LWN.net Weekly Edition for January 29, 2004

HR 3261 and the ownership of facts

The U.S. House Judiciary Committee approved HR 3261 (the "Database and Collections of Information Misappropriation Act") on January 21. As this bill represents yet another discouraging expansion of American copyright law, it merits a look. For those who want to read the full text, it is available in PDF format.

Unlike many bad intellectual property ideas, database protection is an idea being imported into the U.S. from Europe. Efforts to prevent the "misappropriation" of databases have been ongoing for some time; the first version of the current proposal - based on the 1996 EU database directive -- was considered in 1996. It did not pass, but anybody who has watched the legislative system in operation has learned that these things keep coming back until the interests behind them finally get what they want. That would appear to be happening here.

The core of the proposed law can be found in Section 3:

In plain English, what this law is saying is that copyright protections will be extended to databases, regardless of whether the information contained within those databases is, itself, copyrightable. Collections of information which is, itself, unprotected (pricing information, sports scores, weather data, etc.) will become protected. In a sense, this law allows somebody who compiles a database to own the facts found therein.

The definition of a "database" is reasonably broad; it is:

There are some interesting exceptions: network routing information, for example, is explicitly declared not to be a "database." The domain name registration database is also excluded. Beyond that, however, just about any collection of information counts.

Given the way other copyright laws have been stretched to the maximum, it is worth considering what sorts of information could be considered a database for the purposes of this law. Scientific, economic, and geographic data is the obvious application. Less obvious, but clearly covered, is a Linux distribution CD, or any collection of freely-available software. Certain professional sports organizations have long fought for ownership of game scores. Lists of audio CDs and the names of the tracks on them could be included. Network routing tables may be excluded, but the geographical location of IP addresses is a different story. The EU directive has been held to outlaw "deep linking" into web sites. If you go about reproducing Linus Torvalds quotes, you better be prepared to prove that they did not come from our definitive collection. And so on.

Hopefully many of these scenarios will not come to pass. But, even so, we do not really need another expansion of copyright law at this time. U.S. law has long held that expression is copyrightable, but ideas and facts are not. HR 3261 overrides that tradition by giving database creators a degree of control over the facts they have collected from elsewhere. This bill, while improved over previous versions, is still not something we want to see passed into law.

Comments (35 posted)

What's in KDE 3.2?

With a new release of KDE right around the corner, we thought we'd take the first release candidate for a spin to see what KDE 3.2 has to offer. I used Konstruct to build 3.2rc1, which took several hours on an Athlon XP 2600+ with 1GB of RAM running SUSE 9. Though Konstruct is not new to 3.2, it still deserves a mention. Konstruct allows the user to build and use a given KDE release (as well as many KDE apps) without disturbing their current KDE installation, and doesn't require root access. Users who are hesitant to try new KDE releases for fear of breaking their current install need not worry.

The first things I noticed about 3.2 were some of the small changes. KDE 3.2 seems faster than the 3.1.4 release that comes with SUSE 9. The KDE Kicker panel is finally Xinerama friendly again, allowing the user to span multiple desktops with the Kicker panel if they wish to do so. The KDE 3.1 release forced a user to choose between desktops, and did not allow the Kicker to span both desktops. The KDE start menu has also changed slightly; it now includes built in separators between applications, "most used" applications (as determined by apps launched using the menu), and "actions." The KDE Menu Editor is largely unchanged from the 3.1.x release, however.

In previous releases of KDE, users could switch between virtual desktops by hovering the mouse cursor over the pager on the Kicker panel and scrolling with the mouse wheel. With the 3.2 release, users can enable the feature for the entire desktop -- so all a user needs to do is place the mouse cursor over an empty space on the desktop and use the scroll wheel to move between virtual desktops, which is an enormously useful feature for users with several applications spread over multiple desktops.

There are a few accessibility-related applications in 3.2 that might be of interest to users who have physical limitations. KMouseTool allows the user to set the mouse to left-click after a set period of time. This is useful for users with carpal tunnel syndrome, and may also be of interest to users with touchpads or other non-traditional pointing devices. KMouseTool also has a "smart drag" feature that takes a bit of getting used to. It allows the user to hover over a title bar or other window element for a set period of time and then drag the mouse as if the user were holding down the left button without actually requiring the user to use the button.

KDE 3.2 includes an improved KHotKeys, which now has support for mouse gestures. As a safety measure, the user must replicate a mouse gesture three times before they can assign an action to a mouse gesture. Users can also assign actions to hotkey combinations and other KDE events. I was able to use KHotKeys to assign hotkey combinations to launch applications, but wasn't successful in assigning a mouse gesture to an application. I may have been doing something incorrectly, but it was hard to tell, as the KHotKeys documentation was missing from the KDE Help Center.

Konqueror has a number of enhancements in 3.2 as well. First off, the rendering speed for Konqueror 3.2 is noticeably faster than for Konqueror 3.1.4. Konqueror also has built-in spell checking, which is a nice touch for anyone who uses a Web-based e-mail client, weblog client or any other situation where you might be entering text in a form on the Web. Folks using KDE 3.2 no longer have an excuse for poor spelling -- a quick spell check is just one right-click away. After using Konqueror about five minutes, I also discovered another new feature in KDE 3.2: integration with KWallet. KWallet is an application that stores passwords for websites, messaging applications like Kopete and other apps. One difference between KWallet and the Mozilla password feature, is that KWallet requires the user to enter a separate password to obtain the username/password combination for any given web page.

Web developers may find the Quanta 3.2 release interesting. It has a number of improvements, including "Visual Page Layout," which allows users to edit web pages in a WYSIWYG mode or a joint editing mode combining WYSIWYG and traditional text-editing. For users who prefer to edit HTML source directly, the joint mode offers the ability to immediately see changes rendered without removing the direct control over the HTML that many prefer. Quanta has quite a bit to offer, but it is still somewhat buggy. Quanta locked up a few times during testing, and the application consumed far more than its share of system resources during use.

With 3.2 KDE now has its own unified groupware suite, Kontact. Kontact bundles KMail, KOrganizer, KNotes, KNode and the KAddressBook applications. Right now, Kontact is a little rough around the edges, and definitely not quite as polished as its GNOME counterpart, Evolution. KNotes caused Kontact to lock up on more than one occasion. Kontact also lacks a unified configuration menu -- meaning that users still have to configure each application separately. However, KNotes aside, it seems to be a very usable and full-featured groupware suite. Unlike Evolution, Kontact does allow the user to de-integrate the suite as well. For example, if a user prefers to use a different e-mail client, they can disable KMail's integration and use Kontact without the KMail component.

Though it was released separately, I also looked at some of the KOffice 1.3 components. KOffice 1.3 includes all the usual office suite suspects, a word processor (KWord), spreadsheet (KSpread) and a presentation program (KPresenter). It also includes five other productivity applications, including Kivio for creating flowcharts and a vector drawing application called Karbon14. I didn't have time to test all of the office applications extensively, but I did test out KWord and KSpread using a few Microsoft Office docs. KSpread's import features have definitely improved, as have KWord's. However, KWord still had problems with some Microsoft Word documents that open fine in OpenOffice.org. KOffice 1.3 has been officially released and is available now.

Ever wonder what's taking up so much disk space? 3.2 includes an application called Filelight that generates an interactive graphical representation of your file system, or just part of the filesystem. For users with a large number of files, it may take some time. It took Filelight about three minutes to generate a map of all 305,184 files in my home directory. When a user drills down into the file map generated by Firelight, it's possible to open files that KDE has associations for. I stumbled on this feature by accident by clicking on an HTML file in the Filelight map. Unfortunately, Filelight doesn't offer the ability to delete files.

With a few notable exceptions, the 3.2rc1 release has proved to be very stable overall. It isn't a huge leap in functionality from the 3.1.x releases, but 3.2 includes enough refinements and new features to make the move from 3.1 to 3.2 well worth it. There are far too many improvements in 3.2 to go into here, but suffice it to say that KDE users are in for a treat when the final 3.2 release goes "gold." According to the release schedule, 3.2 final is slated to be released on Monday, February 2nd.

Comments (8 posted)

Just another Microsoft worm

Certainly the "MyDoom" worm has gotten our attention. By some accounts it is the fastest-spreading email-based worm ever; there is no doubt that it has filled our mailboxes with garbage - both the worm itself and the inevitable piles of "virus notification" spam that this sort of worm generates. Interestingly, claims have appeared in the media that this worm does not actually exploit any Windows security holes. We know better, of course; the fact that a worm like MyDoom can exist at all is a clear vulnerability.

So far, this episode just looks like yet another in the interminable series of worms hosted by the Microsoft computing environment. The story gets more interesting, however, with the fact that this worm seemingly contains code to execute a denial-of-service attack against the SCO Group's web site on February 1, thus ruining Darl McBride's Super Bowl experience. This attack has, of course, been widely reported in the mainstream media as an act carried out by the Linux community in retaliation for SCO's attempts to steal or destroy our work. (SCO itself, in its press release offering a bounty for the worm writer's head, took a relatively neutral tone: "We do not know the origins or reasons for this attack, although we have our suspicions.")

You knew this paragraph was coming: the free software community does not and cannot go for attacks of this sort. This worm is an act of vandalism which does not help our cause in any way. It will not affect SCO's legal campaign, and can only help the company's PR campaign. Rather than try to silence the company's web site, we need to let SCO's words be distributed as widely as possible. The more they talk, the deeper they dig themselves in. It is not for nothing that this picture was recently circulated with the caption "SCO's legal team in action." Trying to shut down SCO's web site via DOS attacks is morally wrong and simply counterproductive.

The fact is that this worm almost certainly has nothing to do with SCO or Linux. The SCO attack has does a good job of covering over a few other little details about this worm: it does, after all, install a keystroke logger, a spam relay, and an open port which can be used to feed arbitrary code into the compromised system. MyDoom turns the system into a general attack platform; the DOS attack looks thrown in as an afterthought. This worm is not primarily a machine for attacking SCO; it is constructing a large-scale distributed network of compromised systems.

The media likes the "SCO attack" story, however, and thus the damage is done. The community has been portrayed as a set of outlaw crackers trying to settle a grudge. In fact, we, too, are victims of this worm. Our networks are flooded and our mailboxes are clogged, even though our Linux systems are, as usual, immune to the worm itself. And our reputation has taken a hit because it suits some people to portray this worm as furthering our agenda. There is nothing about MyDoom which has been good for the community.

There is little we can do to respond to this worm that we have not been doing for some time. We can and will deplore this sort of attack, regardless of who the victim is. We can try to raise awareness of the fact that these worms are very much the product of one set of proprietary operating systems with designed-in security problems, and we can let the world know that we have an alternative which is not a worm-breeding platform. This message may just be heard: companies dealing with the consequences of MyDoom and its countless predecessors have suffered far more than SCO will; they cannot help but be increasingly receptive to alternative systems. And, most of all, we can continue to work to improve our own security so that we have a chance of actually living up to our promise of being a worm-free alternative.

Comments (30 posted)

LWN gets a new server

The folks at Rackspace Managed Hosting have been hosting the LWN.net front-line server for almost two years now - ever since our un-acquisition from Tucows. We have never had anything but great support and service from Rackspace during this time, despite the fact that they have been donating this service to LWN in exchange for a few banner ads. As LWN's traffic has grown, however, we have overrun the capabilities of both our two-year-old server and the bandwidth that was allotted to it. So we've had to put some real thought into how to continue to provide a responsive site with all the new features that readers have been requesting.

We are now happy to acknowledge that Rackspace has not only given us a newer, faster server, but it has also upped our monthly bandwidth limit donation to a level that should be sufficient for a while. Rackspace has done a lot over the last two years to help keep LWN on the net. We would like to say "Thanks, Rackspace!" for continuing to come forward and help keep the site alive.

Comments (7 posted)