User: Password:
Subscribe / Log in / New account

Leading items

Free gadgets need free software

Your editor has occasionally taken time to write about Rockbox, a GPL-licensed firmware system for portable music players. One might think that such articles result from an attempt to disguise time spent playing with gadgets as real work - and not be entirely off the mark. But an incident this week shows why running free software on devices like music players is important.

Creative makes some nice players, including the "Zen Vision:M." It includes a large color screen, significant storage, and an FM radio. Like many such devices, it is able to connect the FM radio to that storage space and record radio programs. There are any number of reasons why this feature is useful; one may want to record a radio interview featuring a colleague, timeshift a program for later listening, or grab the DJ's talk to help identify an interesting song for later purchase. This capability certainly is not anything new; people have been hooking up their tape recorders to radios for decades.

As of firmware version 1.50.02, however, the Zen Vision:M player can no longer record from its FM radio. An "upgrade" for the Zen MicroPhoto removes the FM recorder feature from that device as well. In both cases, the hardware retains the FM recorder capability, but the new firmware takes it away. It is hard to imagine that legions of Creative customers have been clamoring for the removal of a useful feature from their expensive devices. Instead, this crippling of the hardware has been done to meet the demands of a different group of people: our friends in the entertainment industry.

Fortunately for current owners of this hardware, there does not appear to be any mechanism built into the player which forces a change to the newer version. It would not be entirely surprising to see forced-upgrade requirements built into future players, however, especially as the notion of "trusted content paths" gains ground. The gadget you thought you owned may turn into a different device tomorrow, and there is little that you can do about it.

Unless, of course, that gadget is running free software. Rockbox users do not have to deal with this sort of trouble; if somebody were to remove the FM recorder feature, somebody else would just patch it back in. Rockbox users enjoy a tangible level of freedom which has been taken away from people running proprietary firmware on their players.

This is an important point. Your editor is appalled by the number of AC adapters he must carry whenever he travels - we have a number of gadgets which, increasingly, we see as being entirely indispensable. The functions handled by those gadgets can only grow over time; we will become increasingly dependent upon them for our work, our communications, and our leisure. Whose interests will those gadgets serve? If others control the software on those gadgets, that software will be distorted to serve their interests; the Creative firmware "upgrade" is a strikingly clear example of just how that process can work. If we want to control our gadgets, it behooves us to only purchase those which can run free software.

[A postscript for those who are interested in what's up with Rockbox. The project abandoned its plans for a 3.0 release some months ago; the feature freeze was hurting development without bringing solutions to the final remaining problems. So development has been going full-steam ahead, with (usually stable) daily builds available for those who want the latest features. Support for iRiver H10, most iPods, and iAudio X5 players has been added; early-stage work is proceeding on iRiver IFP790 and Toshiba Gigabeat players. The port to the Sandisk Sansa e200 has recently overcome some significant hurdles and may start to make significant progress in the near future. Unfortunately, there appears to be no effort to port to the Creative players at this time.]

Comments (46 posted)

What does it mean to join the Software Freedom Conservancy?

October 18, 2006

By Pamela Jones, Editor of Groklaw

Recently, it was announced that the Mercurial project, a software revision control program used by projects like Xen and ALSA, among others, has become a member of the Software Freedom Conservancy. Some people may be wondering: What is the Software Freedom Conservancy? How do you become a member? Why would you want to? What does the Conservancy do? Who besides Mercurial are members? And what does it mean to be a member?

First of all, the Software Freedom Conservancy is fairly new, founded in March of this year. It is a specialized legal project spun out of the Software Freedom Law Center, which provides pro bono legal representation and other law-related services to protect and advance Free and Open Source Software. The distinctive purpose of the Conservancy, which exists as an entity distinct from the Software Freedom Law Center, is to provide administrative and financial services to its members so they can take advantage of the benefits of being a corporate entity, without having to take on the filing, record-keeping and legal work necessary for nonprofits, by coming under the Conservancy's corporate umbrella. Wine, Samba, InkScape, BusyBox, uCLibc, SurveyOS, and Libbraille are also member projects of the Conservancy.

I asked Karen M. Sandler, Counsel at the Software Freedom Law Center, first about the Software Freedom Law Center. Who gets accepted as a client by the Software Freedom Law Center and what does it mean for a project? Her explanation:

Clients are evaluated on a case by case basis depending on, among other criteria, the nature of the software project, the legal needs of the project and the availability of resources of SFLC. As a general matter, we seek to give advice to nonprofit Free and Open Source Software projects, developers and distributors to help protect and advance Free and Open Source Software.

Once a software project is accepted as a client of SFLC, SFLC is able to provide legal representation to that project. That could mean assistance with licensing, helping the project to form as a nonprofit corporate entity or providing representation to assist with the resolution of a dispute, depending on the needs of the client.

In Mercurial's case, for example, in addition to joining the Conservancy, it has also retained SFLC as its legal counsel.

But what about the Conservancy? What are the advantages of becoming a member? There are certain benefits that flow from the corporate form, such as limiting ones personal liability. The Conservancy is in the process of applying for federal tax-exempt status, which would then allow the Conservancy's member projects to also receive tax deductible donations. The Conservancy files a single tax return that covers all the member projects, and it handles other corporate and tax related issues on behalf of its members.

The question which may come into your mind at this point is: couldn't a project do all that itself? Yes, it could. But let me give you an idea of what is involved. The paperwork in setting up a state nonprofit corporation, applying for federal tax-exempt status, then actually running the corporation is quite daunting in the US. There is corporate record-keeping ongoing, not to mention a panoply of laws one must abide by or risk losing the corporate structure. Just as one small example, here's the page of forms to set up as a nonprofit in New York State. There are even regulations on how the filings must be presented. See ยง 150.1 on this page, which lists all the i's to dot and t's to cross if you are a New York corporation. And of course you need to be familiar not only with the state's Not-for-Profit Corporation Law (NPC), but also the Business Corporation Law (BCL) and the General Business Law (GBL), all of which you can find on the New York State Legislature page, by clicking on the bottom link, Laws of New York. Why government agencies make it so hard to link to information is one of life's little mysteries, but many of them do, so I can't link to the laws themselves. You'll have to find them for yourself.

Then, if you want people who send you donations to be able to get a tax deduction, you have to apply on the federal level under Internal Revenue Code Section 501(c)(3) and you need to satisfy certain requirements. You can find the booklet on how to apply for federal nonprofit status on this IRS page. Look on the list for Form 1023 and Inst 1023, the instruction booklet. That's just to apply. You can't mingle your personal funds with the corporate funds, for one thing, so you'll need to set up a separate corporate account. The language in your corporate charter and bylaws must satisfy certain regulations on the federal level, and of course laws and regulations are forever changing, so you have to keep up to date.

Here's a sample of bylaws. See how much fun it is to read them. You'll notice that you need a board of directors and officers, and that the secretary, for example, has multiple record keeping duties to fulfill. Want the position? No? Do you have a really good buddy willing to spend the rest of his life doing such tasks? Most programmers would rather have root canal surgery. But even if you are willing, it's time taken away from coding, and the odds of getting it wrong without legal direction are, in my view, in the fairly-likely-to-certain range. Then there's taxes, and of course there are special forms and regulations for nonprofits.

The Conservancy does all of that paperwork for its members, so developers working on member projects can devote their time to coding instead of having to master all the legal aspects to becoming and acting as a corporation.

Another service it can provide is fund management. It can advise and help set up a project to accept donations. The assets are held by the Conservancy on behalf of its members, each in its own account, and it disburses them as the project wishes, in accordance with IRS regulations, of course. Copyrights and trademarks can also be held by the Conservancy, again on behalf of the project. If your project has several members, the Conservancy provides a vehicle through which copyright ownership in the project can be unified, which makes enforcement easier. This is an optional service, however. And any member can leave the Conservancy at any time, if it wishes to form their own independent tax exempt nonprofit. The Conservancy provides its services free.

If you want to find out if your project qualifies for membership, you can contact the Conservancy. There are, of course, certain requirements -- your project must be developing free and open source software, for example, and it must be consistent with the Conservancy's tax-exempt purposes and financial requirements imposed by the IRS.

What if you can't get your project accepted and you have a legal issue? Perhaps there is a licensing question but you don't know any lawyers, or the ones you know have no clue about FOSS licenses, and your question requires that type of specialized knowledge? I asked Sandler what a project or developer in such a circumstance can do to find a competent lawyer, and here's her answer:

Within the US, most states have referral services where individuals and organizations can call to find a lawyer with a relevant practice. There are also a number of organizations, in addition to SFLC, that are organized to provide legal services. Some Pro Bono programs organized to help with legal matters relating to business issues are listed on the American Bar Association's website. For Free and Open Source Software specific issues, the Free Software Foundation has a lot of good information up on its website, and we are also aware of another project to publish information related to Free and Open Source Software but it hasn't launched yet. Hopefully it will launch soon and when it does, we'll be sure to point you to that too.

The Software Freedom Conservancy might not be a useful option for all projects, but, in many cases, it has some valuable services to offer. And the price is right.

Comments (5 posted)

An empty legacy

By the time you read this, the long-awaited, slightly-delayed Fedora Core 6 release may be available. Then again, maybe not. But it should be out sometime soon, really. This distribution, once it is released, will come with excellent security support from the Fedora Project - for ten months or so. Once the second Fedora Core 8 test release is available, this shiny new Fedora Core 6 distribution will be cut off and handed over to the Fedora Legacy project.

A look at the Fedora Legacy wiki page yields this text:

We are currently maintaining Red Hat Linux 7.3 and 9 as well as Fedora Core 3 and 4 as these have been transferred into maintenance mode from Fedora Core. We will provide updates for these releases for as long as there is community interest though we in general follow the 1-2-3 and out policy. This provides an effective supported lifetime (Fedora Core plus Fedora Legacy Support) of approximately 1.5 years or even more.

The project has helpfully provided some yum configurations to make getting the updates as easy as possible. The promised "effective supported lifetime" should be a great comfort for users who do not want to upgrade their systems every six months or so.

There's only one little problem: Fedora Legacy has yet to provide a single update for Fedora Core 4, which was transferred to the project in July. In fact, Fedora Legacy has not provided any updates, for any of the distributions it claims to support, since July - an outage of almost three months. During this period, vulnerabilities have been reported in a small number of packages:

alsaplayer, apache (2), bind, binutils (2), clamav, firefox (3 sets), freetype gdb (2), gcc, gnupg (2), gnutls, gzip, imagemagick (3), kdebase (2), kernel (4), krb5, lesstif, libtiff, mailman, mysql (3), ntp, openldap,, openssh (2), openssl (2), perl, php (5), ppp, python, ruby, sendmail (2), squirrelmail, streamripper, sudo, thunderbird (3 sets), wireshark (2), xinit, xpdf, (2)

The above list is just a subset of the actual reported vulnerabilities. But the point should be clear: any useful Fedora Core 4 system will be running a fair number of the above packages - and they all contain known security problems. It would be nice to close those holes, but no FC4 updates are available. Any system administrator who still believed that Fedora Legacy would help to keep older Fedora Core systems secure should, by now, be having second thoughts.

Fedora Legacy was created with the idea that the user community would help to produce updates for packages affected by security problems. The community has clearly failed to step up to that task. It would appear that Fedora users - at least, those who could help with security updates - are so interested in staying on the leading edge that they upgrade long before any Fedora release loses support. Other users who care will have moved on to other distributions - paid or free - which offer security support for a longer period of time.

Fedora Core 1 was released almost exactly three years ago, meaning that we have about three years of experience with Fedora Legacy. Perhaps the time has come to ask the question: is there any point in continuing to pretend that Fedora Legacy is a viable, successful project? Perhaps the Fedora Project should consider ending Fedora Legacy before its web pages convince anybody else that they can safely defer upgrading unsupported systems. The Fedora Project makes no apologies for its support policy, and there is no reason why it should. But there is also no reason to maintain the illusion of an option for longer-term support which does not actually exist.

Comments (23 posted)

Page editor: Jonathan Corbet
Next page: Security>>

Copyright © 2006, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds