With all the recent stories about people being fired for blogging about their work, it is becoming important that people realise that there may be repercussions for their online actions unless they take the relevant steps to protect themselves. To that end, the EFF (Electronic Frontier Foundation) has put together a nice list of the things you can and should do to keep your job and your blog. Well worth the read.

Robots.txt is hardly new and is almost as old as the net itself. Having said that it is very handy when it comes to making sure that the search engines only spider the parts of your site that you actually want to show up on search engines like Google, Yahoo, MSN, Altavista etc. You can make your own robots.txt file with a text editor, or you can use this handy online tool from Webtoolcentral. With the reports coming in about security flaws and data mining happening via specially crafted search engine queries, it makes more sense then ever to ensure that you limit what information people can dig out of search engine indexes. It can also be handy for limiting bandwidth caused by excessive spidering as I found out yesterday.

I’ve been trying to work out why so much of our normally sufficient bandwidth was suddenly getting used up for no immediately apparent reason. After much searching, tcpdumping and access_log watching, I discovered one of our hosting clients had a huge directory of video and music files, some of which were 250MB in size. It turns out much of the traffic was actually search engine bots downloading them, presumably to add to one of the new video searching facilities the search engines have all jumped on. After crafting a nice robots.txt and adding code to my download manager program to block search engine referrers from downloading the files, the bandwidth usage has dropped dramatically. It turned out that one of the worst offenders was ConveraMultiMediaCrawler, which showed up almost continuously in the access log. With my robots.txt and my modified downloader, none of the search engines can access those video and music files unless configured to allow it. Robots.txt may be old tech, but don’t let that make you think it isn’t a useful tool. It should be added that for it to work, the bot in question has to support the robots exclusion standard, but all the big ones do and that ensures you can control where your information ends up.

Forgent, the company that litigated loads of money from companies using the JPEG image compression format is looking for more money and so has decided to go after DVR video. Luckily it remains to be proven if their patent was the first related to such technology and as such the patent has yet to be proven in court.

My problem with the patent system is that there are not enough people at the patent office who are sufficiently knowledgeable on Tech issues to decide that a specific patent is valid or not. So we end up with companies being able to patent the vaguest ideas and extort millions from companies that are doing the actual innovating. If I speculated about using my nose to control a computer cursor and patented the process, anyone that actually did the work of making it feasible, even if they didn’t know I had previously speculated about it, could have at least part of their proceeds funnelled to me.

The problem is that a patent should need to be really explicit, not at all general, and most patents are not. I believe the term is “overly broad”. To have the idea of using my nose to control a cursor isn’t enough, it should be necessary to explain in the patent exactly how I plan to get the nose mouse working. More often then not, that sort of detail is not considered necessary for a patent application. So what we end up with is millions of overlapping patents and lawsuits up the wazzo, often over patents that should never have been granted in the first place. Lets be honest here, the current process means that all the get rich quick mobs are starting patent portfolio companies, so they can come up with vague ideas, patent them and make a quick buck from the companies that do the actual innovating. And they want to extend this rubbish to Software in the EU as well? They need only look to the US courts to see why that is a bad idea.

As it stands now, I expect Forgent to hold out their hands to anyone trying to create devices that record video (such as TV) to disk such as TIVO. The JPEG fight earned them about 100 million dollars and hasn’t finished yet, and I guess a taste like that gets you addicted.

You’re probably asking yourself “Why should I care?” and that’s a valid point, but consider that if the manufacturers of these devices have to pay say $5 dollars per device to one patent holder, and other $5 dollars to another, then you can bet that extra $10 dollars will be added to the price of the device. So you the customer ends up paying these patent hoarders with your hard earned dollars. That is one reason you should care.

Linux desktop champion MandrakeLinux recently merged with Conectiva Linux and have just announced that their new name is to be “Mandriva”. The reasons (according to the announcement) are the merger itself and the long running the trademark lawsuit with the owers of Mandrake the Magician (Hearst Corporation) over their choice of name. The old site is here and the new site can be found here: http://www.mandriva.com.

Sun’s CEO Jonathan Schwartz has come out against GPL licensed Open Source Software and for (naturally) their own CDDL license recently, which begs the question, can we trust this guys opinion? Let us look at some points of consideration.
1. Sun and Microsoft were the bitterest of enemies for many years and took regular potshots at each other during that time.
2. Microsoft’s settlement with Sun involves payments totalling around 1.95 billion dollars.
3. Sun now takes potshots at Open Source GPL licenses and Linux’s biggest distributor RedHat in much the same way as they used to target Microsoft.
4. Before the MS settlement Sun used to like the GPL, they bought the StarOffice office application suite and released the code as GPL which resulted in the OpenOffice.org office suite, Sun are now apparently working around that by making OpenOffice dependent on Java, which as we all know, isn’t Open Source or GPL.
5. After the Microsoft settlement, Sun creates the new CCDL license with is incompatible with the GPL and plans to release OpenSolaris under that license.

Does anyone else see a trend developing here? What I see is that Sun gets a massive payout from Microsoft, and then decides Linux and the GPL makes a much better target then Microsoft, while at the same time releasing OpenSolaris under their GPL incompatible license in the hope of attracting Open Source developers while keeping the ability to release proprietary software based on the work of others and keep a ironclad hold on Solaris development. Microsoft has done much the same thing by releasing some small pieces of code under various Open Source licenses and also starting the “shared source” initiative.

What they don’t seem to understand, is that the GPL became so popular not because it was Open Source, (because the BSD license has been around for allot longer) but instead because the GPL means you cannot take somebody else’s code, add your own additions and release it without offering the improvements back to the community so that everyone benefits. Many programmers prefer that as it means that their work is being shared by millions and co-opted by none. Look at it this way, If Linux had been released under Sun’s license, it’s development would likely have stagnated long ago. Why? Well because there would be no incentive for developers working for proprietary software companies to return the benefits of their work to the community, so you’d have lots of potentially incompatible forked proprietary versions (which we know about because it happened to UNIX well over a decade ago) and the base source code would be missing most or all of the benefits contained in the forks. Everyone gets to benefit from Linux precisely because of the GPL. Improvements made by companies like Redhat, Novell, SGI and IBM all end up being available to the rest of the community. Will the same thing happen in OpenSolaris? It’s possible I guess, but somewhat doubtful. It seems the things that Sun doesn’t like about the GPL are those very things that make sure everyone benefits from source code improvements and additions.

We can guess Microsoft’s agenda in this, they have already proven they can out-market and out-smart Sun, and they have failed to out-market and out-smart Linux and the GPL community and their customers/users. Getting Sun onside and fighting the GPL and Linux makes sense because they think it can only hurt Linux uptake and that they can handle Sun with their traditional tactics in the event that they win.

So to answer my own question, can you believe Sun’s rantings? No, I don’t believe you can, their agenda and motivation is simply too obvious. Another point I should bring up, is that many online news sites have been saying that the CCDL is based on the Mozilla public license, without mentioning that Mozilla themselves have been moving away from the MPL and towards a tri-license system whereby the code can be available under the GPL:

mozilla.org is working towards having all the code in the tree licensed under a MPL/LGPL/GPL tri-license; for more information, see the Relicensing FAQ.

Update:
One last point I’d have made is in regards to this quote from Schwartz’s diatribe:

The GPL purports to have freedom at its core, but it imposes on its users “a rather predatory obligation to disgorge all their IP back to the wealthiest nation in the world,” the United States, where the GPL originated

As some kind soul on Groklaw pointed out: “Schwartz fails to mention the reverse is also true; under the GPL, the wealthiest nation in the world must disgorge its IP back to the poorest nations in the world.” Which is the whole point, GPL allows you to benefit from the work of some of the worlds smartest programmers (be they in the “richest country” in the world or not). So by the GPL forcing developers to contribute their improvements and extensions back to the community, you can be assured of a fast developing and well supported code base. It’s basically a tit for tat license, You get to stand on the shoulders of giants and save years of development cost yourself and the giants get to benefit from your input as well.

What Schwartz hasn’t told you, is that with the CCDL license, other (perhaps competing) companies can benefit from your code, if you are community aware enough to release it, but with no obligation that your competitors will contribute any of their improvements. So what they have created is an “Open Source” license that actually discourages the sharing of improvements and enhancements. It allows them to get some of the good press that Open Source projects are getting, without having to support the concept at heart.

INSERT2:
Matthew Broersma of Techworld now has an article along similiar lines here, which is well worth a read as he makes some additional points not covered by us here.

INSERT3:
To read a rather good review of Sun’s CCDL license, you could do worse then head over to Shirky to see why Sun’s Open Source license isn’t real Open Source and why it isn’t likely to work in the way the GPL has with Linux.

The free Firefox web browser has gained an amazing following in the 6 or so months that it has been a stable release. According to the Asa Dotzler of Mozilla.org fame, Firefox has just about reached the 40 million downloads mark. Not a bad effort for a free Open Source web browser. The statistics do not count downloads from the auto update patching system, only direct downloads are counted. The other surprising tidbit from Asa’s post is that Thunderbird, Firefox’s much less known free email client sibling has been downloaded over 5 million times.

In late March we mentioned that Sybase were making threats against a security company about disclosure of security flaws they found in Sybase code and a French company that took a security researcher to court and had him fined 5000 Euro. Going from this Register story, it looks like Sybase and NGSSoftware are going to settle their dispute amicably, but it really does bring into view a point that many in the Open Source community have been trying to make known for ages.

It seems that most Commercial companies would very much prefer it if you only gave them security flaw research and didn’t reveal it publicly at all, but the problem with that is there is nothing in it for the security companies if they do this. The current standard procedure appears to be to tell the software vendor first, then wait for a predetermined period before publicly releasing your findings. By adopting such a stance, the vendor is forced to quickly patch the flaws and roll the patches out to their users, which can only be a good thing right? Well not all vendors are happy about the pressure on themselves and on their users (to install the patches), and legal proceedings are a good way (in their minds at least) to stop bug disclosure. The problem with making things difficult for security researchers to do their jobs, is that if you succeed, you have a situation where only malicious crackers (black hats) are actively looking for security flaws and the vendor has no way of knowing what they find until after it has been used against one of their customers. All of this makes you wonder how many flaws have been found in commercial software that we simply don’t know about because of actions like those above.

Contrast that with Open Source software, like Linux, Apache and Firefox where not only is the source code of the relevant applications freely available to anyone that wants it, but the creators actively encourage users and developers to find and report bugs in the software so that they can be fixed and the software improved as a result. In fact the Mozilla Foundation actually pays people to find security flaws in it’s software with the goal of making the software as secure and bug free as it can possibly be. Now you decide if you will believe past claims by old school commercial software companies (you know who you are) that having the source code openly available is a bad thing for security.