Leading items

Happenings on the DMCA front

It has been a busy week for those who watch the Digital Millennium Copyright Act and its effects. Here's a quick summary of what has been happening.

Every three years, the Librarian of Congress must consider applications for exemptions to the DMCA's anti-circumvention provisions. The decisions for this cycle have just been posted; they may be downloaded in PDF format. Four applications were granted this time:

1. Compilations consisting of lists of Internet locations blocked by commercially marketed filtering software applications... Interestingly, the exemption explicitly does not extend to anti-spam blacklists.

2. Computer programs protected by dongles that prevent access due to malfunction or damage and which are obsolete.

3. Computer programs and video games distributed in formats that have become obsolete and which require the original media or hardware as a condition of access.

4. Literary works distributed in ebook format when all existing ebook editions of the work ... contain access controls that prevent the enabling of the ebook's read-aloud function and that prevent the enabling of screen readers to render the text into a specialized format.

Many other proposals were turned down. As Ed Felten notes, "My own exemption request, asking for exemptions for information security researchers, was denied as expected." Blanket exemptions for (otherwise) non-infringing uses, or for fair use were turned down as not properly specifying which works should be exempted. A requested exemption for making backup copies of DVDs went down because it did not show, to the Librarian's satisfaction, that DVDs are fragile or that making a backup copy is a noninfringing use.

Static Control Components has been engaged in a DMCA fight with Lexmark over printer cartridges. SCC makes toner cartridges which work in Lexmark's printers; Lexmark has made the claim that SCC's products, by circumventing a printer "feature" that causes it to not function with cartridges manufactured by others, violate the DMCA. As part of its fight, SCC asked for an exemption specific to printers that would make its products unambiguously legal. The proposed exemption was turned down because, according to the Librarian, the existing interoperability exemption covers this case. Thus, in losing its exemption, SCC appears to have won its case with Lexmark; the company lost no time in issuing a press release to that effect.

Speaking of press releases, 321 Studios, a company which sells a DVD-copying program, has announced that it will be appealing the ruling on the making of backup copies of DVDs.

Finally, there is a growing case involving numerous people - mostly college students in the U.S. - who are fighting DMCA takedown notices from Diebold Election Systems. Diebold is a manufacturer of computerized voting machines. These students came into possession of some internal Diebold correspondence which shows a distressingly cavalier attitude toward the accuracy of election votes and the integrity of the election process in general. Diebold, rather than facing up to its problems, is simply trying to suppress the incriminating memos. For those who understand the net, the results of this effort have been entirely predictable: copies of the correspondence have now been distributed worldwide. The organizers of this effort are calling for help, however, in the form of additional mirrors and publicity. This effort deserves support; transparent and accurate management of elections is too important to be pushed aside by the DMCA.

Comments (6 posted)

A look at Fedora Core 1

With the first stable release of the Fedora Core scheduled for early next week, we thought we'd take a look at the final test release to see what users could expect from Fedora.

This release ("Severn") looks and feels like recent Red Hat releases, which is not entirely surprising. The default desktop is still GNOME with Metacity as the window manager. For the most part, if you're familiar with the Red Hat 9 release, Fedora will contain few surprises. The installation procedure is mostly the same as Red Hat 9, though users now have a few additional install options. Fedora 0.95 includes the ability to perform a graphical install via FTP, HTTP and the ability to perform an install via VNC.

We installed the Severn release on two machines to see how well it fared. On one machine we installed the "Server" package set, and performed a "Custom" install on the second machine. The entire install took less than thirty minutes on an Athlon 2600+ XP machine with 1 GB of RAM, and about forty-five minutes on an Athlon 1GHz machine with 1 GB of RAM.

The only real glitch we encountered was that Severn had a little trouble setting up the Matrox G450 dual-head video card. Though it offered the option of performing a dual-head setup that spanned both monitors, it kept producing a cloned display. A quick hand-edit of our XF86Config file solved the problem.

The firewall configuration during installation is somewhat simpler than the configuration that was present in Red Hat 9. Red Hat 9 offered "High," "Medium," and "No Firewall." The option with Fedora is to turn the firewall on or off. The user is also able to specify specific ports that should be passed through the firewall. The installer offers the options of passing through SSH, HTTP, FTP, Telnet, SMTP or specifying their own protocol that can be passed through.

Though it's a small thing, one also notices a difference in attitude during the installation. Instead of seeing Red Hat promotions during the install, the user is told that Fedora has a new graphical boot feature ("Who understood all that text scrolling by anyway?") and is encouraged to sign up for Fedora user and developer lists ("Hey! It's better than spam!").

There is a full list of packages for Severn test 3 release here. It may change slightly for the final release. Most of the packages have been updated since Red Hat 9, of course, but the package list hasn't changed that much.

One new inclusion in Fedora is Yum, an APT-like package installer/updater. Yum is not installed by default, but it is included on the Severn CDs. Yum has a command set similar to apt-get. One striking difference, however, is when using "yum check-update" to retrieve information on changed packages. The apt-get update command simply retrieves an index file for each package repository, which is fairly fast. Yum, on the other hand, retrieves RPM header information for every installed RPM, which can be very time-consuming.

Some packages have not made the cut from Red Hat 9 to Fedora. The LPRng print system is no longer supported or included with Fedora. CUPS is now the official, and only, print spooler for Red Hat/Fedora systems. According to the Fedora 0.95 release notes, LPRng will be replaced by CUPS even if the user decides to upgrade an existing Red Hat system with Fedora. Galeon is out, replaced by Epiphany. Users no longer have the option of using the LILO bootloader. Pine has been kicked due to licensing issues and "long-term maintenance concerns." Zebra has been replaced by the Quagga Routing Suite, and Tripwire has been removed as well.

Another interesting change is the inclusion of the Native POSIX Thread Library (NPTL). The Severn release ships with a 2.4.22 kernel with NPTL replacing the user-space LinuxThreads implementation. This means that some applications, notably Sun's Java Runtime Environment (JRE) prior to 1.4.1 and IBM's JRE will have issues. For applications that need the old implementation, there is a workaround described in the release notes.

The Fedora kernel also includes "exec shield," a kernel patch that we covered last May. By default exec shield is turned on for programs that are "marked" for this functionality. For the Fedora release, this pretty much means that the program needs to have been built with the Fedora toolchain.

Fedora Core 1 is still very much a Red Hat product, even if the "Red Hat Linux" name has been filed off. There has not, as yet, been time for a true development community to form; traffic on the Fedora mailing lists is tiny relative to those of, say, Debian or Mandrake's Cooker. So it is hard to guess what Fedora will look like in the future. But, if Fedora 0.95 is any indication, the first "stable" release looks to be shaping up well. If all goes as planned, Fedora Core 1.0 will be released on Monday, November 3.

Comments (17 posted)

SCO responds to IBM's counterclaims

The SCO Group has filed its response to IBM's counterclaims; the full text may be found in PDF format. Since this document is structured as a set of direct responses to the claims made by IBM, much of what's there must be read in the context of IBM's amended filing to make sense. SCO's responses come down to a relatively small set of points, however, which we will examine here.

One area of dispute has to do with exactly what rights were bought from Novell in 1995. Novell claims the right to veto some of SCO's actions, such as the yanking of IBM's AIX license. SCO disputes that claim. Without access to the actual agreement between the two companies, it is impossible to come to any conclusion here; this will be a job for the court.

IBM's claim #16 reads:

This would seem like a relatively uncontroversial thing for IBM to say. Even SCO, in the end, has embarked on all this litigation because Linux has become "the operating system of choice" for many of its former customers. Here's SCO's response, however:

This is, of course, the company that made a go at developing and selling Linux for years, even after it obtained its rights, whatever they may be to the Unix code base.

Much of SCO's response, however, is aimed in a different direction: SCO is, once again, claiming that the GPL is not an enforceable license. Thus, for example, when IBM claims:

SCO responds with:

In other words, according to SCO, those who write code are not entitled to attach a license to it, and even if they were, the GPL is not a valid license. This anti-GPL rhetoric reaches its peak in the "affirmative defenses" at the end of the filing:

The counterclaims offer no evidence for any of the above claims; they are simply put out there to stand on their own. The first claim will, eventually, depend on what a court finds, but many are confident that the GPL will hold up just fine. The second is ridiculous; whether or not the FSF is selective in its enforcement of the GPL has no relevance to how IBM enforces its own copyright rights. Bringing the Constitution and antitrust law into it (with the third claim) is new, but SCO's previous reasoning on the GPL and copyright law has been humorous at best.

In other details, SCO denies that its "letter to Linux users" threatened any sort of litigation. Strangely enough, SCO has removed that letter from its web site, making it harder for anybody who might want to check for themselves. Happily, this SCO v. IBM site has kept a copy handy.

SCO also goes to some lengths to try to fight off IBM's patent claims. The response even alleges that IBM might not own the patents at all.

Most of the defenses seem like a sideshow, however, compared to SCO's sustained attacks on the GPL. Clearly, the company sees the GPL as an obstacle that must be overcome. Just why SCO is so eager to see the GPL defeated is still not entirely clear, however. Perhaps the company simply wishes to destroy the Linux ecology outright so that there might yet be room for its outmoded, failing proprietary offerings. Or perhaps SCO is trying to find a way that it can apply a tax to all Linux shipments. Or maybe it is all a simply set of delay and FUD tactics while the real goal is pursued elsewhere. Given that we are facing a concerted attack on one of the pillars of the free software community - an attack now funded with another $50 million in investment money - it is proper to be concerned. Unless the attackers can come up with some better arguments, however, the GPL looks set to stand for a long time yet.

Comments (25 posted)

Page editor: Jonathan Corbet
Next page: Security>>