] from Bluefish's application
[preferences screen] from Plucker


[About screen] from Bluefish's application
[About screen] from Plucker


I called the CEO, James Fisher at the San Francisco office and politely made a verbal request for the source code to the application they provide in binary-only format on the Mercury News website.

He politely told me no.

I then said asked if he was aware that the application that they based their product on was covered under the GPL, and by not providing sources which created that binary that was already made available for download, he was in violation of the GPL, as detailed in Section 6, 7, and 10 (along with others) of the GNU General Public License, a license which Plucker is clearly covered under.

The GPL FAQ also has two related questions on it:

"I want to distribute an extended version of a GPL-covered program in binary form. Is it enough to distribute the source for the original version?"

"I want to distribute binaries, but distributing complete source is inconvenient. How about if I give users the diffs from the current FSF version along with the binaries, and suggest they get the base source from the FSF?"

He then said that he was not in violation, and suggested that I should "..go re-read the GPL, because we are not violating it..".

I asked for his email address, so I could quote him the relevant sections of the GPL he was violating. I also mentioned that I was going to put a call into the FSF to get their clarification on the issue.

Then he begins to tell me that he "might" release the sources, but that they were busy "debugging" them right now, and might release them when they was done. (The key word used there was "might", not "will")

Sorry, no. If you release a binary which was based on GPL sources, you are required to release the full sourcecode, scripts, and other tools which created that binary (which were covered under the GPL), at the same time, not months or years later. Section 3 of the GPL is very clear on this.

His assertion that they were "debugging" the application is invalid, as "debugged" sources will produce a different binary (whose source must also be made available upon request).

If you can put the binary up for download, you can put the source code up for download as well (though this is not required, it can be mailed or linked elsewhere). The stipulation though is that you can not impose more restrictions on the code, obtaining it, or its use, than you received when you agreed to the license by using it (Section 6. of the GPL).

I have written a draft letter (currently un-sent at the time of this diary entry) which I will be sending to James Fisher as well as copying in the relevant FSF parties. I have taken pains to make sure that this letter appears non-threatening, and that the proper "legal" language was used throughout. I welcome any comments on it before I send it (and after sending it, it might disappear from that URL)

Update: Someone recently brought up that they also have a name and logo which is suspisciously similar to the Bluefish HTML Editor. I took a quick comparison screenshot to show the similarities. Flip one fish horizontally and they are nearly identical. Who has the trademark first on this one?

I'm only concerned about the clear violation of the GPL stated above though, but this graphical logo similarity is interesting.

Is it just me, or is this happening more and more lately. Companies seem to treat Open Source and Free Software as some sort of "bake sale" of free code thew can just take and use however they wish, without abiding by the license, giving proper credit and attribution, or adhering to the terms of the code they've been using.

"Oh this code we downloaded to make our commercial product had some sort of GPL thing at the top of every file. We don't use that GPL thing, so we just removed that stuff and the names of those guys who wrote it. It's our code now."

pilot-link Needs Testers!

We're about to release the first preview release of pilot-link which includes some very neat new features -- USB support and a very detailed DEBUG and logging facility (thanks to jpr). I've also cleaned up the sources in general, making them more readable, compressing the cruft, and converted it all over to Automake and fully using getopt(). There's still some lingering issues with Win32 and OS/2 support, and requests for testers and porters have been made, but there has been no response yet.

Moving Eastward

The move back east is going slowly, much slower than I want. I do not want to have to pay another $2,000/USD for rent in February, especially while unemployed. I have Palmsource in San Jose to attend in a few weeks ($1,200/USD registration fee), and the cross-country relocation. Ick.

So much to do...

RoUS, vmware is something I know a great deal about, inside and out. I can probably help you.

I've gotten many unsupported USB devices working, regularly sync my Palms over USB, Ir, and serial into and out of vmware guest images, and have no problems with NAT or DVD playback.

Hit me up in email and I can help you out. I have some tweaks as well, that you may want to implement, which will speed up the performance of that NT image for you inside the vm. I have about 12 images I use in vmware on nearly a daily basis (and as I type this, FreeBSD 4.3 is happily compiling gnome inside vmware right now on another window).

I rely on it quite heavily for my cross-platform work, where I need a "soft" box to test in.

Sony Debacle II
Cross-posted from my original Slashdot posting on the same subejct from today

I've been hoping they'd learn, but they still do not. I just checked the Sony Palm Developer website, and they have a Windows binary of POSE, the PalmOS Emulator. This binary covers "PEG-T600C/T400/T415" models and another binary on the same site covers "PEG-S and PEG-N Series" models. The source code that they have available only covers "PEG-S and PEG-N Series" models. These are all from November 20th, 2001.

Sony, where is the POSE source code for the "PEG-T600C/T400/T415" series version of POSE? You have two new models of Clie devices on the horizon, and I'm sure that developers would like to begin supporting them, further increasing your sales margins. You have a Windows binary of POSE available that supports these models, you are legally bound to provide the source code which generated these binaries.

Here's a quote from your PalmOS® developer page:

The source code will be available with the final version.

Sony, listen closely.. you really need to make yourself aware of the GPL before you blindly violate it like this. If you come back with the excuse that you are "cleaning up the code", you are still in violation. "Cleaned up" code will produce a different binary. You are bound, by the GPL, with releasing the source code which generates any binary you create and distribute from that source code, Windows, Unix, or Macintosh.

I will be in attendance at Palmsource in a few weeks, and I hope you will be as well, because I intend to fully bring this to the attention of yourself, and everyone else there. I have been quiet about this issue, but believe me, I am not backing down.

I have reluctantly added support to pilot-link for the Sony devices, most of which are randomly designed in nature, so that you can see increased sales due to the non-Windows users purchasing your hardware. How about giving back to the community that has been supporting your bottom line for the last two years, instead of raping and stealing from it?

I see only one way that you can claim that you are allowed to proceed with this violation, and that would be if the original copyright holder of xcopilot relicensed or sold the copyright to that code to Palm and then they in turn relicensed it to you. I do not see that being the case, since all previous versions of POSE that you have made available have been based on publically available GPL versions of the codebase. From your own site:

This is the same software level as Palm OS® Emulator 3.0a8 (PEG-S and PEG-N Series) and Palm OS® Emulator 3.2 (PEG-T415), distributed by Palm,Inc.

I anxiously await your public response to this matter.

More news about my friend Rex who was shot and murdered in front of his store. It seems as though the accused wanted to be friends with Rex, and not just a "customer", and was upset because Rex was treating him like any other customer.

``Mrs. Adamson stated that she knew her husband didn't like the storeowner Rex for no particular reason other than William wanted to be friends with him and Rex treated William just like any other customer and that Rex thought that he was better than everyone else,'' the affidavit said.

Some people really lead sad, sad lives. I'm sorry you had to be the target of someone else's weakness, Rex.

slef: Don't feel so bad. I nurtured that network long before it was usurped by lilo. Back when it was still called "Linpeople" (faces of the original crew) many years ago. I moved #palmchat from Dalnet to OPN (and lilo decided to bend under the whining pressure of the founder of the Dalnet channel and removed my founder status and gave it to the other person).

I moved #ipaq and #handhelds.org over to OPN from gimp.org (well, it was a collective decision, I jumped and founded them to secure the channels, and then handed the foundership over to a7r and nikos).

What did I get for my troubles? lilo decided to g/line me from the entire network (there was also a situation where I was banned from #linpeople there, because I was in a heated discussion involving Windows vs. Linux with another person there. It was "decided" to ban me, because out of the two arguing parties, one of them had lilo on /ignore (me), so I was banned).

Too bad I've been there long enough I have enough ways in and out without having to make myself visible. Some day I'll post the logs of his little private conversations with me that led up to the g/line. Maybe some day that network will grow up, but right now, it's all posturing and positioning with ignorant non-community people in control.

As you said, there are dozens of other networks to participate in, and they've been around longer, are more stable, and much more friendly. I'm doing what I can to nurture those networks now. I've outgrown the small, constrictive box called OpenProjects. Other networks are benefiting from my skills and input now, there's no need to go back to kindergarten.

I don't normally cross-post stuff like this in my diary, but I got to reading all of the background on the whole Napster thing and the new .NAP file format. I'm disgusted that it's come to this. This is going to solve nothing. The RIAA missed the boat on the Internet as the next distribution medium for their labels, and once again, the cost of that is pushed back on the consumer.

After further reading, I found this article, from Courtney Love (don't skip it because it's Courtney Love, trust me, read it). It's worth a read. Its really well put together, and covers a lot of issues I never even realized about "Sharecropping", and how bands are raped by their label. Bands now have to file for bankruptcy just to get out of their agreements, so they can pay rent!. The RIAA is trying to regulate this, so that it's harder for bands to declare bankruptcy. Uhm, excuse me?

It's piracy when the RIAA lobbies to change the bankruptcy law to make it more difficult for musicians to declare bankruptcy. Some musicians have declared bankruptcy to free themselves from truly evil contracts. TLC declared bankruptcy after they received less than 2 percent of the $175 million earned by their CD sales. That was about 40 times less than the profit that was divided among their management, production and record companies.

Toni Braxton also declared bankruptcy in 1998. She sold $188 million worth of CDs, but she was broke because of a terrible recording contract that paid her less than 35 cents per album. Bankruptcy can be an artist's only defense against a truly horrible deal and the RIAA wants to take it away.

You can read all the gory details here.

I'm pissed because my radio got stolen from my locked Jeep back in March, and the only way I can listen to music right now is on my computer(s). I rip every cd I buy to ogg and some mp3s. I do not share them with anyone other than myself and my girlfriend. There are independant labels that I do distribute mp3s of, but I have full consent of those bands themselves, and I do not listen to the raw cd's themselves because it's very inconvenient to do so.

All of this CPRM, RIAA, etc. madness is leveraged to take that away from me. How much longer before we're told what data we can and cannot make, and what medium we can store it on. Maybe I should listen to 'strings /dev/urandom > /dev/dsp' more. Oh wait, now that's bypassing copyright controls, so I'm in violation of the DMCA.

...back into the cave I go. Much more work before the 0.10.1 release of pilot-link.

opie, some of us here are quite familiar with Palms, PDAs, and other handheld PIM devices. I only own about 22 units, so not that many, ranging from almost every Palm made, my Helio, two iPAQs, my Agenda, two Cybiko units, and handfuls of others. As you know, I'm the maintainer of one of the packages you can use to connect your PDA to your desktop and sync data. You may want to look here for a matrix comparison of every Palm made. It may give you some ideas, depending on your needs.

...anyway, in other news progress continues on many fronts.

Scaling the Castle Walls

I have an interesting viewpoint that whytheluckystiff, Waldo, rasmus, raph, and lkcl have not yet raised (and I've brought this up before).

There are certainly many more projects out there, increasing the "breadth" (acceptance) of the Open Source and Linux community, but as you have all mentioned, not really increasing the "depth" (killer app) of the Linux community. Hit Freshmeat and see how many new toolkits, bindings, php-based "forum" applications, web mangling tools, etc. show up daily. Dozens. This is how the "new and nimble" are penetrating into the Open Source and Linux communities. They may not be able to write a Mozilla replacement, but they can prove they understand code (in some cases), the licensing, their peers, and how to get their name out there.

The point that's missing, is that back when we all got started in the early to mid 90's with Linux, it was easy to know everyone that was doing it. You knew who Linus was. You knew who RMS was. You knew the key people responsible for making it happen. You could email them. They would respond. But more importantly, you could easily contribute to their projects. Patches and suggestions were implemented almost by design, rote.

Now however, the bar has been raised by quite a few notches. It's much, much harder to get a patch accepted to the Linux kernel than it was 5 years ago.

Let's look at the PHP project for example; when it was authored, it was successful. It filled a growing need (and still does today), and it was used by thousands of people. If that project were to have started this year, it would have been buried under the "noise" of the other thousands of "web mangling" applications out there. It would take much longer to grab hold of the market it currently has. It may not have even been a successful project, certainly not like it is today.

The fallout of the "bar" being higher for acceptance, and that the older projects still move forward, is that new users don't know where to contribute. And as lkcl said, maybe they don't have the skills to take on the project or task they want to use or contribute to. New Open Source and Linux community members are actually afraid to contribute because they fear being shunned, ousted, or humiliated publically for their patches, code, suggestions. We need to nurture those new users, new contributors. As we age and elder, we have to begin connecting people who we believe can take the project(s) forward. Assign like people to like tasks, make sense of the noise, and act in a more "educational" role than a "physical" role. Once they get it, they'll get it.

One of my own projects has recently fallen under this spell. I have found some skills that I lack, and have been trying to make a call out to those who I believe can help, both in code and in testing. Some have responded, some have hinted that they can help, and the majority of others have indicated they just don't know where to begin, but they would if they had that answer.

I've been taking steps to clean up my codebase, documentation, and even the way I respond to people on related mailing lists, so that the "vision" behind that particular project remains clear and focused, and that there are enough little compartmentalized sections that people who wish to contribute are not being asked to eat the elephant. The people who are here and know what I'm talking about know, because I've been plugging person A into person B, on task C, and so on. When I see a need, I find a person that I believe can fill it, or at least guide another person into that hole. It's worked well.

That's just my 0.02c, but I've seen the frustration from users, developers, and people who have contributed and now refuse to, as well as people who want to contribute, but can't find a way to "scale the castle walls". The skills are out there, we were all not unique, but there's just more people than there were before. It's both a good and a bad thing. More forks, more fractures, more "distractions", but it's also more eyes, hands, testers, and contributors.

Nurture. If the new contributors think the bar is too high, let's give them a boost to help them climb that wall.

My current plate is... full

Two weeks!

• on the cusp of a new release of pilot-link (0.10.1, the "Oat-n-Honey" release)
• negotiating with coast-to-coast movers
• packing packing packing
• apartment relocation
• dealing with my truck
• corporate cable internet service
• relocating my company from one coast to the other
• moving a production server (and having zero downtime)
• and a new home on the other coast

Everything has to be in place before I hit the ground. Timing is very tight here.

Too much going on. Oh, and there's this holiday coming up next week they tell me... Christmas or something. I should consider shopping for some of my friends. Not much left over in the piggy bank now that I'm unemployed.

Update (Thu Dec 20 00:19:29 PST 2001)
rasmus, this is more a case of getting out of the current lease obligation than it is to get out of the state. No worries there. All my plans have wrenches in them, that tends to be the problem.

Rasmus, did you try using xev?