LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

LWN Weekly Edition

Front page
Security
Kernel development
Distributions
Development
Linux in Business
Linux in the news
Announcements
->One big page

 

This page

Previous week
Following week

Recent Features

Interview: Kristen Carlson Accardi

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

LWN.net Weekly Edition for August 1, 2002

Is it really The End?

Last week, we stated that, due to lack of anything even close to the amount of money needed to pay the LWN staff, the publication of the LWN.net Weekly Edition would end on August 1. Since then, quite a few things have happened, including:

  • We had honestly thought that donations would drop to zero (they were already close) once the announcement went out. Instead, they shot through the ceiling; as of this writing, we have received over $25,000 in new donations and advertising! Many came with notes saying "back payment for the last four years," or "use this to throw a big party."

    It is still difficult to express our surprise and gratitude for this unbelievable show of generosity on the part of our readers. You people are the best.

  • A number of companies, or people with contacts in companies, have approached us with the possibility of some sort of sponsorship for LWN. Many of these contacts, frankly, were self-serving and would turn LWN into something that would be rather less appealing to our readers. But a few seem serious. It will take some time, however, before we know if there is any funding to be had in that direction or not.

These developments have caused us to rethink our plans in a way we honestly had not expected. Here is a summary of where we are at.

$25,000 is a nice pile of cash for a little company to have in the bank, but it is important to keep in mind that it is not enough to keep us going for all that long. Running LWN currently involves five people (Jonathan Corbet: front and Kernel pages, site code, "executive editor"; Forrest Cook: Development and Press pages, system administration; Rebecca Sobol: Distributions and Commerce pages; Dennis Tenney: Security page and corporate bureaucracy; Dave Whitinger: business development, ad sales and delivery), all of whom are experienced software engineers. These people have children and mortgages, and most work full time producing LWN. They can not be expected to do it for free, even though that is exactly what they have been doing for some months now.

So the LWN staff needs things like salaries and health insurance. A minimal amount of money to provide these for the current staff is about $15,000 per month - and that level will still likely lead to loss of staff eventually. But it is a starting figure to aim for.

All of our estimates on possible subscription revenue fell far below that amount. The numbers came out of gnumeric, after all, they had to be true... and besides, none of our projected numbers have ever turned out to be too conservative in the past. It was on this basis that we decided it was time to pull the plug.

From the donations and feedback we have gotten, we have concluded that maybe our numbers were a little too conservative, that maybe subscriptions could bring in more than we thought. As a result, we are now thinking through plans for the implementation of a subscription-based LWN. Here, in bullet form, is the core of what we are thinking:

  • Initially, the Weekly Edition would be the content that lives behind the subscription gate. Subscribers would have immediate access to the Weekly Edition when it comes out Wednesday evening; free access would be opened up later, perhaps the following Monday. We would, however, immediately start work on expanding the content available to subscribers; we have a lot of fun ideas for things we could do.

  • The rest of our current content, including the "daily updates" which now make up the front page, would remain free.

  • Certain other new features would be available to subscribers only. At the top of the list is the long-requested email delivery option for the Weekly Edition. Content in PDF format and perhaps even an option for delivery of a print version, are on the list, though they would have to come later. We are also considering setting aside a percentage of our text ad exposures for subscribers who have something to broadcast.

  • We are still working on pricing. People who have donated to LWN would be able to use their donation to obtain a subscription.

The decision to go to subscriptions is hard; restricted content is a difficult fit in the world of free software. We will certainly lose a great many readers by imposing subscriptions. But...if we go off the air, we lose all of our readers. It is also still not clear to us that subscriptions are sufficient to cover our costs. The thinking at the moment is that some sort of stable base of (presumably corporate) sponsorship will be required, along with whatever advertising revenue we can come up with. Without that base, it will be hard for us to proceed.

The end result is that we are going to take next week away from the production of LWN to think long and hard about what we are going to do, to pursue sponsorship contacts, and to hack madly on the site code to actually implement a subscription scheme. The LWN Weekly Edition will not be published next week, though a subset may be available. At the end of the week, we hope to have a plan in place that will let us move forward, and which will stop trying the patience of our many loyal readers who have been waiting for us to get our act together.

Thank you all for your overwhelming support.

Comments (65 posted)

A 'Statement of Assurance' on SELinux patents

The June 13, 2002 LWN Weekly Edition looked at the "type enforcement" patents held by Secure Computing Corporation, and how those patents could threaten the distribution and use of the NSA SELinux distribution. Now SCC has issued a new statement with regard to those patents:

...it is the policy of Secure Computing to retain and enforce its rights in all of its patents and other intellectual property. In this case, we have decided to make an exception to that policy, and to support the reasonable expectations of the open source community

SCC has also posted on its website a "statement of assurance" (in PDF format) with the details of its policy toward SELinux. This statement is worth a close look; many users may find it rather less than assuring.

Here is the core of what SCC promises:

Subject to the limitations described in this Statement of Assurance, Secure Computing will not assert the Subject Patent Rights with respect to any use, modification, or distribution of SELinux software that is permitted by, and is in compliance with, the terms and conditions of Version 2 of the GNU General Public License.

In case that isn't clear enough, consider this other paragraph from the Statement:

No license is granted in this Statement of Assurance with respect to the Subject Patents, or any other patent or other intellectual property right, or software or other product.

Other companies which have tried to make software patents work with free software (i.e. FSMLabs, Red Hat) have licensed the patent(s) for the uses they permit. SCC has done no such thing; they just say they won't come after you if you meet the requirements. You're still legally infringing the patent, SCC just agrees to look the other way.

If you were thinking about using SELinux in a product, or as part of a larger service offering, you should already be pretty nervous about a "statement of assurance" that does not actually grant the right to use the relevant patents. There is more, though. For example:

Secure Computing reserves the right to assert the Subject Patent Rights with respect to VPN gateways, perimeter and distributed firewalls, URL filtering, authentication and authorization for applications, hosts, and devices, and other products, features and functions that are beyond the scope of the Assurance. The use or distribution of such products, features, or functions with SELinux will not make the Assurance applicable to them.

Translated into English, this phrase is telling us that the "statement of assurance" only applies if you're not actually doing anything related to security. Or anything else, for that matter: what Linux system doesn't handle "authorization for devices"?

There are a few other details that jump out when one reads this "statement of assurance":

  • It only applies to SELinux; no other free software may use the patents. Neither can "software that merely interoperates with SELinux." The obvious next question is: what, exactly, is SELinux, and what "merely interoperates" with SELinux? Just about any application could be excluded by this language.

  • SCC reserves the right to sell its patents to somebody else without requiring them to uphold what few guarantees this statement provides. When SCC gets tired of SELinux, it need only sell the patents to a subsidiary and it's all over.

  • SCC states that it may have "other patents," and that those patents are not covered by the statement.

And, of course, if you still feel that this statement is sufficiently assuring, bear in mind that it's not a contract, it's just another transient promise hosted on a web site. SCC's previous web-hosted statement, remember, was:

We plan to provide the security enhancements made to Linux under this project to the community without restriction in full compliance with the letter and spirit of the GPL.... There will be no restrictions on the use of TE [type enforcement] by the Linux open source community. We believe that leveraging the resources of the Linux community is the best way to develop robust security for Linux.

That promise vanished from SCC's site in June, though it can still be found via the web archive project; it has been replaced by something that, by any account, is not "without restriction." What reason is there for anybody to believe that this "statement of assurance" will be any less ephemeral?

It seems that SCC is trying to create the appearance of working with the free software community without actually giving anything away. Instead, the company has used U.S. taxpayer's money to embed its own proprietary technology into what was a free system. SELinux brought a lot of energy to the secure Linux development process; among other things, it was one of the driving forces behind the development of the Linux Security Module patches, which are currently being integrated into the 2.5 kernel. SELinux itself, however, will have a hard time recovering from its patent problems. The secure Linux that we use in the future may have to based on some other technology.

Comments (5 posted)

No letters to the editor

We did not receive much in the way of letters to the editor this week, so there is no letters page. We did, however, get a great deal of reader feedback, much of which is well worth reading. It can be found in the comments to last week's "The End" announcement, and our first and second updates posted over the last week.

Comments (3 posted)

Page editor: Jonathan Corbet

Inside this week's LWN.net Weekly Edition

  • Security: Security warning draws DMCA threat; Firewall circumvention with Mozilla; HylaFAX 4.1.3 fixes multiple vulnerabilities
  • Kernel: The new asynchronous I/O core; organizing the kernel ABI
  • Distributions: Distribution news for August 1, 2002
  • Development: Valgrind memory debugger, Koha 1.2.2, KDE Usability study, GnomeICU 0.98.3, GCC 3.1.1, Objective Caml 3.05, Blackdown Java 2 v1.4.1-beta, GNU CLISP 2.29, OProfile 0.3.
  • Commerce: News from the Linux Professional Institute
  • Press: DRM is Theft, IP and Copyright issues, Real uses Ogg, Veritas expands Linux line, OfB Open Choice Awards 2002.
  • Announcements: Singapore Linux Conf CFP, Gnome summit and OSCON coverage, LUG Support Program, Open Source Education Foundation goes tax-exempt.
Next page: Security>>

Copyright © 2002, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.