Month: December 2003

Earlier in the week, SCO released some information on some of the files that they say were copied from Unix.

The list resulted in a general guffaw at the ineptitude of the SCO Lawyers.

Although there were around 50 files on the list, due to the fact that they are header files for the different architectures, it transpires that there are only 5 unique file at stake here.

These files are really very simple stuff: they are header files and functions that live in the Linux Kernel. None of the files is more that a few K in size, and most importantly, none have changed much since 1991.

Linus has written in the New York Times that he wrote all the files trivially himself without use of Unix source code. A simple check of CVS supports this: all the development is public and the changelog is clear for these files.

It seems that SCO, who are already hopping, have shot themselves in the foot again.

Here are Linus’ comments

“Some of these files were written by me directly”

Darl C. McBride, the chief executive of SCO, said he stood by the company’s assertions. He said that a Linux expert who will testify in the SCO suit against I.B.M., which was filed last March, went over the code closely. “As a social revolutionary, Linus Torvalds is a genius,” Mr. McBride said. “But at the speed the Linux project has gone forward something gets lost along the way in terms of care with intellectual property.”

TurboTas can’t help but think that SCO have more tricks up their sleeve: surely this is not the best they can do? SCO’s accounts show that this year they have paid $9M for legal services (Remember that they have also paid with SCO shares too!)

In February 2004, SCO have said they will target the first 10 end users of Linux.

Two Updates today: firstly the DVD Lending Database is back online: Patches fixed the problems. OpenDB and Netjuke are both upgraded to the latest versions.

Netjuke is streaming again after considerable downtime, but only to the local FM transmitter.

Check them out and comment on the new features.

Additionally, all 3 sites now have correct p3p privacy policies in place.

In-line icons also added to make your browser prettier.

Meta Tags updated for better searching and descriptions of sites.

Broken elements of some themes mended using W3C validator.

Script written to restart mpg123 after failure. BB updates to check for mpg123 and mpgchecker script.

Added UK Style Age warning graphics to DVDDB.

SCO have been having a really tough time of late. All the latest turns have gone against SCO. Just to give the downed dog the extra kick, Novell have been quietly continuing what they started earlier in the year and are again ready to publicly contest ownership of Unix System V.

You can read the a more complete article at Groklaw. What it basically says is that after the public argument between SCO and Novell in August things did not quieten down.

SCO said that Novell had taken their toys away and gone home when in actual fact what Novell actually did was to look more carefully into the terms of sale. Once they completed this, they began registering the copyrights for quite a few versions.

Groklaw have analysed the registrations and found that Novell registered versions that SCO have not even noticed: Novell have registered claim that it is the rightful copyright owner of UNIX System V 2, 3.0, 3.1, 3.2, 3.2/386, 4.0, 4.1, 4.1ES, 4.1ES/386, 4.2, and 4.2MP.

Groklaw’s analysis of these registrations is simply that Novell seem to be saying that they and not SCO are the legal copyright holders of Unix System V.

If Novell still own Unix, will they use it in a similar way to SCO: try to lever some profit from Linux users: TurboTas can’t help but think they might. Not quite so brutal as SCO, but maybe not far short!

Here is the Novells answer to questions from Groklaw:

“PROVO, Utah — Dec. 22, 2003 — Novell believes it owns the copyrights in UNIX, and has applied for and received copyright registrations pertaining to UNIX consistent with that position. Novell detailed the basis for its ownership position in correspondence with SCO. Copies of our correspondence, and SCO’s reply, are available here. Contrary to SCO’s public statements, as demonstrated by this correspondence, SCO has been well aware that Novell continues to assert ownership of the UNIX copyrights.”

TurboTas says ‘Happy XMas, Darl’.

Finally, the 2.6 kernel is an official release. What does it have that you want? When is your Linux Distro Likely to have it? Heres a very brief 2.6 Rundown.

The 2.6 Kernel includes some super new features. If you want a fully loaded description, read the article by Joseph Pranevich here.

Firstly, Hardware support: Major improvements here: Support for a large number of new CPU’s and architectures. All the way from the likes of Hitachi’s H8/300 series, the NEC v850 processor right down to the latest Dragonball and ColdFire chips on eval boards from Motorola, Lineo, Arcturus, and others.

With Embedded Linux firmly in mind the 2.6 kernel is the first propper release with the uClinux work merged back in.

At the opposite end of the scale, NUMA support means much bigger SMP boxes are within grasp without curtailed memory access.

Internally a new sub-architecture system allows the processor type to be independant from the architecture: in previous versions special code was needed for the the same CPU in slightly different architectures. The sub architecture systems fixes the need for this code.

Hyperthreading support (first available in Pentium 4’s) is supported: This allows a single physical processor to masquerade (at the hardware level) as two or more processors. This in turn allows for performance boosts in some circumstances, but also adds scheduling complexity and other issues.

There are other scaleability improvement too: 2.6 has other changes for Intel servers at the top of the food chain. First and foremost is improved support for other new Intel hardware features including Intel’s PAE (“Physical Address Extension”) which allows most newer 32-bit x86 systems to access up to 64GB of RAM, but in a paged mode. In addition,

To give the user a more responsive feel (Critical for Linux-On-The-Desktop projects), the kernel is finally pre-emptible. This means that under Linux 2.6, the kernel now can be interrupted mid-task, so that other applications can continue to run even when something low-level and complicated is going on in the background. Although we are only talking about tiny fractions of a second: some users will see considerable improvements.

The IO subsystem generally has been revamped to give good performance accross a wide range of systems and hardware. It’s also far less likely to get lock-ups or race conditions whilst waiting for a resource.

At the module level, a significant rethink to the module description code and the module loading/unloading process has meant that there is now the promise of far better support for hot plug hardware such as found in Laptops etc.

In fact, the APM code has become ACPI compliant: this in turn brings linux up to the current state of the art in hardware power management support. Laptops are the goal here again although we should not be blinkered into thinking that laptop users are the only beneficiaries. Talking of laptops, there is better support for the hardware suspend modes offered from the main vendors.

Ext 3 has been revamped to allow the use of extended ACL’s: this is a clear requirement if Linux (with a native F/S) is to achieve NT’esque file serving. Don’t hold your breath though: many user space tools will need rewriting.

At the multimedia colaface, ALSA has finally replaced OSS: Improvements this brings are many: better SMP support for multimedia machines, proper full duplex sound, multiple sound cards in a single machine. The list goes on.

On the security front, Linux can fianally support Hardware Random Number Generators (Vital for strong cryptography at speed). Also Binary modules no longer have the ability to overload the system with calls. Most significant though is the granularisation of the old superuser priveledges into something modularized.

The virtualisation code is merged back in allowing a stock linux box to run a virtual linux kernel. This significantly simplifies security architecture tasks: honeypots fdor example. Also other development tasks are made much easier with this included.

All in all, 2.6 looks set to raise the benchmark yet again in terms of Performance, scaleability and breadth of hardware supported.

So what about mainstream availability?. Well if mainstream to you includes Fedora, then the release date is around April 2004. Check your preferred vendor for their release schedules.

TurboTas 2003.

It sounds pretty silly, but it’s true: The latest nasty IE bug in which it’s possible to manipulate the URL line so that you’ll think you are on the payapl site etc, has been mended by a European company.

This article appeared at theage.com.au and was written by Sam Varghese.

An open source and freeware software development web site has released a patch to fix the URL spoofing vulnerability in Internet Explorer, which can be exploited by scammers who try to trick people into revealing details of online banking accounts or other private information.

Openwares.org, a Vaunatian company, with branches in Israel, the US and France, released the patch and the source code for the same a couple of days back.

The company has also set up two pages where users can test to see if they are vulnerable to the exploit, one a fake Microsoft Update example and the other an example of a fake PayPal site.

In its advisory, issued along with the patch, Openwares.org said: “Successful exploitation (of this flaw) allows a malicious person to display an arbitrary FQDN (Fully Qualified Domain Name) in the address and status bars, which is different from the actual location of the page.”

It gave the vulnerability a rating of 5 on a five-point scale.

During the weekend I’ve been reading all the articles that spell the end for SCO. Although I don’t yet agree that it’s all over bar the shouting, the indications are that SCO’s banking investors are beginning to get a bit nervous. This is a sure sign of rough times ahead.

In the same thread of thought, it did occur that assuming the SCO action fails it probably spells the end of further lawsuits of similar nature and scale against the penguin.

It’s my belief that the eventual outcome will hold up the Open Source development model as a reasonable and ethical approach to development: a model which encourages creativity on the part of the devlopers and which can protect genuine copyright holders should a breach occur.

The simple fact that anyone can examine the code and that there is a tangible audit trail for every line of code lends massive credence to the movement.

The community was able to respond with incredible speed to the few public code snippets which SCO claimed infringed. Within a day or so the complete history of all the code was uncovered, and SCO were shown to have bungled it.

This and the eventual outcome will dissuade many would-be gold-diggers with perhaps less to lose than SCO.

Let’s not forget that SCO was effectivly on the rocks: with computer hardware costs dropping all the time, no-one was interested in their expensive flavour of Unix. It was already only a matter of time before their customer base, Sun, IBM, SGI and HP would stop using Unixware altogether in favour of Linux.

Whatever the final outcome, it’s certain that anyone else with a beef about open-source is going to have a rough time, both in the courts and out of them.

TurboTas 2003

On Thursday, there was much discussion on public forums when the SCO site went offline for 10 hours or so. Although SCO immediately claimed foul play an analysis of their statements and the attack/availability profile didn’t stack up.

In the end it was generally accepted that they probably did it themselves, possibly a misconfiguration or similar failure.

As of around midday Saturday, SCO has gone again. You can checkout the availability charts at Netcraft.

Part of the problem here is that SCO have made themselves very very unpopular with a very large number of people. It is distinctly possible that some amongst us are budding cyber-terrorists.

It does not take a genius to see that any attacks on SCO like this will result in bad press for the community. In the short term, perhaps it feels good, but that’s bound not to last, particularly when your local law enforcers come knocking.

Don’t do it: Do not stoop to the same low and dirty tactics that SCO and their lawyers are using.

Most likely is that the community was correct about Thursday’s outage and this one either planned downtime, a bug, or perhaps plain dumbness on behalf of an admin somewhere.

BTW, check out those Netcraft charts carefully, particularly the OS that the SCO website runs….

Yet another article found at Groklaw. It transpires that Linus, who is famed for his dislike of all things legal, has started digging away in US law. Guess what, he’s turned up something important already.

Fundamentally, the article talks about how copyright law expressly includes ‘the expectation of receipt’ of anything of value, and expressly mentions ‘receipt of other copyrighted works’ as such a thing of value. And that’s the _definition_ of ‘financial gain’ as far as copyright law is concerned.

I think this means that just by receiving Linux, there is a transfer of value. This makes sense as Linux is after all “free” as in speech rather than “free” as in beer.

This tends to make SCO’s attacks at the GPL look weaker, particularly as they make wild claims like it’s un-American or against financial gain.

I’m not gloating, but to me it all seems bad news for SCO at the moment. I am really glad though!

Groklaw has published an interesting article regarding the authorised contributions of SCO employee Tigran Aivazian to the Linux kernel.The article specifically discusses the contributions of Tigran Aivazian. Tigran has contributed much code and discussion. The big blow for SCO is that his work was done with the blessing of SCO.

Worse than that for SCO: as Tigran’s interest is in SMP, his contributions are specifically related to getting Linux up to enterprise grade: you will recall that getting Linux up to enterprise grade is the specific allegation made against IBM By SCO.

Other recent articles by Groklaw have detailed similar contributions (all authorised by relevant SCO directors) from a number of other SCO/Caldera developers.

It’s another body blow to SCO who were forced to comply with IBM’s motion to compel discovery earlier in the month (meaning that they specifically must identify any and all alleged infrigements).

The big news from the hearing today is that Judge Wells told SCO that they have to go first. They have to show IBM what code they are alleging is infringing. All during discovery, SCO has been telling IBM they had to show all their code first, and then SCO would identify the alleged infringements. IBM kept telling SCO in reply that they had the burden, as plaintiffs, to at least tell IBM what code was involved. Today the judge told SCO that IBM was right.The big news from the hearing today is that Judge Wells told SCO that they have to go first. They have to show IBM what code they are alleging is infringing. All during discovery, SCO has been telling IBM they had to show all their code first, and then SCO would identify the alleged infringements. IBM kept telling SCO in reply that they had the burden, as plaintiffs, to at least tell IBM what code was involved. Today the judge told SCO that IBM was right. SCO has 30 days to comply. IBM doesn’t have to turn over anything until they do it. The judge’s order will be filed Wednesday, and SCO has a month to show the code. They can’t force IBM to go first. That dance is over.
Cody Hilton of Guru Labs , a Utah Linux training company, attended the hearing, and the second big piece of news is that David Boies didn’t show up. Darl’s brother represented SCO. His brother is Kevin McBride, the same person we noted who was involved in writing the Open Letter yesterday.

Why Boies didn’t show up is hard to understand. And then again, maybe not. Brent Hatch was there and so was Darl. There was no media presence at all. Or more accurately, there was a lot of press there in the building but they were all there to cover the Olympic bribery trial , which got thrown out by the judge. Nobody in the courthouse was interested in talking to Darl today, according to my eyewitnesses, to the extent that they noticed, and they were looking.

Cody talked to him, though, after it was over. He asked him why he was there, and Darl said he just wanted to get a feel for it. Cody asked him what he thought about how it went, with IBM winning both motions. Darl said he expected it. Cody rode in the elevator with IBM’s Marriott and asked him how he felt about how things went. Marriott said, “We’re happy. Everything went as we’d planned. We’re happy with the decision.”

Source “GROKLAW” more on this click
here

Yep, another security warning for IE6 and yet again it’s a nasty one.

It’s another active scripting exploit which potentially allows
anyone to do anything to your machine. The majority of these problems
care not a jot for proxies etc, and will work regardless of your access
method.

This is one of the growing list of problems which falls into the
cross-site scripting category of problem: allowing scripts from one
security domain (such as the Internet) to execute with the security
privileges of another domain (such as My Computer). I think you can see
the problem!

Presently Microsoft have no fix for the problem but are looking
into the issue. Industry experts suggest disabling Active scripting
(Not as easy as you woud think) or changing browser until a patch is
available.

The Groklaw site has published a transcript of one of the letters sent out to the 1500 companies originally contacted by SCO to persuade them to buy a license.

Guess what, one of them was IBM. In fact, as IBM have used this letter as part of their ammended counter claims against SCO, it’s actually formed part of the Court Record.

TurboTas has had a quick read of it and can attest to the fact that it is utter bollocks. Read on to get to my facimile or check out Groklaw.

By: Darl McBride

President and CEO

The US has been upset ever since the first Galileo announcements some years ago, but the moves to make sure it happens in a US controlled way took a worrying turn recently.

The Americans have come out with all sorts of nonsense in the last few months. Every excuse you can imagine has been peddled out to hamper the Euro GPS consortium.

Initially there were concerns that the new constellation would interfere with the existing US DOD run system. Next were claims that terrorist elements would use the system against the US (A silly claim given that this is true of any Positioning System).

Now, in order to move forwards, it looks like the Euro consortium may be ready to cave in and let the US Military cripple the system as and when the need arises.

In practical terms this probably means that the frequencies will be available to allow the DOD to jam the satellites or worse that a form of Selctive Availability would be introduced (probably on a geographic basis this time around).

Dunno what you think, but TurboTas can’t help thinking that these tactics will put the Euro program out of kilter just long enough for the upgrades planned for the DOD GPS constellation to be delivering improved accuracy, at which time the Americans will try to Six the Euro effort permanently.

It doesn’t really need saying that the Balance Of Power in Space has already changed considerably in the last twelve months: Since the grounding of the US Shuttles, the Space Station programme is completely reliant on other countries to get supplies up to the station.

Even now, after the official findings into the tradgedy have been published, it’s uncertain when the Shuttle fleet will return to active service. Until they do it seems strange that a non space-capable nation are calling the shots!