The second LinuxCon event was held in Boston on August 10-12, preceded by a
number of minisummits. This conference featured a wide variety of speakers
and an enthusiastic audience which filled most sessions to the point of
overflowing. LinuxCon has clearly become the dominant North American Linux
conference. What follows are notes taken by your editor from a number of
the more interesting presentations.
The view from Oracle
Oracle vice president Wim Coekaerts started off the conference with a
keynote talk on how much Oracle likes Linux. The Oracle database was first
ported to Linux in 1998, just barely winning a race with Informix to be the
first commercial database on Linux. The big push started in 2002; now some
20% of Oracle's installed base runs on Linux (as opposed to 27% on
Solaris). Surprisingly enough, Wim's talk did not cover Oracle's lawsuit
which was just about to land on Google and its Android Linux distribution.
Oracle, it seems, has a list of things it would like to see improved with
Linux. Wim pointed out diagnosis tools (tracing and such) as a weak point;
he asked the community to recognize that non-hacker users need to be able
to support Linux in production situations and could benefit from better
tools. Testing was also high on the list; Wim said that nobody is testing
mainline kernels - a claim that was disputed during the kernel panel later
the same day. Oracle runs some
kernel tests of its own, but would like to see more testing done
elsewhere. It would also be nice, he said, if more tests could be added to
the kernel repository itself, and if distributors could stay closer to the
mainline so that testing results would be more relevant to the kernels they
Oracle also wants to see more testing of the full stack; there is a test kit available to help
in this regard.
Wim talked up Oracle's contributions, including work with NFS over IPv6,
the contribution of the reliable datagram protocol implementation,
support for the T10DIF data integrity standard (making Linux the
first platform with that feature), improvements to Xen, and, of course,
btrfs. It was a convincing discussion of how much Oracle likes Linux, but
Oracle's subsequent actions have ensured that any associated warm fuzzy
feelings did not last long.
"Harmony" seems to be a popular choice for controversial projects; your
editor first encountered the name associated with an ill-fated attempt to
replace the (then) non-free Qt toolkit. The latest Project Harmony touches
on another difficult issue: contributor agreements for free software
projects. This project is headed up by Canonical counsel Amanda Brock, who
ran a BOF session about it at LinuxCon.
The core idea behind this Harmony project is that contributor agreements
are a pain. They are seen as a waste of time, they are often unclear and
complicated, and it's not always clear who should be signing them. Those
who do sign these agreements do not always understand what they are
agreeing to. Project
Harmony is trying to make life easier for everybody involved by creating a
set of standardized agreements that everybody understands. These
agreements, we were told, are to be drafted by the Software Freedom Law
Center, so we can hope that the end result will not be too contrary to the
needs of developers.
There will never be a single, one-size-fits-all agreement, of course, so
the standardized version will have a number of options which can be chosen.
The especially controversial issue of copyright assignment will be one of
those options. Others will include the license to be applied to
contributions, indemnification, etc. The idea is to try to cover the
wishes of most projects in a standard way.
It seems that quite a few of the people involved with this project are
opposed to the idea of contributor agreements (or at least certain types
of agreements) in general. They are involved because they realize that
these agreements are not going away and they want to keep an eye on the
process. One reason that the list of participants has not been made public
is that a number of these people do not want to be publicly-associated with
the concept of contributor agreements.
Given that, it's not entirely surprising that Project Harmony seems to be
treading cautiously and trying not to step on anybody's toes. The end
result will not advocate any particular choices, and will avoid calling
into doubt the agreement any agreements that specific projects may be using
Efforts are being made to make the project more transparent; it seems like
it's mostly a matter of placating nervous participants. Stay tuned.
Open medical devices
Karen Sandler has been a lawyer at the Software Freedom Law Center for some
years now. She is also, unfortunately, afflicted with a heart condition
which carries the risk of sudden death; one need not be a lawyer to want to
try to mitigate a risk like that. To that end, she now has an implanted
device which works to ensure that her heart continues to function in a way
which keeps the rest of her body happy and healthy. She is, she says,
"Karen the cyborg."
Being a free-software-minded cyborg, Karen started to wonder about the
software which was about to be implanted into her body. So she went to the
various manufacturers of the type of device she needed, asking about the
software and whether she could see the source. These manufacturers were somewhat
surprised by the request, but wasted no time in turning it down. Karen
would really like to take a look at the software which is attached to her
heart, but she eventually had to give in and accept the implantation of a
In the process, though, she wrote a
paper on software in medical devices for the SFLC. There is, she says,
a real issue here: some 350,000 pacemakers are implanted in the US every
year, and nobody knows anything about the software on them. Or, it seems,
almost nobody knows: some others have already figured out ways to hack
these devices. It seems that a number of them use no encryption or
security in their communications with the world and can conceivably be made
to do unfortunate things.
In general, when the US Food and Drug Administration is considering medical
devices for approval, it does not look at the software at all. The agency
just does not have the time to do that level of research. But the wider
community could look at that code, if it were to be made available.
There should be little harm to the manufacturer in releasing its code - if
the code is good; patients do not choose pacemakers based on which has the
flashiest proprietary code. Like most medical system reforms, this one
looks like an uphill battle, but many of our lives may well depend on its
Web services and freedom
Stormy Peters is the executive director of the GNOME Foundation, which is
concerned with the creation of a free desktop system. Increasingly,
though, she has been looking at issues beyond the desktop, and issues
surrounding web-based services in particular. Unless we're careful, she
says, our use of such services risks giving away much of the freedom that
we have worked so hard to build for ourselves.
A lot of people have made a lot of sacrifices over the years, she says, to
create our free desktops. Many of them did that work because they believe
in freedom. Others, though, worked in this area because they were tired of
the blue screen of death and wanted something a little more reliable. The
providers of web services have successfully taken away the pain of the
BSOD, and, as a result, a lot of us have gotten lazy. We have, Stormy
says, forgotten about freedom. As a result, they are becoming trapped by
systems which compromise their private information, entrap their data, and
may block them out at any time.
That said, people in the community are working on some good initiatives.
She mentioned Firefox
sync as one example: there are two passwords involved and all data is
encrypted so that Mozilla cannot look at (or disclose) it. Also mentioned
were identi.ca and the Tomboy online effort.
There are things we should bear in mind when evaluating an online service.
One is data: how do you delete it, and what happens to it? Then there's
the issue of backups: users should always have a data backup under their
control in case
they get shut out of the service. We should, Stormy says, create services
which make the creation of backups easy. Lock-in is another issue: how
easy is it to move to a competing service? And, finally, is licensing;
Stormy is a fan of the Affero GPL, which requires that the source for the
service be available.
As free software developers, we should make sure that our software
integrates well with online services, and we should be working toward the
creation of truly free services. We also need to solve the problem of
hosting for these services; she mentioned the Gobby collaborative editor, which,
she says, is a great tool with no hosting available. We need better APIs
for service integration; Grilo
and libgdata were mentioned in
this context. And, of course, we need web-aware desktop applications.
All told, it's a tall order, but it's one we have to face up to if we care
about our freedom.
to post comments)