Become a fan of Slashdot on Facebook


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Mac and Windows PC only. (Score 1) 117

by rduke15 (#49012711) Attached to: Google Earth Pro Now Available Free

Linux is not really meant to be a desktop OS

Unforutnately, you are right. My main machine is Linux (Ubuntu 12.04) since over 5 years, and it is indeed not comparable to WinXP/Win7 or Mac OS X. I still prefer it for various reasons, but would not recommend it to most people as a desktop OS.

There might be a Google Earth for Android and iOS some day, but probably never for Linux. Sad...

Comment: Re:The measurements in question: (Score 2) 142

by rduke15 (#48373451) Attached to: Data Center Study Reveals Top 5 SMART Stats That Correlate To Drive Failures

And to list these for your own drive:

$ sudo smartctl -A /dev/sda | egrep '^\s*(ID|5|1[89][78])'
    5 Reallocated_Sector_Ct 0x0033 100 100 036 Pre-fail Always - 0
187 Reported_Uncorrect 0x0032 100 100 000 Old_age Always - 0
188 Command_Timeout 0x0032 100 253 000 Old_age Always - 0
197 Current_Pending_Sector 0x0012 100 100 000 Old_age Always - 0
198 Offline_Uncorrectable 0x0010 100 100 000 etc.

(Incomplete last line to "use fewer 'junk' characters." as requested by that silly filter)

Comment: Try this in the meantime... (Score 1) 329

by rduke15 (#48022561) Attached to: Bash To Require Further Patching, As More Shellshock Holes Found

For this new vulnerabilty, there are no toy-command-checks yet I believe. But in the meantime, try the "Fun Shellshock test with curl" on the NAS boxes in your neighborhood (or anywhere else this Google search points you to).

And note that as a bonus the web server on that NAS already runs as root, so there is no need for a "privilege escalation" vulnerability. Nothing to escalate, you start from the top already.

+ - Enforcing the GPL

Submitted by lrosen
lrosen (220835) writes "I am responding to the article in by Aaron Williamson, "Lawsuit threatens to break new ground on the GPL and software licensing issues."

I want to acknowledge Aaron's main points: This lawsuit challenges certain assumptions about GPLv2 licensing, and it also emphasizes the effects of patents on the FOSS (and commercial) software ecosystem. I also want to acknowledge that I have been consulted as an expert by the plaintiff in this litigation (Ximpleware vs. Versata, et al.) and so some of what I say below they may also say in court.

Let's be open about the facts here. Ximpleware worked diligently over many years to create certain valuable software. The author posted his source code on SourceForge. He offered the software under GPLv2. He also offered that software under commercial licenses. And he sought and received and provided notice of United States patent claims related to that software.

Unbeknownst to Ximpleware, Versata took that GPLv2 software and incorporated it into Versata products – without disclosing that GPLv2 software or in any other way honoring the terms of the GPLv2 license. The reason Ximpleware became aware of that GPLv2 breach is because some months ago Versata and one of its customers, Ameriprise, became embroiled in their own litigation. The breach of GPLv2 came out during discovery.

Ximpleware has terminated that license as to Versata. This is exactly what the Software Freedom Conservancy and others do when confronted by GPL breaches.

That earlier litigation is between two (or more) commercial companies; it is not a FOSS problem. These are mature, sophisticated, profitable companies that have the wherewithal to protect themselves. I know that in my own law practice, whether I represent software vendors or their commercial customers, we typically provide for some level of indemnification. Perhaps Ameriprise and the other customer-defendants can count on Versata defending them against Ximpleware. Such a commercial dispute between big companies – even if it involves the GPLv2 software of a small company and separate indemnification for copyright or patent infringement – is between them alone.

But as to Ximpleware and its GPLv2 copyrighted and patented software, there are a few misunderstandings reflected in Aaron Williamson's article:

1. The notion of "implied patent licensing" has no clear legal precedent in any software licensing. While it is true that goods that one purchases include a patent license under what is known as the "exhaustion doctrine," there is no exhaustion of patented software when copies are made (even though copying of the software itself is authorized by GPLv2). For example, a typical commercial patent license nowadays might include a royalty for each Android phone manufactured and sold. Companies that distribute Android phones and its FOSS software acquire patent licenses so that recipients of their phones are indeed free to use those phones. But that isn't because of some implied patent licenses that come with Android software, but because commercial companies that distribute phones pay for those patent rights, directly or indirectly. I think it is entirely reasonable to require that commercial companies get their patent licenses in writing.

2. Versata's customers who received the (in breach!) GPLv2 software all moved to dismiss Ximpleware's infringement claims against them, pointing to Section 0 of GPLv2, which says that "[t]he act of running the Program is not restricted." What that sentence actually means is just what it says: The GPLv2 copyright grant itself (which is all there is in GPLv2) does not restrict the act of running the program. Nor could it; that is a true statement because running a program is not one of the enumerated copyright rights subject to a copyright license (17 USC 106). The authors of the GPL licenses have themselves made that argument repeatedly: The use of software is simply not a copyright issue.

3. Because there are U.S. patent claims on this Ximpleware software, Section 7 of GPLv2 prohibits its distribution under that license in the United States (or any jurisdictions where patent claims restrict its use). If Ameriprise and the other defendants were outside the U.S. where the Ximpleware patents don't apply, then GPLv2 would indeed be sufficient for that use. But inside the U.S. those customers are not authorized and they cannot rely on an assumed patent grant in GPLv2. Otherwise GPLv2 Section 7 would be an irrelevant provision. Reread it carefully if you doubt this.

The Versata customers certainly cannot depend on an implied patent license received indirectly through a vendor who was in breach of GPLv2 since the beginning – and still is! Versata ignored and failed to disclose to its own customers Ximpleware's patent notices concerning that GPLv2 software, but those patents are nevertheless infringed.

Should we forgive commercial companies who fail to undertake honest compliance with the GPL? Should we forgive their customers who aren't diligent in acquiring their software from diligent vendors?

As Aaron Williamson suggests, we shouldn't ignore the implications of this case. After all, the creator of Ximpleware software made his source code freely available under GPLv2 and posted clear notices to potential commercial customers of his U.S. patents and of his commercial licensing options. Lots of small (and large!) open source commercial companies do that. Although it is ultimately up to the courts to decide this case, from a FOSS point of view Ximpleware is the good guy here!

There is rich detail about this matter that will come out during litigation. Please don't criticize until you understand all the facts.

Lawrence Rosen
Rosenlaw & Einschlag ("

Comment: Re:Derp (Score 1) 168

by rduke15 (#47485809) Attached to: New Mayhem Malware Targets Linux and UNIX-Like Servers

For Europe at least, you can get RIPE IP blocks from their web site or through their RIPEstat Text Service. I use it for one of my servers to get daily lists for one country, and feed it to ipset. Maybe others like ARIN etc. also publish lists? Or you can get GeoIP databases. Or you could try a (Perl) module like IP::Country?

Comment: Subsidies and lobbying (Score 1) 385

Maybe it could theoretically work (or maybe not), but it's irrelevant because almost impossible to do.

The problem is: how do you take away money (subsidies) from those who have a lot of it (partly precisely from subsidies)?

They can spend a lot for lobbying and public relations in general. The industries which would need to receive these subsidies don't have comparable means for their campaigns, and in part these industries don't even exist yet, because the money is lacking to develop them.

In social movements, many poor can force a few rich to pay more.

But industries are different. How do a few poor convince that the money of many very rich industries (which also feed many workers) should go to them?

Comment: Re:How about a home brew dynamic DNS system? (Score 1) 495

by rduke15 (#47358029) Attached to: Microsoft Takes Down Domains

If you already have a server with a static IP, it's pretty easy to configure bind to accept dynamic updates. See for example Set up your own Dynamic DNS.

I set it up like that, and have short scripts on my Linux and Mac notebooks to do the updates when the network comes up. On Linux, it's a short script in /etc/network/if-up.d/. On Mac, it's a script called by a LaunchDeaemon (a .plist file in /Library/LaunchDaemons).

Comment: Proof (with silly statistics) ... (Score 4, Informative) 283

by rduke15 (#47302157) Attached to: Perl Is Undead

Is it dead? Well, some quick scripting can tell us the truth, using Bash and of course Perl.

On my Ubuntu notebook and main machine:

sudo find /etc /bin /sbin /usr/bin /usr/sbin -type f -executable -exec file -b "{}" \; \
| perl -MData::Dumper -nle '
        next unless /script/;
        if ( /(shell|python|ruby|perl|bash)/i ) {
        else {
            warn "Other: $_\n"
        END {
            print Dumper(\%types);


Other: a /usr/bin/make -f script, ASCII text executable
Other: a nickle script, UTF-8 Unicode text executable
Other: awk script, ASCII text executable
$VAR1 = {
                    'perl' => 283,
                    'python' => 104,
                    'bash' => 1,
                    'Ruby' => 3,
                    'ruby' => 9,
                    'shell' => 602

On a server:

Other: a /bin/dash script, ASCII text executable
$VAR1 = {
                    'Python' => 36,
                    'Perl' => 139,
                    'shell' => 267

Looks very much alive. Unless of course, Perl realized what it was calculating and cheated and made it's own numbers up on the fly...

"Mach was the greatest intellectual fraud in the last ten years." "What about X?" "I said `intellectual'." ;login, 9/1990