A few LinuxCon moments

The second LinuxCon event was held in Boston on August 10-12, preceded by a number of minisummits. This conference featured a wide variety of speakers and an enthusiastic audience which filled most sessions to the point of overflowing. LinuxCon has clearly become the dominant North American Linux conference. What follows are notes taken by your editor from a number of the more interesting presentations.

The view from Oracle

Oracle vice president Wim Coekaerts started off the conference with a keynote talk on how much Oracle likes Linux. The Oracle database was first ported to Linux in 1998, just barely winning a race with Informix to be the first commercial database on Linux. The big push started in 2002; now some 20% of Oracle's installed base runs on Linux (as opposed to 27% on Solaris). Surprisingly enough, Wim's talk did not cover Oracle's lawsuit which was just about to land on Google and its Android Linux distribution.

Oracle, it seems, has a list of things it would like to see improved with Linux. Wim pointed out diagnosis tools (tracing and such) as a weak point; he asked the community to recognize that non-hacker users need to be able to support Linux in production situations and could benefit from better tools. Testing was also high on the list; Wim said that nobody is testing mainline kernels - a claim that was disputed during the kernel panel later the same day. Oracle runs some kernel tests of its own, but would like to see more testing done elsewhere. It would also be nice, he said, if more tests could be added to the kernel repository itself, and if distributors could stay closer to the mainline so that testing results would be more relevant to the kernels they ship.

Oracle also wants to see more testing of the full stack; there is a test kit available to help in this regard.

Wim talked up Oracle's contributions, including work with NFS over IPv6, the contribution of the reliable datagram protocol implementation, support for the T10DIF data integrity standard (making Linux the first platform with that feature), improvements to Xen, and, of course, btrfs. It was a convincing discussion of how much Oracle likes Linux, but Oracle's subsequent actions have ensured that any associated warm fuzzy feelings did not last long.

Project Harmony

"Harmony" seems to be a popular choice for controversial projects; your editor first encountered the name associated with an ill-fated attempt to replace the (then) non-free Qt toolkit. The latest Project Harmony touches on another difficult issue: contributor agreements for free software projects. This project is headed up by Canonical counsel Amanda Brock, who ran a BOF session about it at LinuxCon.

The core idea behind this Harmony project is that contributor agreements are a pain. They are seen as a waste of time, they are often unclear and complicated, and it's not always clear who should be signing them. Those who do sign these agreements do not always understand what they are agreeing to. Project Harmony is trying to make life easier for everybody involved by creating a set of standardized agreements that everybody understands. These agreements, we were told, are to be drafted by the Software Freedom Law Center, so we can hope that the end result will not be too contrary to the needs of developers.

There will never be a single, one-size-fits-all agreement, of course, so the standardized version will have a number of options which can be chosen. The especially controversial issue of copyright assignment will be one of those options. Others will include the license to be applied to contributions, indemnification, etc. The idea is to try to cover the wishes of most projects in a standard way.

It seems that quite a few of the people involved with this project are opposed to the idea of contributor agreements (or at least certain types of agreements) in general. They are involved because they realize that these agreements are not going away and they want to keep an eye on the process. One reason that the list of participants has not been made public is that a number of these people do not want to be publicly-associated with the concept of contributor agreements.

Given that, it's not entirely surprising that Project Harmony seems to be treading cautiously and trying not to step on anybody's toes. The end result will not advocate any particular choices, and will avoid calling into doubt the agreement any agreements that specific projects may be using now.

Efforts are being made to make the project more transparent; it seems like it's mostly a matter of placating nervous participants. Stay tuned.

Open medical devices

Karen Sandler has been a lawyer at the Software Freedom Law Center for some years now. She is also, unfortunately, afflicted with a heart condition which carries the risk of sudden death; one need not be a lawyer to want to try to mitigate a risk like that. To that end, she now has an implanted device which works to ensure that her heart continues to function in a way which keeps the rest of her body happy and healthy. She is, she says, "Karen the cyborg."

Being a free-software-minded cyborg, Karen started to wonder about the software which was about to be implanted into her body. So she went to the various manufacturers of the type of device she needed, asking about the software and whether she could see the source. These manufacturers were somewhat surprised by the request, but wasted no time in turning it down. Karen would really like to take a look at the software which is attached to her heart, but she eventually had to give in and accept the implantation of a closed-source device.

In the process, though, she wrote a paper on software in medical devices for the SFLC. There is, she says, a real issue here: some 350,000 pacemakers are implanted in the US every year, and nobody knows anything about the software on them. Or, it seems, almost nobody knows: some others have already figured out ways to hack these devices. It seems that a number of them use no encryption or security in their communications with the world and can conceivably be made to do unfortunate things.

In general, when the US Food and Drug Administration is considering medical devices for approval, it does not look at the software at all. The agency just does not have the time to do that level of research. But the wider community could look at that code, if it were to be made available. There should be little harm to the manufacturer in releasing its code - if the code is good; patients do not choose pacemakers based on which has the flashiest proprietary code. Like most medical system reforms, this one looks like an uphill battle, but many of our lives may well depend on its outcome.

Web services and freedom

Stormy Peters is the executive director of the GNOME Foundation, which is concerned with the creation of a free desktop system. Increasingly, though, she has been looking at issues beyond the desktop, and issues surrounding web-based services in particular. Unless we're careful, she says, our use of such services risks giving away much of the freedom that we have worked so hard to build for ourselves.

A lot of people have made a lot of sacrifices over the years, she says, to create our free desktops. Many of them did that work because they believe in freedom. Others, though, worked in this area because they were tired of the blue screen of death and wanted something a little more reliable. The providers of web services have successfully taken away the pain of the BSOD, and, as a result, a lot of us have gotten lazy. We have, Stormy says, forgotten about freedom. As a result, they are becoming trapped by systems which compromise their private information, entrap their data, and may block them out at any time.

That said, people in the community are working on some good initiatives. She mentioned Firefox sync as one example: there are two passwords involved and all data is encrypted so that Mozilla cannot look at (or disclose) it. Also mentioned were identi.ca and the Tomboy online effort.

There are things we should bear in mind when evaluating an online service. One is data: how do you delete it, and what happens to it? Then there's the issue of backups: users should always have a data backup under their control in case they get shut out of the service. We should, Stormy says, create services which make the creation of backups easy. Lock-in is another issue: how easy is it to move to a competing service? And, finally, is licensing; Stormy is a fan of the Affero GPL, which requires that the source for the service be available.

As free software developers, we should make sure that our software integrates well with online services, and we should be working toward the creation of truly free services. We also need to solve the problem of hosting for these services; she mentioned the Gobby collaborative editor, which, she says, is a great tool with no hosting available. We need better APIs for service integration; Grilo and libgdata were mentioned in this context. And, of course, we need web-aware desktop applications.

All told, it's a tall order, but it's one we have to face up to if we care about our freedom.

---

(Log in to post comments)