LWN.net Weekly Edition for February 2, 2006

Linux in Italian schools - five months later

Back in September, LWN ran an article about the FUSS project, which converted the entire computing infrastructure for the Italian-speaking schools of Bolzano, Italy to Linux. When that article was written, the FUSS staff had completed a major push to install its own Debian-based distribution on over 2600 systems, but the true test - the beginning of the school year - was still in the future. Now that the new system has supported a few months of teaching, it seems like a good time to go back and see how things went. Is Linux truly up to the task of running a school system?

The FUSS organizers helpfully connected us with several teachers in the affected schools. These people, in turn, graciously took time out of their busy schedules to answer a long list of questions - and they didn't even complain about your editor's difficult Italian. The answers paint a picture of a not-entirely-smooth transition, but, in the end, the system appears to be coming together. More importantly, the new system, based on free software, would appear to have the strong support of the people who must make use of it to get their jobs done.

School teachers everywhere tend to be busy people who are dedicated to their work. So your editor did not expect to hear them praise the way free software may have saved money for their central IT department or to talk about the ethical aspects of free software. It seemed more likely that these teachers would grumble about extra work, having to learn an unfamiliar system, and the glitches which are inevitable with a transition of this size. This expectation turned out to be only half correct.

There were indeed some complaints. Printing was at the top of everybody's list; "cups" is indeed a four-letter word in Bolzano at the moment. One teacher described its administration tools as "delirious." Other peripheral devices - scanners, for example - were also problematic. It's not just that there were problems, but that these problems often required the intervention of the central FUSS staff (who received credit for much hard work) to resolve. Many of the teachers do not see a Linux-based network as something they can administer themselves. As one middle school teacher expressed it:

The FUSS group has done a truly excellent job, they have been well prepared and quick to come to the school to resolve problems, but this is insufficient in the long term. The schools need somebody who works just to keep the system running. If this work gets dumped onto a teacher (who may lack, as in my case, a technical background) the system will never work correctly.

(All quotes translated from Italian by your editor).

By most accounts, the key software - OpenOffice in particular - is working well for both students and teachers. The big exception is documents with macros; those macros must be rewritten to work on the new system.

When asked what they would most like to see improved, most teachers talked about printers and related issues. There were also requests for better ease of use in general, and an interface closer to Windows in particular. A couple of teachers noted the relative scarcity of documentation in Italian, and one complained that Linux was bloated and slow.

In the end, though, the transition appears to have been successful, and most of the teachers seem happy enough. Not one said that the schools should go back to the previous, proprietary systems. And these teachers - some of them at least - are beginning to see the advantages of free software. Here's a few quotes from various teachers:

Naturally some things still need to be fixed, but we maintain that the change is important at both technical and cultural levels. The benefits are not just the savings, but the fact that it opens a way of access to technology which is more honest and aware.

The biggest advantage is the fact that it is free (libero) software. This has drawn a fair amount of interest from the parents of our students. I teach in a middle school and our kids are between 11 and 14 years old. They still don't really understand what free software means, but their parents do.

I maintain that it's natural and obvious that the schools, as an institution, should use free software. The sharing of knowledge, the freedom of access to information, etc. should be at the base of any instructional process. It seems to me that the philosophy of free software rests on the same principles.

The fact that you're not tied to licensing problems lets you move with a certain confidence; you're forever inspired to look for something which works better, which is closer to your needs. It's a great and beautiful thing.

Of course, not everybody is quite so pleased. As one instructor put it:

For a teacher there is no advantage [to Linux]; just problems using documents produced with other software and only partially recognized by free software (example: Excel and Word macros, which I use heavily in my teaching work, must be reconstructed).

How do the students feel about it? As we know, children tend to be more flexible, and, as a rule, they have smaller investments in old Word macros. So they seem to have taken the change in stride. Some amusement can be found in this article (in Italian); one school opened up a forum where 9-year-olds could post their impressions of the new systems. Here's a few:

Linux is cool it has programs which Windows doesn't have like educational games...and it's also FREE (GRATIS) !!!!!!!!!!!!!

The names are changed and with Linux I have done well and there have been some differences. And with Linux the CD's are free (gratuiti). When is my CD arriving?

There's more things than we had last year. With Linux the programs are free (liberi).

Changing the names of the programs gave me some trouble at the beginning but now I'm starting to get used to it. The programs are much better; there were good things in Paint but more good things in tuxpaint! With regard to payments the fact that you don't have to pay is beautiful. And being able to download it at home for free is even more beautiful!

I think Linux is better than Ms Window because Linux is free (gratuito) and it turns us into a community.

The theme should be clear by now. As can be seen from these comments, the students are not yet, in general, ready to think about where free software comes from and why it exists. Don't expect any patches from the students in Bolzano in the near future.

One of the goals of the Linux transition was to give each student a CD with the software; that way, they could use the same tools at home and at the school. At this point, however, it seems that, while some students are using free software at home, most of them have not made that change. Part of the problem here is that the promised live CD distribution has not yet been made available. This CD is evidently ready to go, it's just waiting for the obligatory launch press conference with the education minister. Once this CD goes out (which could happen within a week), there may be more students using Linux at home.

Another obvious question which comes up is: will other school systems follow the FUSS project's example? Bolzano has two parallel school systems: the Italian-speaking schools (which moved to Linux) and the German-speaking schools (which did not). If any group of schools were likely to be inspired by FUSS, one might expect it to be the German-language schools of Bolzano. Views on whether that might happen soon were varied, but a number of teachers noted that there is some free software use in those schools now, and that the German-language schools were certainly watching to see how things go. Most teachers seem to expect that change to happen sooner or later.

Finally, your editor asked the teachers if there were anything they would like to communicate to the free software development community as a whole. The answers ranged from the short and simple ("Documentation, people, documentation!") to the lengthy, but most shared the same theme. Thanks for the work that you do, please continue and make it even better and easier to use. Oh, and, if you could, make the printers work please?

Comments (45 posted)

GPLv3 and the kernel

One almost has to pity the crowd of mainstream technical journalists who clearly follow the linux-kernel mailing list with the hope of obtaining a good Linus Torvalds quote to write an article around. Working through 300 incomprehensible messages every day is a serious chore - trust your editor on this. But those reporters found their prize last week, when Linus let it be known that he was not much interested in adopting version 3 of the GPL for the kernel. A quick search on Google News turns up dozens of resulting articles, mostly with headlines like "No GPLv3 for Linux." That may well be how things turn out, but there's a few things which should be taken into account when making predictions about the future of Linux.

One of those is that there will be no GPLv3 at all for another year. What is being circulated is a draft, and, if the Free Software Foundation is responsive to comments at all, there are likely to be changes. There is little point in debating the adoption of a license which does not exist, which is why most kernel developers have stayed out of the current discussion. While a certain ZDNet columnist engaged in a humorous exercise in wishful thinking:

More infighting among the Linux stalwarts and the formation of polarized factions will turn the Linux community into open source software version of the Mideast - lots of talk, posturing, and little progress.

The simple fact is that most developers are taking a quiet "wait and see" approach for now. And, now or later, there seems to be little appetite for a big licensing fight.

Another thing to keep in mind is that Linus can change his mind, even after seemingly painting himself into a corner with an absolute statement. One of your editor's favorite Linus pronouncements was issued almost exactly seven years ago. In response to a query on how to set up an i386 box with 4GB of memory, Linus stated:

Oh, the answer is very simple: it's not going to happen.

EVER.

You need more that 32 bits of address space to handle that kind of memory. This is not something I'm going to discuss further... This is not negotiable.

Less than one year later, Ingo Molnar's high memory patch was merged for 2.3.23. The lesson is clear: even when Linus says "never," the right argument can change his mind. And, in fact, Linus has left the door open to just that possibility:

Quite frankly, _if_ we ever change to GPLv3, it's going to be because somebody convinces me and other copyright holders to add the "or any later license" to all files, just because v3 really is so much better. It doesn't seem likely, but hey, if somebody shows that the GPLv2 is unconstitutional (hah!), maybe something like that happens.

So I'm not _entirely_ dismissing an upgrade, but quite frankly, to upgrade would be a huge issue. Not just I, but others that have worked on Linux over the last five to ten years would have to agree on it.

The door may not be open very far, but neither is it barred shut.

Then, there's the fact that, as Linus points out, it is not just his decision. Much code in the kernel is explicitly licensed with the FSF's recommended "or any later version" language; that code will be distributable (separately from the kernel) under the GPLv3 in any case. Relicensing the GPLv2-only code, however, would require the assent of every developer who holds copyrights on that code. Given that copyrights in the kernel are widely distributed and tracked by nobody, obtaining that permission would be a significant challenge.

Or would it? Linus added the explicit GPLv2 language for the 2.4.0-test8 release. Another significant kernel contributor (Alan Cox) is unconvinced that this language will get in the way:

It isn't clear that this will be a problem. Very few people specifically put their code v2 only, and Linus edit of the top copying file was not done with permission of other copyright holders anyway so really only affects his code if it is valid at all.

If this view prevails, the number of copyright holders who would have to agree to a relicensing would be much reduced, and the problem might just become tractable.

The relicensing discussion is premature now, and it can be expected to fade away. But it will certainly come back. The anti-DRM provisions found in GPLv3 resonate strongly with many developers, and, to many of those, said provisions only clarify a requirement which, they believe, is already present in GPLv2. To these developers, locking Linux into a DRM-equipped machine takes away the freedom that the GPL promised in the first place and is an abuse of the software they have contributed to the world. The opportunity to end that abuse with a license change will be appealing; expect to see developers pushing for that change after the license becomes official.

Linus, however, has made it clear in the past that locking down systems with signed kernels is just fine with him. He reiterated that point recently:

I believe that hardware that limits what their users can do will die just because being user-unfriendly is not a way to do successful business. Yes, I'm a damned blue-eyed optimist, but I'd rather be blue-eyed than consider all uses of security technology to necessarily always be bad.

So blue-eyed Linus is unlikely to agree to a license change on the basis of the anti-DRM provisions. But it is possible that other factors could eventually bring about a change of heart (and license). For example, many of the changes in GPLv3 are motivated by the requirements of legal systems in various parts of the world; if GPLv2 turns out to be hard (or impossible) to enforce somewhere, a shift to GPLv3 could become more appealing. Such a change, however, cannot occur before the license moves out of the comment period and is adopted officially by the FSF. Until then, any predictions on whether the kernel will ever shift to the GPLv3 should be taken with a grain of salt.

Comments (15 posted)

Some Rockbox updates

Last week's Rockbox review was reasonably well received. Since then, however, a couple of things have happened - one good, one less so - which make an update in order.

Starting with the good news: the iPod port can now produce audio on the iPod Nano and 4G Color/Photo models. That means that there is now a totally free (if still a bit bleeding edge) firmware offering for this otherwise proprietary, DRM-equipped player. iPods running Rockbox will have all of the features described last week, including a much wider variety of codecs. The iPod Rockbox hackers have put a lot of work into this port, and congratulations are in order.

Support for a full-color "while playing screen" has also been merged since last week - a development which should reduce the number of people complaining that the Rockbox interface is ugly.

The bad news relates to the voice menu support which makes Rockbox so appealing to blind users (and some others as well). The best set of voices provided for Rockbox, by many accounts, was generated with a copy of ATT Natural Voices. Recently, the Rockbox developers got a friendly little cease and desist notice from the folks at Wizzard Software, the company which distributes that product in the U.S. By distributing the output from this program, says Wizzard, Rockbox was violating the end user agreement for the software.

So the ATT voices were pulled from the web site while the EULA was examined; further research seems to bear out Wizzard's claim. The licensing for that software is set up to require extra royalties if any voice output is redistributed or used in a product. So that set of voices is likely to be gone forever, and the developers are looking for replacements.

Some efforts are afoot to generate a set of voice files the old-fashioned way - by recording an actual human and editing the result. Sort of like Tom Baker making voice files for British Telecom. That is a labor-intensive way of solving the problem, however, and keeping the voice files current in such a fast-moving project involves quite a bit more labor. So an automated means for generating high-quality voice files would be a welcome contribution to the project. Perhaps a Festival expert would like to help them out?

Comments (13 posted)

Page editor: Jonathan Corbet

Security

Looking forward to Kama Sutra

Your editor recently found a bit of security advice in his mailbox:

A calm, reasoned, policy-based approach that covers all possible threats is what is needed to ensure that a company's corporate servers and workstations are protected.

This advice showed up in a message with a subject line reading "IMAGE YOUR SYSTEM NOW BEFORE THE KAMA SUTRA WORM HITS." It's a good thing these folks (a company called Acronis, which will happily sell you the tools to "image your system") are so calm and reasoned; it might not be fun to be around if they were to go into a panic.

Linux users, of course, remain blissfully unaware of the "Kama Sutra" worm (or "BlackWorm"). At most, it manifests itself as a couple of "give me a kiss" emails which SpamAssassin quickly learns to kiss off by itself. Those who work with Windows, however, may well find themselves more aware of this worm in the near future.

Kama Sutra/BlackWorm, like so many others, spreads via email attachments. It does have a couple of interesting features, however. One is that it goes out of its way to disable antivirus systems on infected systems, making those systems susceptible to other bits of roving malware which might wander by. And, on February 3, it will attempt to destroy files on infected systems. Anybody who is not aware of being infected is likely to find out fairly abruptly at that point.

Estimates of the number of infected systems run as high as 600,000 as of January 31. Most of those systems are in the U.S., India, and, interestingly, Peru; see this page for details. If you would like more information on this worm, including Snort signatures for blocking it, see the ISC BlackWorm page. And, for now, be glad you are running Linux.

Comments (2 posted)

New vulnerabilities

drupal: several vulnerabilities

Package(s):

drupal

CVE #(s):

CVE-2005-3973 CVE-2005-3974 CVE-2005-3975

Created:

January 27, 2006

Updated:

February 1, 2006

Description:

Several security related problems have been discovered in drupal, a fully-featured content management/discussion engine. Several cross-site scripting vulnerabilities allow remote attackers to inject arbitrary web script or HTML (CVE-2005-3973). When running on PHP5, Drupal does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission (CVE-2005-3974). An interpretation conflict allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF or JPEG file extension (CVE-2005-3975).

Alerts:

Debian

DSA-958-1

drupal

2006-01-27

	Total CPU	Interrupt	SoftIRQ	Socket	Locks	Sched	App.
1 CPU	50	7	11	16	8	5	1
2 CPUs	77	9	13	24	14	12	1
Driver channel	58	6	12	16	9	9	1
Socket channel	28	6	0	16	1	3	1
App. channel	14	6	0	0	0	2	5

Date	Event	Location
February 6 - 7, 2006	ICMCC Conference on EHR Standards and Interoperability	(World Forum Convention Center, The Hague)The Netherlands
February 7 - 9, 2006	OSCMS Summit	Vancouver, BC, Canada
February 8 - 10, 2006	X Developer's Conference(XDevConf)	(Sun Campus)Santa Clara, CA
February 8 - 10, 2006	LinuxAsia Conference and Expo 2006	(India Habitat Centre)New Delhi, India
February 10 - 12, 2006	CodeCon 2006	San Francisco, CA
February 10, 2006	SCALE Workshop On Open Standards For Government Organizations	(Airport Radisson)Los Angeles, CA
February 10, 2006	PHP Conference UK 2006	(Keyworth Centre)London, England
February 11 - 12, 2006	Southern California Linux Expo(SCALE 4x)	(Airport Radisson)Los Angeles, California
February 20 - 21, 2006	EuSecWest/core06 conference	London, England
February 24 - 26, 2006	PyCon 2006	(Dallas/Addison Marriott Quorum hotel)Addison, TX
February 25 - 26, 2006	FOSDEM 2006	(ULB Campus)Brussels, Belgium
February 26 - 28, 2006	OSDC::Israel::2006	(Netanya Academic College)Netanya, Israel
February 27 - March 3, 2006	SELinux Symposium and Developer Summit	(Wyndham Hotel)Baltimore, MD
February 28 - March 3, 2006	Black Hat Europe Briefings and Training 2006	(Grand Hotel Krasnapolsky)Amsterdam, the Netherlands
March 3 - 4, 2006	LinuxForum 2006	Copenhagen, Denmark
March 6 - 9, 2006	O'Reilly Emerging Technology Conference(ETech)	(Manchester Grand Hyatt)San Diego, CA
March 17 - 19, 2006	Libre Graphics Meeting 2006	(Ecole d'Ingénieurs CPE)Lyon, France
March 19 - 24, 2006	Novell BrainShare 2006	(Salt Palace Convention Center)Salt Lake City, UT
March 21 - 23, 2006	UKUUG Spring Conference 2006	Durham, UK
March 25, 2006	Penguin Day	Seattle, WA
March 29 - 31, 2006	PHP Quebec 2006	(Plaza Montreal Hotel)Montreal, Canada

LWN.net Weekly Edition for February 2, 2006

Security

New vulnerabilities

drupal: several vulnerabilities

gallery: cross-site scripting vulnerability

LibAST: privilege escalation

libmail-audit-perl: insecure temporary file creation

lsh-utils: local file descriptor leak

mydns: denial of service

nfs-server: buffer overflow

Paros: default administrator password

mozilla-thunderbird: GUI display truncation vulnerability

trac: cross-site scripting vulnerability

unalz: arbitrary code execution

Resources

Kernel development

Brief items

Kernel development news

Patches and updates

Kernel trees

Architecture-specific

Core kernel code

Development tools

Device drivers

Memory management

Networking

Security-related

Miscellaneous

Distributions

News and Editorials

New Releases

Distribution News

Distribution Newsletters

Package updates

Newsletters and articles of interest

Distribution reviews

Development

System Applications

Database Software

Interoperability

Libraries

Networking Tools

Desktop Applications

Audio Applications

Desktop Environments

Electronics

Graphics

Imaging Applications

Interoperability

Music Applications

Office Applications

Office Suites

PDA Software

Web Browsers

Languages and Tools

Caml

Lisp

Perl

PHP

Python

Ruby

Scheme

Tcl/Tk

XML

Linux in the news

Recommended Reading

The SCO Problem

Companies

Legal

Interviews

Resources

Reviews