Ernest_Miller writes: “LawMeme takes an indepth look at how the existence of Spider-Man and Attack of the Clones bootlegs undermine the reasoning behind the CBDTPA and DMCA. In addition to the obvious arguments, the article does a good job of destroying the “analog fallacy” — the common argument that digital piracy is a thousand times worse than analog piracy.”

An anonymous fan of NewsForge wrote in (but didn’t include a link): “It seems a group of Unix Security Professionals are taking further initiatives to build a Secure, Hardened Posix1e draft OS. While building on the roots of FreeBSD and OpenBSD, for their known stability, security & robustness they have actually forked into a specialized hardened distribution. It seems as they are on their way to merge the best of both worlds back into one. While most “hardened” and “secured” distros these days seem to be Linux based, here is a solid entry from the BSD community.”

MicroBSDs are stripped down hardened secure version builds. The concept for MicroBSD is a hardend secure Posix1e small foot print OS for x86/Alpha/Sun/PPC (or other) hardware to use as little hard disk space as possible yet provide fully functional Systems. Based on a complete server model, builds for Firewall/IDS/VPN/SMTP/WWW/DNS/FTP and other combinations will be developed over time. Systems features address all aspects of security. These builds are designed to take the work out of building secured network environments with specific features unique to each one. Basically a Secured manageable system build designed to do specific tasks.

FEATURES:
* Posix1e Audit Controls & logging
* Mandatory Access Controls (In Progess)
* File System level ACLS (In Progess)
* Application/Users Access Controls (In Progress)
* Small Foot Print. No unneccesary bloat. under 10 megs or less
* Application Stack Hardening & Protection (Completed)
* PF Packet Filter
* Invisible Bridged Firewall Module
* IDS Sub-system Module (Completed)
* Anti-Virus Protection Module (In Progess)
* Fully Automated Update system (Future)
* Web Based Management System (Future)
* Multiple Authentication Mechanisms (LDAP/SQL/PAM) (In Progess)
* No System User Accounts
* Fully modular design
* Capable of running on disk, /cdrom or Compact Flash
* Full State-full packet inspection
* IPV4/IPV6 capable
* Optimized kernel for handling large traffic flows
* Embeddes Systems Designs
* No unnecessary daemons, services.
* Each build is specific to a task
* Easy to Install via our ftp server, cdrom and floppy disk
* NAT, Reverse NAT, FTP proxy support, one to one NAT
* Other specific features will be added specific to different builds

-Gentu- writes: “Gentoo Linux has certainly become a popular Linux distribution in almost no time since its release about a month ago. It is reportedly extremely fast and its Debian/BSD-like ports system, called Portage, has earned a lot of fans. Daniel Robbins, project leader and chief architect of Gentoo, talks to OSNews in an interesting interview, where he reveals the future plans for the popular distro.”

This guy is a consultant who gets to deploy new services over the Internet. He says they always ask him to serve it to Windows users only, because of the stats – something like 93% of Internet users are Windows users. But, he says even if that number is true, (which is unlikely in his opinion) the people using Windows are not the “early adopter” type. Read more at Advogato.

– by Tina Gasperson –
Carnegie Mellon University is expected to
formally announce its “Sustainable Computing Consortium” on May 16th. In order
to make some measurable gains in software quality and security, CMU is hooking up with
big players in IT and software development, and NASA, to look at new techniques
for measuring sustainability. And ironically, all these different companies are
going to put their heads together to brainstorm and collaborate and share ideas
on some, get ready for this, good old proprietary software and intellectual
property that they’ll have to pay a licensing fee for to use outside their own
companies.Carnegie is the school that brings us CERT/CC,
the reporting center for Internet security problems. So any Carnegie-created
consortium dedicated to driving “order of magnitude improvements in software
quality, dependability, and security” has got to be all good. And it probably
is. But people who are used to developing in the open environment fostered by
major universities like Carnegie, MIT, and Berkeley, cringe when they visit the
front page of the SCC Web site
and see a quote from Bill Gates prominently displayed there: “It’s time for
developers to think and act differently” along with a plug for an
InformationWeek article talking about Gates’ now famous, but as of yet not acted
upon memo about focusing on security. And it forces the question: what is this
consortium really all about?

According to the group’s authors, “Consortium members support the creation of
standards and specifications that allow for the measurement and enhancement of
software quality, dependability, and security. Sustainable software encompasses
technology, measurement, policy, economic and market dimensions of software.
The work of the Consortium includes technical efforts to measure and reduce
software-associated risks as well as economic, legal and policy efforts to
manage risk within organizations, the broader markets, and the national
economy.”

With recent efforts like the Carrier Grade Linux
Working Group having demonstrated that an Open Source project like Linux can
be hardened sufficiently for mission critical use by the telecommunications
industry, coupled with the overall good record for security that the operating
system already enjoys, it is natural that OSS and Free Software models should be
a driving force behind the Consortium. Yet, leading Open Source companies who
want to get involved have discovered that the Sustainable Computing Consortium
will operate in a proprietary environment.

The “benefits of membership” listed by the Consortium in its FAQ lays it out:
“Members are entitled to a non-exclusive, internal-use license for the
intellectual property created by the SCC.” So what benefit would it be for a
Free Software company to get involved in an environment that prevents them from
using the innovations created in that environment, since the very nature of Open
Source software is that the source code must be offered to those who purchase
software? And it appears that so far, only closed-source companies like Microsoft, Oracle, and others have been recruited by the SCC.

NASA is a big part of the Sustainable Computing Consortium, having granted
Carnegie’s computing science department at least $23
million to look into the whole topic of high-dependability software, hoping
to reap the benefits of the creative effort. NASA has called it a “unique
opportunity to develop an empirically-based science for software dependability,”
and one that “could have a major impact on NASA’s ability to rely on complex
software for advanced mission capability.” But what of projects like FlightLinux, where rocket scientist
Pat Stakem is developing a special distribution of Linux just for use on
spacecrafts? The FlightLinux project was originally funded through July 2002 and
probably will not continue if NASA decides to focus more on closed-source
models.

“The licensing questions at stake for the university are, I hope, still open,”
says Eben Moglen, general counsel for the Free Software Foundation, “and I look
forward to CMU’s reconsideration of a policy that makes no sense and will render
stillborn an otherwise very important and productive venture of great
importance.”

Brad Kuhn, v.p. of the Free Software Foundation agrees. “It’s a travesty to have
proprietary development happening in an academic environment,” since the whole
point of a University is to make knowledge available.

Bill Guttman, the former co-CEO of PrintCafe, is the director of the SCC.
PrintCafe, successful by most measures, makes software specifically for the
printing industry. Guttman grew the company to 500 employees and 4000 customers.
He’s also the director of Carnegie’s Software Center which, among other things,
focuses on identifying new software development methodologies and business
models. But when he took on that role, the Pittsburgh, PA Post-Gazette labeled
him a “geek
by accident.”

Guttman has a PhD in international business, the article says, but ended up
running software companies because he saw the money in it. He’s typical CEO
material: a visionary who is always seeking a way to do things better. And since
the Software Center has been working on finding new development
methodologies, it appears the Open Source/Free Software method of development
didn’t come in at first place in Guttman’s book. If it had, he’d certainly
select it as the foundation for the Sustainable Computing Consortium.

In fact, a position paper entitled “High Quality and
Open Source Software Practices” and written by T.J. Halloran of CMU and Bill
Scherlis, who is the co-director of the SCC, expresses reservations about the
suitability of the Open Source software development model in “quality-related
technology.” In the conclusion of the paper, they state, “…any technique or
tool is not feasibly adoptable if it requires a major (client-visible) overhaul
of a project web portal, collaboration tools, development tools, or source code
base.”

Guttman has told potential Consortium members that the SCC would very much
like to see the Free Software/Open Source community participate in the
project, and he says the group is considering a dual-licensing strategy. Moglen
sees the inclusion of Free Software as vital. “The Consortium cannot succeed
without the participation of the free software community,” he says,
“because ours is the development model that will produce high-quality
code in the twenty-first century.”

Moglen says that in fact, it is the closed method of software development which
has contributed heavily to the “radical deterioration in average software
quality over the past twenty years, causing hundreds of billions of dollars of
lost time every year from work that disappears when personal computers
crash, fail to exchange data successfully because of incompatible
closed formats, or are disrupted by well-known unfixed security
exposures.”

Not only that, but “to attempt construction of an
infrastructure that does what we do without us, in an attempt to
bolster the system of proprietary ownership of software, would be
literally foolish,” he says, “and I don’t expect it to happen among people as
smart and capable as those presently forming the Consortium.”

From the Washington Post:
“Microsoft’s operating-system monopoly has gotten plenty of ink in this paper, but Microsoft Office exerts an even tighter stranglehold on the market.
The productivity suite dominates not just on Windows PCs but on Macs as well, and its file formats have become a default language in offices, homes
and schools around the world.”

From Linux in Education report #70 at SEUL.org:
“David Bucknell has written a lengthy description on The Story Behind Open Source Software. It is intended to be a good general introduction to the
topic for non-technical, intelligent readers. We think it is well-written and should be very useful in explaining why we think open source/free
software is important to the world beyond our community.”

From ZDNet:
“The server seller is continuing its effort to integrate Linux interfaces into its Solaris operating system, a move that would make it easier to bring
programs based on the Linux operating system to Solaris machines. But Sun has also begun work to bring Solaris features to Linux, said Vivek Mehra,
vice president and general manager of Sun’s Cobalt group.”

Anonymous Reader writes “While most Open Source projects are applications and utilities intended
for single users, David Bryan and David Kelly did something different. They created an infrastructure project — a Voice-over-IP (VoIP) phone system that either can run on a single box attached to a couple of IP phones or can scale up to a network of hosts processing hundreds of calls between thousands of users. In this informative technical article at Embedded Linux Journal Online, Bryan and Kelly detail the “Vovida Open Communications Applications Library” (“VOCAL”) project, a fully functional phone system that can run on either Red Hat Linux or Sun Solaris.”

MSNBC takes a look at AbiWord.”It works on most major OS platforms and supports many languages; it’s able to read and write most documents in Microsoft Word’s .doc format, as well as twenty others; its authors claim it can do most of what Word can; and best of all it’s free. It’s been in the works for years, but is AbiWord really that good?”