Older blog entries for hacker (starting at number 131)

"The Big Move(tm) 2"

Well, it seems that 95% of my stuff was handled by the movers, the remaining 10 boxes had to be shipped via UPS. Very Expensive.

I'm crashing at Rasmus' house during the few days of transition before I fly out to handle the relocation of my truck.

23 months ago, I made this move... in reverse, except I drove West. It's too grueling to return the same way, so I opted for this route. Too much lingers in both places.

Bluefish GPL Violation

The move against Bluefish and their GPL violation seems to be gaining steam. Many people have replied to me about my original post. The email goes out later today. Mercury Guide will not be allowed to distribute their modified version of Plucker at the Olympics, nor distribute their IrDA kiosks around Salt Lake City to beam the application to Palm users unless they comply with the proper licensing.

I urge those who are interested in the cause to email James, the CEO, and ask for the source code to their application, which is directly referenced to be based on GPL code (Plucker). Give him a call, email him, fax them, do not let this drop. Phone their San Francisco office (415-775-3697), or give them a Fax with your comments (be professional, 509-561-7934)

If you call or email, PLEASE take care to be professional, courteous, non-threatening, and quote the relevant parts of the the licensing you reference. We do not want to come across as miscreants or as spamming their mailbox.

Maybe after the letters Mike and I send today, they will comply. Then again, maybe not, there's a lot of their own money riding on the success of this application, I think. This is a serious matter.

Feel free to cross-post this diary entry to your favorite discussion forums and lists.

Things with Wings

• Palmsource (2/5-2/8, San Jose, contingent on a pending T23 in NYC)
• Flying East (within the week if all goes well, to my new home)
• Flying West (3/4-3/5, speaking about PDAs and Linux
• Flying East, then South (3/21-4/1, way south, where the sun touches the water) in Berkeley)
• Flying East (to once again, begin anew)

All within the next 50 days.

The Other Stuff

Sleep is still erratic, tinnitus still as loud, back still as tight. Add them all to the pile of hereditary and accident related trauma. There's an impending pilot-link release waiting in the wings too. Need to get situated, get connected, and hunker down and code. CODE!

The Microsoft Delusion

BBC employees are to be banned from connecting their PDAs to the BBC's computers unless they run on the Microsoft Windows PocketPC 2002 platform.

An internal email from the company's technology division stated all PDA platforms other than PocketPC are insecure - which will prevent anybody operating a Palm or Psion handheld device from using their PDA at work.

The email said reasons of security and unusually, the "exposure to users of health and safety risks" left the company with no other choice but the PocketPC platform.

A spokeswoman for the BBC said: "The BBC has to have some kind of say if people are going to be downloading things from our computers and taking them home."

"We believe PocketPC includes all functionality and is one the most secure platforms available."

[my emphasis]

Employees have until summer 2003 to change their PDAs or refrain from porting them to BBC computers.

I hope BBC was paid well by Microsoft to make that public announcement. I haven't seen any major flaws or breaches where a Palm or Psion handheld PDA was used in some insecure fashion to exploit, steal, or "hack" into any corporate networks... at least none which cannot also be done with a PocketPC.

Microsoft, OTOH, has had at least 3 security advisories per month for the past 4 years, sometimes more.

Stuff

• Movers arrive tomorrow. Still have to disassemble this desk! More packing remains.
• Liquid polyurethane foam isn't the best way to pack monitors. Time for Plan B.
• Truck must be relocated soon also, or donated.
• pilot-link will have to be released when I'm on the "other side".
• Am I attending Palmsource in two weeks?
• Cox Cable better live up to their bandwidth promises.
• Server relocation must happen promptly.

Zurk, how noble of you to certify yourself directly as Master, without even a single project under your guidance. Perhaps you might want to take a look at the Certification Overview and think of a value which suits your personal contributions. Your Sourceforge entry doesn't seem to contain much. Your homepage seems to be down. I did find your ZDoc homepage though. Perhaps you should add your project to the Advogato project page.

You complain that you lost your certification, and that you can't post. Perhaps you need to contribute to some community projects or Free Software work. You are judged by your peers here, by your contributions, not by your "friends".

You aren't "owed" certifications, you earn them. Just a thought...

Things..

• belated Christmas shopping
• friends from the past
• pilot-link hackery
• packing everything into boxes
• power outages
• voratious hunger
• unstable sleep pattern

SPAM Honeypot

I just looked at the logs from my spam honeypot script running on my box, and there was one spam harvesting engine stuck in it tonight, and it had already hit it 25,813 times before I finally blocked it with iptables. Each new link it found, it spawned a new instance of itself and begain spidering the page again. This is purely evil.

At over 200 unique fake email addresses per page, that's over 5,162,600 fake email addresses that my script successfully populated it's database with. Too nice.

PG&E

I had my power shut off today at 12:40pm, and I called PG&E to restore it at 2:30pm, the power flickered on for 1

full second at 3:48pm and was off again. I called them again at 5:18pm and then again at 6:26pm. They told

me power was restored. Uhm, no. They said they would dispatch another truck, but it could take up 8:00pm. I decided to just fix it myself. I went downstairs into the ahem "locked" Utility room and right next to my meter was a little PG&E post-it that said "Service Restored" and a tech's name. I opened the little metal flap over the breaker, and it was in the Off position. Gar!

Why do I always have to deal with this ineptitude? Next time they cut my power, I'll just march back down there, ahem "open" the Utility room, and turn it back on.

Autoconf quote of the day:

"Using autoconf is like playing chess from 20 feet away by flicking a rope to move the pieces..." -mbp

It's Thu Jan 24 02:17:58 PST 2002 and I'm not even tired yet.

Update: Microsoft Security

raph, I share the exact opposite view that you do, and I think that this could definately be a bad thing. I posted a quick comment on it a few days ago under that same Slashdot story you referenced in your recent diary entry.

Open Directory Project

softkid, your Open Directory Project seems mighty similar to the DMOZ Open Directory Project. Why noit just join them as an editor. They have quite a big jump on you already. I have one of my own for Palm-related content (ala AvantGo), but the code driving it is not complete yet.

More GPL Violations

A company based in San Francisco called Bluefish, has taken Plucker source code in full, and used it to create a product they sell (quite expensively). This isn't bad, but "their" application states clearly in the About box, that it is "Free Software" and covered under the GPL (as does the About box found in Plucker). They have removed all attributions and references to the original authors of the source code they are using, and replaced them with their own, which is very misleading. They have also taken custom artwork without permission, and used it on their application.

Here's a quick screenshot comparison Bluefish versus Plucker:

[main screen] from Bluefish's application (note the graphics on the toolbar)
[main screen] from Plucker, note the graphcs again

[preferences screen] from Bluefish's application
[preferences screen] from Plucker


[About screen] from Bluefish's application
[About screen] from Plucker


I called the CEO, James Fisher at the San Francisco office and politely made a verbal request for the source code to the application they provide in binary-only format on the Mercury News website.

He politely told me no.

I then said asked if he was aware that the application that they based their product on was covered under the GPL, and by not providing sources which created that binary that was already made available for download, he was in violation of the GPL, as detailed in Section 6, 7, and 10 (along with others) of the GNU General Public License, a license which Plucker is clearly covered under.

The GPL FAQ also has two related questions on it:

"I want to distribute an extended version of a GPL-covered program in binary form. Is it enough to distribute the source for the original version?"

"I want to distribute binaries, but distributing complete source is inconvenient. How about if I give users the diffs from the current FSF version along with the binaries, and suggest they get the base source from the FSF?"

He then said that he was not in violation, and suggested that I should "..go re-read the GPL, because we are not violating it..".

I asked for his email address, so I could quote him the relevant sections of the GPL he was violating. I also mentioned that I was going to put a call into the FSF to get their clarification on the issue.

Then he begins to tell me that he "might" release the sources, but that they were busy "debugging" them right now, and might release them when they was done. (The key word used there was "might", not "will")

Sorry, no. If you release a binary which was based on GPL sources, you are required to release the full sourcecode, scripts, and other tools which created that binary (which were covered under the GPL), at the same time, not months or years later. Section 3 of the GPL is very clear on this.

His assertion that they were "debugging" the application is invalid, as "debugged" sources will produce a different binary (whose source must also be made available upon request).

If you can put the binary up for download, you can put the source code up for download as well (though this is not required, it can be mailed or linked elsewhere). The stipulation though is that you can not impose more restrictions on the code, obtaining it, or its use, than you received when you agreed to the license by using it (Section 6. of the GPL).

I have written a draft letter (currently un-sent at the time of this diary entry) which I will be sending to James Fisher as well as copying in the relevant FSF parties. I have taken pains to make sure that this letter appears non-threatening, and that the proper "legal" language was used throughout. I welcome any comments on it before I send it (and after sending it, it might disappear from that URL)

Update: Someone recently brought up that they also have a name and logo which is suspisciously similar to the Bluefish HTML Editor. I took a quick comparison screenshot to show the similarities. Flip one fish horizontally and they are nearly identical. Who has the trademark first on this one?

I'm only concerned about the clear violation of the GPL stated above though, but this graphical logo similarity is interesting.

Is it just me, or is this happening more and more lately. Companies seem to treat Open Source and Free Software as some sort of "bake sale" of free code thew can just take and use however they wish, without abiding by the license, giving proper credit and attribution, or adhering to the terms of the code they've been using.

"Oh this code we downloaded to make our commercial product had some sort of GPL thing at the top of every file. We don't use that GPL thing, so we just removed that stuff and the names of those guys who wrote it. It's our code now."

pilot-link Needs Testers!

We're about to release the first preview release of pilot-link which includes some very neat new features -- USB support and a very detailed DEBUG and logging facility (thanks to jpr). I've also cleaned up the sources in general, making them more readable, compressing the cruft, and converted it all over to Automake and fully using getopt(). There's still some lingering issues with Win32 and OS/2 support, and requests for testers and porters have been made, but there has been no response yet.

Moving Eastward

The move back east is going slowly, much slower than I want. I do not want to have to pay another $2,000/USD for rent in February, especially while unemployed. I have Palmsource in San Jose to attend in a few weeks ($1,200/USD registration fee), and the cross-country relocation. Ick.

So much to do...

RoUS, vmware is something I know a great deal about, inside and out. I can probably help you.

I've gotten many unsupported USB devices working, regularly sync my Palms over USB, Ir, and serial into and out of vmware guest images, and have no problems with NAT or DVD playback.

Hit me up in email and I can help you out. I have some tweaks as well, that you may want to implement, which will speed up the performance of that NT image for you inside the vm. I have about 12 images I use in vmware on nearly a daily basis (and as I type this, FreeBSD 4.3 is happily compiling gnome inside vmware right now on another window).

I rely on it quite heavily for my cross-platform work, where I need a "soft" box to test in.

Sony Debacle II
Cross-posted from my original Slashdot posting on the same subejct from today

I've been hoping they'd learn, but they still do not. I just checked the Sony Palm Developer website, and they have a Windows binary of POSE, the PalmOS Emulator. This binary covers "PEG-T600C/T400/T415" models and another binary on the same site covers "PEG-S and PEG-N Series" models. The source code that they have available only covers "PEG-S and PEG-N Series" models. These are all from November 20th, 2001.

Sony, where is the POSE source code for the "PEG-T600C/T400/T415" series version of POSE? You have two new models of Clie devices on the horizon, and I'm sure that developers would like to begin supporting them, further increasing your sales margins. You have a Windows binary of POSE available that supports these models, you are legally bound to provide the source code which generated these binaries.

Here's a quote from your PalmOS® developer page:

The source code will be available with the final version.

Sony, listen closely.. you really need to make yourself aware of the GPL before you blindly violate it like this. If you come back with the excuse that you are "cleaning up the code", you are still in violation. "Cleaned up" code will produce a different binary. You are bound, by the GPL, with releasing the source code which generates any binary you create and distribute from that source code, Windows, Unix, or Macintosh.

I will be in attendance at Palmsource in a few weeks, and I hope you will be as well, because I intend to fully bring this to the attention of yourself, and everyone else there. I have been quiet about this issue, but believe me, I am not backing down.

I have reluctantly added support to pilot-link for the Sony devices, most of which are randomly designed in nature, so that you can see increased sales due to the non-Windows users purchasing your hardware. How about giving back to the community that has been supporting your bottom line for the last two years, instead of raping and stealing from it?

I see only one way that you can claim that you are allowed to proceed with this violation, and that would be if the original copyright holder of xcopilot relicensed or sold the copyright to that code to Palm and then they in turn relicensed it to you. I do not see that being the case, since all previous versions of POSE that you have made available have been based on publically available GPL versions of the codebase. From your own site:

This is the same software level as Palm OS® Emulator 3.0a8 (PEG-S and PEG-N Series) and Palm OS® Emulator 3.2 (PEG-T415), distributed by Palm,Inc.

I anxiously await your public response to this matter.

More news about my friend Rex who was shot and murdered in front of his store. It seems as though the accused wanted to be friends with Rex, and not just a "customer", and was upset because Rex was treating him like any other customer.

``Mrs. Adamson stated that she knew her husband didn't like the storeowner Rex for no particular reason other than William wanted to be friends with him and Rex treated William just like any other customer and that Rex thought that he was better than everyone else,'' the affidavit said.

Some people really lead sad, sad lives. I'm sorry you had to be the target of someone else's weakness, Rex.

slef: Don't feel so bad. I nurtured that network long before it was usurped by lilo. Back when it was still called "Linpeople" (faces of the original crew) many years ago. I moved #palmchat from Dalnet to OPN (and lilo decided to bend under the whining pressure of the founder of the Dalnet channel and removed my founder status and gave it to the other person).

I moved #ipaq and #handhelds.org over to OPN from gimp.org (well, it was a collective decision, I jumped and founded them to secure the channels, and then handed the foundership over to a7r and nikos).

What did I get for my troubles? lilo decided to g/line me from the entire network (there was also a situation where I was banned from #linpeople there, because I was in a heated discussion involving Windows vs. Linux with another person there. It was "decided" to ban me, because out of the two arguing parties, one of them had lilo on /ignore (me), so I was banned).

Too bad I've been there long enough I have enough ways in and out without having to make myself visible. Some day I'll post the logs of his little private conversations with me that led up to the g/line. Maybe some day that network will grow up, but right now, it's all posturing and positioning with ignorant non-community people in control.

As you said, there are dozens of other networks to participate in, and they've been around longer, are more stable, and much more friendly. I'm doing what I can to nurture those networks now. I've outgrown the small, constrictive box called OpenProjects. Other networks are benefiting from my skills and input now, there's no need to go back to kindergarten.

I don't normally cross-post stuff like this in my diary, but I got to reading all of the background on the whole Napster thing and the new .NAP file format. I'm disgusted that it's come to this. This is going to solve nothing. The RIAA missed the boat on the Internet as the next distribution medium for their labels, and once again, the cost of that is pushed back on the consumer.

After further reading, I found this article, from Courtney Love (don't skip it because it's Courtney Love, trust me, read it). It's worth a read. Its really well put together, and covers a lot of issues I never even realized about "Sharecropping", and how bands are raped by their label. Bands now have to file for bankruptcy just to get out of their agreements, so they can pay rent!. The RIAA is trying to regulate this, so that it's harder for bands to declare bankruptcy. Uhm, excuse me?

It's piracy when the RIAA lobbies to change the bankruptcy law to make it more difficult for musicians to declare bankruptcy. Some musicians have declared bankruptcy to free themselves from truly evil contracts. TLC declared bankruptcy after they received less than 2 percent of the $175 million earned by their CD sales. That was about 40 times less than the profit that was divided among their management, production and record companies.

Toni Braxton also declared bankruptcy in 1998. She sold $188 million worth of CDs, but she was broke because of a terrible recording contract that paid her less than 35 cents per album. Bankruptcy can be an artist's only defense against a truly horrible deal and the RIAA wants to take it away.

You can read all the gory details here.

I'm pissed because my radio got stolen from my locked Jeep back in March, and the only way I can listen to music right now is on my computer(s). I rip every cd I buy to ogg and some mp3s. I do not share them with anyone other than myself and my girlfriend. There are independant labels that I do distribute mp3s of, but I have full consent of those bands themselves, and I do not listen to the raw cd's themselves because it's very inconvenient to do so.

All of this CPRM, RIAA, etc. madness is leveraged to take that away from me. How much longer before we're told what data we can and cannot make, and what medium we can store it on. Maybe I should listen to 'strings /dev/urandom > /dev/dsp' more. Oh wait, now that's bypassing copyright controls, so I'm in violation of the DMCA.

...back into the cave I go. Much more work before the 0.10.1 release of pilot-link.