Share on Twitter.
Get the most reliable SMTP service for your business. You wished you got it sooner!
March 21, 2013
Some in the Linux community will tell you that observing Debian Linux releases come together has most often been a long
and very slow process, and they are probably right. And it probably explains why most Debian enthusiasts are so patient.
Few other Linux projects have the same breadth of platform support or packages and few have the same fiercely principled
approach to development as Debian always has demonstrated and the trend is as strong as ever, make no mistake.
Codenamed Wheezy, the next big Debian release is almost done, with just a few minor changes to the kernel, we are told.
But there are still one-hundred bugs and issues that need to be fixed to Wheezy before it can be deemed a 'production' version.
So the question is: how is the Debian community and its developers going to deal with those last 100 bugs and problems?
Well, some will tell you that it's a process that will involve some discipline and 'package cutting' as well. In a mailing
list posting, Debian developer Julien Cristau wrote: "We are only interested in the absolute minimum patches that fix RC bugs.
Spurious changes will simply lead to longer review times for everyone, disappointment and ultimately a longer freeze."
He then added "It helps us if you justify your request sufficiently to save time going back and forth. We don't know all packages
intimately, so we rely on you to answer the question why should this fix be accepted at this stage?".
Going a step further he said: "As the release approaches, it's more likely that we will simply remove some packages that have
open RC bugs."
Overall, Debian has long had the philosophy of being done 'only' when it's done. But it's a view of doing things that has caused
some issues in the past, such as the so-called 'Sarge' release which was delayed for nearly a year back in 2005.
However, some in the Debian community say it's also a doctrine that works, provided you are patient about it and if time is
on your side, of course.
In other Linux news
In case you didn't know, there's a new law that's about to take effect soon, and it sure raises the bar in the field of
patenting. What makes it worse is that the burden falls entirely on small inventors and, most of the time, on startup companies
with limited financial resources.
The full measure of the penalties for not adhering to the new patent laws, i.e., not promptly filing a patent application
are the most dire-- no patent protection to begin with, and no future protections against copying either.
The most significant change to U.S. patent law since 1836 (or perhaps even 1790) is being implemented tomorrow, March 16,
2013. Part of the America Inventors Act of 2011, the new law concerns the doctrine of first-to-invent, laws concerning the protection
of original inventors, regardless of whether they were the first to apply for a patent or not.
The new law awards inventorship under a first-inventor-to-file standard. The emphasis is now placed on inventors seeking
immediate patent protections, preferably before any disclosures to any third parties and patent filings of others.
Under the soon-to-be old law, such disclosures were somewhat protected and true inventorship ascertained and rewarded.
However, those protections have almost all been eliminated.
Now, there are greater hazards to inventors -- particularly small inventors -- which will possibly preempt them from obtaining
a patent alltogether.
The so-called 'grace period' of one year from a public disclosure of an invention to patent filing under the old law is
technically still there. But third-party patent filings during that grace period now trump the earlier inventor merely by reaching
the Patent Office first.
This change in the law tries to objectify determination of a true inventor instead of engaging in procedural challenges called
"interferences," which it eliminates.
Many view this substantive change as contrary to the philosophy of the U.S. patent system, which rewards true and original
inventors, i.e., the first to invent.
The new law is patterned on that of foreign patent systems, which place much less emphasis on the individual in favor of
corporations, which want more certainty in the patenting process.
Since some third-party patentees may derive their "inventions" from primary inventors who are second to file for patents,
new proceedings determine inventorship under these circumstances.
These derivation proceedings are mini-trials to ascertain whether the earlier inventor was primary and whether the later filer
gleaned the invention by theft or other illicit means.
The U.S. Patent & Trademark Office over the past year or so has been hiring and training hundreds of Patent Office judges
for the purpose of hearing these proceedings and administrating many other new proceedings already implemented under the Act,
e.g., various post-grant opposition actions to challenge newly issued and all other patents.
Although there are several ambiguities in the new law, there are some clear lessons for inventors. Like, "first to file" means
just that, with the consequence of possible automatic curtailment of patent rights for many second filers.
For example, an individual inventor is typically unaware of the extremities of the patent laws with regard to deadlines.
Additionally, publication or dissemination of the invention prior to filing for patent already kills virtually all patent rights
outside the United States. Often, these inventors are well into the grace period when they consult a patent attorney.
Now, those same inventors may have unwittingly destroyed their opportunity for patenting by delaying the filing. Fortunately,
provisional or informal patent filing is available, which can preserve patent rights. Nevertheless, the first-to-file patent rule still
Unfortunately, those rushing to file informal and often sketchy documents may find their patent descriptions challenged for
insufficiency, i.e., the details may be so bare as to raise a question of whether the inventor was in possession of the invention
The most dire potential consequences of the new law is no patent -- no protection. Period. The countermeasure is education and
consultation with a patent attorney early in the innovation process and definitely prior to third-party disclosures.
Great minds often think alike, and others are also addressing the same technological issues. But putting inventive thoughts
to paper is often a difficult thing for some inventors.
Since a patent is a property right, its contours must be set forth in detail. For example, in land purchases, the delineations
of the property line are critical. So too with patenting -- the patent claims carve out a portion of new technology, separate
from what is known.
A patent attorney can help navigate this terrain and stake out a claim for particular technological knowledge. It's critical to
be first to file a patent application under a post-March 16 first-inventor-to-file standard.
Sadly, the actual contours of this change in the law will not be known for many years -- that is, after the courts make pronouncements
-- but in the United States, it is the new law, like it or not.
And since the new standard is draconian, it warns us all to educate ourselves as to this imminent change in the patent laws.
In other Linux news
Red Hat said earlier this morning that it is assuming the leadership role of the OpenJDK 6 community, just a few days after
Oracle said it would issue the final patch for version 6 of its commercial Java SE 6 Development Kit.
To be sure, Oracle posted JDK 6's update 43 on Monday as an emergency patch for the latest in a series of severe security
vulnerabilities that have plagued the Java browser plugin for several months already.
Although Oracle is investigating other similar security flaws, it also said that this would be the last set of public fixes
for the Java SE 6 platform.
"Oracle recommends that users and developers migrate to JDK 7 in order to continue receiving public updates and security patches,"
the database giant added in the update's formal release notes.
As a matter of fact, users got more useful life out of JDK 6 than they had any reason to expect. Oracle originally set the
end-of-life date for JDK 6 for July 2012, but it pushed back the kill date twice to give users extra time to upgrade to the new
But yesterday, Red Hat said it would continue to maintain JDK 6, even now that Oracle has ceased supporting it, in the form
of OpenJDK 6, the open source reference implementation of the Java platform.
"Red Hat has transitioned into a leadership role for the OpenJDK 6 project, effectively extending support for the technology
and its users," the company said this morning.
Although primarily known as the leading enterprise Linux vendor, Red Hat has also been a major presence in the Java community,
ever since its $350 million acquisition of open source middleware maker JBoss in 2006.
Since then, Red Hat has been one of the most active participants in the OpenJDK community, along with the likes of Google,
IBM, and well, Oracle itself.
Red Hat added that its decision to take on the leadership of the OpenJDK 6 project reinforces its commitment to the broader
Java community and to driving the future of the platform.
"Red Hat's vision includes better overall performance and manageability while enabling greater functionality around dynamic
scalability and cloud computing," the company said.
Red Hat didn't outline any specific plans for OpenJDK 6 under its current leadership, but given that the Java 6 specification
is frozen for now, it's safe to assume that its main focus will be on fixing bugs and closing security flaws as they are discovered.
According to the OpenJDK 6 project website, "bug fixes in JDK 7 that do not involve specification changes have presumptive
validity for OpenJDK 6. That is, by default, such fixes are assumed to be applicable to OpenJDK 6, especially if having 'soaked'
in JDK 7 for a time without incident."
That simply means that any new fixes Oracle makes to JDK 7 should also be applicable to OpenJDK 6. What's needed is someone to
do the work, and that's where Red Hat is stepping in.
Of course, there is one other option available to JDK 6 users who don't want to switch to OpenJDK, and that's Oracle's premium
Java SE Support. Oracle will continue to provide updates to JDK 6 for another two years or more, but for a fee or course.
Maybe you can thank Red Hat for offering what's essentially the same thing but for free. We will keep you posted on this and
on other stories as they develop.
In other Linux and open source news
Jonathan Corbet, a senior Linux kernel developer (pictured at the left) has underlined an instance of what he calls a
lax approach to security in the Linux operating system.
Corbet is citing the case of a serious vulnerability that is now more than a month old and is yet to be addressed and solved
in a timely manner.
Corbet described in an article how a security hole in the kernel, which was initially discussed on a private mailing list,
had been made public with a posting by another kernel developer named Oleg Nesterov.
According to Corbet and Nesterov, the vulnerability in question would permit the running of arbitrary code in Linux's kernel
"It seems to me that the Linux implementation of the ptrace() system call contains a race condition-- a traced process'
registers can be changed in a manner that causes the kernel to restore that process' stack contents to an arbitrary location,"
He raised the issue in the context of a discussion of other kernel vulnerabilities and criticism, by a security-oriented
firm of the way these were handled. TrustWare, the security firm, claimed that it took nearly three years to patch two flaws,
claims which Corbet contested.
But in the case of the vulnerability that he himself cited, Corbet added that the security flaw was known to be a serious
one from the outset and that one of the developers who reported it had also created exploit code to demonstrate its severity
at the time.
Corbet said that, although the public discussion of this flaw was nearly a month old at the time of writing, his article
appeared on February 19 and had been discussed for a while before that privately, and that no Linux vendor had taken a step
to issue a fix.
Nesterov works for Red Hat and Corbet quoted another kernel developer as asking why this company had not handled the issue
as it should have been.
"Linux OS distributors knew about the issue and had enough time to respond to it but that response didn't happen in a timely
manner," Corbet concluded.
"The ptrace() issue will certainly be straightened out in less than three years, but that still may not be a reason for pride.
Linux users should not be left wondering what the situation is (at least) one month after distributors know about a serious
security vulnerability," Corbet added.
Source: Debian Linux.
Get the most reliable SMTP service for your business. You wished you got it sooner!
Share on Twitter.
All logos, trade marks or service marks on this website are the property of their respective
companies or owners.
Linux News Today.org is read by over 450,000 people involved in the field of Linux application development,
professional Web hosting services, Linux
security, Linux Web development, etc.
Inquire about our reasonable advertising rates
on our news website. One of our advertising representatives will be in touch with you. Simply email us to learn
about our ad rates and how we can help drive relevant traffic to your website. Advertising space is limited.