![[image of a world with a GNUs horns]](/brave-gnu-world/rungnu/brave-gnu-world-logo-sm.jpg){kind=logo}
(jpeg 7k)
(jpeg 17k)
logo from "We run GNU" initative
no gifs due to patent problems
Welcome to another issue of Georg´s Brave GNU World. I´ll begin by introducing some projects before I come to a more theoretical question that gained in importance for me during my visit at the "Systems" computer show in Munich (Germany). But let me start with the more practical parts.
Userv
Userv ("you serve")[5] by Ian Jackson is defined by its specification as "a Unix system facility to allow one program to invoke another when only limited trust exists between them." Since this may not mean a lot to many people, I´ll explain this a little further.
On Unix systems you very often experience situations where a program needs certain user privileges for certain tasks. Several solutions to this standard problem exist, but they almost all create severe problems security-wise. One possibility is to write privileged parts in C or call them via a C wrapper. Such a program inherits all rights that our original program had, so we need to put absolute trust into it. The method is also error-prone: what called processes inherit from their parents varies between different flavors of Unix. This means usually something is forgotten or the program becomes non-portable.
Another solution to the problem is provided by the "sudo" program which has the disadvantage that it usually requires one side of the security boundary to be root. This is at least a violation of the principle of least privilege which states that a process should only get privileges necessary to accomplish its task. Often it also happens that inherited resources are not cleaned up properly so that the isolation is not very good.
These are the problems that userv seeks to solve. One possible use would be a version of cron that does not need to be root. A security hole in cron would only give the malevolent intruder the chance to run cron-jobs at different times. The intruder would not gain control over the full system anymore.
This is also extremely interesting for webserver with CGI-scripts where good isolation between interface and internals can be crucial. In fact userv is already used for this purpose: The University Cambridge uses it in a project to provide a central web hosting service for departments.
The 1.0 release of userv is very close and since it is licensed under the GNU General Public License it can be used freely. Although the author admits that it may take a little time to get used to the configuration, this project is definitely worth giving a look.
The next two projects are also licensed under the GNU General Public License and have been written by Jason Nunn.
Clobberd
Clobberd [6] makes it possible to monitor user activity and keeps track of time and network activity. To accomplish this the daemon extracts the information from the utmp file and allows users to view their current statistics via clobbertool on a webpage. Administrators can use the tool clobberedit to edit user settings.
The big advantages of clobberd are definitely ease of installation and use. Unfortunately the author expects problems with other flavors of Unix than GNU/Linux and clobberd should always be used behind a firewall.
It is most useful for networks with a rather big number of users; Jason Nunn did tell me about a man who connected his private network at home to the internet with a GNU/Linux gateway. He now uses clobberd to monitor his son so he will do more homework and less surfing the web. It becomes obvious that useful tools can sometimes be used for evil. .-)
La51
La51 [7] is a small 8051 (MCS-51) Cross-Compiler that has been geared towards the Siemens sab80c537. The program itself is very small and has been based on the book ´The 8051 Microcontroller´ 2nd Ed. by IS Mackenzie.
Although Jason Nunn calls the compiler "not perfect" it did suffice for some projects. With its help he has for instance been able to write a VT52 terminal emulation. The only real problem he sees is that the compiler can only create Intel hex files; but it is thoroughly tested which should more than make up for this flaw.
I suspect that this was probably only interesting for a small portion of the readers - so I´ll keep moving on.
CUPS
CUPS ("Common Unix Printing System") [8] by Easy Software Products is a possible replacement for the old Unix printing architecture. Its advanced features should make it very interesting for people who aren´t satisfied with the current print services. Since CUPS is licensed under the GNU General Public License there is no legal problem in switching to the new architecture.
Besides the traditional functions CUPS offers the ability to set media size and resolution on the commandline; but there is more. There are special "backend" modules which allow communication over lots of different hardware and CUPS has a built-in user authentification. Another feature that should bring a sigh of relief from administrators of bigger networks is the capability to find and setup network printers automatically.
Currently the biggest problem is the fact that CUPS does not support a generic lpd print interface so clients depending on this will run into problems. A solution is in the works, though.
Future plans for the next versions include a stronger job/user handling and the encryption of transmissions.
If these topics were too "internal" for you I hope you´ll find the next feature more to your liking.
SADP
Like the other projects this month, the Sing Along Disc Player (SADP) [9] is licensed under the GNU GPL. SADP is a CD player with a lot of extras. The features include a spectrum analyzer and oscillator that can be resized "on the fly". It also has an internal mixer and several other options that can be expected from a good CD player.
SADP has a local CD database and can also access external databases over the internet. Fortunately it supports the CDDB, FreeDB and CD-INDEX protocols so existing resources can be accessed directly.
The author emphasized how important it was to him that SADP will perform well in very different local environments. That´s why SADP can use the internet or soundcard but doesn´t depend on them. It is also rather small, stable and user friendly. The biggest problems are created by "talkative" CD drivers and some bugs in its XForms.
This October SADP was awarded a price by 4Front Technologies, so checking it out is definitely not wasted time.
So much for the practical part. Now I´d like to discuss something I noticed during my stay at the Systems '99.
About the GNU GPL
The GNU General Public License has been called "viral" by people opposed to it for some time now. It occured to me that this derogatory term has been accepted way too easily.
In this context people talk about the GNU GPL "infecting" the code it licenses. The virus analogy implies the GPL then spreads uncontrollably and to the harm of the public.
Speaking about harm we first need to consider whose harm we are talking about. The GNU General Public License grants every user the right to use software, to modify it and to pass it along it its original or modified version. The only limitation is that no-one may take these rights away from other people. So only people who want to take away the rights of other users may feel harmed by it.
The usual counterargument here is that the GNU General Public License is also incompatible with other Free Software licenses like the FreeBSD license. This is correct.
[Dec 31 1999] Unfortunately this is not entirely correct. It was impossible to combine code under the GPL and the old BSD license. Combinations between FreeBSD and GPL are possible as long as the combination is released under the GPL. The licenses of the parts remain untouched when doing so. But this feature does explain the reasoning behind the license models rather well, so I will not remove it. Sorry for the inconvenience.
What is more important, though, is the source of this incompatibility. Every time two parts of code should be merged it is necessary that their licenses do not contradict each other.
Theoretically code under the GNU GPL can very well be merged with code under another license. In practice, this combination with other Free Software licenses becomes problematic. This is especially due to the fact that the mechanism of the protection of the users' rights provided by the GNU General Public License is still unique.
A lot of people then argue the FreeBSD license was "more free" than the GNU GPL. The discussion this leads to is essentially about the basics of what in German is called Staatsphilosophie, which falls under the area of political and/or social philosophy. This philosophy deals with the dilemma that in order to achive the maximum in freedom and self-determination it is necessary not to give absolute freedom to the individuals. Through our citizenship in a certain country we consent to give up certain freedoms for the benefit of society. One example of a freedom we have given up is the freedom to club someone over the head because we like his or her partner.
In cases of limiting the users' right about software this is almost always a "one against all" case. Which weighs heavier? The freedom of one to limit the freedoms of the rest of humanity or the protection of freedom for a majority? Several opinions about how this question should be answered exist; I do think there should be enough space and tolerance for more than just one answer, though.
In the end the incompatibility I mentioned above stems from different philosophical views. Reacting to a second opinion by using derogatory terms when talking about the GNU General Public License is - at least in my opinion - wrong and rather intolerant. This is why I would like to ask you not to accept this term without proper resistance.
Almost over...
I guess this was heavy enough for one month, so I will postpone the second part of my Systems '99 aftermath until next month. There are a few things I would like to mention, though.
First of all I did some redesign work on the "We run GNU" [4] page and it should be less bloated and more useable now; hopefully slow connections will now also be able to access it. There are also some new designs like a PenGNUin by Ben Stickan - so check it out.
There has also been quite some interest in "Brave GNU World" t-shirts and I guess we´ve almost reached critical mass. I have now started to think about the design. One idea that reached me via email was that of a gnu as Atlas with the world on his shoulders. My graphical talents are hardly good enough for such a picture but I think it would be extremely cool. Interested, anyone?
That´s it for this month, please don´t hold back with ideas, questions, comments and email about other interesting projects to the usual address [1].
| Info |
|
[1] Send ideas, comments and questions to Brave GNU World <column@gnu.org>
|
Return to previous issue / Brave GNU World home page
Return to GNU's home page.
Please send FSF & GNU inquiries & questions to gnu@gnu.org. There are also other ways to contact the FSF.
Please send comments on the Brave GNU World column to column@gnu.org, send comments on these web pages to webmasters@www.gnu.org, and send other questions to gnu@gnu.org.
Copyright (C) 1999 Georg C. F. Greve, German version published in the Linux-Magazin
Permission is granted to make and distribute verbatim copies of this transcript as long as the copyright and this permission notice appear.
Last modified: Sun Jan 16 13:52:26 CET 2000 greve