Capital Area Central Texas UNIX Society
CACTUS Newsletter

Volume 19, Number 2 - February 2003


Contents:


February Meeting

By Ray Schafer

As Programs Chair for 2003, I have the honor of putting together the meeting programs for CACTUS, continuing our tradition of providing topics of interest to our members. It is a remarkable year - our 20th year of service to the Capital Area UNIX community - and I intend on using every bit of clout and honor our 20 years has earned us in soliciting speakers for our programs this year.

This Month's Meeting Topic:

On Thursday, February 20th CACTUS will present George Kraft IV, Senior Software Engineer at IBM's Linux Technology Center and chairman of the Linux Standard Base (LSB). In five straightforward steps published in several articles, George Kraft has outlined how to build an LSB-certified application. Linux inherently has binary compatibility; the Linux Standard Base (LSB), however, has set some rules and guidelines that make this practical for applications. The path to shrink-wrapping an LSB applications for Linux requires you to code to the portability layer, use the correct ABIs, test with the LSB application checker, follow LSB packaging guidelines, and seek LSB certification.

The main presentation will be preceded by the first in a series of tutorials on UNIX and UNIX-like distributions. Lindsay Haisley will present a tutorial on the installation of the Debian Linux distribution. The install demonstration will cover the basic installation of Debian using the Internet.

Please join us for Pizza and refreshments starting at 6:30 PM at UT's ARL Auditorium, 10,000 Burnet Road.

Next Month's Program:

Next month, CACTUS will present VoIPing, LLC (www.voiping.com), a Central Texas privately owned and operated partnership. VoIPing specializes in IT Consulting and Services, with a strong emphasis on converged networks, Unix operating systems and Voice over IP (IP Telephony). On Thursday, March 20th, they will present a riveting presentation ("SIP from the IP Telephony Fire-hose") and conclude with an interactive demonstration using freely available open source tools and software. Next months presentation will be preceded by the second in our series of tutorials on UNIX and UNIX-like distributions.


January Meeting Report

By Ron Roberts

Attendance was good at the January meeting, probably to avoid being elected in absentia. Pizza and soda arrived on time. Officer reports were the usual--nothing new, we're still solvent. The election of officers went remarkably smoothly, with no competitive nominations. Everyone has forgotten James Johnson.

Lindsay Haisley was elected president in acknowledgment of years of service as scribe, newsletter editor, and especially the system administration of the Linux CACTUS server. It's been running smoothly for several years now. Lindsay served double duty at the end of 2002 by publishing the newsletter pro tem.

Ray Schafer moved back to program chair. Johny Long and Luis Basto remained respectively at the key jobs of treasurer and membership chair. Ron Roberts re-assumed scribe, and M.H. Khan remains member-at-large Webmaster and public relations. Gil Kloepfer agreed to the most frustrating position: newsletter editor. [This article was not submitted by deadline.]

Randy Zagar is the only new blood in the leadership: member at large.

After the elections, Bob Izenberg spoke about House Resolution 2281, the Digital Millennium Copyright Act (DMCA) from the point of view of an internet service provider (ISP). The DMCA was first proposed in June on 1998 and passed into law in October of that year. It was intended to provide protection for the rights of copyright applicants and holders in non-print media. It also provides some protections for the operators and owners of the media. It tries to define fair use for the electronic domain and provides for dispute resolution.

Bob presented two real world examples of this.

The first involved a domain name. The defendant had copied the content of a West coast celebrity contest and used a very similar domain name. This guy was obviously wrong, and immediately folded his tent when he was caught.

The second case was more convoluted. The defendant had written a user interface using some public domain perl modules under a handshake agreement for an individual. The owner had since died and the assets of the company were bought by a lawyer. The programmer had subsequently used the code on a website hosted by Bob's employer. The lawyer contacted Bob with a cease and desist request.

The plaintiff informed Bob about filing a DMCA notice and how it would protect the ISP. If you have filed such a notice and follow the procedure, the DCMA will provide release from liability. Bob filed for the notice and added the necessary form for complaints and responses on the providers WEB page.

When a provider receives a DCMA claim, he must take the offending material offline and contact the owner within ten days. The defendant has fourteen days to reply. The claims basically say that this is a copyright violation and the response says, "no, it's not." The forms provided by the U.S. Copyright office detail the language necessary to make it official. If both are made with good faith, the ISP is out of the loop. If the defendant denies the claim, the ISP restores the content and the issue is resolved between the two claimants in court.

The ten and fourteen day time limits are old school. Normally, notification is done by phone or email, with the official hard copy arriving later by snail mail.

In this case, the defendant removed the software he was distributing because he made most of his money consulting, and very little in software sales. The lawyer was making a about a million dollars a year in contract sales versus about thirty thousand a year in revenue for the programmer.

The DMCA has become quite controversial over the last several years, largely as a result of Section 1201 containing the "anti-circumvention" provisions of the act which has been widely criticized by organizations such as the Electronic Frontier Foundation for stifling free speech and scientific research.

Lindsay Haisley turned the discussion along this path, saying that the DCMA has stifled research in encryption technology. "If you break encryption in your home, you have broken the law." This got the entire membership involved in the discussion at length. Someone suggested that we should devote a meeting to this subject.


January CACTUS Board Report

The newly elected 2003 CACTUS board of directors met on Monday, January 27th at Buca di Beppo restaurant. Though Johny Long was confused about the time and location, we eventually got him there so that attendance was perfect.

The full table ordered salads and only three shared entrees. The board wanted to keep costs down in case Johny didn't arrive with the check book.

Most of the discussion involved ideas for programs. Some suggested we get Kevin Mitnick to speak. Other suggestions included: Lenny Tropiano on voice over IP, John Quarterman, Larry Wall, NMEA and GPS mapping software, Bruce Sterling, Veritas SANS control (Ray Schafer's employer), virus scanners, and a Debian tutorial (Lindsay Haisley).

The board identified the responsibilities of each position and encouraged everyone to help with programs. Since no one is paid and we all have day jobs (for now), we know that there will be times when an officer can't fulfill his duties. We resolved to backup each other and be assistant newsletter editor, program chair, etc.


Letter From the President

by Lindsay Haisley

I'd like to thank the CACTUS membership for showing their confidence in me by electing me as CACTUS president for 2003. Part of the president's job is to be on call to fill in on any task which some other officer is unable to perform, and with the exception of Programs, I've done all of them at one time or another. Pizza at meetings will continue, as before, absent a consensus from the membership to switch to something else entirely, such as tofu sandwiches or sushi.

I'd like to spend some time during the coming year working to bring CACTUS as an organization further to the attention of the Austin technical community. I'd like to see us participate in at least one tech fair during the coming year. This will involve some planning, effort and a modest expense, but the benefits in terms of community visibility and possible new members will be substantial.

It's also worth noting that Unix isn't standing still, and the use of Unix is exploding in the US and elsewhere, largely as a result of the increasing popularity of Linux. Some may argue that Linux isn't Unix, but this is a hard point to make when one takes a close look at the details of the operating system. Along with Linux comes the phenomenon of Open Source software, which is truly a revolutionary development. Every flavor of Unix has been impacted by the Open Source movement, from proprietary Unices such as AIX, HPUX and Solaris to free Unices such as FreeBSD and OpenBSD which are distributed under Open Source licenses.

As Austin's oldest Unix advocacy and interest group, CACTUS is in a unique position to have some fun and fill a need with regard to the explosion of Unix. We have a number of diverse Unix-related users groups in Austin - at least 3 Linux users groups and probably others which are focused on other flavors of Unix, plus other computer users groups which have an active and ecumenical interest in alternatives to Microsoft software technologies. I would like to help CACTUS reach out to these groups and make sure that their members are invited to (and feel welcome at) all CACTUS events. Our proposed event with perl author Larry Wall should be an excellent opportunity to bring together lots of folks from CTLUG, ALUG, UT's Siglinux, the Austin PC Users Group and others in the community.

Open Source software is the way of the future, and Unix is central to the Open Source movement, and to the Internet. CACTUS certainly has the opportunity to be where the action is.


January CACTUS Membership Report

by Luis Basto

State of the Membership

The membership is doing just dandy.

January is the CACTUS officer elections and being out of town during the meeting week virtually guarantees a nomination and election. I was extremely surprised at being re-elected as the Membership Chair. Why did no one nominate James Johnson? I thank all those who cast their trust on me and promise to do what I promise to do.

(Ed. note: For those who don't know, James Johnson is a previous CACTUS member who gets nominated every year for something, as an "inside joke" of sorts)

Membership

Someday we may be able to accept direct deposit or paypal but currently we only deal with checks and cash, preferably in small unmarked bills.

To renew your membership, please send check or money order payable to CACTUS ($25/yr for regular membership and $96/yr for corporate sponsorship):

     CACTUS
     PO BOX 9786
     AUSTIN, TX 78766-9786
You may also pay in person at the general meetings. Please direct any inquiries or address changes to membership [at] cactus <dot> org.


CACTUS System News

by Lindsay Haisley

I've been out of town and have done very little work on linux.cactus.org during the past month. Instead of a system news update, I'd like to talk a little about Debian GNU/Linux, the operating system on linux.cactus.org.

Unlike other Open Source Unix flavors, Linux has somehow managed to avoid serious forking problems in spite of it's rapidly growing world-wide popularity. This has been largely due to the efforts of people such as Linus Torvalds and Alan Cox who have provided capable leadership at the kernel level and a will to keep the various of Linux under one roof as far as interoperability of software is concerned. There's been some divergence, and some compatibility problems with commercial applications for Linux, but by and large these aren't as serious as the differences between, say, NetBSD, OpenBSD and FreeBSD which are based on different kernels. Although these are excellent Unices, there's generally no expectation that software compiled to run on one of them will necessarily be binary compatible with another.

Linux has, on the other hand, spawned dozens of Linux distributions, all based on pretty much the same kernel, all integrating the same general set of GNU tools, and all pretty much capable of running the same application software. Jack McKinney and I originally looked at two different Linux distributions when we set up linux.cactus.org. Jack was inclined toward Slackware, while I had become quite fond of Debian Linux. Our first attempt to set up the box was with Slackware. Unfortunately the software development platform installed by our Slackware distribution had serious flaws, and we had to abandon it. In retrospect, our choice of Debian Linux appears to have been a good one. The software development environment was well designed and well integrated, which made it easy to install and maintain system components and applications from source code, as necessary, and Debian provides an excellent binary package management toolkit along with thousands of packages of every variety. Debian is also highly favored as a distribution by software developers and Unix professionals, so it fits right into the CACTUS community's needs and interests. The Debian developers have apparently worked hard to walk the fine line between package management and installations from compiled source. This isn't an easy road to follow. It's all to easy to break package dependencies and to hopelessly confuse even the most astute package management suite when one starts installing basic system components from compiled sources rather than pre-compiled binary packages. Debian maintains an extensive Policy document which covers the Linux Filesystem Hierarchy Standard (FHS) and other issues relevant to compiling and installing software from source on a Debian system.

One of the fundamental reasons for Debian's approach, and one of the reasons I'm especially fond if it, is that Debian GNU/Linux is the only truly Open Source distribution. The Debian Project has no commercial affiliations, nor any axe to grind in pushing any commercial product or service over another. As a result, Debian has often been chosen as a base distribution for the development of commercial distributions, and as an industry standards reference.

There are some disadvantages to Debian. The "designed by committee" syndrome always looms over any endeavor involving as many people as the Debian Project has, and pulling together all the diverse parts of the distribution, which are written and maintained by a very diverse worldwide community of developers, so as to issue a credible and reasonably bug-free release, is a major task. Debian GNU/Linux is notoriously "behind the curve" and stable releases of Debian generally use versions of applications and of the Linux kernel which are months, or even years behind those which are integrated into commercial distributions. This isn't all bad, since using software which has been around for a while often confers significant advantages in system reliability.

We operate a little closer to the bleeding edge on linux.cactus.org. Debian maintains three sub-distributions. The stable distribution is the one available on CD from a variety of sources. It's the "official" Deiban. With the exception of security updates available online, Debian's stable distribution doesn't change much once it has hit the streets. Active development is going on with a second sub-distribution, available on line, called unstable. This is where the Debian developers work, and in Debian unstable, things may break or get out of sync, and one often needs to be clever and resourceful to keep a system tracking Debian unstable in good working order. Between stable and unstable, the Debian Project maintains a third sub-distribution called testing. Debian testing is unstable, but basically everything that makes it into the testing sub-distribution is a release candidate, and has been pretty thoroughly debugged and integrated into the overall distribution. CACTUS's linux.cactus.org tracks Debian testing, which means that we have much of the latest software available from Debian without having to put up with much of the debugging and troubleshooting that often goes along with new software. It's a pretty good compromise. I use Debian testing on my business server and have seldom had problems which weren't easily solved.

During the coming months, I'll be presenting one or two tutorials on Debian, focusing on its advantages and demonstrating installation and maintenance techniques. If you're a Unix professional, and looking for a really well designed hands-on style Linux distribution, you'll certainly want to give Debian GNU/Linux a good look.


Editorial: Politics, Computing, and the Internet

by Randy Zagar

As expected, Bob Izenberg's DMCA presentation prompted vigorous discussions in January's CACTUS meeting. This new section of the newsletter is one of the unexpected results of those discussions. The passage of the DMCA, and other bills like it, will transform our industry in ways we cannot fully predict. Hopefully, timely discussions of issues affecting our industry mixed with a little political activism could help prevent damaging, short-sighted, or just plain stupid laws from being passed.

If this portion of the newsletter becomes a permanent feature, I don't want it to be just my voice or just my interests. If you read about something political that could affect our jobs, or the computing industry in general, let me know about it and I'll try to include it in the next article or bring it up at the next meeting. I'm not interested in just seeing my own words on the web. I want to see dialog, I want to see a diversity of opinions.

Basically, I want to write about stuff, occasionally get flamed for it, find the truth in the other side of the argument and learn...

Lastly, I don't care if you agree with my politics or not, but apathy is the surest way to kill a democracy that I can think of... If you have opinions about political issues that affect us, I strongly encourage you to contact your Representatives and make your opinions known. Because if you keep your mouth shut, your opinions won't be heard.

So without further ado, here are a few recent news items that have piqued my interest...

DMCA Changes Intellectual Property Climate

Before the advent of digital media, the common meaning of the term "copyright" was that the copyright holder had the exclusive right to create and distribute copies of creative works. A copyright "violation", or "infringement", occurred when someone else decided to make copies for mass distribution, thereby diluting the value of legitimate copies of the work. At the time, the concept of "fair-use" meant that end-users could create copies for themselves as long as the amount of copying didn't affect the marketplace for legitimate reproductions.

With the DMCA, the landscape has changed, and it is not merely illegal to redistribute copies of a creative work. The mere act of making an unauthorized copy has now been criminalized regardless of whether or not the copies were intended for redistribution. Combined with the anti-circumvention provisions in the DMCA, there are now entirely new methods to create monopolies (and criminal offences) that did not exist before.

Lexmark

Lexmark, for instance, embeds small chips in their printer cartridges and there is hardware in the printer that does a little challenge-response handshake that can determine whether or not the proper type of print cartridge has been inserted into the printer. Lexmark is now trying to use the DMCA to create a monopoly with respect to their printer cartridges. By claiming that the contents of the chip is copyrighted, and that the challege-response handshake is a measure to prevent unauthorized access to the copyrighted material, Lexmark hopes to make it completely illegal to reverse-engineer their cartridge and manufacture compatible replacement parts. Reverse-engineering and interoperability were not copyright issues before the DMCA, but the precedent may be set soon if Lexmark wins their case.

The original story (at http://news.com.com/2100-1023-979791.html) was reported by CNET news.com and The Register.

Boucher Introduces Digital Media Consumers' Rights Act (H.R. 107).

The DMCRA tries to restore the original balance in copyright law, and would allow one, for instance, to make copies of a work even if creating the copy requires circumventing a copy-protection scheme. If this Act becomes law, then cases like Adobe vs. ElcomSoft would never have happened at all.

It would also put Digital Video Recorders (like Tivo) on the same legal footing as your VCR by reaffirming the principles set forth in Sony vs. Universal City Studios. This court decision is what ultimately made it legal to record TV with your VCR, despite the fact that it was possible to use it for copyright infringement.

It would also permit research and open discussion of copy-protection technologies. For example, many of you are probably aware that some newer music cd-roms have copy-protection built into them that prevent you from playing the music on your computer. Some of you are probably aware that there is a workaround for this that involves a commonly-used writing implement. However, I can't tell you exactly how that works, because then I would be publishing details on how to circumvent a technological measure and would be violating the DMCA.

Lastly, it would insure that copy-protected cd-roms are properly labeled, so we'll know what we're buying...

The full text is available in PDF format at http://www.cactus.org/~jrzagar/newsletter/2003/02/boucher_hr107.pdf or you can read more about it at the US House of Representatives web site at http://www.house.gov/boucher/internet.htm.

Justice Department Proposes Patriot II, criminalizes the use of encryption

I should first point out that this is document has not been formally submitted to lawmakers and has not been publicly released by the Justice department. According to The Register, this draft document was leaked to the Center for Public Integrity and released on February 7. According to the legislative "control sheet", copies of this document were sent to Vice President Dick Cheney and Dennis Hastert, the current Speaker of the House.

A copy of the document is available in PDF format at http://www.cactus.org/~jrzagar/newsletter/2003/02/security_act_2003.pdf. I haven't finished reading the whole thing yet, but here are a few sections that caught my eye:

I mention Sections 125 and 303 because the USA Patriot act classifies certain types of computer crime as Terrorism, and it would have serious repercussions for someone who exercises bad judgement with a keyboard. Section 125 allows any Judge in any Federal District Court to issue a nation-wide search warrant for investigations involving terrorism. Section 303 allows collection of DNA samples from suspects.

ICANN to Manage the Internet Assigned Numbers Authority for Another Three Years

Although the management of the country-code Top Level Domains (ccTLDs)  has little impact on our day-to-day work, there has been some interesting new developments in how/why ICANN continues to have an exclusive contract to manage the Internet Assigned Numbers Authority (IANA). Without delving into the history and controversy surrounding ICANN/IANA, perhaps the most interesting part of this is how the US Department of Commerce (DoC) made it's decision to extend the contract.

Apparently, the US Department of Commerce decided that ICANN was the only organization on the entire planet capable of managing the IANA to their satisfaction and used this decision to extend ICANNs' contract by another three years without opening this process up for bids. We know about this because of a leaked letter that the DoC sent to the National Oceanic and Atmospheric Administration asking for comments about the plan.

The US DoC did allow a window of opportunity for other qualifying organizations to express their interest in bidding for this contract, but that window of opportunity was only open for 10, yes TEN, days.

Articles about this appeared earlier this month at The Register, Slashdot.org, and ICANNwatch.org. The original e-mail that sparked all the fuss can be viewed at http://ietf.org/mail-archive/ietf/Current/msg18926.html .

Feingold Introduces "Competition in Radio and Concert Industries Act"

Although this really isn't a computing- or Internet-related issue, this is Austin, TX after all, and I figure this deserves some mention. This one's trying to address anti-competitive practices in the Radio and Concert industries and help independent radio station owners and promoters. You can find the press release on Senator Feingolds' web-site at http://feingold.senate.gov/~feingold/releases/03/01/2003128910.html.


CACTUS Officers


CACTUS Sponsors

Significant Contributing Sponsors

Applied Research Laboratories/University of Texas at Austin www.arlut.utexas.edu
(Gil Kloepfer, Computer Science Division (CSD), 835-3771, gil [at] arlut <dot> utexas <dot> edu)
OnRamp www.onr.com
Internet service provider.
Outserv.net www.outserv.net
IT operations and management solutions to small and midsized businesses.

CACTUS Sponsors

Journyx http://www.journyx.com
Provider of workforce management software and services
Auspex Systems www.auspex.com
Fastest reliable network fileservers.
Covad/Laserlink www.laserlink.net
(Chip Rosenthal)
Multi Media Arts (MMA)
(Lee Williams, 451-7191)
Publisher of instructional materials for classroom and independent study.
VoIPing, LLC http://www.voiping.com
A Central Texas privately owned and operated partnership specializing in IT Consulting and Services. (Email info [at] voiping <dot> com. Phone 512-698-VOIP (8647) or 512-698-8031)

Friends of CACTUS

Applied Formal Methods, Inc.
(Susan Gerhart, 794-9732, gerhart [at] cactus <dot> org)
Austin Code Works
(Scott Guthery, 258-0785, info [at] acw <dot> com)
BestRegistrar.com. www.bestregistrar.com
(Steve Locke, (800) 977-3475), swl [at] cas-com <dot> net)
A top-level domain name registrar, CORE member.
CTG
(Maurine Mecer, 502-0190 [FAX 502-0287])
Professional recruiting.
EDP Contract Services
(Mark Grabenhorst, 346-1040) Professional recruiting.
Hewlett Packard www.hp.com
(Bill Sumrall, 338-7221)
Hounix http://www.texascomputers.com/hounix/
(Marilyn Harper)
Houston's Unix Users Group.
Network Appliance Corporation www.netapp.com
(Frank Mozina, fmozina [at] netapp <dot> com)
O'Keefe Search www.okeefesearch.com
Professional recuiting.
(John OKeefe, john [at] okeefesearch <dot> com, 512-658-9224 or 888-446-2137)
Sailaway System Design
(Chris J Johnson, 447-5243)
Schlumberger www.slb.com
(Kathy O'Brien, obrien [at] asc <dot> slb <dot> com)
Technical services and products in over 100 countries.
Silicon Graphics www.sgi.com
(Don Williams, 346-9342)
Solid Systems
(Pete Farrell, 442-2222)
Sterling Infomation Group www.sterinfo.com
(Darrell Hanshaw, 344-1005, dhanshaw [at] sterinfo <dot> com)
Sun Microsystems www.sun.com
(Rick Taylor)
Supplier of Unix client-server computing solutions.
Texas Internet Consulting www.tic.com
(Smoot Carl-Mitchell, 451-6176, smoot [at] tic <dot> com)
TCP/IP networking, Unix, and open systems standards.
Technow
A Sun Authorized Training Center and a Hardware Reseller.
Unison Software
(Shelley St. John, 478-0611)
Supplier of networked systems management solutions.
UT Computer Science Department
(Patti Spencer)
UT Computation Center
(Mike Cerda, 471-3241, cerda [at] uts <dot> cc <dot> utexas <dot> edu)


CACTUS Meeting Location:
Applied Research Labs

CACTUS meets on the third Thursday of each month at the Applied Research Labs (ARL) in the JJ Pickle Research Campus (JJ PRC). We'll meet in the main auditorium located directly behind the guard's desk and main lobby.

Please do not show up earlier than 6:20 pm on the specified day. Enter through the main entrance at 10000 Burnet Road for ARL:UT. Tell the guard that you are here for the CACTUS meeting. You will be required to sign a log book, but not required to wear a badge. The guards will direct you to the auditorium entrance. Limited parking in the front of the building is available, but more extensive parking is available in the large parking lot just north of the ARL building. After 6:30 pm, all entrances to JJ PRC, except for the Burnet Road entrance, are closed and locked. You can still enter the parking lot in front of the ARL building. No parking tags are necessary after 6:00 pm. See map for further details.

Online maps are available at:

As always, please leave the facility as you saw it when you arrived.