Follow Slashdot stories on Twitter


Forgot your password?

Comment: Re:The measurements in question: (Score 2) 142

by rduke15 (#48373451) Attached to: Data Center Study Reveals Top 5 SMART Stats That Correlate To Drive Failures

And to list these for your own drive:

$ sudo smartctl -A /dev/sda | egrep '^\s*(ID|5|1[89][78])'
    5 Reallocated_Sector_Ct 0x0033 100 100 036 Pre-fail Always - 0
187 Reported_Uncorrect 0x0032 100 100 000 Old_age Always - 0
188 Command_Timeout 0x0032 100 253 000 Old_age Always - 0
197 Current_Pending_Sector 0x0012 100 100 000 Old_age Always - 0
198 Offline_Uncorrectable 0x0010 100 100 000 etc.

(Incomplete last line to "use fewer 'junk' characters." as requested by that silly filter)

Comment: Try this in the meantime... (Score 1) 329

by rduke15 (#48022561) Attached to: Bash To Require Further Patching, As More Shellshock Holes Found

For this new vulnerabilty, there are no toy-command-checks yet I believe. But in the meantime, try the "Fun Shellshock test with curl" on the NAS boxes in your neighborhood (or anywhere else this Google search points you to).

And note that as a bonus the web server on that NAS already runs as root, so there is no need for a "privilege escalation" vulnerability. Nothing to escalate, you start from the top already.

+ - Enforcing the GPL

Submitted by lrosen
lrosen (220835) writes "I am responding to the article in by Aaron Williamson, "Lawsuit threatens to break new ground on the GPL and software licensing issues."

I want to acknowledge Aaron's main points: This lawsuit challenges certain assumptions about GPLv2 licensing, and it also emphasizes the effects of patents on the FOSS (and commercial) software ecosystem. I also want to acknowledge that I have been consulted as an expert by the plaintiff in this litigation (Ximpleware vs. Versata, et al.) and so some of what I say below they may also say in court.

Let's be open about the facts here. Ximpleware worked diligently over many years to create certain valuable software. The author posted his source code on SourceForge. He offered the software under GPLv2. He also offered that software under commercial licenses. And he sought and received and provided notice of United States patent claims related to that software.

Unbeknownst to Ximpleware, Versata took that GPLv2 software and incorporated it into Versata products – without disclosing that GPLv2 software or in any other way honoring the terms of the GPLv2 license. The reason Ximpleware became aware of that GPLv2 breach is because some months ago Versata and one of its customers, Ameriprise, became embroiled in their own litigation. The breach of GPLv2 came out during discovery.

Ximpleware has terminated that license as to Versata. This is exactly what the Software Freedom Conservancy and others do when confronted by GPL breaches.

That earlier litigation is between two (or more) commercial companies; it is not a FOSS problem. These are mature, sophisticated, profitable companies that have the wherewithal to protect themselves. I know that in my own law practice, whether I represent software vendors or their commercial customers, we typically provide for some level of indemnification. Perhaps Ameriprise and the other customer-defendants can count on Versata defending them against Ximpleware. Such a commercial dispute between big companies – even if it involves the GPLv2 software of a small company and separate indemnification for copyright or patent infringement – is between them alone.

But as to Ximpleware and its GPLv2 copyrighted and patented software, there are a few misunderstandings reflected in Aaron Williamson's article:

1. The notion of "implied patent licensing" has no clear legal precedent in any software licensing. While it is true that goods that one purchases include a patent license under what is known as the "exhaustion doctrine," there is no exhaustion of patented software when copies are made (even though copying of the software itself is authorized by GPLv2). For example, a typical commercial patent license nowadays might include a royalty for each Android phone manufactured and sold. Companies that distribute Android phones and its FOSS software acquire patent licenses so that recipients of their phones are indeed free to use those phones. But that isn't because of some implied patent licenses that come with Android software, but because commercial companies that distribute phones pay for those patent rights, directly or indirectly. I think it is entirely reasonable to require that commercial companies get their patent licenses in writing.

2. Versata's customers who received the (in breach!) GPLv2 software all moved to dismiss Ximpleware's infringement claims against them, pointing to Section 0 of GPLv2, which says that "[t]he act of running the Program is not restricted." What that sentence actually means is just what it says: The GPLv2 copyright grant itself (which is all there is in GPLv2) does not restrict the act of running the program. Nor could it; that is a true statement because running a program is not one of the enumerated copyright rights subject to a copyright license (17 USC 106). The authors of the GPL licenses have themselves made that argument repeatedly: The use of software is simply not a copyright issue.

3. Because there are U.S. patent claims on this Ximpleware software, Section 7 of GPLv2 prohibits its distribution under that license in the United States (or any jurisdictions where patent claims restrict its use). If Ameriprise and the other defendants were outside the U.S. where the Ximpleware patents don't apply, then GPLv2 would indeed be sufficient for that use. But inside the U.S. those customers are not authorized and they cannot rely on an assumed patent grant in GPLv2. Otherwise GPLv2 Section 7 would be an irrelevant provision. Reread it carefully if you doubt this.

The Versata customers certainly cannot depend on an implied patent license received indirectly through a vendor who was in breach of GPLv2 since the beginning – and still is! Versata ignored and failed to disclose to its own customers Ximpleware's patent notices concerning that GPLv2 software, but those patents are nevertheless infringed.

Should we forgive commercial companies who fail to undertake honest compliance with the GPL? Should we forgive their customers who aren't diligent in acquiring their software from diligent vendors?

As Aaron Williamson suggests, we shouldn't ignore the implications of this case. After all, the creator of Ximpleware software made his source code freely available under GPLv2 and posted clear notices to potential commercial customers of his U.S. patents and of his commercial licensing options. Lots of small (and large!) open source commercial companies do that. Although it is ultimately up to the courts to decide this case, from a FOSS point of view Ximpleware is the good guy here!

There is rich detail about this matter that will come out during litigation. Please don't criticize until you understand all the facts.

Lawrence Rosen
Rosenlaw & Einschlag ("

Comment: Re:Derp (Score 1) 168

by rduke15 (#47485809) Attached to: New Mayhem Malware Targets Linux and UNIX-Like Servers

For Europe at least, you can get RIPE IP blocks from their web site or through their RIPEstat Text Service. I use it for one of my servers to get daily lists for one country, and feed it to ipset. Maybe others like ARIN etc. also publish lists? Or you can get GeoIP databases. Or you could try a (Perl) module like IP::Country?

Comment: Subsidies and lobbying (Score 1) 385

Maybe it could theoretically work (or maybe not), but it's irrelevant because almost impossible to do.

The problem is: how do you take away money (subsidies) from those who have a lot of it (partly precisely from subsidies)?

They can spend a lot for lobbying and public relations in general. The industries which would need to receive these subsidies don't have comparable means for their campaigns, and in part these industries don't even exist yet, because the money is lacking to develop them.

In social movements, many poor can force a few rich to pay more.

But industries are different. How do a few poor convince that the money of many very rich industries (which also feed many workers) should go to them?

Comment: Re:How about a home brew dynamic DNS system? (Score 1) 495

by rduke15 (#47358029) Attached to: Microsoft Takes Down Domains

If you already have a server with a static IP, it's pretty easy to configure bind to accept dynamic updates. See for example Set up your own Dynamic DNS.

I set it up like that, and have short scripts on my Linux and Mac notebooks to do the updates when the network comes up. On Linux, it's a short script in /etc/network/if-up.d/. On Mac, it's a script called by a LaunchDeaemon (a .plist file in /Library/LaunchDaemons).

Comment: Proof (with silly statistics) ... (Score 4, Informative) 283

by rduke15 (#47302157) Attached to: Perl Is Undead

Is it dead? Well, some quick scripting can tell us the truth, using Bash and of course Perl.

On my Ubuntu notebook and main machine:

sudo find /etc /bin /sbin /usr/bin /usr/sbin -type f -executable -exec file -b "{}" \; \
| perl -MData::Dumper -nle '
        next unless /script/;
        if ( /(shell|python|ruby|perl|bash)/i ) {
        else {
            warn "Other: $_\n"
        END {
            print Dumper(\%types);


Other: a /usr/bin/make -f script, ASCII text executable
Other: a nickle script, UTF-8 Unicode text executable
Other: awk script, ASCII text executable
$VAR1 = {
                    'perl' => 283,
                    'python' => 104,
                    'bash' => 1,
                    'Ruby' => 3,
                    'ruby' => 9,
                    'shell' => 602

On a server:

Other: a /bin/dash script, ASCII text executable
$VAR1 = {
                    'Python' => 36,
                    'Perl' => 139,
                    'shell' => 267

Looks very much alive. Unless of course, Perl realized what it was calculating and cheated and made it's own numbers up on the fly...

Comment: But LSD must be better (Score 2) 164

by rduke15 (#47158053) Attached to: 'Godfather of Ecstasy,' Chemist Sasha Shulgin Dies Aged 88

Because it's inventor died 14 years older at 102. :-)

And seriously, the one time I tried ecstasy, I didn't like that it seemed to interfere with my emotions.

LSD modifies percepetions and paths of thought, which can be a fantastic experience (or just great fun) if you are in the right mood for it, but I don't remember it ever modifying my emotions.

Ecstasy gave me the impression of creating out of proportion artificial emotions in me. After the fact, I really didn't like that aspect. No wonder it was all the rage during the years of techno music. I guess people dancing to that cold techno music really needed something to still feel human.

But anyway, peace to "Godfather of Ecstasy" and all chemists experimenting with psychoactive drugs. When used right, these all give valuable experiences.

"Plastic gun. Ingenious. More coffee, please." -- The Phantom comics