|
|
Linux and Open Source News for 28th August 2007
|
Linux Today News Service
|
|
Source: Linux Today The Napa Valley Register: "My son, who is just beginning college with his new (used) eBay laptop computer, was trawling the net the other day when he came across a nifty little software tool called Blackbox "
Source: Linux Today HowtoForge: "This document describes how to set up Hyperic HQ on Ubuntu 7.04. The resulting system provides an awesome, web-based 'Systems-Management-Software '"
Source: Linux Today Linux In Novell's East Region: "When you register SUSE Linux Enterprise Desktop or SUSE Linux Enterprise Server you automatically set nu.novell.com as an update source "
Source: Linux Today InformationWeek: "I just talked with two CIOs who have different takes on embedding open source software in their companies' products. One sees it as standard practice, the other approaches it like a snake in a bag "
Source: Linux Today iTWire: "Recently I've been reading a lot about how well Ubuntu works on laptops, particularly when it comes to handling wireless connections "
Source: Linux Today Blog of Helios: "There could come a day when it will be against the law at least in the United States to use, possess, advocate or distrubute any Linux Operating system "
Source: Linux Today CNET News: "Wow. I guess when you have more cash than taste you can afford to buy research reports that say all sorts of nice things about you "
Source: Linux Today InformationWeek: "Ubuntu, the Linux distro which I've personally found to be somewhat less than it's cracked up to be--your mileage may vary--is getting an update "
Source: Linux Today Jaffe: "My last entry talked about the imperative to grow the application base for Linux via greater collaboration among vendors and standardization "
Source: Linux Today Live Mint: "SkillsCamp was born in an effort to galvanize the Indian technology community to create quality open source courseware helpful to people in the IT industry "
Source: Linux Today GigaOM: "Contrary to published reports and popular opinion alike, the most important impact of open source on the enterprise has not been on pricing "
Source: Linux Today LinuxWorld: "It's a busy time for the members of the Debian Project. Sam Hocevar took over as the new Debian Project leader in April, right around the time the long-awaited Debian 4.0 or 'Etch,' hit the streets "
Source: Linux Today Computer Business Review: "I previously noted Unisys's plan to rapidly expand its open source services and consulting business "
Source: Linux Today ConsortiumInfo: "Previous reports from all over have indicated sudden, surprising surges of membership in National Body voting committees in multiple countries throughout the world "
Source: Linux Today LinuxDevices: "Open source software is of increasing use in embedded systems. The GNU General Public License (GPL) version 2 is one of the most popular licenses for free and open source software, including the Linux kernel "
Source: Linux Today CIO Australia: "Australia is at the front of the trend in public sector and government adoption of mature open-source products "
Source: Linux Today The Nation: "The Electricity Generating Authority of Thailand (Egat) has successfully bundled Open Office to run on 7,000 desktop PCs and reduced the cost of IT investment by around Bt40 million a year "
Source: Linux Today InfoWorld: "The battles for energy efficiency aren't just being fought by chipmakers, server and PC vendors, and other hardware companies out there. There's a similar battle heating up on the OS layer between Microsoft and Linux "
Source: Linux Today Datamation: "Then it happened: Dell dropped their hat into the ring, perhaps prompting what could become a rush of other PC manufacturers and distributors wishing to enter into OEM deals with various Linux distributions "
Source: Linux Today CNET News: "Hearing OLPC representative Walter Bender repeat the claim of '10 or 12 hours' of battery life 'with heavy use' reminded me of an open question from the last few times I blogged about the OLPC project "
Source: Linux Today FSF: "The Free Software Foundation today released the following statement in response to claims by Microsoft regarding their obligations under the GNU GeneralPublic License version 3 "
Source: Linux Today Computerworld: "I guess this shouldn't surprise me, given some of the other tactics I've seen used for other efforts over the years "
Source: Linux Today iTWire: "A beta release of a major new version of the Sugar open source CRM application will be available this week "
Source: Linux Today GCN: ""Earlier this month, Oracle released the much-anticipated upgrade to its platform database management system, at least for Linux "
Source: Linux Today TheStreet: "The latest figures from consulting firms indicate that although Linux sales are growing by number of servers shipped with the operating system, the software is losing ground to Microsoft's Windows "
Source: Linux Today Wired: "If the murmurs are true, the GPhone cometh in September "
Source: Linux Today Ok, I lost it, and let two weeks pass between -rc releases. My bad
Source: Linux Today Linux.com: "Perhaps Creative Commons' LiveContent 1.0 CD would work better if more clearly defined "
Source: Linux Today Blue GNU: "Projects like the Tux Project and the Radio Talkshow Blitz are vitally important projects when it comes to helping the Free Software movement grow "
Source: Linux Today Raiden's Realm: "heir motto of 'when art meets inspiration' speaks highly to this desire. But what makes Sabayon stand out from all the rest ?"
Source: Linux Today KernelTrap: "Linus Torvalds noted, 'I just have a strong suspicion that 'volatile' performance is so low down the list of any C compiler persons interest, that it's never going to happen '"
|
|
News for nerds, stuff that matters
|
|
Source: Slashdot: Linux DeviceGuru writes "A hypervisor can be used to isolate from each other software works released under incompatible licenses, while allowing them to run simultaneously on the same hardware. For example, Linux and Windows CE can run on separate virtual machines on one device, without violating either OS's license. Due to the isolation between multiple VMs running atop a hypervisor, it seems like this architecture could allow companies to build Linux-based devices, such as mobile phones or set-top boxes (think TiVo), that can't be upgraded by their users without authorization, thereby circumventing the GPLv3's 'anti-tivoization' clauses." Here's a white paper with more details from a commercial hypervisor company.Read more of this story at Slashdot.
Source: Slashdot: Linux An anonymous reader writes "Linux.com has a comparison article up looking at three MythTV-focused Linux distributions. The piece looks at Mythdora, Mythbuntu, and KnoppMyth, with an eye towards ease of installation and the actual utility of the install. From the article: 'For regular system maintenance, KnoppMyth simply isn't in the same ballpark as MythBuntu and MythDora. The live CD heritage of Knoppix means you cannot update individual packages, which is fine if you like that, but for an always-on system like a MythTV back end, I'd prefer flexibility and configurability of a mainline distro. When all is said and done, if I were building my TiVo replacement today, I would do it with MythDora. MythBuntu shows a lot of promise, and I will give the final 7.10 release another look (in part because I run Ubuntu on my desktop machines), but it isn't ready yet.'" Linux.com and Slashdot are both owned by SourceForge.Read more of this story at Slashdot.
Source: Slashdot: Linux dsinc writes "A guy who uploaded the latest Star Wars movie got arrested, pleaded guilty to 'conspiracy to commit copyright infringement' and 'criminal copyright infringement' and got jail and home confinement. As part of his home confinement, he agreed to install some tracking software on his computer. The problem is He's an Ubuntu Linux user and the gov't doesn't have any tracking software for Linux. So he's been told that he must use Windows for the term of his confinement. Looks like a case of cruel and unusual punishment to me"Read more of this story at Slashdot.
|
|
News, reviews and commentary on all aspects of Linux and open-source software, including application servers, communications and database servers.
|
|
Source: eWEEK Linux The San Francisco District Court weighs whether open-source licenses are contracts.
Source: eWEEK Linux A best-of-breed philosophy is leading LeapFrog Enterprises increasingly toward open-source options.
|
|
The O'Reilly Network ONLamp Articles and Weblogs
|
|
Source: ONLamp.com Following my recent post about a color-coded reputation management system* for politicians (indicating their truthfulness by the color used to display their names on web pages), I came across Politifact and its Truth-o-Meter.
Politifact is a project of the St. Petersburg Times and Congressional Quarterly that will “analyze the [presidential] candidates’ speeches, TV ads and interviews and determine whether the claims are accurate.”
I found it via the techPresident blog, where Joshua Levy notes that the it could benefit by being opened up to users:
…and let them pore through the records and make the connections. As Jay Rosen’s recent overtures to crowdsourcing and the various projects of the Sunlight Foundation have shown us, the crowd is smarter than a few individuals; open up the process to them and you’ll be amazed at what they find.
And I’d like to see a system that follows you around (the way a reputation does in oral cultures), so there’s less cover provided by the fact that the ratings are tied to particular locations on the web, which most people probably wouldn’t end up visiting. A system that follows you around like, say, your name.
*Inspired in part by Luca de Alfaro’s Wikipedia trust-coloring project.
Source: ONLamp.com It’s easy to get caught up in the dynamic potential of Ajax. But with innumerable possibilities also comes increased risk. If security isn’t a major concern, it should be.
Consider a registration form built out of PHP. Any aspect of your script that accepts and processes data is a potential point of attack. If you add Ajax, what you’re doing is increasing the complexity of the application and, by extension, introducing greater vulnerability. More points of entry equal a larger attack surface, and that means potential problems for your application.
Consider the sequence of a user trying to select a username in a standard PHP and MySQL form. Information is entered into the fields, data is then submitted to the server to be checked against a database of existing names, and an error message is returned to the user. There is one point of attack in this scenario—the form processor. But what happens when the form is submitted using an Ajax validator?
The Ajax verification process is simplified because results are returned in real time. Although the form would still be submitted for validation against an existing database of stored usernames, the Ajax tool quickens the process by providing immediate feedback on the likelihood any given username is available. Although the Ajax implementation is more user friendly, the total points of attack have doubled—the original form processor and the username validation. There are two useful techniques for minimizing points of attack.
First, you should keep all related entry points within the same script. If you’re validating an unusually long form then try and use the same PHP script for the entire validation. You wouldn’t want to use individual scripts to validate a number of fields, although I’m not sure why you’d want to do this. Second, you should consider using standard functions for processing user input. You probably don’t want HTML tags in your database, so it’s a good idea to use PHPs built in functions. It makes sense to use strip_tags() for removing unnecessary tags and then running mysql_real_escape_string() prior to database insertion.
The rule of thumb is to use PHPs existing functions because they’ve been rigorously tested by many developers.
• htmlentities: outputs in literal tags
• mysql_real_escape_string: prevents SQL injection and error
• preg_quote: safe to use in a regular expression
• preg_replace: removes unwanted characters from a string
• strip_tags: removes any HTML tags from a string
Source: ONLamp.com The term Identity Theft is usually assumed to be related to a malicious entity abusing someone’s credit information to commit financial fraud. This continues to be a big problem, but I’d like to extend the problem of identity theft in the social-networking aspects of so-called Web 2.0 applications. I feel this is an important topic of discussion because, unlike technical vulnerabilities that can be remediated with a software patch, the problem at hand is a design issue that poses significant risks to society’s ability to securely leverage the usefulness of social networking.
Before I go any further, I’d like to make it extremely clear that I am a big advocate of the emerging online social networking applications. I feel the new paradigms of sharing offered by some of the new services today have changed the way we interact for the better and I am personally delighted to be a part of this culture shift. I also feel that information security should act as an enabler by helping understand the security consequences in design and implementation in addition to a discussion of risk and remediation. In no way, shape, or form is the purpose of this post to suggest that the concept of social networking is ‘bad’ or ‘evil’. The purpose of this post is solely to (informally) discuss concerns in order to work towards a more secure way of dealing with these new systems.
I’d also like to deal with the most common knee-jerk reaction to the topic: people are the easiest target, so there is no point in even trying. It is true that people are the easiest attack vector, but I don’t think it helps the situation any when we start out thinking about the problem in this way. People are indeed an easy target, but it is the people’s self-interest we are trying to protect in the first place. The job of information security is to make it harder for people to do wrong things.
Getting back on topic: the fundamental problem with online social networking services is that they offer no way of authenticating a given identity. This may not appear to be a big issue at the moment, but I feel this will start (perhaps already has to a certain extent) to become a security nightmare and a social engineer’s dream come true. Our privacy, reputation, and identities are at stake.
The concept of the potential abuse of online social networking services is not new. I am not the first to talk about this topic. There has been a lot of discussion on this issue amongst the security community since the past few years. What I’d like to do here is enumerate a few concerns that I have been pondering over and to try and spread a little more awareness.
I’d like to select LinkedIn, the popular social networking service, to illustrate my concerns. Other social networking sites (examples: Digg, del.icio.us, Facebook, Flickr, Myspace, Orkut, Twitter, etc) are also similarly susceptible, but I’d like to stick to LinkedIn for the sake of brevity.
Intellectual Property.
Assume that you are in the consulting business. In this situation, your client points of contacts are extremely important to you, and you probably wouldn’t want to share your address-book with your competitors. In this situation, your address book is your intellectual property that you want to share in a way with people such that it is mutually beneficial, and this is indeed what LinkedIn is all about. Unfortunately, this is hard to do in a secure way because LinkedIn does not offer a way to authenticate identities. At the most, LinkedIn relies upon email as the identity token - this is hardly a reliable (or even feasible) method of identification: people have multiple email addresses, some use their work email address, and some prefer to use their yahoo or gmail accounts. With the prior scenario in mind, an easy way to grab hold of a competitor’s address book on LinkedIn is to get them to ‘connect’ to you:
a. Think of an individual the target LinkedIn member may know.
b. Create an email address with the name of this individual using firstname.lastname@yahoo.com or firstname.lastname@gmail.com. You can go as far as creating a similar looking domain name of the company the individual may work at (@applee.com, @app1e.com, etc).
c. Create a profile on LinkedIn with the name and e-mail address of the individual.
d. Send an invitation to the target using the new LinkedIn account, and wait for the target to accept.
e. BONUS: Other people the target is connected to will notice that he or she has added a new friend (the individual you picked). Should the individual happen to be a mutual friend of these people, they will likely attempt to connect to your new LinkedIn profile, offering you even more details into the network of the target.
This example is specific to LinkedIn, but the idea applies to other services as well. This problem is likely to grow in severity as society becomes reliant on online social networking without a secure way of identifying whom it is you are networking with.
Privacy.
In order to be a part of a mutually beneficial social system, people have to share information with each other for the system to work. In this situation, the issue of keeping critical information a secret is the most obvious one. Given the sheer excitement and instant benefit of the social applications today, it is very difficult to maintain self-discipline on what sort of information you are about to give away.
Another issue I’m interested in at the moment is the potential of remote behavior analysis. For example, I’ve noticed that people who start looking for new jobs have a tendency to add a lot of new contacts on LinkedIn in a short period of time. This may be an issue for someone who doesn’t want his or her current employer to know. I feel that we are likely to see more formal methods of such types of behavior analysis in the near future. Perhaps this may sound a tad far-fetched at the moment, but I can easily imagine the feasibility a system that would spider for information about you to make a prediction of your current thought processes: What types of bookmarks are you tagging (del.icio.us)? What types of photographs are you tagging (Flickr)? What are you doing these days (Twitter) ? What are your friends saying to you and about you (Facebook, Orkut, MySpace)? What kinds of things are you blogging about (this would work better for non-professional/personal blogs). You get the idea.
Reputation.
As the popularity of search engines has increased, people have increasingly become aware that it is hard to erase personal footprints from the Internet. As with the privacy topic, it is hard to maintain this sort of self-discipline on what you say or do amongst the social networking paradigm for the sheer and instant gratification of the perceived benefits - the risk of losing reputation is only realized later on. I am not immediately interested in this problem because I feel this is the most obvious side effect of the system in general. What I am more concerned about is the problem of unfair perception. For example, we all like to share funny YouTube videos, but as researchers to formalize the process of gathering data about an individual in this way, the result can lead some amount of unfair analysis. Perhaps one example of this idea is the brilliant wikiscanner (”list anonymous wikipedia edits from interesting organizations”). It can be argued that wikiscanner can be used to accurately identify patterns that indicate an alleged conspiracy by a given company to edit or vandalize wikipedia for their benefit, but in all fairness, the situation is most likely to be a group of mischievous employees at the company.
Another problem at hand is that of someone assuming your identity whilst tarnishing your reputation. Even though there is no concept of a reliable identity mechanism in social networking applications today, people have a tendency to immediately believe what they read. For example, consider a scenario where someone sets up a profile on LinkedIn with your name to contain false information that is unflattering. This is likely to become a problem should a potential employer search for “your” profile.
Reconnaissance.
One of the first things a malicious attacker will do before attacking a the interests of a given organization or individual is to perform reconnaissance. Any publicly available information is a freebie and an aid to the attacker. The target in question can be an individual’s or an organization’s computer network and data. I invite you to check out Evolution, a fantastic (and free) tool that demonstrates how easy it is to obtain wealth of information about a given person or organization.
So what are we to do? I think the first logical step is to spread awareness and comprehend the side-effects of sharing information. We are sharing and communicating ideas like never before, and we need to comprehend the applicable risk-benefit ratios. From a technical perspective, something like OpenID seems to be a step in the right direction but I think we still need an agreeable solution to link an individual with a given token based identity.
From a philosophical perspective, maybe the cost of the popularity of an individual to token identification system will negatively impact the usefulness of the Internet culture that thrives on a sense of anonymity. Perhaps the emergence of these social network services will impact cultures around the world to open up and be more accepting, thus eliminating some of the concerns outlined above. Thoughts? Feel free to comment below.
|
|
The O'Reilly Network's Linux DevCenter Articles and Weblogs
|
|
Source: Linux DevCenter In the comments to the article I wrote about running the 64-bit version of Ubuntu Feisty Fawn on a Gateway MX7626, I added that my friend who owns the laptop had “upgraded” to Gutsy Gibbon Tribe 4 to try and fix a problem with intermittent sound under Feisty. The initial upgrade did work and her sound functioned properly. I talked to her again last night and she is giving up on running Ubuntu beta software and is going back to Fiesty.
After the initial upgrade everything worked. She wanted to check out Compiz-Fusion and that required further upgrades which she did. Sound still worked but Compiz kept randomly freezing her system. I don’t just mean freezing X so that a CTRL-ALT-Backspace would have recovered. I mean locking the system up hard. When Compiz worked, though, it was impressive. She found that it was far more impressive visually than the 3D effects in Windows Vista. I had read the same in a number of places.
Anyway… as upgrades became available she applied them religiously. The only problem, of course, was that she was running development code. The last upgrade broke wireless and wifi is her main way of connecting to the internet. To her that made the system just about unusable. So… it’s back to Feisty, sound bug and all.
Is she upset she tried Gutsy Gibbon Tribe 4? Not at all. She told me she likes to push things to the limit and doesn’t mind breaking her system in the process. Me, well… I need my systems to be reliable. I never recommend running beta or development code and I never try it on a system I care about.
Am I down on Gutsy? Not at all. It’s a work in progress and we knew that going in. It looks very promising. It’s just not ready for prime time yet. Hopefully by October it will be.
Source: Linux DevCenter The Free Software Foundation has defined Four Freedoms related
to software. These freedoms apply to users of software, not
necessarily developers. In the view of the FSF, these freedoms are
ethical in nature, so much so that they argue that software which violates
these freedoms is unethical.
Like many other rights, the four freedoms are specific expressions of
abstract freedoms in the context of software. They represent concrete
examples of underlying notions of freedom. You can see this principle if
you ask “Why should I be able to run my own printing press or weblog?”
If those underlying principles exist, then it should be possible to
identify them. It should also be possible to extrapolate concrete
expressions of those principles in new contexts… such as hardware, not
software.
The Freedom to Use
Freedom zero is The freedom to run the program, for any purpose
(freedom 0).
This is the fundamental enabling freedom for the other three. The right
of unrestricted use allows you to use the software as you see fit, even if
the creator or copyright holder does not support that use.
The underlying principle seems to be that, once you have taken
possession of a work in a legal fashion, the creator of that work has no
moral right to govern how you use that work.
In the physical world, you have the ability to use a mallet and a
flathead screwdriver to open a paint can. You can stand on a pile of
encyclopedias or sit on a phone book if you need a few extra inches of
height. You can put a different brand of motor oil or a different grade of
gasoline in your lawnmower. You can buy a CD or a flag only to destroy it
in public or private. You can even buy a book and sit it on your bookshelf
where it will stay, unread.
With regard to hardware, you should be able to use a piece of hardware,
if legally obtained, in any way you see fit. This confers no obligation on
the seller or manufacturer to support how you use the hardware, nor legal
responsibility for its misuse (within reason; manufacturing defects are
still their problem).
The responsibility for any misuse of the device–legal or
otherwise–rests with the user. If you modify a Wifi card and broadcast on
a frequency to which you have no right, that’s your fault. Contrarily, if
you have an amateur radio license and can broadcast on that frequency,
that’s also your choice.
This principle argues against the use of unbypassable DRM, designed to
prevent certain “objectionable” uses of the device. DRM capabilities in and
of themselves do not violate this right–parental controls, notifications
on non-free drivers, and kiosk modes give users the choice of which uses to
allow. Macrovision, region locking, and other systems designed to limit the
abilities of users oppose this freedom.
The Freedom to Modify
The second freedom is The freedom to study how the program works,
and adapt it to your needs (freedom 1). Access to the source code is a
precondition for this.
This freedom is somewhat specific to software. Modifying software is, to
some degree, easier than modifying hardware due to its virtual nature. (The
practical requirements of modifying software are not necessarily any lower;
though I’m a decent programmer, reprogramming a microcontroller in assembly
language might take me a while.)
There are parallels, though. You should have the right to replace the
battery in your device. You should have the right to open it and remove or
replace other components or reverse-engineer schematics. You should even
have the right to install a mod-chip, if you so choose, or overclock the
device, or paint it blue, or short out a pin to unlock additional
features.
This principle builds on the first. If the device is under your control
and its use is your responsibility, you have the right to know what it
does. The right to use the device as you see fit implies the right to
modify the device; this freedom makes that right explicit.
Again, the manufacturer or vendor is fully within its rights to cancel
any warranty. Again, the responsibility for any illegal behavior as a
result of such modifications rests with you, and not the vendor. This
covers the case where a hardware vendor must meet strict regulations
regarding the use of a product in a sensntive environment such as a nuclear
reactor, heavy manufacturing equipment, or medical devices. The user might
have the right to modify the device, but any modifications would
still fall under regulatory oversight.
If what the devices does or how it does it is unacceptable to you, you
should have the right to change it to meet your needs. Access to the inside
of a device is a precondition for this–if you can’t open it, you don’t own
it.
The Freedom to Copy
The third freedom is The freedom to redistribute copies so you can
help your neighbor (freedom 2).
The underlying principle again relies on the idea of unrestricted use. I
can lend a book or a DVD to a friend. Yet the nature of software versus
hardware is very important when considering this freedom. Software may be
difficult to create, but making a copy is trivial in comparison.
Duplicating hardware course, requires far more than just enough storage
space to hold a copy. Yet personal fabrication continues to get cheaper and
easier; if you have the specifications, you can often build at least a
prototype.
Beyond the difficulty of reproducing the physical as opposed to the
ephemeral, the costs involved in the duplication are significant. Though I
could build my own laptop, it’s likely that cost of doing so will
be higher than buying from someone who can take advantage of bulk prices to
offer a discount. There’s also the question of support and service to
consider.
As an interesting side note, the relevant statues which may block the
freedom to redistribute software are copyright, while patent law has more
bearing on physical goods. There may also be trademark concerns.
It may be more helpful to consider the underlying principle in terms of
information. If you have the right to know how a program works (freedom 1),
you should have the right to share that information. Interestingly, when
describing the workings of a physical device, merely describing its design
and implementation does not infringe a patent; the patent itself makes such
information public. (Further, if you’ve received the device and discover
its workings yourself, spreading them does not violate trade secret–the
secret’s out and has no remaining protection.)
The Freedom to Redistribute Changes
The fourth freedom is The freedom to improve the program, and
release your improvements to the public, so that the whole community
benefits (freedom 3). Access to the source code is a precondition for
this.
This principle builds fully upon the three previous freedoms. If you
should know what a device does and should be able to modify it and should
be able to share that knowledge, you should also be able to share the
knowledge of your modifications–or the modifications themselves.
Improvements, in this sense, may take multiple forms. You may publish
guidelines on how to bypass hardware restrictions as a list of
instructions, or you may produce and distribute a physical
modification.
A more direct parallel may be buying, modifying, and releasing modified
versions of the hardware yourself. All of the questions from the third
freedom are in effect for this case as well. The cost of producing and
distributing physical goods make this right someone less useful than for
software, but not prohibitively so.
Analyzing the Freedoms
The first two freedoms seem most related to the idea of fair use,
personal responsibility, and reasonable disclosure. Imagine signing a
contract you were not allowed to read, or eating food without knowing the
ingredients. If you have the responsibility for the use of code or a
device, you should have the ability to know what the code or device does.
(Of course, the reverse is true; if you produce code or a device that
someone else modifies and abuses, that person must bear most of the
responsibility for any consequences. There’s room for trademarks and proper
attributions here to identify attributions and responsibilities
appropriately.)
The second two freedoms revolve more around the idea of information
sharing and cooperation as an ethical philosophy. They have much in common
with the beliefs that provided a public education system as well as much of
human progress. These ideas are well established in most political
philosophies (promoting the common good).
Some of these freedoms are more difficult in the context of manufactured
goods than in software. Resolving the duplication problem may alleviate
this from a practical standpoint, though not a legal one. However, treating
ephemeral goods as if they had the same scarcities and properties as
physical goods has not worked for most of the market, nor most of the
public good.
One missing part of this discussion is a sober consideration of how to
make a fair profit by providing these four freedoms to customers. Perhaps
that discussion will focus on the true notion of value. In a
hypothetical world where all knowledge is free, what is the value of acting
on that knowledge? Perhaps the best answer is that there can still be
attractive business opportunities which provide the service of designing,
implementing, manufacturing, and even supporting a device far more
effectively than I could do on my own, while still respecting these
freedoms.
The software world is gradually discovering this. Perhaps the hardware
world will follow.
|
|
The latest content from IBM developerWorks
|
|
Source: developerWorks : XML : Technical library XML is often used today as a data export and exchange format. In such
cases, you might deal with a feed of XML records; sometimes, if this feed, is too
long, there are performance problems importing it into another system. As such, you
might want to produce only an incremental feed -- that is, one that only
includes items that have changed. This article presents a collection of simple techniques that you can combine into a system for more digestible feeds containing only updated records.
Source: developerWorks : Open source : Technical library The News Industry Text Format is an XML-based format used by the news industry to encode and share the content of news articles. PEAR's XML_NITF package provides an extensible API to read and parse NITF-formatted files, making it easy to extract bibliographical information and article content for use in any PHP application.
Source: developerWorks : Open source : Technical library The Apache
Geronimo team has successfully implemented the exciting new Java Platform,
Enterprise Edition (Java EE) 5.0 specification. One of the many notable features of
Java EE 5 is the new Java Standard Tag Library (JSTL) 1.2 specification. The key
to JSTL 1.2 is the unified expression language, which lets you use the best
features of JSTL alongside the JavaServer Faces (JSF). In this installment, the
renegade covers the importance of JSTL 1.2 by examining the history of Java Web
technologies and how the Geronimo team has leveraged the GlassFish JSTL 1.2
implementation to add JSTL 1.2 support to Geronimo.
Source: developerWorks : Open source : Technical library Deploying bandwidth-efficient Ajax applications does not guarantee that the
service levels in a Service Level Agreement will stay high. No matter how well you
change code in the Ajax format to make it more bandwidth efficient, there will be always
risks and vulnerabilities you'll need to watch out for and mitigate. Regular
developerWorks author Judith Myerson gives a brief Ajax recap, shows what Web services
vulnerabilities are and why Service Level Agreements (SLA) are important, and suggests some solutions for speeding up Ajax applications.
Source: developerWorks : Open source : Technical library Create your own 404 error-message handler to provide useful links and redirects
for the contents of your site. Use metaphone matching and a simple weighted score file
to make typographical, spelling, and bad-link redirect suggestions. Customize the
suggestions based solely on your Web site's content and preferred redirection
locations. Catch multiple errors in incoming URL requests and process them for
corrections in directory, script, and HTML page names.
|
|
