Utah Open Source Planet

Pre-orders for OpenBSD 4.4 (to be released November 1) are now available. The official announcement:

To: misc@cvs.openbsd.org
Subject: OpenBSD 4.4 pre-orders
Date: Thu, 04 Sep 2008 13:59:04 -0600
From: "Theo de Raadt" <deraadt @cvs.openbsd.org>

Pre-orders for OpenBSD 4.4 (CD, tshirt, poster) are up at

   http://www.openbsd.org/orders.html

As well, the new song for the release is also being made available at
the same time. This can be found at

   http://www.openbsd.org/lyrics.html

Enjoy the song, and think about ordering some of our things, since
purchases help fund the project. Thanks.

After reading all the details about the “new” DNS exploit I feel quite annoyed. These types of attacks have always been possible. This isn’t new. Cache Poisoning has always been on every DNS server administrator’s check list of things to carefully plan to prevent. I compare it to Firewalls: Every firewall administrator knows that best practice is to block everything by default and only make exceptions for what should be allowed.

This idea has been around for well over a decade. Maintaining a discrete list of what is allowed which can be completely enumerated with a great level of confidence and block the rest. Badness cannot be enumerated completely. Blacklists will always be missing important aspects. Expecting that all people are good and don’t do bad things will always turn bad.

Patches released for DNS services that are vulnerable do not fix the root cause. It can’t be fixed because it is part of the original specification and migrating away from it will be equally as painful as the migration to IPv6 is. These patches only implement other kinds of mitigation for the exploit. The best form of mitigation comes in the form of implementing standard best practices that have been around for many years.

DNS servers should carefully control who is allowed to ask questions about non-authoritative zones (recursion). DNS servers at ISPs should limit recursion to customers only. Corporations should run internal recursive DNS servers with access restricted to internal users only. This will severely isolate any damage caused by cache poisoning.

I am not saying nobody needs to patch their servers. In fact the patches should be applied quickly because it does help quite a bit. I am just saying that if you have already implemented best practices you shouldn’t have to worry very badly. And if you haven’t implemented them, do it now!

If the main page at OpenBSD.org is to be believed, OpenBSD 4.3 has officially been released. The scheduled release date is May 1, and in some time zones (but not this one) it's May 1 now :)

There are, of course, advantages to pre-ordering the official CDs (besides the obvious advantage of supporting the project): I've had my copy of OpenBSD 4.3 since last Friday, and I've already installed it in a few places. It should be available on the FTP mirrors now, though.

Edit: I just received the official release announcement email. There's a list of changes since 4.2 at http://www.openbsd.org/plus43.html.

Due to the comments I recrived on the last post on this topic, I decided to make a few changes.

First I want to say thank you to everyone that showed interest. Apparently this type of plugin is desperately needed. My initial version was just a quick hack to transfer meta data to and from my iPod. Note the extremely hackish nature of the link between iPod and rhythmbox tracks (filename only).

Now for the changes:

1. The most common complaint was the rhythmbox crashing bug (Segmentation Fault). This is caused by the gpod module when it attempts to locate and read the itunes database on the iPod. My fix was to just check if gpod found the itunes directory, print an error to the console, and skip any processing at all. This will prevent killing rhythmbox, but doesn’t actually fix anything.
2. More intelligent rating updates. I used mockenh’s idea to compare last played dates to determine which rating to use in case of a conflict.

I don’t really have the desire to implement playlist, or podcast synchronization since I have very little time, and I am only a mediocre programmer at best. If someone wants to swipe my code to build on, they are more than welcome to.

Some notes about my implementation.

1. I just use a periodic rsync to copy music from my iPod to my PC. rsync -av /media/BFUNGUS/iPod_Control/Music/ ~/Music/ Change any paths as necessary.
2. Since I don’t copy songs to the iPod using Linux, I didn’t write that support into it
3. The detection of the iPod mount location is dependant upon the GnomeVFS module. It must correctly recognize your iPod as a Music Player
4. The python gpod module must be installed. Debian users can apt-get install python-gpod

ipodsync v0.2

There was a very long thread on the misc@openbsd.org mailing list of the last week. It all started with some comments from Richard Stallman responding to complaints to him about his past remarks on BSDTalk. Lots of flaming and other arguments ensued. Including this snippet.

Theo: “Since both emacs and gcc contain code inside them which permit them to compile and run on commercial operating systems which are non-free, you are a slimy hypocrite.”

RMS: “I see you are being your usual friendly self ;-}.”

Much of it was very thought provoking, but the majority was just bickering. The biggest point of the whole war being that RMS had specifically recommended against OpenBSD because it “included” non-free software, referring to the ports system. Theo and others took offense at this because the ports system doesn’t “include” any external software, it is only a framework of Makefiles that make installing lots of software packages, Free and Non-Free, easy. And the entire ports system is 100% Free-Software.

IMHO, the saddest part of this whole debacle is the fact that besides the extremely obscure gNewSense pet project of RMS, there is no other operating system, or distribution of an operating system more Free than OpenBSD. Both RMS and Theo have similar goals with Free Software, but have radically different tactics and personalities.

While working as a SysAdmin (System Administrator) there are many tasks of different types. Any good sysadmin knows that there is always room for improvement. Some actually go so far as to script and/or automate everything. These types often end up spending weeks or months developing automation systems while the rest of their duties suffer as do their users.

I once saw an article describing this dilemma. Basically all tasks can be broken into categories based on the difficulty of the task and the frequency of the task. Steps to reduce the time and effort to do these tasks should be prioritized by category. Tasks that are easy to do, that you do frequently, should have shortcuts applied when possible. An example might be using your shell’s alias feature. Tasks that are easy, that you do rarely, don’t bother over complicating it yet. Hard stuff that you do frequently should be automated as much as possible. Perhaps you could try your hand at Shell or Perl scripting. Those rare tasks that take some time on your part should be clearly documented to take out the guess work, perhaps even include copy/paste’able code fragments as well.

I highly suggest these two books by Thomas Limoncelli. The Practice of System and Network Administration, and Time Management for System Administrators. The first book covers a lot of general theory of system administration, not necessarily platform specific but there is lost of unix information. The second book offers excellent ideas and tips on managing your time better, reducing distractions, and getting rid random people interrupting you to ask why their email is slow.

Since Rhythmbox doesn’t handle smart playlists on my iPod, my days of listening to music directly from my iPod are over.

While I do use iTunes at home to do my normal master sync, I need to have my music on my computer at work. So I simply rsync my iPod’s Music to my computer.
rsync -av --delete /media/BFUNGUS/iPod_Control/Music/ ~/Music/
Change the location of your iPod if named and/or mounted differently.

This works great. Rhythmbox found and read the tags of my music, and I have a fully functional music player. Except for one thing. I regularly use ratings and time of last play to make smart playlists. I need this data synchronized to and from my iPod.

Enter the iPodsync plugin for rhythmbox to synchronize ratings, time of last play and play count to and from the iPod. It will autodetect the iPod via GnomeVFS calls. It connects the rhythmbox API to the libgpod API to make the mesh. After installing and enabling the plugin, it will add a Tools -> Sync iPod menu item to initiate the sync. There is no other GUI yet to give you an indication of progress, but it is pretty darn quick. Any Rhythmbox GUI experts want to help out??

Anyway, here it is.
Just extract this archive to your rhythmbox plugins directory (/usr/lib/rhythmbox/plugins). Restart rhythmbox, and you should be good to go.
Rhythmbox iPod Sync plugin

I discovered a problem with Virtual machines and traffic being broadcast out all switches and switch ports. Any traffic sent from the host machine to his guest machine was broadcast out all ports on all switches in the subnet.

The VMware Forums have detailed the reason for this problem, but I will summarize.

VMware has a limitation (supposedly due to kernel limitation) in which traffic from host to guest must be put on the wire, when guest to host is not put on the wire. This split causes this situation.

When a guest does not run much traffic outside the host, it’s mac-address-table entry on the connected switch may expire and be removed. Switches handle packets addressed to mac addresses not in it’s table like hubs, broadcast everywhere to find the proper interface. This is normally fine because the next packet from that MAC will cause the table to be updated. However in the special situation of the host <-> guest conversation the packets generated by the guest never get put on the wire hence the mac-address-table never updating. Also causing host generated packets to continue to be broadcast everywhere.

Solutions:
* Patch the vmnet kernel module on the host as described in the forum posting. This patch causes guest -> host traffic to be put on the wire as well. Preventing the lopside problem, but causing more traffic on the wire to the switch.
* Statically add the mac-address to the table in the connected switch. This prevents host->guest traffic from moving beyond the connected switch, and doesn’t add additional packets on the wire, but adds additional maintenance.
* Cause the guest to send packets that pass outside the host at least once every 5 minutes (default aging-time). Few additional packets, and no switch maintenance. Install NTPd to synchronize the time.

Occasionally I need to play with an experimental machine using VMware Workstation on my Linux host. The virtualizaton already sanboxes my disks, memory, and other resources. However I only have 3 choices for networking: Bridged, NAT, and host-only.

• Bridged is often unacceptable for experimentation due to it’s unrestricted nature. It also does not pass through the standard netfilter interfaces in the kernel to be filtered.
• NAT is often unacceptable because I cannot control it’s filtering policies. It runs a separate daemon to handle the address translation. This blocks many of my filtering options in iptables.
• Host-only is almost never acceptable since I rarely do any experimentation that doesn’t require a network interface to my network outside my machine.

My favorite solution is to use the host-only networking option, and configure my host machine to NAT and route the traffic. This gives me extreme control over the network policies, addresses, etc. All with a familiar iptables interface.

• Configure your Virtual Machine to use Host-only networking
• Enable IP forwarding on your host.

  echo 1 > /proc/sys/net/ipv4/ip_forward

• Add the address you want your virtual machine to use on your network as an alias to your real interface.

  ifconfig eth0:0 10.49.220.40 netmask 255.255.252.0

• Add a NAT rule with iptables to translate packets to this new address.

  iptables -t nat -A POSTROUTING -i vmnet1 -o eth0 -j SNAT --to-source 10.49.220.40

• Add any rules you wish to impose to the FORWARD chain in the default filter table. Example here defaults to DROP all packets, but allow DNS to a DNS server, and all traffic to a host for the experiment.

  iptables -P FORWARD DROP
  iptables -A FORWARD -d 10.49.1.25 -p udp --dport 53 -j ACCEPT
  iptables -A FORWARD -d 10.49.1.26 -j ACCEPT

Now your experiment will come from your chosen IP as you would have wanted with bridged mode, but you get the awesome power and flexibility of filtering it via iptables. Great for playing with Windows and it’s included vulnerabilities.

On my Mac, I use Growl all the time. Especially using the CLI tool growlnotify to notify me from my scripts. Recent versions of Gnome use libnotify to display notifications similarly to Growl.

I couldn’t find a CLI tool, so I wrote one. The Python API is very handy and easy to understand, but hardly documented at all. Thanks to these people for giving me a jump start.

I tried to make the parameters similar to that of growlnotify… Mostly out of laziness.

Anyway… Here it is. pynotify

Now that I have a nice fast machine at work with an ATI X1300 dual-head video card, I had to get my desktop effects going. It is very simple to get the basics on Ubuntu Feisty Fawn.

First things first. With a recent ATI card you must use Xgl. It will not work with AIGLX. The Free radeon driver doesn't support these newer cards. This leaves you with resorting to the proprietary ATI driver (fglrx). This driver doesn't support the Xorg composite extension which is required for AIGLX to work. It's ok, Xgl isn't that much harder to setup.

• Install the proprietary ATI driver
  apt-get install xserver-xorg-video-ati
• Activate the driver in /etc/X11/xorg.conf (Composite must be disabled for direct rendering to work)

    Section "Device"
        Identifier  "ATI Technologies, Inc. ATI Default Card"
        Driver      "fglrx"
        Option      "DesktopSetup" "horizontal"
        BusID       "PCI:1:0:0"
    EndSection
    Section "Extensions"
        Option  "Composite" "0"
    EndSection

• Verify direct rendering works
  glxinfo | grep direct
  Should be yes
• Install Xgl
  apt-get install xserver-xgl
• Activate Xgl
  The Ubuntu Site has other options, but my method of using the Xsession is a lot cleaner.
  Add the following line to: /etc/X11/Xsession.options
  use-xgl
  Save the following script as: /etc/X11/Xsession.d/91Xgl

# This file is sourced by Xsession(5), not executed.

STARTXGL=
XGL="/usr/bin/Xgl"
XGL_OPTIONS=":1 -fullscreen -ac -accel xv:pbuffer -accel glx:pbuffer"

if grep -qs ^use-xgl "$OPTIONFILE"; then
  if [ -x "$XGL" ]; then
    STARTXGL=yes
  fi
  if [ -r /tmp/.X1-lock ]; then
    xglpid=`cat /tmp/.X1-lock`
    if [ -d /proc/$xglpid ]; then
      echo "Xgl already running"
      STARTXGL=
    fi
  fi
fi

if [ -n "$STARTXGL" ]; then
  $XGL $XGL_OPTIONS &
  DISPLAY=:1
fi

# vim:set ai et sts=2 sw=2 tw=80:

• Here you can use the default compiz installation just by activating it in the Desktop Effects panel in System -> Preferences. To get the much better Beryl working we can install it by adding just a few more steps.
• Install Beryl and friends
  apt-get install beryl beryl-manager emerald-themes
• Disable compiz if you enabled it (just in case)
• Run Beryl Manager in Applications -> System Tools.

That's it. You now have the Manager in the tray that lets to change many aspects including the window decorator (Emerald themes are pretty cool), etc. The Beryl Settings manager give to the power to tweak the aspects of the Effects.

A future article to come covering the effects that are actually useful and productive.

The pfSense team has released the first beta of version 1.2. Details at the pfSense blog. Overall this looks like a great update; I'm particularly interested in the load balancing improvements.

Start the install as normal
use fdisk/cfdisk to create a small /boot partition, the rest can be an LVM partion.
pvcreate /dev/sda2
vgcreate vg /dev/sda2
lvcreate -n swap -L 256M vg
lvcreate -n root -L 2G vg
Continue normally using /dev/vg/swap and /dev/vg/root for device nodes.

At kernel configure.
Install genkernel and lvm tools “emerge genkernel lvm2″
sensible default config
zcat /proc/config.gz > /usr/share/genkernel/x86/kernel-config-2.6
genkernel --lvm2 --menuconfig all
Continue normally

At Configuring the boot loader.
The grub menu entry may look like this:

title Gentoo LVM
root (hd0,0)
kernel /kernel-genkernel-x86-2.6.19-gentoo-r5 udev dolvm2 root=/dev/ram0 real_root=/dev/vg/root init=/linuxrc
initrd /initramfs-genkernel-x86-2.6.19-gentoo-r5

Continue normally

I discovered today that I left my procmail deliveries logging all kinds of information. I had logs that went back a month and a half. I thought why not parse them up, and generate some stats.

My procmailrc sorts most of my mail into folders for me. When I was writing the script to parse I decided to categorize my folders to make the statistics more meaningful. This leaves me with 4 types of mail: work (automated reports, logs, and such), spam (SpamAssasin, and discarded mail), lists (mailing lists), and Inbox (everything else).

These stats turned out to be quite interesting, at least to me. Since I am the sysadmin for an ISP, I get tons of email. I get the output for any and all cron jobs, interesting snippets of logs, and all mail addressed to common aliases (postmaster, root, webmaster, abuse, daemon, security, etc). This will cause my work category to be quite large. You can see that my work mail accounts for more than half of all deliveries. If you leave out the work category, my spam accounts for about 80% of all of my email, and that doesn’t count all the crap that SpamAssassin or my own filters don’t catch. Holy cow. Spam is a huge problem.

The big dip this week is caused by my experimentation with new anti-spam techniques. I tried out OpenBSD’s spamd. It is amazing. It reduces spam quite a bit, as you can see here. It would show even better results, but I only used it on one of several balanced incoming mail servers. It is a great implementation of greylisting. However, this technique causes some legitimate mail to be delayed by 5min - a few hours. We had a few complaints from customers about delayed mail, so I had to turn it off. I highly recommend this technique for anyone who is battling spam, doesn’t have extremely picky users, and don’t mind slightly delayed mail from time to time.

Tags: procmail, stats, spam, greylisting

I decided to give Fedora another try after a very long time of using and loving FreeBSD, Ubuntu, and Debian. I thought to myself that it’s continued popularity has to be a testament to it’s greatness. Perhaps it has improved over time.

I was initially turned off RPM based distributions long ago by the pain of dealing with dependencies, tracking down RPMs, and bloated default installs. I had given them up long since RedHat 8.0. Since then I have given half-assed efforts to look at them a couple of times. Once with FC3, and again with OpenSuse 10.1. Both times was immediately turned off by bloated installs and/or having to hack in apt and external repositories.

This time is going to be different. I am going to keep an open mind. Here are my thoughts as I progressed.

• I just downloaded the DVD image of Fedora Core 6 since my test machine has a DVD drive. I really like single CD installation sources, but maybe I won’t mind a single DVD.
  
• Why have the installation verify the medium by default. It is extremely rare to get even this far if your medium is somehow damaged. Lame defaults, not lame functionality.
  
• The installation program (anaconda) is extremely solid and professional looking. RedHat has always had good install programs. IMHO, the installation program isn’t that important, so whoop-de-do.
  
• The installation has a wonderful partition editor, it allows you to set up complex raids, and/or LVM. Wow! Best one I have ever seen.
  
• Install seems much quicker than I remeber. I always thought RPM based distros took forever. Perhaps it is because this system is so much faster than my previous test machines.
  
• Couldn’t boot Fedora. The installer didn’t give me the option to install the boot loader in the MBR of sdb so I picked sdb1. The FreeBSD boot manager couldn’t start it. Oh well, I just ran the rescue from the install disc, and installed grub manually into the MBR of sdb. All better boots fine. Not a problem with Fedora really, just a complicated setup on my end.
  
• Booted, finished the first boot install step. Holy cow. It properly detected my monitor’s native resolution. Sweet! I have a widescreen LCD with a native resolution of 1680×1050.
  
  
• Launched Firefox, clicked on the Fedora FAQ link. I learned that Fedora doesn’t install any non-free software. That is wonderful. Even Ubuntu installs a tainted kernel by default. I am so proud.
  
• I had a look at the xorg.conf and saw the smallest xorg configuration evar. There was no font, monitor, resolution, or mouse configuration info. xorg detected and made everything work perfectly. Is this a feature of xorg 7.1.1, or is this Fedora specific?
  
  
• Further exploration of the gui reveals all the standard Gnome-y goodness I come to love and expect from my distro.
  
• The "Add/Remove Programs" is slightly different from Ubuntu, but works just about as well.
  
• There is a lot of stuff installed by default, but not to the extreme like it used to.
  
• sudo is not setup by default. I really liked the way Ubuntu locks root, and uses sudo for everything. I had to assign myself to group wheel and enable sudo for the group manually.
  
• I wanted to install a few other basics I expect to have available. Some are already installed (rsync, mutt, sudo). Some are easily installed using yum (nmap). Some are nowhere to be found (tcpflow, tcptraceroute, etc). This is horrible. After some more reading and poking around I find that there are third parties that publish these packages. WTF! tcpflow and tcptraceroute should be in the Core repository, or at least in Extras. This is a total F$#! up. Why can’t the Fedora community come together and merge the Dag/Dries repository with the Extras repository. They can leave out the non-free stuff, but at least get the obvious stuff.
  
• On a side note, I think it is very funny that http://ftp.freshrpms.net/ is "Powered by" Debian. ROFL.
  

In summary, Fedora is no longer a distro to be detested. It’s dedication to Free Software; addition and focus on yum; use of new technology like xorg 7.1; and more conservative default install has made it usable, and almost recommendable. However, it’s repository is extremely lacking, and it needs more thought into default options for some things.

Tags: Fedora

Slashdot linked to an article from Forbes that speculated the GPLv3 could "tear it apart". It, referring to the Linux industry. The summary on Slashdot sounded interesting, and RMS is always interesting.

Very early in the article I was upset by a huge lie.

But while Torvalds has been enshrined as the Linux movement’s creator, a lesser-known programmer–infamously more obstinate and far more eccentric than Torvalds–wields a startling amount of control as this revolution’s resident enforcer. Richard M. Stallman is a 53-year-old anticorporate crusader who has argued for 20 years that most software should be free of charge. He and a band of anarchist acolytes long have waged war on the commercial software industry, dubbing tech giants "evil" and "enemies of freedom" because they rake in sales and enforce patents and copyrights–when he argues they should be giving it all away.

This is a complete lie. The FSF has nothing against selling software. The term "Free" they refer to is not about price, but about Freedom. Any journalist with an ounce of responsibility would easily find references to the talk about _Free as in Freedom, not Free as in Beer_. There is even a complete article written by RMS all about selling software.

This immediate lie angered me already. I could handle reading a biased, commercial, anti-Linux article without getting angry. However, once they outright lied about something so obvious, I became very quick to anger. The rest of the article is so obviously biased, I won’t even bother detailing them. I instead will focus on the inaccuracies, or the twisting of hard facts.

Stallman hopes to use that licensing power to slap the new restraints on the big tech vendors he so reviles. At worst it could split the Linux movement in two–one set of suppliers and customers deploying an older Linux version under the easier rules and a second world using a newer version governed by the new restrictions. That would threaten billions of dollars in Linux investment by customers and vendors alike.

The licensing power referred to here is deserved as he and his group actually wrote most of what makes up the "Linux" system. Linux is actually just the kernel of the OS. Lots of other people make the mistake of calling the OS Linux, when it should be GNU/Linux, so I’ll give them a little slack here.

This licensing power is also the same power wielded by "big tech vendors" to do much more heinous things. Examples include: preventing you from playing your **purchased** songs on any player you wish; Restricting your ability to use, modify, and share software that you own; Preventing you from expanding technology.

The only vendors the GPLv3 might threaten are those that are using Free Software to actively do very non-Free things, like Patent lawsuits, DRM, etc. These vendors are not the majority in the industry. It doesn’t threaten customers (end-users) at all.

A cantankerous and finger-wagging freewheeler, Stallman won’t comment on any of this because he was upset by a previous story written by this writer. But his brazen gambit already is roiling the hacker world. His putsch "has the potential to inflict massive collateral damage upon our entire ecosystem and jeopardize the very utility and survival of open source," says a paper published in September by key Linux developers, who "implore" Stallman to back down. "This is not an exaggeration," says James Bottomley, the paper’s chief author. "There is significant danger to going down this path." (Stallman’s camp claims Bottomley’s paper contains "inaccurate information.")

No comment … upset at this writer … I wonder why. Could it be that you tell lies, skew the truth, and bias every word? The only damage it will do is to possibly make vendors, like Tivo, to maintain old versions of GPLv2 software themselves. Is this a big deal? What has Tivo done for our community anyway? This paper sounds just like something Microsoft wrote about Open Source not too long ago. Our ecosystem may change a bit, but if it is good, it will persevere.

Even the Linux program’s progenitor and namesake, Linus Torvalds, rejects Stallman’s new push to force tech companies to design their software his way and to abandon patent rights. Torvalds vows to stick with the old license terms, thereby threatening the split that tech vendors so fear. The new license terms Stallman proposes "are trying to move back into a more ‘radical’ and ‘activist’ direction," Torvalds says via e-mail. "I think it’s great when people have ideals–but ideals (like religion) are a hell of a lot better when they are private. I’m more pragmatic."

Yes, Linus disagrees with RMS. However there is no split to fear. Any developer can choose which version of the GPL to use.

Even the Linux program’s progenitor and namesake, Linus Torvalds, rejects Stallman’s new push to force tech companies to design their software his way and to abandon patent rights. Torvalds vows to stick with the old license terms, thereby threatening the split that tech vendors so fear. The new license terms Stallman proposes "are trying to move back into a more ‘radical’ and ‘activist’ direction," Torvalds says via e-mail. "I think it’s great when people have ideals–but ideals (like religion) are a hell of a lot better when they are private. I’m more pragmatic."

But then, Richard Stallman rarely is pragmatic–and in some ways he is downright bizarre. He is corpulent and slovenly, with long, scraggly hair, strands of which he has been known to pluck out and toss into a bowl of soup he is eating. His own Web site (www.stallman.org) says Stallman engages in what he calls "rhinophytophilia"–"nasal sex" (also his term) with flowers; he brags of offending a bunch of techies from Texas Instruments by plunging his schnoz into a bouquet at dinner and inviting them to do the same.

Come on. This has nothing to do with the article. If his strangeness would have any effect on the community, it would have happened many years ago. This is total crap.

And though he styles himself as a crusader for tech "freedom," Stallman labors mightily to control how others think, speak and act, arguing, in Orwellian doublespeak, that his rules are necessary for people to be "free." He won’t speak to reporters unless they agree to call the operating system "GNU/Linux," not Linux. He urges his adherents to avoid such terms as "intellectual property" and touts "four freedoms" he has sworn to defend, numbering them 0, 1, 2 and 3. In June Stallman attempted to barge into the residence of the French prime minister to protest a copyright bill, then unrolled a petition in a Paris street while his adoring fans snapped photos.

Another lie. RMS never said his rules (GPL) are necessary for people to be free. His GPL is just another Free Software license developers can use if they want. His organization publishes a list of other Free Software license alternatives.

As programmers wrote hundreds of building blocks to add to Linux, Stallman’s Free Software Foundation persuaded them to hand over their copyrights to the group and let it handle licensing of their code. Stallman wrote the central license for Linux: the GNU General Public License or GPL. For his part, Linux creator Torvalds never signed his creation over to the group–but he did adopt the GNU license, granting Stallman further sway.

What programmers? If the author is referring to the programmers of GNU, they did most of their work long before Linux. Therefore Linux was added to GNU, not vice-versa. If the author was referring to any Open Source programmer, he never asked nor required any of them to hand over their copyrights. Stallman has no control over programmers who choose the GPL. However he will help defend them, when they need it.

In recent years Stallman and the FSF have been cracking down on big Linux users, enforcing terms of the existing license (GPLv2, for version 2) and demanding that the big tech outfits crack open their proprietary code whenever they inserted lines from Linux. Cisco and TiVo have been targets; Cisco caved in to Stallman’s demands rather than endure months of abuse from his noisy worldwide cult of online jihadists. Nvidia, which makes graphics cards for Linux computers but won’t release enough of the code behind them to satisfy Stallmanites, also came under attack. "It’s an enemy of the free software community, so we call them ‘inVideous,’" says Peter Brown, executive director of the Free Software Foundation.

This is true, but the description of jihadists should be placed on Cisco and TiVo. It was Cisco that was trying to steal the GPL code and use it for their own purposes. This is breaking the terms of the license, hence breaking the law. Cisco caved in because they were caught breaking the law and didn’t want to piss off the Free Software community, especially since we make up a huge portion of their customers.

One big potential victim of the Stallman stunt is Red Hat, the leading Linux distributor, with 61% market share. Red Hat bundles together hundreds of programs contributed by thousands of outside coders. If Linus Torvalds sticks with his old kernel under the older and less restrictive version-2 license, and Stallmanites ship version-3 code, what is Red Hat to do? The two licenses appear to be incompatible. There’s also the problem of forfeiting patent enforcement rights if Red Hat ships v3 code. Red Hat could stay with an entirely "v2" Linux system, taking on the burden of developing its own versions of whatever programs move to v3. But it’s not clear that Red Hat has the staffing to do that.

More crap. First, RedHat has not commented on anything regarding GPLv3. Second, GPLv2 and GPLv3 are compatible. In fact, GPLv3 is more compatible with other licenses than GPLv2 was. RedHat would only be forfeiting patent enforcement rights on code RedHat wrote and released unter GPLv3. RedHat is more than capable of releasing their own code under the GPLv2 and ship it with other programs licensed under GPLv3. Shipping programs together does not mean they must be licensed the same.

"Red Hat gets a lot of code from people who don’t work for Red Hat. They would have to replace all that and do the work in-house," says Larry W. McVoy, chief executive of software developer Bitmover and a longtime Torvalds collaborator. Even then, however, Stallman and his loyalists may carry on developing their own v3 versions. This "forking" of multiple incompatible versions could lead to "Balkanization" and derail Linux, the Torvalds camp warns.

Red Hat and other Linux promoters also may find themselves in an awkward spot with customers. "IT managers want to buy stuff that puts them at as little risk as possible. If there was a risk that Stallman could become such a loose cannon, that’s something most IT managers would have wanted to know before they bet their companies on Linux," McVoy says.

The only reason why RedHat may want to "fork" GPLv3 licensed programs, is if they want to modify these programs in such a way that would be disallowed by the GPLv3, or sell to a client that wants to do this. It is important to ignore this author’s assumption that the whole operating system must be licensed the same way. Just because Bash might be licensed GPLv3, doesn’t mean that Apache is licensed that way. You would only need to fork Bash if you want to modify Bash to add in DRM, or to enforce patents you have in your modifications to Bash. Obviously this is highly unnecessary.

It is quite interesting that the author would talk to McVoy about this. McVoy has even less credibility on this issue than just about anyone else. His company BitMover sells a proprietary product called BitKeeper. Yes, McVoy collaborated with Torvalds. In fact, Torvalds was using BitKeeper for his Linux development. Torvalds later found out that using proprietary software could bite him in the butt when he had to switch to something else.

Both McVoy and Torvalds should know more than anyone that the risk in using proprietary software is much greater than that of using Free Software. The absolute worse case scenario you can have with Free Software is having to maintain updates to it yourself. Worst case in proprietary software could mean finding another software package, but possible loss of data. No intelligent IT manager would consider the issue of the GPLv3 to be more of a risk than that of proprietary software.

Bottom Line is that neither Richard Stallman’s crusading, nor the GPLv3 will tear the GNU/Linux community apart. It may cause a few minor problems for patent enforcers, and DRM developers that are leeching off the GNU/Linux community. These vendors won’t hurt that much either, they can just maintain their own old versions, or switch to any of the BSD-licensed alternatives.

The flat green plateau was a bittorrent I left on, and the massive mountain is Tor.

Last week I used quite a bit of bandwidth on my colocated server. Part of it was due to leaving a bittorrent of a few episodes of “Weeds” running for a few days. Those sure are popular, but I have the max upload rate limited to 800KBps. Not enough to cause problems, but enough to share my generous amount of bandwidth.

While Bittorrent can eat up quite a bit of bandwidth, it wasn’t the culprit. The problem was Tor! I misread the documentation for BandwidthRate and BandwidthBurst. I thought it was in bps (bits), but, in fact, it was in Bps (bytes). Whoops! When I was going through the normal everyday sysadmin duties I noticed that our primary backbone link was a lot closer to being full than it normally should be. A little poking around and I found that my own server was eating up about 14Mbps. I shut it off immediately, and headed for the documentation. To my surprise FAQ 5.17 is very clear about the units for the BandwidthRate. I am a total idiot. Config fixed, tor restarted.

I am not one of those privacy nuts that won’t do anything that isn’t anonymized or encrypted. In fact I tried using tor myself for about 2 minutes. It was painfully slow. I don’t really care who sees most of my traffic, and the traffic I do care about is already either SSL’d or ssh tunneled. However, I understand the occasional need for tor, and it’s obvious benefits. Since I have so much bandwidth available that no one will be using, I thought I would share. Ain’t it nice to be sysadmin of your own ISP.

Interesting note: So far in the first 10 days of this month I have used 981GB on my server. Holy bejeezus