The word ‘free’ is a bit loaded when it comes to software, especially in circles that eschew “traditional” copyrights. You can make a case for it having any of four connotations:

• no price — free as in beer
• no restrictions on use — free as in a non-commercial license, probably free as in speech
• copylefted — free as in GPL, free as in speech
• no restrictions on use or distribution — free as in FreeBSD, free as in speech

These categories are pretty fluid, and I fully expect that reasonable people will disagree on the number and classification. That’s fine — my point is simply that the word ‘free’ is highly overloaded.

As for the controversy, I wrote:

I apologize for apparently conflating the BSDs with “Free Software”

That’s ambiguous, even without a six-dollar word like “conflating”. Worse, I’d already mentioned projects like Apache, Python, and Perl and would go on to mention other free software.

A reasonable person could read that clause and say, “Wait, does he mean that the BSDs aren’t free software”? Several people did just that. Since the BSDs are indeed free by all four definitions above, it lead to a lot of confusion.

My original intent of that sentence (as far as I can make any sense of it now) was to say something like “While I’m using the term ‘Free Software’ which can connote a philosophical position held by the Free Software Foundation, I don’t mean to imply that the people who work on these projects hold those motivations.”

That’s not great either, but I find it clearer. Of course, everything would probably have been better off without any disclaimer.

As a writer, I hate that we have such an ambiguous word to describe the whole state of free software. (I don’t particularly care for the terms ‘open source’, ‘F/OSS’, and ‘FLOSS’, either, but that’s a different subject.) As a programmer, I try to be as precise as possible.

Let me sum up by being very precise. The BSDs are indeed free software. Anyone who tells you otherwise is uninformed, lying, or typing a lot faster than his brain is working. Again, I apologize for the confusion.

Alright, I’ll take my lumps here. Have at it.

Related link: http://news.open-bio.org/archives/2003_02.html#000009

Ewan Birney writes:

Bioperl is a completely open group - anyone can join the lists
and we welcome any contributions - but from the outside people might
wonder:

• “who decides who is in Bioperl”
• “who gets to go to Singapore”
• “can I come along?”

So… here is short, rough idea how this works out …

Whaddya think? Is this an acceptable “open door” policy?

Apache James (Java Apache Mail Enterprise Server) is a 100% pure-Java SMTP and POP3 Mail server that performs double duty as a completely configurable open source mail application platform.

James is really cool. If you’re a Java hacker like me the whole idea of having a powerful, open-source email server that you can endlessly modify and extend is awesome. James has been around for a while and is past release 2.0 already, so it’s pretty solid as well.

Recently, some discussion broke out on the james-user list about building some extensions to James to allow it to perform as a ’spam honeypot’. The idea is to write a James-based application that waits for incoming spam and captures real-time statistics on the spam it receives.

One of the ideas generated was to use the application to dynamically create new spam filters as you discover new sources for spam.

Another subscriber recommended just working with the folks at Spamhaus instead. These people have tracking spam sources from around the globe down to a science.

For example, Spamhaus discovered that a spammer has been executing a ‘dictionary’-type attack on Hotmail for over 5 months. According to them, this person has been testing email address combinations at a rate of 3-4 per second, 24 hours a day, 7 days a week continuously. They were able to track the offenders down to a series of e-mail servers based in Bejing, China that they believe are owned by American spammers.

So how would developing Spam Honeypot with Apache James help? Well, to begin with it would allow the dynamic updating of spam filters for that install of James.

And if a group of people were to collaborate and work together to create a James mail-app that could capture spam and update a central, shared database then it might be possible for *all* servers running the mail-app to notify each other (through the shared database) whenever a new source for SPAM were found.

Of course, there are already DNS-based Real-time Black Lists (rbl’s) of spam senders, but using this approach you could filter spam using much more than just reverse-dns info on the sender. You could perform all kinds of analysis on the content of the spam as well.

Sort of grid-computing’s answer to spam trapping…

Related link: http://news.com.com/2100-1001-985496.html

Microsoft’s named the software successor to Palladium: RMS. Maybe the hardware version can be called Global Property Limiting.

(Thanks to vsergu for the link.)

Okay, there must be a better expansion of GPL. Have at it!

Where would you be if Free Software went away tomorrow? Personally, I’d be sunk — my daily toolkit includes bash, vim, ssh, Mozilla, AbiWord, OpenOffice.org, and Perl. That doesn’t mention the countless underlying tools and libraries that come into play. Without Perl, this publishing system would be gone. Without bind or sendmail or Apache, the Internet would barely exist. Without Linux or BSD (and I apologize for apparently conflating the BSDs with “Free Software”, but I’m on a rhetorical roll here, so please bear with me), we’d have no inexpensive community websites, no roll-your-own weblogs. Without MySQL and PostgreSQL and the other free databases, we’d have flat files and….

Without languages like Perl and PHP and Python and Ruby, I’d have very little to write about. Without gcc, even C and C++ would be tricky. Would anyone outside Sun still care about Java if it weren’t for the Blackdown guys, or Jakarta, or all of the tools they produce?

Without all of this wonderful software, we’d plunge back into the Dark Ages. (It’s tempting to say that the barbarians who sacked Rome represent proprietary software, but that leaves the unenviable metaphor of saying that unchecked expansion left the hackers soft around the edges, and no one wants that!)

Think of the effect on your business now. Maybe you only have one Linux box in the corner serving files, or maybe you’ve taken the plunge and have a beefy Linux Terminal Server in a closet and run everything on thin clients. Maybe you don’t have any free or open source software anywhere — even if that’s the case, you’ve likely benefitted from the cost pressures that high-quality redistributable software has applied to proprietary vendors. (If you’d previously used OpenView or CDE and now have an X desktop that doesn’t hurt your eyes, you’ve benefitted doubly.) Where would your business be without this software?

Don’t worry. It’s not going away.

That’s not to say things are peachy keen, though. I’m going to discuss the Perl community briefly, because that’s the community I know best. These ideas apply much more broadly, though.

Things are tough. Lots of good, smart, hard-working people are unemployed or underemployed. (Writing a book is a big job — and several good people are working on books, but it can be tough to pay the bills while writing full-time.) That includes some of the tip-top names in the Perl world.

Face it — if money were no object, wouldn’t you hire a Michael Schwern to write tests, a Damian Conway to give training, and a Larry Wall to do research?

If you or your company benefit from Free Software, here’s a list of ways you can help ensure the future of Free Software. Focus less on the “free” part and more on the “enlightened self interest” part:

• Donate money to the project of your choice.
• Sponsor a hacker to add a feature or fix a bug.
• Hire a hacker to train your employees.
• Donate code.
• Report a bug.
• Answer a question on a mailing list.
• Encourage your employees to contribute to a project of their choice.
• Replace a proprietary tool with a free one.
• List the free software you use on your website.
• List the free software you use in a press release.
• Host a user group meeting.
• Donate 10% of the money you’ve saved by using free software to the projects that have saved you money.
• Write a thank you note to a project that’s saved you time.

There are a lot of companies who’ve done one or all of these things, and there are a lot more ideas waiting to be discovered. (I’m pretty proud to say that my employer scores very well, and that I’ve done a fair few of these things myself.) To everyone who’s done at least one of these ideas, congratulations. You’ve helped ensure that Free Software keeps going.

To everyone else, if you’ve benefitted from Free Software, what are you waiting for?

What other ideas are there? Let me know!

Related link: http://www.aaronsw.com/weblog/000842

Aaron Swartz outlines the dream of the Free Networks community: An Internet that is truly distributed, ubiquitous, and unconstrainable. Only it’s not just a dream, it’s already starting to happen…

Related link: http://www.oreilly.com/animals.html

Wondering what’s the “Zebu book”? Or the what title has the “Pig-footed bandicoot” on its cover? Check out this complete list of O’Reilly animals and the books they inhabit.

Related link: http://www.80211-planet.com/columns/article.php/1571791

According to 802.11 Planet, the city of Long Beach, CA is planning to offer public wireless Internet service in a three-block downtown “hotzone” for free. The catch? You can only get access to the network via a web-based advertising portal! Is this the wave of the future, or will ad-supported wireless networks face the same obstacles as other advertising-based Internet services? (Thanks to Richard Soderberg for the link!)

Related link: http://cubicmetercrystal.com/wificaravan/

In a project reminicent of Casey West’s HighWLAN, folks from Portland’s Personal Telco Project will be travelling to next weekend’s CodeCon in San Francisco via unwired caravan. Nothing cuts the tedium of driving twelve hours down the 5 like a good networked game of WarCraft, eh?

When the Senior Manager of Systems Development at Charles Jones, LLC realized that his company’s monthly sales reporting system threatened to curtail his dream of golfing on Friday afternoons he turned to Perl for help. As we would expect, Perl was right there when he needed it. Here’s Rob Lauer’s story about how Perl helped him automate and spiff up his company’s sales reports.

Perl Keeps Golf Dream Alive

Our company is a public records search company that cut it’s teeth on computers made by a company known as GE. I’m not sure if our president got a discount on his washer and dryer for purchasing the computer from GE but I do know that the man was brilliant in his recognition of the power of computer technology for his industry. So much so that to this day his company has a virtual monolopy on a specific market because of his dedication to computerizing it before the competition.

Anyway, fastforward to 1995 when Unix machines replaced Prime computers. ‘C’ became the lingua franca and those not speaking the native tonque were frowned upon. Move ahead to 1998 when I became a Senior Developer in a group of ‘C’ drones. Don’t get me wrong, there were lot’s of problems for which that tool was very appropriate. The problem was it was used for everything you could shake a stick at when a language like Perl would have made mince meat out of most of the tasks facing this group. My abhorance to actual hard work and a desire to someday take Friday afternoons off and play golf led me to Perl. I’m embarassed it took that long, but I started a campaign to infect every server with DBI to make our database and data manipulation tasks easier.

Now here we are in 2002 and I am the Manager of Systems Development. The previous manager handed over a bunch of sales reports to me that he would distribute on the first of every month. He kept a tickler in his Outlook scheduler that reminded him to run the queries from T.O.A.D. (an Oracle GUI interface). He ran each query by hand, exported the data to a spreadsheet then integrated the reports into one spreadsheet with multiple worksheets.

Yikes! First, I have a lousy memory. Second, I don’t use the Outlook scheduler. Third, this problem cried for an automated solution, ’cause God forbid the first of the month might fall on a Friday and interrupt the golf dream! Enter Perl.

I had heard about a Perl module that wrote Excel spreadsheets but I had never bothered to check it out. I assumed it had some basic ability to write a spreadsheet file, but I never imagined just how powerful it really was.

We gathered up the queries, put a perl/DBI wrapper around them, learned a little about Spreadsheet::WriteExcel and voila. We now have a Perl script running as a cron job that does the following:

a) runs the 1st of every month
b) executes the query and writes the spreadsheet
c) creates a worksheet for each sub report
d) sets some nice options in each sheet so it can be printed in landscape and has titles on each page

e) mails the spreadsheet to individuals listed in a file containing e-mail addresses

The reports are actually nicer than before and (assuming cron is running OK) have a 100% better chance of ending up in someone’s e-mail in-box then if I were responsible for this chore.

Better still, the program is very maintainable and new reports can be added very simply. The amazing part of this story to me is how much of other people’s software we were fortunate to have access to. DBI and Spreadsheet::WriteExcel saved the day. And let’s not forget the power of Perl…

That’s my story and I’m stickin’ to it.

P.S. The details..

Lines of code: ~250 (driver and classes)
Frequency of execution: 1/month
Users: all the big wigs in our company (~5)
Time to develop: 4 hours, including creating a generic class that sub classes Spreadsheet::WriteExcel so that we can add new reports with minimal effort.

P.P.S. I’m not sure that Perl had anything to do with my promotion from Senior Developer through to Manager of Systems Development but it didn’t hurt ;-)

Rob Lauer
Senior Manager, Systems Development
Charles Jones, LLC
rlauer@charlesjones.com

To learn how large and small companies are using Perl to meet their goals, check out Perl Success Stories.

If you have a Perl success story of your own that you’d like to share, please let me know. You can reach me at: todd@oreilly.com.

Related link: http://www.synthesist.net/writing/onleavingms.html

David Stutz is leaving Microsoft and has published what he says is a sanitized version of a retirement email he sent. The following quotes are interesting (to put it mildly):

Linux is certainly a threat to Microsoft’s less-than-perfect server software right now (and to its desktop in the not-too-distant future), but open source software in general, running especially on the Windows operating system, is a much bigger threat.

Open source software is as large and powerful a wave as the Internet was, and is rapidly accreting into a legitimate alternative to Windows.

Related link: http://blanu.net/curious_yellow.html

With the recent spate of fast-spreading worm attacks on the Internet, an evil idea of Brandon Wiley’s has resurfaced: What if an Internet worm was designed to form an anonymous peer-to-peer network between its infected hosts? Cooperative behavior, like distributed host scanning, coordinated DDoS attacks, and live code updates designed to foil anti-virus protection, could be just the tip of the iceberg.

Related link: http://www.advogato.org/person/johnnyb/diary.html?start=51

Jonathan Bartlett has a spot-on rant on why CORBA is still superior to SOAP. I think a lot of people know this, but fear to say it. Duncan Grisby, the lead developerof the superlative omniORB came to the tenth International Python Conference (IPC10) and was on a Web services panel. I think he came expecting to have to defend CORBA’s honor and was surprised when just about all the panelists agreed with him that CORBA is better than SOAP in practice.

Just remember: the hype is to be perused, not used (sorry Snoop Dogg)

Related link: http://tools.devchannel.org/article.pl?sid=03/02/11/0325228

Gerard Beekmans offers an interesting commentary on my article, “The worry about program wizards“. I was more interested in skewering wizards as a tool for improving overall developer productivity, while Gerard expands on one of the nuanced areas where wizards can truly be useful.

Related link: http://www.pogo.org/p/government/ga-030202-crs.html

Senators John McCain and Patrick Leahy are trying to get taxpayer-funded research online so it’s available to researchers in a wide variety of fields. This is a welcome move (and long overdue–they first tried to get the bill passed two years ago), particularly in an era when we’re being told any snippet of public information is a boon to terrorists, agencies are pulling down web pages, and Attorney General Ashcroft tells law enforcement to fight the Freedom of Information Act. (I found out about this initiative in a posting from the Center For Democracy and Technology.)

War suddenly seems very close, closer that it has seemed for
years. All over the Internet, as in the mainstream media,
people find themselves compelled to speak about the upcoming
war and all its ramifications, regardless of their stations
in life or their formal qualifications.

It’s not an issue anyone can simply ignore in pursuing
day-to-day work, and I find I cannot ignore it here, even
though this space is supposed to be devoted to technology.
Anyway, the issue is technology. The question on
the table concerns the most important technology ever
invented: weapons of mass destruction. How are thoughtful
people to prevent their development and use?

The barrage of daily news is so blinding that we must step
far, far back in order to get a clear perspective. We can
at least take a look at the most
familiar and public part of the history of WMD: the history of nuclear weapons,
which uncannily resembles the old Tom Lehrer song “Who’s
Next?” For a long time the world was used to five nuclear
countries; then it was revealed that Israel had been quietly
building up a huge arsenal, after which Pakistan and India
tested bombs, and now there are grave worries concerning
Iraq and North Korea. South Africa dismantled its nuclear
program.

The historical perspective is valuable because it shows that
a focus on Iraq, or even George W. Bush’s favorite “axis of
evil” states, oversimplifies and trivializes the problem.
Nuclear proliferation (a decade after many of us thought the
danger was winding down) has become a worldwide crisis.
Chemical and biological weapons have followed similar
trajectories, though with more perturbations.

In the grand scheme of things, taking out Iraq rates a very
low priority–hardly worth even considering. And this would
be true even if the task were relatively cost-free.

Even if we weren’t looking at thousands of combat deaths, at
potentially millions of civilians killed through destruction
of social infrastructure, at the risk of increasing
terrorism and cutting down the few possibilities for civil
discussion, at the hundreds of billions of dollars
intervention could cost and the effects on the world economy
for years to come, or at the deleterious psychological
impact of formalizing and perpetuating a U.S. policy of
pre-emptive, unilateral aggression.

So what can be done realistically and reasonably to counter
the spread of WMD?

Some prophylactic measures are straightforward and
incremental:

• Build a political environment opposed to the technologies
  themselves, through support for nonproliferation treaties
  and increased measures to break down radioactive materials.

• Try to rein in the dissemination of mechanisms for
  delivering WMD, to reduce the devastation that would be
  caused by a successful attack.

• Speed up efforts to fortify vulnerable targets and conduits,
  such as ports.

But clearly those are small and perhaps even cosmetic
remedies. We’ve got to rethink the whole way we’re
approaching this problem.

We have to halt weapons programs. Of course, it’s hard to
draw a line between peaceful research and weapons research
(innocent medical work on genes in smallpox, for instance,
has turned up insights that may be useful to people who want
more virulent weapons) but we have to recognize that our
research is ultimately developing weapons for our enemies.

Efforts at nonproliferation are never perfect. And so the
doctrine that we must be able to strike targets anywhere, at
any time of our choosing, with ever more sophisticated
weapons, is not only chauvinist and arrogant but
self-defeating.

Indeed, not a single weapon in the hands of disenfranchised
groups has originated with such groups–the technologies
were always created first by dominant nations.

And we must go further. We cannot reason with those who are
willing to bring down civilization, but we can isolate them.
We have to bring poor nations into the prosperity sphere
(such as it is).

France and Germany have lived through a couple hundred years
of conflict and still often mistrust each other, but they
work together because their peoples and leaders feel they
are benefiting from a shared economic system. This system
lacks a robust basis, however: it involves only a handful of
countries in Europe and North America, and perpetuates
itself by widening the gap between these First World nations
and most of the rest of the globe.

And even the shared understanding among rich capitalist
nations is fraying. If we do not solve the resource problems
of our world, we could eventually find ourselves in a
permanent global war along the lines of George Orwell’s
1984.

Of course, a vision of global cooperation is hard to imagine
coming to reality. But in some initiatives of recent
years–the Kyoto protocol on global warming, the willingness
of major nations to finally face the problem of AIDS, the
beginnings of discussion between the World Trade
Organization and its critics–we see that we are not yet
beset by total paralysis of the intellect or the will.

Furthermore, despite the Bush Administration’s deliberate
sowing of panic, we have a little time. Although there is
evidence that terrorists have access to some radioactive
materials and germs, they are apparently not prepared to
deploy them on a wide scale; the materials and accompanying
delivery mechanisms are still crude.

Unfortunately, when it comes to WMD and terrorism, the
tendency at high levels is still a stampede to the
fortress. There is a tremendous vacuum of leadership–not
just in the U.S., but in other countries and the U.N.

I have to scoff when I hear people seek some correlation
between Bush and the idea of leadership. Just as I scoff
when I hear U.S. military spokespeople lay out their
strategy for war (drop a lot of bombs fast and hope for
surrender) and their predictions of the outcome (a golden
age of liberty, moderation, and prosperity throughout the
Arab world).

And this is why I address the WMD issue. None of the various
other justifications for war possess enough coherence even
to argue against.

Many months ago I first saw reports of a training camp with
ties to Al Qaeda located in Iraq. But this base of the Ansar
al Islam group never made it to the front pages, and did not
offer a forceful impact even when Colin Powell referred to
it in his recent U.N. presentation. The reason is that it is
located in one of the Kurdish areas of Iraq outside of
Hussein’s control. Were Bush to follow his anti-terrorism
policy consistently, he would combine forces with Hussein to
defeat Hussein’s enemies.

But as big as the question of war in Iraq now looms–too big
for jests–we have to take a view that is even bigger, and
show ourselves to be bigger. We have to accept WMD as a
global problem and as a symptom of the sickness of the
modern nation-state. We must at least begin to think this
way, if we are ever to hope of finding a solution.

So what can be done realistically and reasonably to counter the spread of WMD?

Related link: http://www.kentucky.com/mld/heraldleader/news/state/5126367.htm

It’s not *that* hard to clean off a disk drive. I mean really scrub it. Searching for “disk wipe” on Google gives me 103,000 results and “disk clean” gives me 868,000. Unfortunately, someone at the Kentucky Health Services department neglected to clean a disk that contained “confidential files identifying thousands of people with sexually transmitted diseases, including AIDS”, according to the state auditor.

Two things made this not as bad as it could have been:

• Minimally comforting: Kentucky has a policy of offering surplus computers for sale to other government agencies before selling them to the public. So the computer was never in private hands. Is a clerk or a sysadmin at the Department of Motor Vehicles that much more trustworthy than a clerk or a sysadmin at a car dealership?
• Much more comforting: The State Auditor, Ed Hatchett, decided to pop by the surplus-property office and randomly test a few of the computers waiting to be sold. The eight computers he picked contained not only the STD files, but password files, correspondence, and other sensitive info.

Three cheers for State Auditor Ed Hatchett (read his bio!) who not only saved the day for thousands of STD sufferers in Kentucky but also made other surplus computer sellers more aware of the need to properly clean off disks.

Related link: http://www.newsfactor.com/perl/story/20645.html

Joe Brockmeier has a nice piece about “Python in the Enterprise”. It’s interesting how the so-called “scripting languages” are finally getting press. Like open source software, they’ve probably been in the enterprise all along.

Isn’t the phrase “dynamic language” a better description?