The problems with copyright re-assignment

While I was in NYC (eating awesome food, riding my bike across the brooklyn bridge in the rain!), I spent time catching up with free software advocates. One issue that we talked about was copyright assignment. H Online recently published an article about this. Their description of the Linux kernel’s policy pretty much matches PostgreSQL’s policy:

Ownership of free software is a difficult area, and one that is resolved simply by the Linux kernel project. The code belongs to everyone and no-one, and the copyright for each individual piece of code belongs to the original coder, so that any future reassignment of the licence or the code for the Linux kernel requires the agreement of every other contributor.

I haven’t contributed code to projects other than PostgreSQL in a long time, but an important aspect of contribution that I used to not think very much about is copyright assignment. Now that I have spent a little time thinking about it, my preference is to contribute to projects which do not require copyright re-assignment.

Copyright came up in a conversation about dual-licensing, because it is the copyright assignment which provides the opportunity for a codebase to be re-licensed. But more important to me than the possibility of re-licensing, is the chilling effect copyright re-assignment agreements have on communities. The intent can be to be to hedge a company’s bets against contributor interference, and ultimately be able to assert complete control over a codebase. If we agree that the collaborative production of software is a social good, this type of hedging can only be seen as anti-social, and ultimately, destructive to a software community. In practice, I’ve seen projects which require contributor agreements effectively shun all non-corporate contributions, or actively engage in “ornamental sourcing“.

For a business owner who invests in free and open source software, this is an unsustainable position. The advantage of accessing source code is not just the code, but the people who know the code. And while I’m sure there are some exceptions, I doubt most people consider themselves experts in a codebase without having contributed significant patches to it.

Given all that, copyright assignment to the Free Software Foundation or to Canonical has been a contentious issue. But maybe if you have an organization which is committed in its charter to maintaining software freedom, then the copyright assignment serves a social good and gives an organization like the FSF the legal authority to pursue legal action if the terms of a license are violated.

Training lessons learned: Code dojo, whiteboards, interactivity

Training can be an incredibly boring, frustrating exercise. Often, I have friends who don’t bother to attend sessions or tutorials during conferences. Instead, they cherry-pick friends and colleagues that they can work on code, gossip or brainstorm with in the hall while others sit passively in lectures. When I think about it now, knowing this about my friends is what motivated me to start Open Source Bridge.

The PostgreSQL training I gave to Ondo State was specifically targeted at developers. I used material End Point had from previous trainings, and added few new things designed to meet the needs of fledgling database developers. The high points I wanted to hit were: schema design basics, user defined function development and highlight developer-friendly features of Postgres that they should be aware of.

One big obstacle for me was that they would all be using Windows as their primary operating system. I develop exclusively on UNIX-based platforms, and so I had to spend a little time getting re-acquainted with Windows tools. pgAdmin III was essential, and I was happy that a new version was released along with version 8.4 of Postgres.

Also, while the concepts are the same, the built-in monitoring tools for Windows are quite a bit different, and I used freely available material from my Postgres colleagues who support Windows for a couple hour tutorial on interactive troubleshooting.

When trying to explain concepts – like replication, or basic database terms – it really helps to have a whiteboard. I was working with a group of people with diverse IT backgrounds, and often, I asked individuals to try to explain in their own words various terms (like “transaction”). This helped engage the students in a way that simply stating definitions can’t. Observing their fellow students struggling with terminology helped them generate their own questions, and I saw the great results the next day – when students were able to define terms immediately, that took five minutes the day before to work through.

Finally, one important request from the client was that some time be spent mentoring developers on standards, best practices for development and coding style. To accomplish this task with fourteen students in such a limited period of time, I decided to conduct a series of coding sessions where students and I took turns at the keyboard programming as a group. We call this coding dojo, a concept built on the Coding Katas from Dave Thomas.

Overall, I prefer interactive training, where students are not only encouraged, but forced to interact with each other and the instructor.

When I sent out the CFP for MySQL Conf yesterday, lots of people asked me for suggestions on talk topics. In general, I recommend that speakers focus on a particular take-away for the audience, and mention specifically what a person sitting in is going to learn *and* apply immediately. Not every talk can be interactive, or give people chunks of code. But *every* talk should have a clear goal, and leave the audience educated. The best leave them inspired!

PostgreSQL at MySQL Users’ Conference 2011

So, I’m on the committee for MySQL Conf this year, and the committee is specifically seeking talks about PostgreSQL. The idea is to broaden the scope of the conference to include a lot of different open source database technology, including a bunch more about Postgres.

The theme of the conference is “the ecosystem and beyond”, which was chosen specifically because the open source database world has exploded and grown so much in the last three years. Below is a slide from a presentation I made last year at LinuxConf AU about the growth in free and open source (FOSS) databases:

We’ve seen a half-dozen forks of MySQL appear, exponential growth among “NoSQL” databases, and now, a powerful release from PostgreSQL. It may seem odd that the name of the conference didn’t change to reflect the change in focus – but this is the largest FOSS database conference I know off – weighing in at over 2000 people last year. Given the community that’s grown around it, I understand why they are keeping the name.

The content will still largely focus on MySQL — the core, the many forks, and the community around it. But we’ll also hear from many new, successful database projects, and definitely hear from PostgreSQL. To do that, though, I need you to submit talks!

The submission deadline for all proposals is October 25, 2010!

Topics for consideration include:

  • Innovative uses of Postgres
  • Data warehousing and BI
  • Architectures based on Postgres
  • PostGIS
  • Government + Postgres
  • [your favorite web framework] + Postgres
  • Performance and optimization
  • Security and database administration
  • “In the cloud”
  • Business and case studies

If you’ve got an idea, submit a proposal today!

Please contact me directly for feedback, help with submissions or help generating ideas. And if you’re submitting, please just drop me a line to let me know! I’d love to hear from all that are interested.

PostgreSQL 9.0.1 released, includes security fix & maintenance releases for 6 other versions

The PostgreSQL Global Development group released new maintenance versions today: 9.0.1, 8.4.5, 8.3.12, 8.2.18, 8.1.22, 8.0.26 and 7.4.30. This is the final update for PostgreSQL versions 7.4 and 8.0. There’s a security issue in there involving procedural languages, and a detailed description of the vulnerability is on our wiki. A key thing to remember is that the issue primarily affects people who use SECURITY DEFINER along with a procedural language function. PL/PgSQL is not affected, but any other procedural language with a “trusted” mode is. This includes PL/Perl, PL/tcl, PL/Python (7.4 or earlier) and others. The new versions fix issues in PL/Perl and PL/tcl. A patch for PL/PHP is currently in the works.

Most developers feel that the security issue is relatively obscure. If you aren’t using a procedural language with some mechanism for altering privileges (SET ROLE or SECURITY DEFINER, for example), you aren’t vulnerable to the security issue and can upgrade Postgres during your next regularly scheduled downtime. If you *are* vulnerable, we recommend investigating the use of the functions that may be vulnerable, and taking steps to prevent their exploitation by upgrading as soon as you can.

From the FAQ:

What is the level of risk associated with this exploit?

Low. It requires all of the following:

  • An attacker must have an authenticated connection to the database server.
  • The attacker must be able to execute arbitrary statements over that connection.
  • The attacker must have an strong knowledge of PostgreSQL.
  • Your application must include procedures or functions in an external procedural language.
  • These functions and procedures must be executed by users with greater privileges than the attacker, using SECURITY DEFINER or SET ROLE, and using the same connection as the attacker.

This was also the first release for which I generated release notes! 😀

Here was my list of interesting changes for the announcement:

  • Prevent show_session_authorization() from crashing within autovacuum processes, backpatched to all supported versions;
  • Fix connection leak after duplicate connection name errors, fix handling of connection names longer than 62 bytes and improve contrib/dblink’s handling of tables containing dropped columns, backpatched to all supported versions;
  • Defend against functions returning setof record where not all the returned rows are actually of the same rowtype, backpatched to 8.0;
  • Fix possible duplicate scans of UNION ALL member relations, backpatched to 8.2;
  • Reduce PANIC to ERROR on infrequent btree failure cases, backpatched to 8.2;
  • Add hstore(text, text) function to contrib/hstore, to support migration away from the => operator, which was deprecated in 9.0. Function support backpatched to 8.2;
  • Treat exit code 128 as non-fatal on Win32, backpatched to 8.2;
  • Fix failure to mark cached plans as transient, causing CREATE INDEX CONCURRENTLY to not be used right away, backpatched to 8.3;
  • Fix evaluation of inner side of an outer join is a sub-select with non-strict expressions in its output list, backpatched to 8.4;
  • Allow full SSL certificate verification to succeed in the case where both host and hostaddr are specified, backpatched to 8.4;
  • Improve parallel restore’s ability to cope with selective restore (-L option), backpatched to 8.4 with caveats;
  • Fix failure of “ALTER TABLE t ADD COLUMN c serial” when done by non-owner, 9.0 only.
  • Several bugfixes for join removal, 9.0 only.

If you have a look at a new tool that Robert Haas and Tom Lane commited to the repo called git_changelog, you can use it to find the commit IDs for the various features (you need the whole source tree to do it :)).

You’ll find that there are a lot of commits in these sets. We haven’t had a minor release since May 2010, so they kind of added up.

Any other changes in there you think we should have mentioned in the announcement? Let me know in the comments.

Download new versions now:

Weekly tweet digest for 2010-10-03

  • Ok, didn't manage to get business cards printed. Any suggestions on a place to do them in NYC Mon/Tues? #ghc #lastminute #
  • Doubles from A & A http://flic.kr/p/8EsmJa #
  • Butter (new chicken) http://flic.kr/p/8EsQdV #
  • Placement http://flic.kr/p/8EyEKM #
  • Moon cake http://flic.kr/p/8EP3az #
  • On the train to EWR. Had my last bike ride in brooklyn and tasty doubles from A&A for a while. #
  • Experiencing opening remarks – giant video! http://twitpic.com/2tbt7k #ghc10 #
  • More than 2000 people attending #ghc10 #
  • OH: "All day long, I'm surrounded by men. And I get tired of looking at them." -Duy-Loan T. Le #
  • Duy-Loan T. Le at http://twitpic.com/2tc448 #ghc10 #
  • "Relationship building requires face-to-face connection." #ghc10 #preachit #
  • "what is considered excellence in one culture doesn't necessarily translate into another culture" #ghc10 — so true in FOSS cultures #
  • "plausable promise" – learn to release before things are completely done – @saraford — cool term #
  • "plausable promise" – learn to release before things are completely done – @saraford — cool term #ghc10 #fosstrack #
  • My business card at Grace Hopper #ghc10 http://twitpic.com/2tde6y #
  • About to participate in the panel on getting started in free and open source software. #ghc10 #
  • "a simple little fortran do loop. you don't know what that is either." -Carol Bartz #ghc10 #
  • dude. Carol Bartz just said 'biotch' and 'biotch wings' #ghc10 #
  • "You have to manage your own career… Volunteer for things." -Carol Bartz #ghc10 #
  • "Don't think of your career as a ladder – ladders are very unstable." -Carol Bartz #ghc10 #
  • Thanks so much to @lhawthorn for organizing the starting in FOSS panel with @PINguAR @terriko, Deb Nicholson and Greg Hislop and me! #ghc10 #
  • Wow, Carol Bartz's keynote was epic. #ghc10 #
  • Some Android apps caught covertly sending GPS data to advertisers arst.ch/mmq via @arstechnica #noyoudint #
  • Listening to Gayatri Buragohain, the founder of http://www.fat-net.org/ talk about how she got started. She just won an award at #ghc10 #
  • heartfelt speach from Tayana Etienne, who was crucial in developing NGO collaboration in Haiti after the earthquake in January. #ghc10 #
  • Laura Haas now accepting an award for technical leadership.. cites collaboration, apprenticeship as the foundation of her success 🙂 #ghc10 #
  • "I just think about how to get people to play with me on my next project." -Laura Haas #ghc10 #
  • Omg. Dance party started at #ghc10 Headed back to the hackathon. #immanerd #
  • Guess who rules? @claire_mccabe with her bringing me a glass of wine 🙂 in reply to claire_mccabe #
  • Fran and others hacking http://flic.kr/p/8FrBKQ #
  • Fran, louiqa and pat http://flic.kr/p/8FrJmj #
  • listening to carla gomes talk about computational sustainability – aim to apply tech from compsci to sustainability research. #ghc10 #
  • Big challenge: establish interdisciplinary relationships and collaborate across fields (computational sustainability) #ghc10 #
  • loving carla gomes' use of smilie and frownie faces on slides about "diffusion process as local stochastic activation rules" #ghc10 #
  • Referencing this paper: http://bit.ly/aF5BbH in solving problem of land buying to increase population of endangered birds #ghc10 #
  • Building poverty maps is similar to species maps, and modeling process of migration – influencing cascades, picking best strategy #ghc10 #
  • Leadership: always think about how to generalize what you are doing. -Carla Gomes #ghc10 #
  • Imposter syndrome thought to be esp common wih women, but found to occur equally with men. #ghc10 #
  • "'You have just processed a petabyte of data.' Oops." #ghc10 #mapreduce #
  • PSA: biotch-wings http://www.flickr.com/photos/gailcarmichael/5041609463/in/set-72157624932418433/ #ghc10 #
  • In a talk on mentoring challenges and they are acting out a skit. Awesome!! #ghc10 #
  • OH: you should focus on the lack of spatial awareness as a commonality #ghc10 #
  • Enjoying the #ghc10 afterparty #
  • totally excited about a new project. #shiny #