It has been a busy week for those who watch the Digital Millennium
Copyright Act and its effects. Here's a quick summary of what has been
Every three years, the Librarian of Congress must consider applications for
exemptions to the DMCA's anti-circumvention provisions. The decisions for
this cycle have just been posted; they may be downloaded in PDF
format. Four applications were granted this time:
- Compilations consisting of lists of Internet locations blocked
by commercially marketed filtering software applications...
Interestingly, the exemption explicitly does not extend to anti-spam
- Computer programs protected by dongles that prevent access due to
malfunction or damage and which are obsolete.
- Computer programs and video games distributed in formats that have
become obsolete and which require the original media or hardware as a
condition of access.
- Literary works distributed in ebook format when all existing ebook
editions of the work ... contain access controls that prevent the
enabling of the ebook's read-aloud function and that prevent the
enabling of screen readers to render the text into a specialized
Many other proposals were turned down. As Ed Felten notes,
"My own exemption request, asking for exemptions for information
security researchers, was denied as expected." Blanket exemptions
for (otherwise) non-infringing uses, or for fair use were turned down as
not properly specifying which works should be exempted. A requested
exemption for making backup copies of DVDs went down because it did not
show, to the Librarian's satisfaction, that DVDs are fragile or that making
a backup copy is a noninfringing use.
Static Control Components has been engaged in a DMCA fight with Lexmark
over printer cartridges. SCC makes toner cartridges which work in
Lexmark's printers; Lexmark has made the claim that SCC's products, by
circumventing a printer "feature" that causes it to not function with
cartridges manufactured by others, violate the DMCA. As part of its fight,
SCC asked for an exemption specific to printers that would make its
products unambiguously legal. The proposed exemption was turned down
because, according to the Librarian, the existing interoperability
exemption covers this case. Thus, in losing its exemption, SCC appears to
have won its case with Lexmark; the company lost no time in issuing
a press release to that effect.
Speaking of press releases, 321 Studios, a company which sells a
DVD-copying program, has announced
that it will be appealing the ruling on the making of backup copies of
Finally, there is a growing case involving numerous people - mostly college
students in the U.S. - who are fighting DMCA takedown notices from Diebold
Election Systems. Diebold is a manufacturer of computerized voting
machines. These students came into possession of some internal
Diebold correspondence which shows a distressingly cavalier attitude toward
the accuracy of election votes and the integrity of the election process in
general. Diebold, rather than facing up to its problems, is simply trying
to suppress the incriminating memos. For those who understand the net, the
results of this effort have been entirely predictable: copies of the
correspondence have now been distributed worldwide. The organizers of this
effort are calling for help, however, in the
form of additional mirrors and publicity. This effort deserves support;
transparent and accurate management of elections is too important to be
pushed aside by the DMCA.
Comments (6 posted)
With the first stable release of the Fedora Core scheduled for early next week,
we thought we'd take a look at the final test
see what users could expect from Fedora.
This release ("Severn") looks and feels like recent Red Hat releases, which
entirely surprising. The default desktop is still GNOME with Metacity as
the window manager.
For the most part, if you're familiar with the Red Hat 9 release, Fedora
will contain few surprises. The installation procedure is mostly the
same as Red Hat 9, though users now have a few
additional install options. Fedora 0.95 includes the ability
to perform a graphical install via FTP, HTTP and the ability to perform
an install via VNC.
We installed the Severn release on two machines to see how well it
fared. On one machine we installed the "Server" package set, and
performed a "Custom" install on the second machine. The entire install
took less than thirty minutes on an Athlon 2600+ XP machine with 1 GB of
RAM, and about forty-five minutes on an Athlon 1GHz machine with 1 GB
The only real glitch we encountered was that Severn had a little trouble
setting up the Matrox G450 dual-head video card. Though it offered the
option of performing a dual-head setup that spanned both monitors, it
kept producing a cloned display. A quick hand-edit of our XF86Config
file solved the problem.
The firewall configuration during installation is somewhat simpler than
the configuration that was present in Red Hat 9. Red Hat 9 offered
"High," "Medium," and "No Firewall." The option with Fedora is to turn
the firewall on or off. The user is also able to specify specific ports
that should be passed through the firewall. The installer offers the
options of passing through SSH, HTTP, FTP, Telnet, SMTP or specifying
their own protocol that can be passed through.
Though it's a small thing, one also notices a difference in attitude
during the installation. Instead of seeing Red Hat promotions during the
install, the user is told that Fedora has a new graphical boot feature
("Who understood all that text scrolling by anyway?") and is encouraged
to sign up for Fedora user and developer lists ("Hey! It's better than
There is a full list of packages for Severn test 3 release here. It may
change slightly for the final release. Most of the packages have been
updated since Red
Hat 9, of course, but the package list hasn't changed that much.
One new inclusion in Fedora is Yum, an APT-like package
installer/updater. Yum is not installed by default,
but it is included on the Severn CDs.
Yum has a command set similar to apt-get. One striking difference,
however, is when using "yum check-update" to retrieve information on
changed packages. The apt-get update command simply retrieves an index
file for each package repository, which is fairly fast. Yum, on the
other hand, retrieves RPM header information for every installed RPM,
which can be very time-consuming.
Some packages have not made the cut from Red Hat 9 to Fedora. The LPRng
print system is no longer supported or included with Fedora. CUPS is now
the official, and only, print spooler for Red Hat/Fedora systems.
According to the Fedora 0.95 release notes, LPRng will be replaced
by CUPS even if the user decides to upgrade an existing Red Hat system with
Galeon is out, replaced by Epiphany. Users no longer have the option of
using the LILO bootloader. Pine has been kicked due to licensing issues
and "long-term maintenance concerns." Zebra has been replaced by the Quagga Routing Suite, and Tripwire has
been removed as well.
Another interesting change is the inclusion of the Native POSIX Thread Library
(NPTL). The Severn release ships with a 2.4.22 kernel with NPTL
replacing the user-space LinuxThreads implementation. This means that some
applications, notably Sun's Java Runtime Environment (JRE) prior to
1.4.1 and IBM's JRE will have issues. For applications that need the old
implementation, there is a workaround described in the release notes.
The Fedora kernel also includes "exec shield," a kernel patch that we
covered last May. By
default exec shield is turned on for programs that are "marked" for this
functionality. For the Fedora release, this pretty much means that the
program needs to have been built with the Fedora toolchain.
Fedora Core 1 is still very much a Red Hat product, even if the "Red Hat
Linux" name has been filed off. There has not, as yet, been time for a
true development community to form; traffic on the Fedora mailing lists is
tiny relative to those of, say, Debian or Mandrake's Cooker. So it is hard
to guess what Fedora will look like in the future.
But, if Fedora 0.95 is any indication, the first "stable"
release looks to be shaping up well. If all goes as planned,
Fedora Core 1.0 will be released on Monday, November 3.
Comments (17 posted)
The SCO Group has filed its response to IBM's counterclaims; the full text may be
. Since this document is structured as a set of direct
responses to the claims made by IBM, much of what's there must be read in
the context of IBM's
to make sense.
SCO's responses come down to a relatively small set of points, however,
which we will examine here.
One area of dispute has to do with exactly what rights were bought from
Novell in 1995. Novell claims the right to veto some of SCO's actions,
such as the yanking of IBM's AIX license. SCO disputes that claim.
Without access to the actual agreement between the two companies, it is
impossible to come to any conclusion here; this will be a job for the
IBM's claim #16 reads:
16. Linux is an operating system that stems from a rich history of
collaborative development. Linux is a dynamic and versatile
operating system and is, for many, the operating system of choice.
This would seem like a relatively uncontroversial thing for IBM to say.
Even SCO, in the end, has embarked on all this litigation because Linux has
become "the operating system of choice" for many of its former customers.
Here's SCO's response, however:
16. Denies the allegations of ¶16 and alleges that Linux is,
in actuality, an unauthorized version of Unix that is structured,
assembled, and designed to be technologically indistinguishable
from Unix, and practically is distinguishable only in that Linux is
a "free" version of Unix designed to destroy proprietary operating
This is, of course, the company that made a go at developing and selling
Linux for years, even after it obtained its rights, whatever they may be to
the Unix code base.
Much of SCO's response, however, is aimed in a different direction: SCO is,
once again, claiming that the GPL is not an enforceable license. Thus, for
example, when IBM claims:
25. Whereas the licenses for most software are programs designed
to limit or restrict a licensee's freedom to share and change
it, the GPL is intended to guarantee a licensee's freedom to
share and change free software--to make sure the software is
free for all its users. The GPL applies to any program whose
authors commit to using it.
SCO responds with:
25. Admits that the GPL purports to guarantee the right to freely
share and change free software, but denies that the GPL
applies to any program whose authors commit to using it,
denies enforceability or applicability of the GPL, and is
without information sufficient to admit or deny the remaining
allegations of ¶25 not specifically admitted herein, and
therefore denies the same.
In other words, according to SCO, those who write code are not entitled to
attach a license to it, and even if they were, the GPL is not a valid
This anti-GPL rhetoric reaches its peak in the "affirmative defenses" at the
end of the filing:
- The General Public License ("GPL") is unenforceable, void
and/or voidable, and IBM's claims based thereon or related thereto
- The GPL is selectively enforced by the Free Software
Foundation such that the enforcement of the GPL by IBM or others is
waived, estopped, or otherwise barred as a matter of equity.
- The GPL violates the U.S. Constitution, together with
copyright, antitrust, and export control laws, and IBM's claims
based thereon, or related thereto, are barred.
The counterclaims offer no evidence for any of the above claims; they are
simply put out there to stand on their own. The first claim will,
eventually, depend on what a court finds, but many are confident that the
GPL will hold up just fine. The second is ridiculous; whether or not the
FSF is selective in its enforcement of the GPL has no relevance to
how IBM enforces its own copyright rights. Bringing the Constitution and
antitrust law into
it (with the third claim) is new, but SCO's previous reasoning on the GPL
and copyright law has been humorous at best.
In other details, SCO denies that its "letter to Linux users" threatened
any sort of litigation. Strangely enough, SCO has removed that letter from
its web site, making it harder for anybody who might want to check for
themselves. Happily, this SCO v. IBM
site has kept a
SCO also goes to some lengths to try to fight off IBM's patent claims. The
response even alleges that IBM might not own the patents at all.
Most of the defenses seem like a sideshow, however, compared to SCO's
sustained attacks on the GPL. Clearly, the company sees the GPL as an
obstacle that must be overcome. Just why SCO is so eager to see the GPL
defeated is still not entirely clear, however. Perhaps the company simply
wishes to destroy the Linux ecology outright so that there might yet be
room for its outmoded, failing proprietary offerings. Or perhaps SCO is
trying to find a way that it can apply a tax to all Linux shipments. Or
maybe it is all a simply set of delay and FUD tactics while the real goal
is pursued elsewhere. Given that we are facing a concerted attack on one
of the pillars of the free software community - an attack now funded with
another $50 million in investment money - it is proper to be
concerned. Unless the attackers can come up with some better arguments,
however, the GPL looks set to stand for a long time yet.
Comments (25 posted)
Page editor: Jonathan Corbet
Next page: Security>>