Is it really The End?
Last week, we stated that, due to lack of anything even close to the amount
of money needed to pay the LWN staff, the publication of the LWN.net Weekly
Edition would end on August 1. Since then, quite a few things have
happened, including:
These developments have caused us to rethink our plans in a way we honestly
had not expected. Here is a summary of where we are at.
$25,000 is a nice pile of cash for a little company to have in the bank,
but it is important to keep in mind that it is not enough to keep us going
for all that long. Running LWN currently involves five people (Jonathan
Corbet: front and Kernel pages, site code, "executive editor"; Forrest
Cook: Development and Press pages, system administration; Rebecca Sobol:
Distributions and Commerce pages; Dennis Tenney: Security page and
corporate bureaucracy; Dave Whitinger: business development, ad sales and
delivery), all of whom are experienced software engineers. These people
have children and mortgages, and most work full time producing LWN. They
can not be expected to do it for free, even though that is exactly
what they have been doing for some months now.
So the LWN staff needs things like salaries and health insurance. A
minimal amount of money to provide these for the current staff is about
$15,000 per month - and that level will still likely lead to loss of staff
eventually. But it is a starting figure to aim for.
All of our estimates on possible subscription revenue fell far below that
amount. The numbers came out of gnumeric, after all, they had to be
true... and besides, none of our projected numbers have ever turned out to
be too conservative in the past. It was on this basis that we decided it
was time to pull the plug.
From the donations and feedback we have gotten, we have concluded that
maybe our numbers were a little too conservative, that maybe
subscriptions could bring in more than we thought. As a result, we are now
thinking through plans for the implementation of a subscription-based LWN.
Here, in bullet form, is the core of what we are thinking:
- Initially, the Weekly Edition would be the content that lives behind
the subscription gate. Subscribers would have immediate access to the
Weekly Edition when it comes out Wednesday evening; free access would
be opened up later, perhaps the following Monday. We would, however,
immediately start work on expanding the content available to
subscribers; we have a lot of fun ideas for things we could do.
- The rest of our current content, including the "daily updates" which
now make up the front page, would remain free.
- Certain other new features would be available to subscribers only. At
the top of the list is the long-requested email delivery option for
the Weekly Edition. Content in PDF format and perhaps even an option
for delivery of a print version, are on the list, though they would
have to come later. We are also considering setting aside a
percentage of our text ad exposures for subscribers who have something
to broadcast.
- We are still working on pricing. People who have donated to LWN would
be able to use their donation to obtain a subscription.
The decision to go to subscriptions is hard; restricted content is a
difficult fit in the world of free software. We will certainly lose a
great many readers by imposing subscriptions. But...if we go off the air,
we lose all of our readers. It is also still not clear to us that
subscriptions are sufficient to cover our costs. The thinking at the
moment is that some sort of stable base of (presumably corporate)
sponsorship will be required, along with whatever advertising revenue we
can come up with. Without that base, it will be hard for us to proceed.
The end result is that we are going to take next week away from the
production of LWN to think long and hard about what we are going to do, to
pursue sponsorship contacts, and to hack madly on the site code to actually
implement a subscription scheme. The LWN Weekly Edition will not be
published next week, though a subset may be available. At the end of the
week, we hope to have a plan in place that will let us move forward, and
which will stop trying the patience of our many loyal readers who have been
waiting for us to get our act together.
Thank you all for your overwhelming support.
Comments (47 posted)
A 'Statement of Assurance' on SELinux patents
The June 13, 2002 LWN Weekly
Edition looked at the "type enforcement" patents held by Secure
Computing Corporation, and how those patents could threaten the
distribution and use of the NSA SELinux distribution. Now SCC has issued
a new statement with regard to those patents:
...it is the policy of Secure Computing to retain and enforce its
rights in all of its patents and other intellectual property. In
this case, we have decided to make an exception to that policy, and
to support the reasonable expectations of the open source community
SCC has also posted on its website a "statement of assurance" (in PDF
format) with the details of its policy toward SELinux. This statement
is worth a close look; many users may find it rather less than assuring.
Here is the core of what SCC promises:
Subject to the limitations described in this Statement of
Assurance, Secure Computing will not assert the Subject Patent Rights with
respect to any use, modification, or distribution of SELinux
software that is permitted by, and is in compliance with, the terms
and conditions of Version 2 of the GNU General Public License.
In case that isn't clear enough, consider this other paragraph from the
Statement:
No license is granted in this Statement of Assurance with respect
to the Subject Patents, or any other patent or other intellectual
property right, or software or other product.
Other companies which have tried to make software patents work with free
software (i.e. FSMLabs, Red Hat) have licensed the patent(s) for the uses
they permit. SCC has done no such thing; they just say they won't come
after you if you meet the requirements. You're still legally infringing
the patent, SCC just agrees to look the other way.
If you were thinking about using SELinux in a product, or as part of a
larger service offering, you should already be pretty nervous about a
"statement of assurance" that does not actually grant the right to use the
relevant patents. There is more, though. For example:
Secure Computing reserves the right to assert the Subject Patent
Rights with respect to VPN gateways, perimeter and distributed
firewalls, URL filtering, authentication and authorization for
applications, hosts, and devices, and other products, features and
functions that are beyond the scope of the Assurance. The use or
distribution of such products, features, or functions with SELinux
will not make the Assurance applicable to them.
Translated into English, this phrase is telling us that the "statement of
assurance" only applies if you're not actually doing anything related to
security. Or anything else, for that matter: what Linux system doesn't
handle "authorization for devices"?
There are a few other details that jump out when one reads this "statement
of assurance":
- It only applies to SELinux; no other free software may use the
patents. Neither can "software that merely interoperates with
SELinux." The obvious next question is: what, exactly, is
SELinux, and what "merely interoperates" with SELinux? Just about any
application could be excluded by this language.
- SCC reserves the right to sell its patents to somebody else without
requiring them to uphold what few guarantees this statement provides. When
SCC gets tired of SELinux, it need only sell the patents to a
subsidiary and it's all over.
- SCC states that it may have "other patents," and that those patents
are not covered by the statement.
And, of course, if you still feel that this statement is sufficiently
assuring, bear in mind that it's not a contract, it's just another
transient promise hosted on a web site. SCC's previous web-hosted
statement, remember, was:
We plan to provide the security enhancements made to Linux under
this project to the community without restriction in full
compliance with the letter and spirit of the GPL.... There will be
no restrictions on the use of TE [type enforcement] by the Linux
open source community. We believe that leveraging the resources of
the Linux community is the best way to develop robust security for
Linux.
That promise vanished from SCC's site in June, though it can still be found
via
the web archive project; it has been replaced by something that, by any
account, is not "without restriction." What reason is there for anybody to
believe that this "statement of assurance" will be any less ephemeral?
It seems that SCC is trying to create the appearance of working with the
free software community without actually giving anything away. Instead,
the company has used U.S. taxpayer's money to embed its own proprietary
technology into what was a free system. SELinux brought a lot of energy to
the secure Linux development process; among other things, it was one of the
driving forces behind the development of the Linux Security Module patches,
which are currently being integrated into the 2.5 kernel. SELinux itself,
however, will have a hard time recovering from its patent problems. The
secure Linux that we use in the
future may have to based on some other technology.
Comments (3 posted)
No letters to the editor
We did not receive much in the way of letters to the editor this week, so
there is no letters page. We did, however, get a great deal of reader
feedback, much of which is well worth reading. It can be found in the
comments to last week's "The End"
announcement, and our first and second updates posted over the last week.
Comments (3 posted)
Page editor: Jonathan Corbet
Inside this week's LWN.net Weekly Edition
- Security: Security warning draws DMCA threat; Firewall circumvention with Mozilla; HylaFAX 4.1.3 fixes multiple vulnerabilities
- Kernel: The new asynchronous I/O core; organizing the kernel ABI
- Distributions: Distribution news for August 1, 2002
- Development: Valgrind memory debugger, Koha 1.2.2, KDE Usability study,
GnomeICU 0.98.3, GCC 3.1.1, Objective Caml 3.05, Blackdown
Java 2 v1.4.1-beta, GNU CLISP 2.29, OProfile 0.3.
- Commerce: News from the Linux Professional Institute
- Press: DRM is Theft, IP and Copyright issues, Real uses Ogg, Veritas expands Linux line, OfB Open Choice Awards 2002.
- Announcements: Singapore Linux Conf CFP, Gnome summit and OSCON coverage,
LUG Support Program, Open Source Education Foundation goes
tax-exempt.
Next page: Security
|