SELinux: Executive Overview
Red Hat's Chris Runge gave a presentation about SELinux, discussing what it brings to the table in improving Linux security in language even I could understand. He explained that Linux, like all modern operating systems, comes with discretionary access control (DAC), which means that users have read/write control over their data, that programs they run have the same rights that they do, and that the superuser has complete control over all data and files. To be successful, an intruder must find an exploit resulting in superuser privileges in order to take over a system.
SELinux adds mandatory access control (MAC), under which policies cannot be overridden by users. MAC works in conjunction with DAC, but is more powerful. Runge used an Apache server as an example for how MAC rules and policies might be used. The http user, and therefore the process, are given the rights to listen on port 80, read the configuration file and HTML/data necessary to display its pages, and read/write rights to its log files. If the HTTP server is compromised, the intruder gets only those rights. Without MAC, an intruder could likely get access to everything on the system.
What's New in Graphics for the Desktop
Red Hat's Kevin Martin described the coming 3-D desktop and its features. He also talked a little about how in the end the feature sets offered by SUSE and Red Hat will be the same, but there is a difference in how they are being implemented. Red Hat is doing its magic within the X server itself, while SUSE's approach has been to develop Xgl to run atop the X server.
Linux needs the sizzle, the romancing of the desktop, in order to keep pace with and win more desktop converts from the Windows and Apple camps. A joint effort would be much more beneficial here than two equally fine independent projects.
Software Patents and Patent Reform
Dan Ravicher of the Public Patent Foundation talked about what's wrong with our patent system, and how difficult it will be to ever change it. It seems that at one time, the PTO had their heads screwed on right and rejected purely software patent applications as being "not suitable material" for patents.
Two key things got the PTO off-track and us into this mess. First came the formation of a special court to hear patent cases, created by an act of Congress in 1982. The judges of the new court were not chosen from the ranks of existing judges, but from aides to the Congresscritters who created it, thus guaranteeing that it would always rule on the side of those who had lobbied for its creation and who always want more and stronger patent law.
The second was the State Street decision, which once and for all settled the question of whether pure software patents should be granted. That ruling is responsible for the boom in software patents in the past few years.
According to Ravicher, there are three major blocks to patent reform:
- Pharmaceutical firms
- Patent law makers (PTO, Federal Circuit Court, Congress)
- Patent lawyers
How broken is the patent system? Well, look at it this way. Patents are weapons. If you are hit with a patent infringement suit, it will cost you between 2 and 4 million dollars to defend against it. Even if you win the suit, you're out that cost.
It is illegal to do what many firms are doing these days, which is to fraudulently file for patents on software or methods which they did not invent. But if I were to write to the PTO and report Microsoft for such behavior, it would be ignored. Congress has set the rules and the PTO must follow them. The only time questions about the legality of a claim can be raised is when you are defending yourself against an infringement claim. In the meantime, the patent abuser has one more weapon in its arsenal.
One Laptop Per Child
Imagine a village elder in a stone-age setting. He can see well into the next age, and has as his mission to drag as many fellow villagers as he can from one age to the next. To accomplish this, he needs to build a new tool. It requires a stone. He eyes two of them, one large and heavy, the other smaller and lighter. He picks up each, hefts them one at a time, clearly not pleased with either, but much happier with the smaller stone. That's Nicholas Negroponte, and his mission is One Laptop Per Child. The stones were the choice between Windows and Linux for the operating system.
Negroponte is an impatient man, and he doesn't hold technology in especially high regard, though he does have a fine appreciation for how it can be used. Well used. During the first minute or two of his keynote address this morning he was complaining about the lighting on stage, wanting the lights in his eyes dimmed or the house lights raised so that he could see the audience. In another minute or two it was so.
During his talk he provided a historical backdrop for the effort, which stretches back 40 years. He spoke of similar, smaller, successful efforts in places like Costa Rica and the state of Maine. In his mind, there is no question that it will work.
He says his project will bring desktop usage of Linux to the same level of penetration as servers in a very short period of time. How? He plans to ship 7 to 10 million laptops next year, and between 100 and 200 million laptops the following year.
You can see how Negroponte can inspire or infuriate. He is a salesman, but not a slick, polished, plastic-smile sort of salesman. He says Intel is pissing on the project. Then he says, "But I know that if Intel and Microsoft are both mad at me, I'm doing something right." Negroponte may be a bit of a madman, but even if he is, my bet is that this project will both succeed and change the world to a better place.
The highlight of the Summit for me this year was Eben Moglen's talk on Thursday morning. I hope to find a video of his talk and show it at my local LUG meeting.
All the parties were great, from the reception Tuesday night, hosted by Dell, where my name was the first drawn to win a 32-inch flat screen Dell TV (but after we had left, so they had to draw again), to the Intel-sponsored Delta Island affair with free photographs and caricatures, to the festivities sponsored by IBM at the Wild Horse Saloon in downtown Nashville, with line dancing lessons and bull riding.
Kudos to Red Hat for its work with the One Laptop Per Child project, and for bringing in visionary speakers who help people to understand the good that can come from free software and open collaboration. They have increased their "reputation capital" in my book, and I'm looking forward to the next Red Hat Summit.