From 1a05dee2f692f178dac9c0a2ead9d707c52adca0 Mon Sep 17 00:00:00 2001 From: delliott Date: Wed, 27 Aug 2025 15:22:06 +0000 Subject: [PATCH] build: use lefthook for pre-commit (#5248) update docs update nix-shell to auto install rework custom pre-commit hooks to integrate better add dockerfile for lefthook and integrate into drone add some more hooks for formatting and linting some files Co-authored-by: Darragh Elliott Reviewed-on: https://git.fsfe.org/FSFE/fsfe-website/pulls/5248 Co-authored-by: delliott Co-committed-by: delliott --- .drone.yml | 112 +- .prettierignore | 19 + README.md | 31 +- Dockerfile => build.Dockerfile | 12 +- entrypoint.sh => build.entrypoint.sh | 13 +- build/xslt/ONLY_FSFE_INHOUSE.md | 3 +- build/xslt/body_scripts.xsl | 8 +- build/xslt/countries.xsl | 46 +- build/xslt/email-obfuscate.xsl | 32 +- build/xslt/events.xsl | 124 +- build/xslt/fsfe-cd.xsl | 7 +- build/xslt/fsfe_body.xsl | 46 +- build/xslt/fsfe_document.xsl | 14 +- build/xslt/fsfe_followupsection.xsl | 94 +- build/xslt/fsfe_head.xsl | 461 +-- build/xslt/fsfe_headings.xsl | 295 +- build/xslt/fsfe_localmenu.xsl | 24 +- build/xslt/fsfe_mainsection.xsl | 81 +- build/xslt/fsfe_nolocal.xsl | 20 +- build/xslt/fsfe_pageclass.xsl | 9 +- build/xslt/fsfe_pagefooter.xsl | 32 +- build/xslt/fsfe_pageheader.xsl | 96 +- build/xslt/fsfe_sidebar.xsl | 194 +- build/xslt/fsfe_topbanner.xsl | 6 +- build/xslt/get_version.xsl | 13 +- build/xslt/gettext.xsl | 18 +- build/xslt/module.xsl | 10 +- build/xslt/news.xsl | 87 +- build/xslt/notifications.xsl | 87 +- build/xslt/peertube.xsl | 26 +- build/xslt/people.xsl | 423 ++- build/xslt/related.xsl | 71 +- build/xslt/sharebuttons.xsl | 75 +- build/xslt/static-elements.xsl | 64 +- build/xslt/tags.xsl | 13 +- build/xslt/translation_list.xsl | 22 +- docker-compose.yml | 30 +- drm.info/default.xsl | 18 +- drm.info/drm-info.css | 478 ++- drm.info/xslt/drm_info_body.xsl | 175 +- drm.info/xslt/drm_info_head.xsl | 9 +- fsfe.org/about/README.timeline.md | 103 +- fsfe.org/about/associates/associates.xsl | 18 +- fsfe.org/about/codeofconduct.xsl | 10 +- .../graphics/sponsoring/source/genyear.sh | 32 +- .../about/graphics/sponsoring/sponsoring.xsl | 79 +- fsfe.org/about/people/index.xsl | 17 +- fsfe.org/about/people/testimonials.xsl | 95 +- .../about/softwarefreedom/testimonials.xsl | 80 +- .../activities/ada-zangemann/book-reviews.xsl | 82 +- .../activities/ada-zangemann/drawings.xsl | 20 +- fsfe.org/activities/ada-zangemann/letters.xsl | 99 +- fsfe.org/activities/default.xsl | 28 +- fsfe.org/activities/ilovefs/index.xsl | 47 +- .../activities/ilovefs/report/report_2024.xsl | 92 +- .../activities/ilovefs/whylovefs/gallery.xsl | 96 +- .../activities/ms-vs-eu/fsfe-statement.html | 2844 +++++++++-------- fsfe.org/activities/pdfreaders/buglist.xsl | 116 +- fsfe.org/activities/pdfreaders/pdfreaders.xsl | 81 +- .../activities/pdfreaders/petition-sig-add.sh | 69 +- fsfe.org/activities/pdfreaders/petition.xsl | 66 +- fsfe.org/activities/publiccode/bea.xsl | 8 +- .../activities/radiodirective/statement.xsl | 7 +- fsfe.org/activities/swpat/documents.xsl | 24 +- fsfe.org/activities/swpat/memorandum.xsl | 25 +- .../individual-signatures.xsl | 7 +- .../upcyclingandroid/openletter.xsl | 17 +- fsfe.org/activities/whyfs/whyfs.xsl | 9 +- fsfe.org/activities/wipo/wipo.xsl | 24 +- fsfe.org/activities/wipo/wiwo.xsl | 20 +- fsfe.org/activities/yh4f/index.xsl | 13 +- .../promotion-materials-archive.xsl | 245 +- fsfe.org/contribute/spreadtheword.xsl | 267 +- .../contribute/translators/translators.xsl | 11 +- fsfe.org/default.xsl | 3 +- fsfe.org/donate/thankgnus-2001.xsl | 19 +- fsfe.org/donate/thankgnus-2002.xsl | 19 +- fsfe.org/donate/thankgnus-2003.xsl | 19 +- fsfe.org/donate/thankgnus-2004.xsl | 19 +- fsfe.org/donate/thankgnus-2005.xsl | 19 +- fsfe.org/donate/thankgnus-2006.xsl | 19 +- fsfe.org/donate/thankgnus-2007.xsl | 19 +- fsfe.org/donate/thankgnus-2008.xsl | 19 +- fsfe.org/donate/thankgnus-2009.xsl | 19 +- fsfe.org/donate/thankgnus-2010.xsl | 19 +- fsfe.org/donate/thankgnus-2011.xsl | 19 +- fsfe.org/donate/thankgnus-2012.xsl | 19 +- fsfe.org/donate/thankgnus-2013.xsl | 27 +- fsfe.org/donate/thankgnus-2014.xsl | 27 +- fsfe.org/donate/thankgnus-2015.xsl | 27 +- fsfe.org/donate/thankgnus-2016.xsl | 27 +- fsfe.org/donate/thankgnus-2017.xsl | 27 +- fsfe.org/donate/thankgnus-2018.xsl | 27 +- fsfe.org/donate/thankgnus-2019.xsl | 27 +- fsfe.org/donate/thankgnus-2020.xsl | 27 +- fsfe.org/donate/thankgnus-2021.xsl | 27 +- fsfe.org/donate/thankgnus-2022.xsl | 27 +- fsfe.org/donate/thankgnus-2023.xsl | 27 +- fsfe.org/donate/thankgnus-2024.xsl | 27 +- fsfe.org/donate/thankgnus-2025.xsl | 43 +- fsfe.org/events/default.xsl | 54 +- fsfe.org/events/events.ics.xsl | 104 +- fsfe.org/events/events.rss.xsl | 83 +- fsfe.org/events/tools/eventregistration.xsl | 8 +- fsfe.org/fsfe.xsl | 59 +- fsfe.org/index.xsl | 128 +- fsfe.org/internal/subdir.py | 6 +- fsfe.org/look/elements/banners.less | 38 +- fsfe.org/look/elements/color-box.less | 45 +- fsfe.org/look/elements/details.less | 5 +- fsfe.org/look/elements/figure.less | 14 +- fsfe.org/look/elements/footnotes.less | 13 +- fsfe.org/look/elements/ilovefs-list.less | 6 +- fsfe.org/look/elements/interview-ayc.less | 94 +- fsfe.org/look/elements/people.less | 40 +- fsfe.org/look/elements/quotes.less | 6 +- fsfe.org/look/elements/sharebuttons.less | 18 +- fsfe.org/look/elements/striped-table.less | 12 +- fsfe.org/look/elements/table-of-contents.less | 5 +- .../look/elements/text-img-structure.less | 71 +- fsfe.org/look/elements/topbanner.less | 14 +- fsfe.org/look/font-icon-no-js.less | 56 +- fsfe.org/look/fonts.less | 228 +- fsfe.org/look/fsfe.less | 151 +- fsfe.org/look/pages/freesoftware.less | 166 +- fsfe.org/look/pages/frontpage.less | 497 +-- fsfe.org/look/pages/interview.less | 2 +- fsfe.org/look/pages/news.less | 222 +- fsfe.org/look/pages/press.less | 2 +- fsfe.org/look/pages/spreadtheword.less | 12 +- fsfe.org/look/pages/upcycling-android.less | 2 +- fsfe.org/look/print.css | 75 +- fsfe.org/look/style.less | 1643 +++++----- fsfe.org/look/valentine.less | 16 +- fsfe.org/news/2009/nyr/iesucks.css | 24 +- fsfe.org/news/2009/nyr/nyr.css | 108 +- fsfe.org/news/2012/ilovefs-pictures.css | 38 +- fsfe.org/news/README.md | 11 +- fsfe.org/news/default.xsl | 60 +- fsfe.org/news/news.rss.xsl | 100 +- fsfe.org/news/newsletter.xsl | 31 +- fsfe.org/news/podcast-opus.rss.xsl | 17 +- fsfe.org/news/podcast.rss.xsl | 175 +- fsfe.org/news/podcast/default.xsl | 37 +- fsfe.org/news/xhtml2xml.xsl | 39 +- fsfe.org/order/order.xsl | 56 +- fsfe.org/order/size.xsl | 16 +- fsfe.org/press/press.xsl | 31 +- fsfe.org/scripts/addrow.js | 21 +- fsfe.org/scripts/filter-teams.js | 8 +- fsfe.org/scripts/identica-badge.js | 765 +++-- fsfe.org/scripts/spreadtheword.js | 56 +- fsfe.org/search/search.js | 200 +- fsfe.org/search/search.xsl | 40 +- fsfe.org/search/strings.en.js | 2 +- fsfe.org/search/strings.nl.js | 2 +- fsfe.org/tags/default.xsl | 40 +- fsfe.org/tags/tags.xsl | 25 +- lefthook.yaml | 60 + pdfreaders.org/default.xsl | 22 +- pdfreaders.org/pdfreaders.css | 75 +- pdfreaders.org/xslt/pdfreaders_body.xsl | 54 +- pdfreaders.org/xslt/pdfreaders_head.xsl | 26 +- pdfreaders.org/xslt/pdfreaders_list.xsl | 47 +- pre-commit.Dockerfile | 41 + pre-commit.entrypoint.sh | 17 + pyproject.toml | 29 +- renovate.json | 6 +- shell.nix | 40 +- status.fsfe.org/default.xsl | 3 +- status.fsfe.org/filler/README.md | 2 +- status.fsfe.org/translations/default.xsl | 4 +- tools/__init__.py | 6 - tools/check-non-en-frontpage.sh | 22 - tools/check-translation-status.sh | 162 +- tools/ci-checks/check-non-en-frontpage.sh | 23 + tools/ci-checks/general.sh | 754 +++++ tools/encoding-convert.sh | 33 +- tools/githooks/pre-commit | 751 ----- tools/githooks/pre-receive | 36 - tools/tagtool/tagsToCSV.xsl | 13 +- tools/tagtool/tagtool.sh | 218 +- tools/wikicalendars.xsl | 176 +- tools/xsltsl/date-time.xsl | 528 +-- tools/xsltsl/string.xsl | 1026 +++--- tools/xsltsl/tokenize.xsl | 119 +- 186 files changed, 9247 insertions(+), 9590 deletions(-) create mode 100644 .prettierignore rename Dockerfile => build.Dockerfile (90%) rename entrypoint.sh => build.entrypoint.sh (73%) create mode 100644 lefthook.yaml create mode 100644 pre-commit.Dockerfile create mode 100644 pre-commit.entrypoint.sh delete mode 100644 tools/__init__.py delete mode 100755 tools/check-non-en-frontpage.sh create mode 100755 tools/ci-checks/check-non-en-frontpage.sh create mode 100755 tools/ci-checks/general.sh delete mode 100755 tools/githooks/pre-commit delete mode 100755 tools/githooks/pre-receive diff --git a/.drone.yml b/.drone.yml index 020cb7f440..0a52797ad6 100644 --- a/.drone.yml +++ b/.drone.yml @@ -7,22 +7,20 @@ clone: depth: 150 steps: - - name: check-python - image: ghcr.io/astral-sh/ruff:latest - command: [ "check", "." ] - - - name: check-custom - image: debian:bookworm + - name: pre-commit + image: docker:27.4.1 + environment: + # Environment variables necessary for rootless Docker + XDG_RUNTIME_DIR: "/run/user/1001" + DOCKER_HOST: "unix:///run/user/1001/docker.sock" + volumes: + # Mounting Docker socket of rootless docker user + - name: dockersock + path: /run/user/1001/docker.sock commands: - - apt update - # Install required packages - - apt install --yes --no-install-recommends coreutils sed grep libxml2-utils git findutils perl-base file mediainfo curl - # Check whether non-EN news item would appear on front-page - - bash tools/check-non-en-frontpage.sh news - # Run pre-commit checks - - bash tools/githooks/pre-commit ci-pr - # Check syntax for all files as a safety net - - find . -type f \( -iname "*.xhtml" -o -iname "*.xml" -o -iname "*.xsl" \) -exec xmllint --noout {} + + - docker ps && echo "tampered with" + - echo "DRONE_COMMIT_BRANCH ${DRONE_COMMIT_BRANCH}" + - docker compose -p fsfe-website-pre-commit run --remove-orphans --build pre-commit "origin/${DRONE_COMMIT_BRANCH}" - name: deploy-master image: docker:27.4.1 @@ -32,48 +30,13 @@ steps: DOCKER_HOST: "unix:///run/user/1001/docker.sock" # Target use ipv4 proxies for noddack and gahn, as ipv6 broken. TARGET: "www@proxy.noris.fsfeurope.org:fsfe.org/global/?10322,www@proxy.plutex.fsfeurope.org:fsfe.org/global/?10322" - KEY_PRIVATE: + FSFE_WEBSITE_KEY_PRIVATE: from_secret: KEY_PRIVATE - KEY_PASSWORD: + FSFE_WEBSITE_KEY_PASSWORD: from_secret: KEY_PASSWORD - GIT_TOKEN: + FSFE_WEBSITE_GIT_TOKEN: from_secret: BUILD_TOKEN - PROJECT: - fsfe-website-master - volumes: - # Mounting Docker socket of rootless docker user - - name: dockersock - path: /run/user/1001/docker.sock - commands: - - docker ps && echo "tampered with" - - docker compose -p "$PROJECT" down - # If we are in a cron job, then do a full rebuild - # Ideally the cron would set the flag itself, but drone does not support that. - - if [ "$DRONE_BUILD_EVENT" = "cron" ]; then EXTRA_FLAGS="--full"; fi - - docker compose -p "$PROJECT" run --remove-orphans --build build --target "$TARGET" $EXTRA_FLAGS - when: - branch: - - master - event: - exclude: - - pull_request - - - name: deploy-test - image: docker:27.4.1 - environment: - # Environment variables necessary for rootless Docker - XDG_RUNTIME_DIR: "/run/user/1001" - DOCKER_HOST: "unix:///run/user/1001/docker.sock" - # Target use ipv4 proxies for noddack and gahn, as ipv6 broken. - TARGET: "www@proxy.noris.fsfeurope.org:test.fsfe.org/global/?10322,www@proxy.plutex.fsfeurope.org:test.fsfe.org/global/?10322" - KEY_PRIVATE: - from_secret: KEY_PRIVATE - KEY_PASSWORD: - from_secret: KEY_PASSWORD - GIT_TOKEN: - from_secret: BUILD_TOKEN - PROJECT: - fsfe-website-test + PROJECT: fsfe-website-master volumes: # Mounting Docker socket of rootless docker user - name: dockersock @@ -87,10 +50,43 @@ steps: - docker compose -p "$PROJECT" run --remove-orphans --build build --target "$TARGET" $EXTRA_FLAGS when: branch: - - test + - master event: exclude: - - pull_request + - pull_request + + - name: deploy-test + image: docker:27.4.1 + environment: + # Environment variables necessary for rootless Docker + XDG_RUNTIME_DIR: "/run/user/1001" + DOCKER_HOST: "unix:///run/user/1001/docker.sock" + # Target use ipv4 proxies for noddack and gahn, as ipv6 broken. + TARGET: "www@proxy.noris.fsfeurope.org:test.fsfe.org/global/?10322,www@proxy.plutex.fsfeurope.org:test.fsfe.org/global/?10322" + FSFE_WEBSITE_KEY_PRIVATE: + from_secret: KEY_PRIVATE + FSFE_WEBSITE_KEY_PASSWORD: + from_secret: KEY_PASSWORD + FSFE_WEBSITE_GIT_TOKEN: + from_secret: BUILD_TOKEN + PROJECT: fsfe-website-test + volumes: + # Mounting Docker socket of rootless docker user + - name: dockersock + path: /run/user/1001/docker.sock + commands: + - docker ps && echo "tampered with" + - docker compose -p "$PROJECT" down + # If we are in a cron job, then do a full rebuild + # Ideally the cron would set the flag itself, but drone does not support that. + - if [ "$DRONE_BUILD_EVENT" = "cron" ]; then EXTRA_FLAGS="--full"; fi + - docker compose -p "$PROJECT" run --remove-orphans --build build --target "$TARGET" $EXTRA_FLAGS + when: + branch: + - test + event: + exclude: + - pull_request trigger: branch: - master @@ -111,6 +107,4 @@ volumes: path: /run/user/1001/docker.sock --- kind: signature -hmac: 010308e954faf164916eb11c4603a4dc71c0888ad165025e390120d0c9c08ecc - -... +hmac: d01ec3f92e3e0261685c7c803c16002e809134015692d0cafb3eb8110365082f diff --git a/.prettierignore b/.prettierignore new file mode 100644 index 0000000000..f5015a79a6 --- /dev/null +++ b/.prettierignore @@ -0,0 +1,19 @@ +# Generated files from gitignore +# Local build stuff +output +# Python stuff +.venv +__pycache__ +#Nltk +.nltk_data + +# In repo external sources +fsfe.org/look/bootstrap +fsfe.org/scripts/bootstrap +fsfe.org/scripts/data-tables +fsfe.org/scripts/jquery.validate-localization + +# Minimised stuff +*.min.* +# This is used to signify some minified js +*.custom.* diff --git a/README.md b/README.md index aa2737c64f..ed65939599 100644 --- a/README.md +++ b/README.md @@ -107,43 +107,42 @@ The pages can be built and served by running `uv run build`. Try `--help` for mo The docker build process is in some ways designed for deployment. This means that it expects some environment variables to be set to function. Namely, it will try and load ssh credentials and git credentials, and docker does not support providing default values to these. So, to stub out this functionality, please set the environment variables -`KEY_PRIVATE KEY_PASSWORD GIT_TOKEN` to equal `none` when running docker. One can set them for the shell session, an example in bash is seen below. +`FSFE_WEBSITE_KEY_PRIVATE FSFE_WEBSITE_KEY_PASSWORD FSFE_WEBSITE_GIT_TOKEN` to equal `none` when running docker. One can set them for the shell session, an example in bash is seen below. ``` -export KEY_PRIVATE=none; -export KEY_PASSWORD=none; -export GIT_TOKEN=none; +export FSFE_WEBSITE_KEY_PRIVATE=none; +export FSFE_WEBSITE_KEY_PASSWORD=none; +export FSFE_WEBSITE_GIT_TOKEN=none; ``` + One can then run Docker commands like `docker compose ...`. Alternatively one can prefix the Docker commands with the required variables, like so -``` -KEY_PRIVATE=none KEY_PASSWORD=none GIT_TOKEN=none docker compose -``` -Once your preferred method has been chosen, simply running `docker compose run --service-ports build --serve` should build the webpages and make them available over localhost. +``` +FSFE_WEBSITE_KEY_PRIVATE=none FSFE_WEBSITE_KEY_PASSWORD=none FSFE_WEBSITE_GIT_TOKEN=none docker compose +``` + +Once your preferred method has been chosen, simply running `docker compose run --service-ports build --serve` should build the webpages and make them available over localhost. Some more explanation: we are essentially just using docker as a way to provide dependencies and then running the build script. All flags after `build` are passed to the `build` cli. The `service-ports` flag is required to open ports from the container for serving the output, not needed if not using the `--serve` flag of the build script. ## Githooks -The repo contains some highly recommended githooks that one should enable. They check for several kinds of common issues. They are also run in CI, so enabling them locally speeds the development feedback loop. +The repo contains some highly recommended githooks using [lefthook](github.com/evilmartians/lefthook) that one should enable. They check for several kinds of common issues. They are also run in CI, so enabling them locally speeds the development feedback loop. -One can enable them locally using +Lefthook is installed as part of the python virtual environment. If using the `nix-shell` the hooks are automatically activated and all required dependencies installed. If not, one must install them using ```sh -rm .git/hooks -r # remove git's sample hooks -ln -s tools/githooks/ .git/hooks # link our hooks to the right dir +lefthook install ``` -The hooks have some extra dependencies, namely +The hooks have some extra dependencies, at time of writing: ``` -git xmllint sed file grep bash perl mediainfo curl mktemp +ruff git xmllint sed file grep bash perl mediainfo curl mktemp ``` -The provided `nix-shell` includes the needed packages. Otherwise, they can be installed manually. - ## Testing While most small changes can be tested adequately by building locally some larger changes, particularly ones relating to the order pages, event registration and other forms may require more integrated testing. This can be achieved using the `test` branch. This branch is built and served in the same way as the main site, [fsfe.org](https://fsfe.org). The built version of the `test` branch may be viewed at [test.fsfe.org](https://test.fsfe.org). diff --git a/Dockerfile b/build.Dockerfile similarity index 90% rename from Dockerfile rename to build.Dockerfile index 964228bb9d..afaf5bc839 100644 --- a/Dockerfile +++ b/build.Dockerfile @@ -4,14 +4,14 @@ COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/ # Install deps RUN apt-get update && apt-get install --yes --no-install-recommends \ -rsync \ -libxslt1.1 \ -libxml2 \ +ca-certificates \ +expect \ git \ +libxml2 \ +libxslt1.1 \ node-less \ openssh-client \ -ca-certificates \ -expect +rsync # Set uv project env, to persist stuff moving dirs ENV UV_PROJECT_ENVIRONMENT=/root/.cache/uv/venv @@ -26,6 +26,6 @@ RUN uv sync --no-install-package fsfe_website_build # Copy everything else COPY . . -ENTRYPOINT [ "bash", "./entrypoint.sh" ] +ENTRYPOINT ["bash", "./build.entrypoint.sh"] diff --git a/entrypoint.sh b/build.entrypoint.sh similarity index 73% rename from entrypoint.sh rename to build.entrypoint.sh index 250e6d7699..74fd93cf38 100644 --- a/entrypoint.sh +++ b/build.entrypoint.sh @@ -4,7 +4,7 @@ set -euo pipefail # Ran from the volume of the website source mounted at /website-source # Load sshkeys -if [ -f /run/secrets/KEY_PRIVATE ] && [ "$(cat /run/secrets/KEY_PRIVATE)" != "none" ]; then +if [ -f /run/secrets/FSFE_WEBSITE_KEY_PRIVATE ] && [ "$(cat /run/secrets/FSFE_WEBSITE_KEY_PRIVATE)" != "none" ]; then # Start ssh-agent eval "$(ssh-agent)" @@ -13,9 +13,9 @@ if [ -f /run/secrets/KEY_PRIVATE ] && [ "$(cat /run/secrets/KEY_PRIVATE)" != "no mkdir -p ~/.ssh echo "AddKeysToAgent yes" >~/.ssh/config # Tighten permissions to keep ssh-add happy - chmod 400 /run/secrets/KEY_* - PASSWORD="$(cat "/run/secrets/KEY_PASSWORD")" - PRIVATE="$(cat "/run/secrets/KEY_PRIVATE")" + chmod 400 /run/secrets/FSFE_WEBSITE_KEY_* + PASSWORD="$(cat "/run/secrets/FSFE_WEBSITE_KEY_PASSWORD")" + PRIVATE="$(cat "/run/secrets/FSFE_WEBSITE_KEY_PRIVATE")" # Really should be able to just read from the private path, but for some reason ssh-add fails when using the actual path # But works when you cat the path into another file and then load it # Or cat the file and pipe it in through stdin @@ -32,8 +32,9 @@ else echo "Secret not defined!" fi -if [ -f /run/secrets/GIT_TOKEN ] && [ "$(cat /run/secrets/GIT_TOKEN)" != "none" ]; then - export GIT_TOKEN="$(cat "/run/secrets/GIT_TOKEN")" +if [ -f /run/secrets/FSFE_WEBSITE_GIT_TOKEN ] && [ "$(cat /run/secrets/FSFE_WEBSITE_GIT_TOKEN)" != "none" ]; then + FSFE_WEBSITE_GIT_TOKEN="$(cat "/run/secrets/FSFE_WEBSITE_GIT_TOKEN")" + export FSFE_WEBSITE_GIT_TOKEN fi # Rsync files over, do not use the mtimes as they are wrong due to docker shenanigans diff --git a/build/xslt/ONLY_FSFE_INHOUSE.md b/build/xslt/ONLY_FSFE_INHOUSE.md index 03134ee0d3..cf595e3e03 100644 --- a/build/xslt/ONLY_FSFE_INHOUSE.md +++ b/build/xslt/ONLY_FSFE_INHOUSE.md @@ -1,6 +1,5 @@ this directory is reserved for xls files, that were developed for the fsfe page in particular if you download xslt libraries from external sources, put them into -tools/xsltsl/ (deprecated) +tools/xsltsl/ (deprecated) build/xsltlib/ - diff --git a/build/xslt/body_scripts.xsl b/build/xslt/body_scripts.xsl index e882808ead..6c930b55c2 100644 --- a/build/xslt/body_scripts.xsl +++ b/build/xslt/body_scripts.xsl @@ -1,10 +1,6 @@ - - - + - - + - - - - - - + diff --git a/build/xslt/fsfe_headings.xsl b/build/xslt/fsfe_headings.xsl index d2078c968a..2b8999d522 100644 --- a/build/xslt/fsfe_headings.xsl +++ b/build/xslt/fsfe_headings.xsl @@ -1,241 +1,224 @@ - - - + - - - + category /news/news..html - + + + - category /news/newsletter..html - + + + - category /news/podcast..html - + + + - - - + - - + article-metadata - : + : dt-published - + - - article-metadata - -   - +   - - - - - - - - - - - - author p-author h-card - author - - - - - /about/people/avatars/ - - - - - - - - - - - /about/people/avatars/ - - - - - - - + + + + + + + + + + + author p-author h-card + author + + + + + + + /about/people/avatars/ + + + + - + - - - - - author p-author h-card - author - - - - - - - - - - - - - - - - - - - - - - - + + + + /about/people/avatars/ + + + + + - - - - - - - ,   - - - -   - - - - , - - - - - - - + + + + + + + + + author p-author h-card + author + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + , + + + +   + + + + + + + +   + + + + , + + + + + + - - - - -   - - dt-published - -   + + +  dt-published  - ( + ( -   - dt-updated - - - )  +  dt-updated + )  - - - - - - - - - - + + + + + + + + + + - - - + - - + - - + - - + - - + - - + - - diff --git a/build/xslt/fsfe_localmenu.xsl b/build/xslt/fsfe_localmenu.xsl index 77efa08878..857396baff 100644 --- a/build/xslt/fsfe_localmenu.xsl +++ b/build/xslt/fsfe_localmenu.xsl @@ -1,10 +1,7 @@ - - - + - @@ -16,32 +13,31 @@ - - - + + + nav nav-tabs - - presentation active - - - + + + + - - + + diff --git a/build/xslt/fsfe_mainsection.xsl b/build/xslt/fsfe_mainsection.xsl index bd2708bbe1..f5ddac6142 100644 --- a/build/xslt/fsfe_mainsection.xsl +++ b/build/xslt/fsfe_mainsection.xsl @@ -1,9 +1,7 @@ - - + - @@ -14,32 +12,30 @@ - + + + - - - + - - + + discussion-link learn-more - + - + - - + tags @@ -49,46 +45,45 @@ - - + + - - - + + - - +
- - - - - - - license - - - - - - + + + + + + + license + + + + + + + + +
- - -
- Creative Commons logo - - • + +
+ + Creative Commons logo + -
+ +
- - diff --git a/build/xslt/fsfe_nolocal.xsl b/build/xslt/fsfe_nolocal.xsl index 80ce23d320..9353102681 100644 --- a/build/xslt/fsfe_nolocal.xsl +++ b/build/xslt/fsfe_nolocal.xsl @@ -1,27 +1,11 @@ - - - + - - + - diff --git a/build/xslt/fsfe_pageclass.xsl b/build/xslt/fsfe_pageclass.xsl index ce99a6f67d..7d789949d6 100644 --- a/build/xslt/fsfe_pageclass.xsl +++ b/build/xslt/fsfe_pageclass.xsl @@ -1,11 +1,11 @@ - - - + - + + + @@ -16,5 +16,4 @@ news - diff --git a/build/xslt/fsfe_pagefooter.xsl b/build/xslt/fsfe_pagefooter.xsl index 774ca3ec87..aa70dcdb28 100644 --- a/build/xslt/fsfe_pagefooter.xsl +++ b/build/xslt/fsfe_pagefooter.xsl @@ -1,7 +1,5 @@ - - - + @@ -13,18 +11,15 @@ - - page-info - - share-buttons footer - + + https://mastodon.social/@fsfe @@ -37,7 +32,8 @@ Mastodon - + + https://media.fsfe.org/a/fsfe/videos @@ -51,7 +47,6 @@ - Copyright © 2001-2025 @@ -66,18 +61,14 @@ . - - - - @@ -90,7 +81,6 @@ - @@ -103,7 +93,6 @@ - @@ -136,18 +125,14 @@ - - - - @@ -164,7 +149,6 @@ - @@ -177,7 +161,6 @@ - @@ -190,7 +173,6 @@ - @@ -228,7 +210,6 @@ - @@ -242,11 +223,8 @@ - - - diff --git a/build/xslt/fsfe_pageheader.xsl b/build/xslt/fsfe_pageheader.xsl index c1b842f892..215c7d92f4 100644 --- a/build/xslt/fsfe_pageheader.xsl +++ b/build/xslt/fsfe_pageheader.xsl @@ -1,14 +1,10 @@ - - - + top - masthead - logo FSFE Logo @@ -20,46 +16,46 @@ - - menu - - + + + - direct-links - direct-to-menu-list #menu-list - + + + - direct-to-content #content - + + + - direct-to-page-info #page-info - + + + - checkbox @@ -67,11 +63,10 @@ burger - - fa fa-bars fa-lg - + + fa fa-bars fa-lg + - menu-list @@ -86,63 +81,77 @@ fa fa-heart-o fa-lg -   - +   + + + - menu-sections /about/about.html - + + + /activities/activities.html - + + + /contribute/contribute.html - + + + visible-xs /news/news.html - + + + visible-xs /events/events.html - + + + visible-xs /news/podcast.html - + + + /press/press.html - + + + - @@ -150,11 +159,12 @@ fa fa-sign-in fa-lg -   - +   + + + - menu-translations @@ -164,17 +174,18 @@ fa fa-globe fa-lg -   - +   + + + - menu-search-box GET - /search/search..html + /search/search..html input-group @@ -190,7 +201,9 @@ - + + + text q @@ -203,12 +216,9 @@ - - - diff --git a/build/xslt/fsfe_sidebar.xsl b/build/xslt/fsfe_sidebar.xsl index 27659080e6..cd88d316c0 100644 --- a/build/xslt/fsfe_sidebar.xsl +++ b/build/xslt/fsfe_sidebar.xsl @@ -1,132 +1,160 @@ - - - + - diff --git a/build/xslt/fsfe_topbanner.xsl b/build/xslt/fsfe_topbanner.xsl index 6d59314e7b..03a65a6e21 100644 --- a/build/xslt/fsfe_topbanner.xsl +++ b/build/xslt/fsfe_topbanner.xsl @@ -1,7 +1,5 @@ - - - + topbanner @@ -9,7 +7,7 @@ topbanner-border topbanner-inner - + diff --git a/build/xslt/get_version.xsl b/build/xslt/get_version.xsl index 12d2acc4fe..c67d72ef09 100644 --- a/build/xslt/get_version.xsl +++ b/build/xslt/get_version.xsl @@ -1,24 +1,15 @@ - - - - - + + - diff --git a/build/xslt/gettext.xsl b/build/xslt/gettext.xsl index c98386302c..0a83bdeeb8 100644 --- a/build/xslt/gettext.xsl +++ b/build/xslt/gettext.xsl @@ -1,26 +1,20 @@ - - - + - - + - + - + - - - - + + diff --git a/build/xslt/module.xsl b/build/xslt/module.xsl index 1ed1f115b7..60a9c0eed3 100644 --- a/build/xslt/module.xsl +++ b/build/xslt/module.xsl @@ -1,12 +1,12 @@ - - - + - - + + + + diff --git a/build/xslt/news.xsl b/build/xslt/news.xsl index 949f2fc0d3..5e6ccb656c 100644 --- a/build/xslt/news.xsl +++ b/build/xslt/news.xsl @@ -1,23 +1,13 @@ - - - + - - - - - + @@ -29,13 +19,13 @@ - - - + + + - - + + @@ -44,7 +34,6 @@ - @@ -63,8 +52,10 @@ - - + + + + @@ -78,17 +69,15 @@ - + + - - - @@ -104,12 +93,9 @@ - - - @@ -119,37 +105,31 @@ - - - -   +   learn-more - + + - - - - @@ -159,36 +139,31 @@ 5 - news-list - + -   +   date - - + + + + - - + + - - - - @@ -198,11 +173,8 @@ 5 - - + @@ -210,25 +182,20 @@ - - meta - - - + + - - diff --git a/build/xslt/notifications.xsl b/build/xslt/notifications.xsl index 9edc387efa..369d39651b 100644 --- a/build/xslt/notifications.xsl +++ b/build/xslt/notifications.xsl @@ -1,11 +1,8 @@ - - - + notifications - - alert warning yellow - - close - alert - # - true + closealert#true × - - - - - - - .en.html - - - . - + .en.html. + - - + + alert warning yellow - - close - alert - # - true + closealert#true × - - + + + + - - + + alert warning yellow - - close - alert - # - true + closealert#true × - - + + + + - - + + infobox - + alert warning yellow - - close - alert - # - true + closealert#true × - + - - + alert warning green - - close - alert - # - true + closealert#true × - + - - + + - diff --git a/build/xslt/peertube.xsl b/build/xslt/peertube.xsl index 743d921be1..1cd6a8951f 100644 --- a/build/xslt/peertube.xsl +++ b/build/xslt/peertube.xsl @@ -1,23 +1,18 @@ - - - - + - - + https://download.fsfe.org/videos/peertube/ - + - crossorigin - + .jpg controls @@ -26,7 +21,7 @@ video/mp4; codecs="avc1.42E01E, mp4a.40.2" screen and (min-width:1200px) - + _1080p.mp4 @@ -35,7 +30,7 @@ video/mp4; codecs="avc1.42E01E, mp4a.40.2" screen and (max-width:1199px) - + _720p.mp4 @@ -44,7 +39,7 @@ video/mp4; codecs="avc1.42E01E, mp4a.40.2" screen and (max-width:420px) - + _360p.mp4 @@ -53,7 +48,7 @@ video/webm; codecs="vp9, opus" screen and (min-width:1200px) - + _1080p.webm @@ -62,7 +57,7 @@ video/webm; codecs="vp9, opus" screen and (max-width:1199px) - + _720p.webm @@ -71,11 +66,10 @@ video/webm; codecs="vp9, opus" screen and (max-width:420px) - + _360p.webm - diff --git a/build/xslt/people.xsl b/build/xslt/people.xsl index 0e9c124df2..5410436083 100644 --- a/build/xslt/people.xsl +++ b/build/xslt/people.xsl @@ -1,244 +1,233 @@ - - - + - - - - - - - - - - - - - - yes + + + + + + + + + yes + + + + + row people + + + - - - - - row people - - - + + + + + + + + + + yes - - - - - - - - - - - yes - - - - - - - - - - - - - - + + + + + + + + + - - yes - - - - - - - - person col-xs-12 col-sm-6 - - - - - - , - - - , employee - - - - - - - - - - - - - - - /about/people/avatars/ - - - - - - - - /about/people/avatars/ - - - - - - + + + person col-xs-12 col-sm-6 + + + + + + + + , + + + , employee + + + + + + + + + + + - - /about/people/avatars/default.png + + + + /about/people/avatars/ - - - - - name - - - - - - - - - - - - - + + + + + + + + /about/people/avatars/ + + + + + + + + + + /about/people/avatars/default.png + + + + + + name + + + + + + + - - - email - - - - - - - - - openpgp4fpr: + + + + + + + + + email + + + + + + + + openpgp4fpr: 🐾 - - - - + + + 🔑 - - - - - - - , - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - employee full - - - employee part - - - employee freelancer - - - employee contractor - - - employee intern - - - - - - - - - - - + + + + + + , + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - + + + + + + + + + + + + + + + + employee full + + + employee part + + + employee freelancer + + + employee contractor + + + employee intern + + + + + + + + + + + + + + + + - diff --git a/build/xslt/related.xsl b/build/xslt/related.xsl index d9c1fae661..9ce7a581fe 100644 --- a/build/xslt/related.xsl +++ b/build/xslt/related.xsl @@ -1,43 +1,31 @@ - - - + - - - - - + related-list - + - - + - + - @@ -48,51 +36,46 @@ .html - + - - + + + + - - - - - - + related-news - + - + + - + + - - + related-events - + - + + - + + - @@ -103,12 +86,12 @@ .html - + - - + + + + - - diff --git a/build/xslt/sharebuttons.xsl b/build/xslt/sharebuttons.xsl index 680aa597e7..1251b61b13 100644 --- a/build/xslt/sharebuttons.xsl +++ b/build/xslt/sharebuttons.xsl @@ -1,14 +1,9 @@ - - - + - + @@ -16,8 +11,8 @@ .html - - + + /share GET share-buttons @@ -25,42 +20,44 @@ return event.keyCode != 13;

- +

- radio popup no-share-popup - + hidden ref bottom - + hidden url - + + + - + hidden title - + + + - + n website Please do not put anything here - button share-fediverse - + Fediverse @@ -74,11 +71,13 @@ popup fediverse - no-share-popup + + no-share-popup + text fediversepod - + Fediverse URL (fediverse.tld) @@ -88,7 +87,6 @@ OK - submit @@ -97,13 +95,12 @@ button share-reddit - + Reddit Reddit - submit @@ -112,13 +109,12 @@ button share-hnews - + Hacker News Hacker News - @@ -127,7 +123,6 @@ button share-mail E-Mail - submit @@ -136,13 +131,12 @@ button share-twitter - + Twitter Twitter - submit @@ -151,13 +145,12 @@ button share-facebook - + Facebook Facebook - submit @@ -166,23 +159,15 @@ button share-support - + Support! - -

- - - - - - - - - .

- +

+ . +

+ + - diff --git a/build/xslt/static-elements.xsl b/build/xslt/static-elements.xsl index 3ef472b822..f7e5b8506e 100644 --- a/build/xslt/static-elements.xsl +++ b/build/xslt/static-elements.xsl @@ -1,30 +1,25 @@ - - - - + + - - + + + - + + + - + + + -
@@ -37,61 +32,50 @@
- - - + - - - + + + - - - - - - + - + - + - - .,:;!? "'()[]<>>{} + .,:;!? "'()[]<>>{} - - áàâäãéèêëíìîïóòôöõúùûüçğ + áàâäãéèêëíìîïóòôöõúùûüçğ aaaaaeeeeiiiiooooouuuucg - - + - - + - - + + diff --git a/build/xslt/tags.xsl b/build/xslt/tags.xsl index dc7912afef..b7a4d5e5e6 100644 --- a/build/xslt/tags.xsl +++ b/build/xslt/tags.xsl @@ -1,10 +1,8 @@ - - - + tags @@ -27,9 +25,12 @@ - - + + + + - + + diff --git a/build/xslt/translation_list.xsl b/build/xslt/translation_list.xsl index c1dd429c22..550ac7f788 100644 --- a/build/xslt/translation_list.xsl +++ b/build/xslt/translation_list.xsl @@ -1,30 +1,23 @@ - - - + translations alert - - - close - collapse - #translations - # + closecollapse#translations# × - contribute-translation /contribute/translators/ - + + + - - + @@ -34,8 +27,7 @@ - - ..html + ..html diff --git a/docker-compose.yml b/docker-compose.yml index 2b87cac99e..bbb9c78fad 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,8 +1,14 @@ services: + pre-commit: + build: + context: . + dockerfile: pre-commit.Dockerfile + image: fsfe-websites-pre-commit build: - build: . - image: fsfe-websites - container_name: fsfe-websites + build: + context: . + dockerfile: build.Dockerfile + image: fsfe-websites-build ports: - 2000:2000 - 2100:2100 @@ -11,17 +17,17 @@ services: - 2400:2400 - 2500:2500 secrets: - - KEY_PRIVATE - - KEY_PASSWORD - - GIT_TOKEN + - FSFE_WEBSITE_KEY_PRIVATE + - FSFE_WEBSITE_KEY_PASSWORD + - FSFE_WEBSITE_GIT_TOKEN volumes: - cache:/website-cached volumes: cache: secrets: - KEY_PRIVATE: - environment: KEY_PRIVATE - KEY_PASSWORD: - environment: KEY_PASSWORD - GIT_TOKEN: - environment: GIT_TOKEN + FSFE_WEBSITE_KEY_PRIVATE: + environment: FSFE_WEBSITE_KEY_PRIVATE + FSFE_WEBSITE_KEY_PASSWORD: + environment: FSFE_WEBSITE_KEY_PASSWORD + FSFE_WEBSITE_GIT_TOKEN: + environment: FSFE_WEBSITE_GIT_TOKEN diff --git a/drm.info/default.xsl b/drm.info/default.xsl index 0852e8b191..ea1c71f7fe 100644 --- a/drm.info/default.xsl +++ b/drm.info/default.xsl @@ -1,14 +1,8 @@ - - - - - - - + + + + + + diff --git a/drm.info/drm-info.css b/drm.info/drm-info.css index 505b0c20d3..16096f0afa 100644 --- a/drm.info/drm-info.css +++ b/drm.info/drm-info.css @@ -1,24 +1,23 @@ - body { - background-color: #E1E1E1; - background-image: url("img/drm_bg.png"); - background-size: 70%; - background-position: center top; - background-repeat: repeat-y; - font-family: Verdana,arial,sans-serif; - font-size: 11px; - margin: 0; - padding: 15px; + background-color: #e1e1e1; + background-image: url("img/drm_bg.png"); + background-size: 70%; + background-position: center top; + background-repeat: repeat-y; + font-family: Verdana, arial, sans-serif; + font-size: 11px; + margin: 0; + padding: 15px; } -#translations.alert{ +#translations.alert { margin-right: 23%; - float:right; + float: right; } ul.menu { list-style: none; border: none; - text-align:left; /* LTR */ + text-align: left; /* LTR */ } ul.menu li { margin: 0 0 0 0.5em; /* LTR */ @@ -30,10 +29,9 @@ li.expanded { margin: 0; } -ul.col3 -{ - list-style:none; - text-algn:left; +ul.col3 { + list-style: none; + text-algn: left; } li.collapsed { list-style-type: disc; @@ -70,364 +68,362 @@ ul.links li { padding: 0 0 0.25em 1em; /* LTR */ } - img { - border: 0 none; + border: 0 none; } a { - color: #9A1408; - font-weight: bold; - text-decoration: none; + color: #9a1408; + font-weight: bold; + text-decoration: none; } a:hover { - color: #9A1408; + color: #9a1408; } h1 { - font-size: 1.5em; + font-size: 1.5em; } h2 { - font-size: 1.4em; + font-size: 1.4em; } h3 { - font-size: 1.3em; + font-size: 1.3em; } -h4, h5, h6 { - font-size: 1.2em; +h4, +h5, +h6 { + font-size: 1.2em; } .content_links A { - color: #000000; - font-family: verdana,arial,sans-serif; - font-size: 16px; - font-weight: bold; - text-decoration: underline; + color: #000000; + font-family: verdana, arial, sans-serif; + font-size: 16px; + font-weight: bold; + text-decoration: underline; } .content_links A:hover { - color: #ED9203; + color: #ed9203; } input.loginbox { - background-color: #EFEFEF; - border: 1px solid #999999; - font-size: 11px; - width: 6em; + background-color: #efefef; + border: 1px solid #999999; + font-size: 11px; + width: 6em; } input.loginbutton { - background-color: #990F08; - border: 1px solid #666666; - color: #FFFFFF; - font-size: 11px; + background-color: #990f08; + border: 1px solid #666666; + color: #ffffff; + font-size: 11px; } input { - background-color: #EFEFEF; - border: 1px solid #999999; + background-color: #efefef; + border: 1px solid #999999; } hr.cleaner { - border: medium none; - clear: both; - height: 0; - line-height: 0; - margin: 0; - padding: 0; - visibility: hidden; + border: medium none; + clear: both; + height: 0; + line-height: 0; + margin: 0; + padding: 0; + visibility: hidden; } #header { - text-align: left; - width: 825px; + text-align: left; + width: 825px; } .logo { - background-position: left top; - background-repeat: no-repeat; - margin-left:18%; + background-position: left top; + background-repeat: no-repeat; + margin-left: 18%; } .login { - margin: 0 0 0 620px; - padding-top: 20px; - text-align: left; + margin: 0 0 0 620px; + padding-top: 20px; + text-align: left; } .login A { - color: #990F08; - font-family: verdana,arial,sans-serif; - font-size: 16px; - font-weight: bold; - text-decoration: none; + color: #990f08; + font-family: verdana, arial, sans-serif; + font-size: 16px; + font-weight: bold; + text-decoration: none; } .login A:hover { - color: #ED9203; + color: #ed9203; } .login A.password { - color: #999999; - font-family: verdana,arial,sans-serif; - font-size: 12px; - font-weight: bold; - text-decoration: none; + color: #999999; + font-family: verdana, arial, sans-serif; + font-size: 12px; + font-weight: bold; + text-decoration: none; } .login A.password:hover { - color: #000000; + color: #000000; } .login A.lang { - color: #000000; - font-family: verdana,arial,sans-serif; - font-size: 13px; - font-weight: bold; - padding: 2px; - text-decoration: none; + color: #000000; + font-family: verdana, arial, sans-serif; + font-size: 13px; + font-weight: bold; + padding: 2px; + text-decoration: none; } .login A.lang:hover { - color: #990F08; + color: #990f08; } .slogan1 { - color: #999999; - font-family: verdana,arial,sans-serif; - font-size: 14px; - font-weight: bold; - left: 331px; - position: relative; - top: 94px; + color: #999999; + font-family: verdana, arial, sans-serif; + font-size: 14px; + font-weight: bold; + left: 331px; + position: relative; + top: 94px; } .slogan2 { - color: #FFFFFF; - font-family: verdana,arial,sans-serif; - font-size: 11px; - left: 98px; - position: relative; - top: 159px; + color: #ffffff; + font-family: verdana, arial, sans-serif; + font-size: 11px; + left: 98px; + position: relative; + top: 159px; } #menu { - margin-top: 0px; - width: 825px; - height: 34px; - background-color: #900; - border-radius: 12px; -/* background-image: url("img/drm_navi.png"); */ -/* background-repeat: no-repeat; */ -/* background-position: top left; */ - text-align: center; - margin-left:18%; - margin-right:auto; + margin-top: 0px; + width: 825px; + height: 34px; + background-color: #900; + border-radius: 12px; + /* background-image: url("img/drm_navi.png"); */ + /* background-repeat: no-repeat; */ + /* background-position: top left; */ + text-align: center; + margin-left: 18%; + margin-right: auto; } #menu .container { - padding: 8px; + padding: 8px; } #menu .container A { - padding-left: 10px; - padding-right: 10px; - font-family: verdana, arial, sans-serif; - font-size: 16px; - font-weight: bold; - color: #FFF; - text-decoration: none; + padding-left: 10px; + padding-right: 10px; + font-family: verdana, arial, sans-serif; + font-size: 16px; + font-weight: bold; + color: #fff; + text-decoration: none; } #menu .container A:hover { - color: #ed9203; + color: #ed9203; } #submenu { - margin-top: 4px; - width: 825px; - height: 28px; - text-align: center; + margin-top: 4px; + width: 825px; + height: 28px; + text-align: center; } #submenu A { - padding-left: 10px; - padding-right: 10px; - font-family: verdana, arial, sans-serif; - font-size: 14px; - font-weight: bold; - color: #666; - text-decoration: none; + padding-left: 10px; + padding-right: 10px; + font-family: verdana, arial, sans-serif; + font-size: 14px; + font-weight: bold; + color: #666; + text-decoration: none; } #submenu A:hover { - color: #ed9203; + color: #ed9203; } #body { - margin-top: 10px; - text-align: start; - width: 75%; - margin-inline-start:18%; - + margin-top: 10px; + text-align: start; + width: 75%; + margin-inline-start: 18%; } .inner-content { - width:44%; - font-size:13px; - position: absolute; + width: 44%; + font-size: 13px; + position: absolute; } #blocks TABLE { } .form-submit { - background-color: #990F08; - border: 1px solid #666666; - color: #FFFFFF; - font-size: 11px; + background-color: #990f08; + border: 1px solid #666666; + color: #ffffff; + font-size: 11px; } .col1 { - float: left; - margin: 0; - padding: 0; - width: 114px; + float: left; + margin: 0; + padding: 0; + width: 114px; } .col2 { - padding: 0; - width: 660px; - margin-left:auto; - margin-right:auto; + padding: 0; + width: 660px; + margin-left: auto; + margin-right: auto; } .col3 { - width: 10%; - margin-inline-start: 65%; + width: 10%; + margin-inline-start: 65%; } .contenido { - background-color: #FFFFFF; - font-family: verdana,arial,sans-serif; - font-size: 12px; - width: 660px; + background-color: #ffffff; + font-family: verdana, arial, sans-serif; + font-size: 12px; + width: 660px; } .even { - color: #999999; - font-family: verdana,arial,sans-serif; - font-size: 12px; + color: #999999; + font-family: verdana, arial, sans-serif; + font-size: 12px; } .odd { - color: #9A1408; - font-family: verdana,arial,sans-serif; - font-size: 12px; + color: #9a1408; + font-family: verdana, arial, sans-serif; + font-size: 12px; } .active { - font-size: 12px; + font-size: 12px; } .help { - color: #999999; - font-family: verdana,arial,sans-serif; - font-size: 12px; + color: #999999; + font-family: verdana, arial, sans-serif; + font-size: 12px; } .description { - color: #999999; - font-family: verdana,arial,sans-serif; - font-size: 10px; - margin-bottom: 0; - width: 500px; + color: #999999; + font-family: verdana, arial, sans-serif; + font-size: 10px; + margin-bottom: 0; + width: 500px; } .description2 A { - color: #999999; - font-family: verdana,arial,sans-serif; - font-size: 10px; - margin-bottom: 0; + color: #999999; + font-family: verdana, arial, sans-serif; + font-size: 10px; + margin-bottom: 0; } .description2 A:hover { - color: #9A1408; - font-family: verdana,arial,sans-serif; - font-size: 10px; - text-decoration: underline; + color: #9a1408; + font-family: verdana, arial, sans-serif; + font-size: 10px; + text-decoration: underline; } .block_links A { - font-family: verdana,arial,sans-serif; - font-size: 10px; + font-family: verdana, arial, sans-serif; + font-size: 10px; } .block_links A:hover { - color: #999999; - font-family: verdana,arial,sans-serif; - font-size: 10px; - text-decoration: underline; + color: #999999; + font-family: verdana, arial, sans-serif; + font-size: 10px; + text-decoration: underline; } .title { - color: #000000; - font-family: verdana,arial,sans-serif; - font-size: 13px; - font-weight: bold; - margin-bottom: 5px; + color: #000000; + font-family: verdana, arial, sans-serif; + font-size: 13px; + font-weight: bold; + margin-bottom: 5px; } .option { - font-family: verdana,arial,sans-serif; - font-size: 12px; - width: 500px; + font-family: verdana, arial, sans-serif; + font-size: 12px; + width: 500px; } .tabs { - color: #999999; - font-size: 12px; - margin-bottom: 0; + color: #999999; + font-size: 12px; + margin-bottom: 0; } .borders { - margin: 0; - padding: 0; + margin: 0; + padding: 0; } .borders_top { - background-image: url("img/drm_contentbg_top.png"); - background-position: left top; - background-repeat: no-repeat; - height: 29px; - margin: 0; - padding: 0; - width: 660px; + background-image: url("img/drm_contentbg_top.png"); + background-position: left top; + background-repeat: no-repeat; + height: 29px; + margin: 0; + padding: 0; + width: 660px; } .borders_bottom { - background-image: url("img/drm_contentbg_bottom.png"); - background-position: left top; - background-repeat: no-repeat; - height: 30px; - margin: 0; - padding: 0; - width: 660px; + background-image: url("img/drm_contentbg_bottom.png"); + background-position: left top; + background-repeat: no-repeat; + height: 30px; + margin: 0; + padding: 0; + width: 660px; } .inner_content { - background-image: url("img/drm_contentbg_middle.png"); - background-repeat: repeat-y; - font-family: verdana,arial,sans-serif; - font-size: 13px; - padding-left: 20px; - padding-right: 30px; + background-image: url("img/drm_contentbg_middle.png"); + background-repeat: repeat-y; + font-family: verdana, arial, sans-serif; + font-size: 13px; + padding-left: 20px; + padding-right: 30px; } .title1 { - color: #990F08; - font-family: verdana,arial,sans-serif; - font-size: 16px; - font-weight: bold; + color: #990f08; + font-family: verdana, arial, sans-serif; + font-size: 16px; + font-weight: bold; } .title2 { - color: #990F08; - font-family: verdana,arial,sans-serif; - font-size: 14px; - font-weight: bold; + color: #990f08; + font-family: verdana, arial, sans-serif; + font-size: 14px; + font-weight: bold; } .breadcrumb { - color: #999999; - font-family: verdana,arial,sans-serif; - font-size: 11px; - font-weight: bold; + color: #999999; + font-family: verdana, arial, sans-serif; + font-size: 11px; + font-weight: bold; } .node { - margin-bottom: 0; - padding: 10px; + margin-bottom: 0; + padding: 10px; } .profile { - margin-bottom: 0; - padding: 10px; + margin-bottom: 0; + padding: 10px; } .node.sticky { - background: none repeat scroll 0 0 #CCCCCC; + background: none repeat scroll 0 0 #cccccc; } .node .submitted { - color: #999999; - font-size: 9px; + color: #999999; + font-size: 9px; } .node h2 { - margin-top: 3px; - padding-top: 0; + margin-top: 3px; + padding-top: 0; } .node .info { - font-size: 0.83em; - font-style: italic; - text-align: left; + font-size: 0.83em; + font-style: italic; + text-align: left; } .node .links { - padding-left: 10px; + padding-left: 10px; } #footer { - margin-top: 30px; - text-align: center; - width: 825px; + margin-top: 30px; + text-align: center; + width: 825px; } - - diff --git a/drm.info/xslt/drm_info_body.xsl b/drm.info/xslt/drm_info_body.xsl index 56dd16f6e9..95d767d7e0 100644 --- a/drm.info/xslt/drm_info_body.xsl +++ b/drm.info/xslt/drm_info_body.xsl @@ -1,32 +1,24 @@ - - - + https://fsfe.org - - - - - - + + + + top ltr - logo - - slogan1 + slogan1 Digital Restrictions Management - - slogan2 + slogan2 What you should know about Digital Restrictions Management - http://drm.info @@ -34,75 +26,65 @@ DRM.Info - + - - + menu - + container - - links + links menu-302 first - - what-is-drm.html + what-is-drm.html What is DRM - menu-302 first - - citizen-rights.html + menu-302 first + citizen-rights.html Citizens Rights - menu-302 first - - losing-heritage.html + menu-302 first + losing-heritage.html Losing heritage - - menu-302 first - - privacy.html + menu-302 first + privacy.html Privacy - - menu-302 first - - creativity.html + + menu-302 first + creativity.html Creativity - - menu-302 first - - act-now.html + + menu-302 first + act-now.html Act! - + - - - body - - - - col3 - Powered By + + body + + + col3 + Powered By links - https://fsfe.org/ + + https://fsfe.org/ logos/logosmall.png FSFE @@ -111,51 +93,52 @@ - - - In Collaboration with - - links - - https://digitalegesellschaft.de/ - - logos/digitalle-gesellschaft-logo.png - Digitalle Gesellschaft - Digitalle Gesellschaft - - - - - http://www.defectivebydesign.org/ - - logos/dbd-logo-small.png - Defective By Design - Defective By Design - - - - - http://www.eff.org/ - - logos/EFF-logo-trans.thumbnail.png - Electronic Frontier Foundation - Electronic Frontier Foundation - - - - - http://www.ccc.de/ - - logos/ccc.png - Chaos Computer Club - Chaos Computer Club - - - - - + In Collaboration with + + links + + + https://digitalegesellschaft.de/ + + logos/digitalle-gesellschaft-logo.png + Digitalle Gesellschaft + Digitalle Gesellschaft + + + + + + http://www.defectivebydesign.org/ + + logos/dbd-logo-small.png + Defective By Design + Defective By Design + + + + + + http://www.eff.org/ + + logos/EFF-logo-trans.thumbnail.png + Electronic Frontier Foundation + Electronic Frontier Foundation + + + + + + http://www.ccc.de/ + + logos/ccc.png + Chaos Computer Club + Chaos Computer Club + + + + + - - + diff --git a/drm.info/xslt/drm_info_head.xsl b/drm.info/xslt/drm_info_head.xsl index 179bdab53d..0382dad864 100644 --- a/drm.info/xslt/drm_info_head.xsl +++ b/drm.info/xslt/drm_info_head.xsl @@ -1,22 +1,15 @@ - - - + - stylesheet all drm-info.css text/css - - - - diff --git a/fsfe.org/about/README.timeline.md b/fsfe.org/about/README.timeline.md index d6b16e5381..405f8b346b 100644 --- a/fsfe.org/about/README.timeline.md +++ b/fsfe.org/about/README.timeline.md @@ -1,110 +1,103 @@ # Timeline SVG maintenance -The SVG file of the timeline isn't easy to maintain, mainly because of the -appearing bubbles and the links when clicking on an event. This document shall +The SVG file of the timeline isn't easy to maintain, mainly because of the +appearing bubbles and the links when clicking on an event. This document shall help you in case you are the poor person having to do that (hi future Me!) ;) -Alert: I'm using a localised version of Inkscape so maybe some labels are +Alert: I'm using a localised version of Inkscape so maybe some labels are different to your English version. - ## Positioning of elements -Inkscape will help you with positioning the various elements correctly. Use the -"Arrange" tool wisely. +Inkscape will help you with positioning the various elements correctly. Use the +"Arrange" tool wisely. -To set the events at the correct vertical line, dock it to the inner border of -on of the four the greenish bars, then move it one large (Shift+Arrow) and one -small (Arrow) to the outer side. Don't ask why, but this is how it was invented +To set the events at the correct vertical line, dock it to the inner border of +on of the four the greenish bars, then move it one large (Shift+Arrow) and one +small (Arrow) to the outer side. Don't ask why, but this is how it was invented (shame on you, past Me!). - ## Name scheme -The four bars are internally numbered, from 1 to 4 from left to right. This +The four bars are internally numbered, from 1 to 4 from left to right. This will become important when we come to naming the bubbles. -The only elements that need proper naming are the (invisible) bubbles. They +The only elements that need proper naming are the (invisible) bubbles. They consist of 5 digits: $bar_number $month(2) $year(2) 20815 means: 2nd bar (Policy), 08 2015 - ## Unhide all bubbles -If you open the file, the bubbles won't be visible and editable. You have to -unhide them first. Mark the "bubbles" layer, go to "Object" in the menu bar and +If you open the file, the bubbles won't be visible and editable. You have to +unhide them first. Mark the "bubbles" layer, go to "Object" in the menu bar and click "Unhide all". You now see all bubbles at once, overlapping each other. - ## Hide bubbles -Click on a bubble and open the "object preferences" (Shift+Ctrl+O). Click on -the "hide" checkbox to make it disappear. To change the visibility status of a -hidden element, you can find it with the search function if you know its name -(look at "name scheme" above). You have to check the "include hidden elements" +Click on a bubble and open the "object preferences" (Shift+Ctrl+O). Click on +the "hide" checkbox to make it disappear. To change the visibility status of a +hidden element, you can find it with the search function if you know its name +(look at "name scheme" above). You have to check the "include hidden elements" box for that. - ## Setting links -All items (layer "points") have a link to click on. Just right-click on the -event and click "link preferences" and edit the "Href" attribute. Remember to -set the Target to "_blank" to open a link in a new window when you click on it. - +All items (layer "points") have a link to click on. Just right-click on the +event and click "link preferences" and edit the "Href" attribute. Remember to +set the Target to "\_blank" to open a link in a new window when you click on it. ## Hover bubbles -When you hover over an event, it makes a bubble appear - and disappear as soon -as you hover out. This is the trickiest (and most fiddly) part, and needs two +When you hover over an event, it makes a bubble appear - and disappear as soon +as you hover out. This is the trickiest (and most fiddly) part, and needs two things: a bubble with the correct name, and an event with the current function. -First, give the bubble a proper name, following the "name scheme" from above. -This is tricky because sometimes it selects a single element of the bubble -instead of the whole group (or something). Sometimes I had to make two double -clicks in a row on a bubble to get the correct setting mask. If you copy an -existing bubble, rename it first, then edit it's content! Much easier, trust +First, give the bubble a proper name, following the "name scheme" from above. +This is tricky because sometimes it selects a single element of the bubble +instead of the whole group (or something). Sometimes I had to make two double +clicks in a row on a bubble to get the correct setting mask. If you copy an +existing bubble, rename it first, then edit it's content! Much easier, trust me... -After that, go to the respective event for this bubble (I assume you have moved -the bubble to a fitting position). Open the object preferences, click on -"interactivity". If "onmouseover" and "onmouseout" are blank, try to -double-click on the event again, and append a single click. For me this worked. -For your new event, copy the two strings and just update the 5 digits with the -name you gave the bubble. This name has to be unique! +After that, go to the respective event for this bubble (I assume you have moved +the bubble to a fitting position). Open the object preferences, click on +"interactivity". If "onmouseover" and "onmouseout" are blank, try to +double-click on the event again, and append a single click. For me this worked. +For your new event, copy the two strings and just update the 5 digits with the +name you gave the bubble. This name has to be unique! -If there are two events from the same month and year in the same bar, append a +If there are two events from the same month and year in the same bar, append a "b" to it or something, and reflect this to the onmouseover/-out settings. -After that, just hide the bubble (again). Click on it, open the object's +After that, just hide the bubble (again). Click on it, open the object's preferences and mark the hide checkbox. -Hint: If you can't get to the preferences again because you can just select the -bubble's text or something, click the Esc button, or on a different element in +Hint: If you can't get to the preferences again because you can just select the +bubble's text or something, click the Esc button, or on a different element in the file. Helps sometimes. - ## Publish on website -If you didn't change the page size of the document, you can just commit the new -SVG file. Please remember to export the file to PNG and also commit that. This +If you didn't change the page size of the document, you can just commit the new +SVG file. Please remember to export the file to PNG and also commit that. This is important as a fallback for poor old-IE users and non-Javascript users. -If you changed the size of the page (because you added more years for example), -you may have to edit the source code of the file to make internet browser show -the whole document instead of blank nothing. +If you changed the size of the page (because you added more years for example), +you may have to edit the source code of the file to make internet browser show +the whole document instead of blank nothing. Open the SVG file in a text editor and set following values: - viewBox="0 0 $WIDTH $HEIGHT" +viewBox="0 0 $WIDTH $HEIGHT" - width="100%" - height="100%" +width="100%" +height="100%" -You can get the width and height from the document settings in Inkscape. The +You can get the width and height from the document settings in Inkscape. The 100% always stay the same. Of course, "$" will have to be removed. -In the same step you might also want to anonymise the -"inkscape:export-filename" value since it might reveal your name or the folder -naming scheme (FSFE's president might not want you to use +In the same step you might also want to anonymise the +"inkscape:export-filename" value since it might reveal your name or the folder +naming scheme (FSFE's president might not want you to use /home/user/shittyFSFEworkCrap/ as the directory name). diff --git a/fsfe.org/about/associates/associates.xsl b/fsfe.org/about/associates/associates.xsl index b8b2b700ce..69440a5ed3 100644 --- a/fsfe.org/about/associates/associates.xsl +++ b/fsfe.org/about/associates/associates.xsl @@ -1,20 +1,18 @@ - - - - + + - +

- + - + + +

- + - - diff --git a/fsfe.org/about/codeofconduct.xsl b/fsfe.org/about/codeofconduct.xsl index 5b7d65f1d0..a8701ac20c 100644 --- a/fsfe.org/about/codeofconduct.xsl +++ b/fsfe.org/about/codeofconduct.xsl @@ -1,13 +1,11 @@ - - - - - + + + - + diff --git a/fsfe.org/about/graphics/sponsoring/source/genyear.sh b/fsfe.org/about/graphics/sponsoring/source/genyear.sh index 6b08c48ea9..bcbc1f3bd6 100755 --- a/fsfe.org/about/graphics/sponsoring/source/genyear.sh +++ b/fsfe.org/about/graphics/sponsoring/source/genyear.sh @@ -9,30 +9,30 @@ template="$(dirname "$0")/button_template.svg" tempfile="$(mktemp --suffix '.svg')" if [ -z "$year" ]; then - echo "Usage: $0 year [outputdir]" - exit 1 + echo "Usage: $0 year [outputdir]" + exit 1 fi [ -z "$odir" ] && odir=. for type in Donor BronzeDonor SilverDonor GoldDonor; do - for size in huge=900 large=600 medium=300 small=200; do - s_nam=$(echo $size |cut -d= -f1) - s_num=$(echo $size |cut -d= -f2) - sed -r "s:#DONORTYPE#:${type}:;s:#YEAR#:${year}:" "$template" >"${tempfile}" + for size in huge=900 large=600 medium=300 small=200; do + s_nam=$(echo $size | cut -d= -f1) + s_num=$(echo $size | cut -d= -f2) + sed -r "s:#DONORTYPE#:${type}:;s:#YEAR#:${year}:" "$template" >"${tempfile}" - fname="${odir}/${type}${year}_w_${s_nam}.png" - inkscape -C -o "${fname}" -d 300 -w $s_num -b "#FFFFFF" "$tempfile" - done + fname="${odir}/${type}${year}_w_${s_nam}.png" + inkscape -C -o "${fname}" -d 300 -w $s_num -b "#FFFFFF" "$tempfile" + done - for size in huge=900 large=600 medium=300 small=200; do - s_nam=$(echo $size |cut -d= -f1) - s_num=$(echo $size |cut -d= -f2) - sed -r "s:#DONORTYPE#:${type}:;s:#YEAR#:${year}:" "$template" >"${tempfile}" + for size in huge=900 large=600 medium=300 small=200; do + s_nam=$(echo $size | cut -d= -f1) + s_num=$(echo $size | cut -d= -f2) + sed -r "s:#DONORTYPE#:${type}:;s:#YEAR#:${year}:" "$template" >"${tempfile}" - fname="${odir}/${type}${year}_t_${s_nam}.png" - inkscape -C -o "${fname}" -d 300 -w $s_num "$tempfile" - done + fname="${odir}/${type}${year}_t_${s_nam}.png" + inkscape -C -o "${fname}" -d 300 -w $s_num "$tempfile" + done done rm "${tempfile}" diff --git a/fsfe.org/about/graphics/sponsoring/sponsoring.xsl b/fsfe.org/about/graphics/sponsoring/sponsoring.xsl index 892f2f30ce..7f850d465e 100644 --- a/fsfe.org/about/graphics/sponsoring/sponsoring.xsl +++ b/fsfe.org/about/graphics/sponsoring/sponsoring.xsl @@ -1,84 +1,67 @@ - - - - + + - - - + + + + + - donor- - - + + donor- + + + + + + + - + + 0 - + + - /_w_medium.png + /_w_medium.png - : + : [ - - /_w_huge.png - - + /_w_huge.png ], [ - - /_w_large.png - - + /_w_large.png ], [ - - /_w_medium.png - - + /_w_medium.png ], [ - - /_w_small.png - - + /_w_small.png ] - : + : [ - - /_t_huge.png - - + /_t_huge.png ], [ - - /_t_large.png - - + /_t_large.png ], [ - - /_t_medium.png - - + /_t_medium.png ], [ - - /_t_small.png - - + /_t_small.png ] - diff --git a/fsfe.org/about/people/index.xsl b/fsfe.org/about/people/index.xsl index fe1088f3d1..406172e97b 100644 --- a/fsfe.org/about/people/index.xsl +++ b/fsfe.org/about/people/index.xsl @@ -1,25 +1,20 @@ - - - - - + + + - - + - - + - + - diff --git a/fsfe.org/about/people/testimonials.xsl b/fsfe.org/about/people/testimonials.xsl index 2db9c6dc0c..df269929b0 100644 --- a/fsfe.org/about/people/testimonials.xsl +++ b/fsfe.org/about/people/testimonials.xsl @@ -1,17 +1,12 @@ - - + - - - - @@ -22,12 +17,9 @@ - - - @@ -37,75 +29,54 @@ - - + + - - - + + + + text-center - btn btn-success https://my.fsfe.org/support - + - - + + + + - - - - - - + - 0 - quote-list - + - - - - - with-image-right - img-container img-square @@ -116,10 +87,11 @@ - - + + + + - @@ -128,38 +100,47 @@ source - complementary - + + + fa fa-video-camera fa-lg - - + + + + - complementary - + + + fa fa-microphone fa-lg - - + + + + - - - + + + + + + diff --git a/fsfe.org/about/softwarefreedom/testimonials.xsl b/fsfe.org/about/softwarefreedom/testimonials.xsl index 94724adfaa..1e26d0e65c 100644 --- a/fsfe.org/about/softwarefreedom/testimonials.xsl +++ b/fsfe.org/about/softwarefreedom/testimonials.xsl @@ -1,17 +1,12 @@ - - + - - - - @@ -22,12 +17,9 @@ - - - @@ -37,79 +29,59 @@ - - + + - - - + + + + text-center - btn btn-success https://my.fsfe.org/support - + - - + + + + - - - - - - + - 0 - quote-list - + - - - - - - - - - - - - - - - - + + + + + + + + + + - + + diff --git a/fsfe.org/activities/ada-zangemann/book-reviews.xsl b/fsfe.org/activities/ada-zangemann/book-reviews.xsl index 026022a56e..f3b6fdfd4e 100644 --- a/fsfe.org/activities/ada-zangemann/book-reviews.xsl +++ b/fsfe.org/activities/ada-zangemann/book-reviews.xsl @@ -1,17 +1,12 @@ - - + - - - - @@ -22,12 +17,9 @@ - - - @@ -35,81 +27,61 @@ - + - - + + - - - + + + + text-center - btn btn-success https://my.fsfe.org/support - + - - + + + + - - - - - - + - 0 - quote-list - + - - - - - - - - - - - - - - - - + + + + + + + + + + - + + diff --git a/fsfe.org/activities/ada-zangemann/drawings.xsl b/fsfe.org/activities/ada-zangemann/drawings.xsl index 04339705e6..9bc87a7143 100644 --- a/fsfe.org/activities/ada-zangemann/drawings.xsl +++ b/fsfe.org/activities/ada-zangemann/drawings.xsl @@ -1,22 +1,20 @@ - - + -
- - - - - - + + + + + +
- - (by ) + + (by )
diff --git a/fsfe.org/activities/ada-zangemann/letters.xsl b/fsfe.org/activities/ada-zangemann/letters.xsl index 5d1f5d7ad9..9055b3a2e0 100644 --- a/fsfe.org/activities/ada-zangemann/letters.xsl +++ b/fsfe.org/activities/ada-zangemann/letters.xsl @@ -1,17 +1,12 @@ - - + - - - - @@ -22,12 +17,9 @@ - - - @@ -35,90 +27,69 @@ - + - - + + - - - + + + + text-center - btn btn-success https://my.fsfe.org/support - + - - + + + + - - - - - - + - 0 - quote-list - + - - - - - - - - + + + + + + + + + + + letter-to-zangemann + + + + + + + - - - - - - - letter-to-zangemann - - - - - - - - - - - + + diff --git a/fsfe.org/activities/default.xsl b/fsfe.org/activities/default.xsl index 7d3cbcf82a..be5bdf72cb 100644 --- a/fsfe.org/activities/default.xsl +++ b/fsfe.org/activities/default.xsl @@ -1,8 +1,6 @@ - - - - + + @@ -24,7 +22,7 @@ - + @@ -32,7 +30,7 @@ - + @@ -48,7 +46,7 @@ - + @@ -56,7 +54,7 @@ - + @@ -65,7 +63,6 @@ - @@ -81,7 +78,6 @@ activitylogo - @@ -94,17 +90,19 @@ status - + + + - - - + + + + - diff --git a/fsfe.org/activities/ilovefs/index.xsl b/fsfe.org/activities/ilovefs/index.xsl index f0e1c1cc00..a2dd4f875d 100644 --- a/fsfe.org/activities/ilovefs/index.xsl +++ b/fsfe.org/activities/ilovefs/index.xsl @@ -1,20 +1,21 @@ - - - - + + - + - - - - - - + + + + - - + { 'photo': 'https://download.fsfe.org/campaigns/ilovefs/share-pics/picturebox/Share-Pic-.jpg', 'link': 'https://download.fsfe.org/campaigns/ilovefs/share-pics/picturebox/Share-Pic-.jpg', }, - - - - - - + - diff --git a/fsfe.org/activities/ilovefs/report/report_2024.xsl b/fsfe.org/activities/ilovefs/report/report_2024.xsl index 408e18e97c..685ca63268 100644 --- a/fsfe.org/activities/ilovefs/report/report_2024.xsl +++ b/fsfe.org/activities/ilovefs/report/report_2024.xsl @@ -1,20 +1,21 @@ - - - - + + - + - - - - - - + + + + - - + { 'photo': 'https://download.fsfe.org/campaigns/ilovefs/share-pics/picturebox/Share-Pic-.jpg', 'link': 'https://download.fsfe.org/campaigns/ilovefs/share-pics/picturebox/Share-Pic-.jpg', }, - - - - - - + - - - - + + - - - - - + + + + - - + { 'photo': 'https://download.fsfe.org/campaigns/ilovefs/share-pics/picturebox-report-2024/Pic-.jpg', 'link': 'https://download.fsfe.org/campaigns/ilovefs/share-pics/picturebox-report-2024/Pic-.jpg', }, - - - - - - + - diff --git a/fsfe.org/activities/ilovefs/whylovefs/gallery.xsl b/fsfe.org/activities/ilovefs/whylovefs/gallery.xsl index f4ee94a406..42070b122f 100644 --- a/fsfe.org/activities/ilovefs/whylovefs/gallery.xsl +++ b/fsfe.org/activities/ilovefs/whylovefs/gallery.xsl @@ -1,41 +1,40 @@ - - - - - - - - + - - - - - + + + + - - + { 'photo': 'https://download.fsfe.org/campaigns/ilovefs/share-pics/picturebox-report-2024/Pic-.jpg', 'link': 'https://download.fsfe.org/campaigns/ilovefs/share-pics/picturebox-report-2024/Pic-.jpg', }, - - - - - - + - - - - - + + + + + + - - + + + + - - - + captioned left @@ -105,10 +99,12 @@ The generated list will start at the largest number ('to' aka 'max') and end wit https://download.fsfe.org/campaigns/ilovefs/gallery/thumbs/ilovefs-gallery-thumb-.jpg A picture of one or more Free Software loving persons 100% - - - - + + + + + + captioned right @@ -119,19 +115,21 @@ The generated list will start at the largest number ('to' aka 'max') and end wit https://download.fsfe.org/campaigns/ilovefs/gallery/thumbs/ilovefs-gallery-thumb-.jpg A picture of one or more Free Software loving persons 100% - - - - + + + + + + - + + - diff --git a/fsfe.org/activities/ms-vs-eu/fsfe-statement.html b/fsfe.org/activities/ms-vs-eu/fsfe-statement.html index ce483cf749..5cfa606bb1 100644 --- a/fsfe.org/activities/ms-vs-eu/fsfe-statement.html +++ b/fsfe.org/activities/ms-vs-eu/fsfe-statement.html @@ -1,760 +1,940 @@ - + - FSF Europe - Comments to Case No. COMP/C-3/37.792 Microsoft + FSF Europe - Comments to Case No. COMP/C-3/37.792 Microsoft - - -

Comments to Case No. COMP/C-3/37.792 of the European Commission against Microsoft Corporation

- -

Free Software Foundation Europe e.V.

-

Essen, 21 January 2002

- -

Contents

- - - -

1 Introduction

- -

1.1 About the Free Software Foundation Europe

- -

1. The Free Software Foundation Europe e.V. ("FSF - Europe") is a charitable association (e.V. in Germany) dedicated - to promoting computer users' right to use, study, copy, modify, and - redistribute computer programs in Europe. The FSF Europe promotes the - development and use of free (as in freedom) software - particularly - the GNU operating system - and free (as in freedom) - documentation. The FSF Europe also helps to spread awareness of the - ethical and political issues of freedom in the use of software.

- -

2. The FSF Europe is an acknowledged sister organisation of the - Free Software Foundation (FSF) in Boston, USA, dedicated to the same - goals.

- -

3. The FSF (including the FSF Europe) has always observed and - commented on attempts to lock up the software market and exclude new - entrants. This includes many actions by Microsoft Corporation - ("Microsoft") that are against free competition, sometimes - directly against the Free Software Movement, but not limited to - that. The FSF Europe's expertise includes analysing the economic and - technological effects of such actions on the software market from an - insider's point of view.

- -

4. When the FSF Europe became aware of Case No. COMP/C-3/37.792 of - the European Commission against Microsoft, it applied for status as - an interested third party. This status was granted on 12 December - 2001. On 27 December 2001, the FSF Europe received the - non-confidential versions of the Commission's Statements of - Objections and Microsoft answers. In the present paper, we are - commenting on Microsoft's response (of 16 November 2001) of the - second Statement of Objections (of 29 August 2001).

- -

1.2 Microsoft and Free Software

- -

5. Free software, and in particular the GNU/Linux operating system - (the GNU system with the Linux kernel added), now holds a substantial - and increasing share of the operating system market. Microsoft cited - this system as its principal competitor and is using various methods - to attack the Free Software Movement. These attacks are usually - performed using monopolistic practices similar to those used in the - conventional software market. We believe that some of Microsoft's - methods of attack are abusive and should be brought to an end..

- -

2 The Relevant Markets

- -

6. In ¶¶ 139-143 of its Response to the Second Statement - of Objections, Microsoft argues against the European Commission's - definition of the relevant markets..

- -

7. In contrast, the FSF Europe agrees with the analysis of the - relevant product markets by the European Commission as stated in the - Second Statement of Objections, ¶¶ 94-119..

- -

8. We think that Europe needs to insist that Microsoft allow - compatible competition for all aspects of their newly introduced - software products world-wide, not just in Europe, in order - to get permission to sell them in Europe..

- -

9. The reason is that the software market is world-wide: If - Microsoft is the only alternative that people in the USA (say) are - allowed to use, that can make other alternatives commercially - unviable everywhere..

- -

3 Interoperability

- -

10. One of the main objections of the EU Commission is Microsoft's - refusal to disclose information about the network protocols - (interfaces) necessary to achieve full inter-operability with (a) - Microsoft's Active Directory Services, (b) Microsoft's version of the - Kerberos protocol, (c) Microsoft's Encrypted File System, (d) - Microsoft's Group Policies, and (e) Microsoft's Common Internet File - System. (See the Second Statement of Objections, ¶¶ - 37-61.).

- -

3.1 Microsoft's Strategy

- -

11. The Halloween Documents (see Appendix - B) give evidence that Microsoft employees tend to suggest to - extend existing protocols and to develop new, complex protocols with - the intention to prevent competing free software from entering into - the market..

- -

12. Analyses by the developers of the free software Samba and - Samba-TNG (see Appendix C) indicate that - Microsoft's protocols are designed in a highly interdependent way: - Each (proprietary) protocol depends on the correct implementation of - another (proprietary) protocol to work properly. Full functionality - and inter-operability can only be achieved when all protocols - are known..

- -

13. There are exceptions where Microsoft did disclose some of its - protocols (see Appendix C.3). Some of - these cases occurred where a lack of inter-operability would have - resulted in a loss for Microsoft. In some other cases, Microsoft - needed third-party help in order to fix a serious security hole in - one of its products..

- -

14. If, in some rare cases, disclosure of information was offered - at all, it was offered under very restrictive licensing conditions - including non-disclosure agreements which made it impossible to use - that information in free software..

- -

3.2 Possible Results

- -

15. Appendix D cites an article describing a - speculative, but possible scenario how Microsoft can extend its - current dominance from the desktop and workgroup server market to the - whole Internet - i.e. all server markets - using the same methods as - those described in the Second Statement of Objections, ¶¶ - 37-61.

- -

16. We believe the scenario in the article is a possible one. - Microsoft has already spoken of plans to attack GNU/Linux using - secret or patented protocols, and it has already implemented a secret - modified version of the Kerberos protocol.

- -

17. Of course, the article is speculation. Microsoft may not use - this particular scheme. It may have been planning to do this but be - deterred by the publication of this article. In any case, there are - many other possible variations that could lead to similar - results.

- -

18. The European Union is in position to prevent this scheme, and - other such schemes, through its regulatory mechanisms, if it requires - that any new Microsoft protocol be published in such a way that - everyone can implement it without restriction.

- -

19. Microsoft will no doubt propose to license use of the new - protocol under some "nondiscriminatory license terms". - Such a proposal would be a trap, since these - "nondiscriminatory" license terms can easily be set up to - prohibit free software. They would be "nondiscriminatory" - in the sense that they would offer the same license terms to - everyone, but these terms would not allow anyone to develop free - software.

- -

3.3 Interoperability between Existing Software Products

- -

20. In ¶¶ 10-18, 39, 51-53, 62-70, and 94-97 of its - Response to the Second Statement of Objections, Microsoft states that - third-parties did succeed in achieving inter-operability with - Microsoft's server products, that the work needed to achieve this - degree of inter-operability was inevitable.

- -

21. As the developers of Samba can confirm (see Appendix Samba), the documentation provided by - Microsoft was by no means sufficient to achieve this degree of - inter-operability. Most of the information was obtained by - reverse-engineering. As a rough estimate, about 100 man-years of work - could have been saved if the protocols had been sufficiently - documented.

- -

22. Furthermore, as even Microsoft admits in ¶¶ 10-17 of - its Response to the Second Statement of Objections, existing products - of competitors (including Samba) do not inter-operate seamlessly with - Microsoft's server products.

- -

3.4 Degrees of Interoperability

- -

23. According to Microsoft, this reduced ("loose") - degree of inter-operability is inevitable between the products of - different vendors due to differences in design.

- -

24. There is a prominent example which demonstrates that full - ("tight") inter-operability is possible even between totally - different systems of independent vendors: the Internet. The existence - of the open RfC standards allows, for instance, email clients and - servers of different vendors to inter-operate seamlessly. The same - holds for the World Wide Web and a large variety of IP-based - services.

- -

3.5 Third-Parties' Goals

- -

25. In ¶¶ 16-19 of its Response to the Second Statement - of Objections, Microsoft states that the complainants' true interest - was to profit from Microsoft's innovations.

- -

26. As programmers who know both Microsoft and its alternatives - will confirm, Microsoft's software is not particularly technically - advanced. Other people can write software that is just as good, and - already do. The only benefit the complainants would get from knowing - Microsoft's interface specifications is inter-operability.

- -

27. Once in a while, Microsoft innovates. But Microsoft benefits - from the innovations of its competitors, including the Free Software - Movement, all the time. It is only fair that we should be able to use - their occasional innovations too. That's called - "progress".

- -

4 Discriminatory Licensing

- -

28. In ¶¶ 82-89 of the Second Statement of Objections, - the EU Commission describes Microsoft's licensing policy which builds - momentum for customers to move to Microsoft Windows servers. - Microsoft's bundling of its Client Access Licences with several - server products is an abuse, as it restricts the users' freedom to - run their software (Microsoft Windows 2000 Professional in this case) - as they deem fit (as a platform for third-party server software in - this case).

- -

5 Bundling of the Windows Media Player

- -

29. In ¶¶ 26 and 125-131, Microsoft claims that bundling - of the Windows Media Player with the operating system is justified - because multimedia software is a logical feature of an operating - system.

- -

30. If this were the case, the software would have appeared as a - new part - an "improvement" - of the operating system from - the very beginning. However, Microsoft's bundling started - after Microsoft became aware of the fact that a competitor - was selling the software in question as a separate product.

- -

31. We observe that Microsoft has redefined the "logical - features" of an operating system several times: In the 1980s, - most companies considered, for instance, development and remote - administration tools logical features of an operating system. - Microsoft decided to un-bundle these components and to distribute - them as separate products. This was only possible in a narrowed - market where no competing operating system already contained these - important components.

- -

6 Remedies

- -

6.1 Microsoft's Settlement in the USA

- -

32. In ¶ 150 of its Response to the Second Statement of - Objections, Microsoft states that according to their Settlement with - the Department of Justice in the USA, Microsoft is obligated to - license the client/server protocols to third parties, on reasonable - and non-discriminatory terms.

- -

33. According to an analysis by the FSF, our sister organisation - in the USA, Microsoft's "reasonable and non-discriminatory - terms" are in fact discriminatory against free software, as they - require a licensing scheme which is incompatible with that of free - software (see Appendix E). Thus, - Microsoft's settlement in the USA still excludes free software from - access to the interfaces needed to achieve inter-operability.

- -

6.2 Interoperability

- -

34. In order to bring the infringements to an end, Microsoft - should be required to publish their current and future interface - specifications, without any restrictions or royalty requirements that - would make it impossible for free software to support them.

- -

Appendix

- -

Glossary

- -
-
Free software
-
is software which gives the users the freedom to run, copy, - distribute, study, change, and improve the software. More - precisely, it refers to four kinds of freedom, for the users - of the software: -
    -
  • The freedom to run the program, for any purpose (freedom 0).
    • - -
  • The freedom to study how the program works, and adapt it to - your needs (freedom 1). Access to the source code is a - precondition for this.
    • - -
  • The freedom to redistribute copies so you can help your - neighbour (freedom 2).
    • - -
  • The freedom to improve the program, and release your - improvements to the public, so that the whole community benefits - (freedom 3). Access to the source code is a precondition for - this.
    • - -
- - (See also:http://www.gnu.org/philosophy/free-sw.html)
- -
FUD
- -
is the abbreviation for "fear, uncertainty, and doubt" - and describes a specific abusive marketing strategy used by - monopolists against smaller competitors.
(See also: http://www.geocities.com/SiliconValley/Hills/9267/fuddef.html, - http://www.tuxedo.org/~esr/jargon/html/entry/FUD.html)
- -
GNU
-
is a Unix-like operating system which consists - entirely of free software.
- (See also: http://www.gnu.org)
- -
GNU/Linux
-
is a variant of the GNU operating system which uses Linux as its - kernel.
- (The GNU/Linux operating system is often misleadingly referred - to as "Linux".)
- -
Linux
-
is a kernel, the innermost part of a Unix-like operating system. - Linux was started in 1991 by Linus Torvalds and is the first - operating system kernel which can be redistributed and/or - modified under the terms of the GNU General Public License (GNU - GPL).
- -
RfC
-
-- "Request For Comment" -- one of a long-established - series of numbered Internet informational documents and standards - widely followed by commercial and non-commercial, free and - non-free software. For instance, RfC-800 is the specification of - the Internet mail-format standard. The RfC documents are released - by technical experts acting on their own initiative and reviewed - by the Internet at large, rather than formally promulgated - through an institution such as ANSI. It is widely believed among - experts that the acceptance of the RfC standards makes today's - Internet possible.
- (See also: http://www.tuxedo.org/~esr/jargon/html/entry/RFC.html)
-
- -

B The Halloween Documents

- -

B.1 Halloween I

- -

By Vinod Valloppillil, 11 August 1998,
annotated version by - Eric S. Raymond, 1 November 1998.

- -

This is mirrored from:
- http://www.opensource.org/halloween/halloween1.html

- -

This document by a Microsoft employee gives an analysis how free - software (called "open-source software" or - "OSS" by the author) poses a threat to Microsoft. In - particular it contains the suggestion to compete with free software - by destroying inter-operability:

- -
- "By extending [...] protocols and developing new protocols, - we can deny OSS projects entry into the market." -
- -

One instance of the method suggested here is Microsoft's refusal - to disclose the information necessary to achieve client/server and - server/server inter-operability as described in the Second Statement - of Objections, ¶¶ 37-61.

- -

Click here for a local copy of the - Halloween I document.

- -

B.2 Halloween II

- -

By Vinod Valloppillil and Josh Cohen, 11 August 1998,
- annotated version by Eric S. Raymond, 4 November 1998.

- -

This is mirrored from:
- http://www.opensource.org/halloween/halloween2.html

- -

This second document specialises from free software (called - "open-source software" by the author) to the GNU/Linux - operating system (called "Linux" by the author).

- -

It adds software patents and copyright to the suggested weapons - to combat GNU/Linux.

- -

Click here for a local copy of the - Halloween II document.

- -

B.3 Halloween III

- -

By Aurelia van den Berg, 5 November 1998,
- annotated version by Eric S. Raymond, 5 November 1998.

- -

This is mirrored from:
- http://www.opensource.org/halloween/halloween3.html

- -

This third document is Microsoft's answer to the publication of - the Halloween documents I and II. It says that both documents do - not describe Microsoft's official position on GNU/Linux and free - software but are designed to encourage discussion inside Microsoft.

- -

If this is really the case, it shows that it is common among - Microsoft's employees to discuss the possible application of - abusive methods of competition.

- -

Click here for a local copy of the - Halloween III document.

- -

C Samba

- -

The statements below have been contributed by the developers - of the server software products Samba (see - http://www.samba.org) - and Samba-TNG (see - http://www.samba-tng.org).

- -

C.1 A Samba Perspective on Interoperating with Microsoft Windows

- -

By Jeremy Allison, Samba development team, 6 January 2002.

- -

Background

- -

Samba is an Open Source/Free Software (for details, see: - http://www.opensource.org - and http://www.fsf.org) project - that provides basic file and print services from non-Microsoft - based server computers to Microsoft Windows based desktop - computers. It is created by a worldwide group of engineers known - collectively as the Samba Team. Recently we have expanded Samba - into providing authentication services to Windows desktops. The - Samba project Web home page is at - http://www.samba.org.

- -

Samba is a successful Open Source/Free Software project, shipped - in products by companies such as IBM, HP, Sun, SGI, Veritas and - many other smaller vendors. Samba is probably the most widely used - non-Microsoft file and print server for Windows clients.

- -

Samba code has been communicating with Microsoft Windows operating - system based computers over computer networks for nearly ten years - now. During this time we have had some interactions with Microsoft - management and engineers to attempt to obtain the information we - need to successfully create an inter-operable product with Microsoft - Windows operating systems.

- -

Interoperating with Windows

- -

Writing software code to inter-operate successfully with Windows - computers is a very difficult task. Note this is very different from - writing software code that runs on Windows computers. In public - relations exercises Microsoft likes to claim that all the API's - (Application Programming Interfaces, the way third party software - code running on a platform talks to the platform, such as Windows) - are documented and available to the public. This may or may not be - true. However, it is irrelevant to code like Samba that does not run - on Microsoft Windows based systems, but needs to communicate with - them over a computer network.

- -

In order for Samba to be successful in working with Microsoft - Windows computers over a network, we do not need documented API's, we - need documented protocols. Protocols are the key to successful - computer networking. Just as a common Internet was not possible - before an open and fully documented communication system (the TCP/IP - protocol) was adopted by all computers, communication with Microsoft - Windows computers is only possible if open and documented protocols - are used. Microsoft understands this, and proudly claims that - Windows supports many open and published protocol communication - standards, such as TCP/IP and HTTP (the protocol used on the Web). In - recent Microsoft Windows releases such as Windows 2000 and Windows XP - they have claimed they are replacing older proprietary protocols such - as their authentication system with more open versions of the same - thing such as the MIT Kerberos (http://web.mit.edu/kerberos/www/) - protocol, implementations of which are also developed in Europe as - the Heimdal project (http://www.pdc.kth.se/heimdal/).

- -

These claims do not tell the full story however.

- -

Microsoft's Web of Interconnected Protocols

- -

In order to communicate on a network with Microsoft Windows - computers, Microsoft Windows mix open and proprietary protocols - together in an interdependent web which makes it impossible to use - purely the open and documented protocols to create products that have - the same features and functionality as the Microsoft ones, giving a - competitive advantage to Microsoft products and allowing them to - attempt to leverage their desktop monopoly into a server - monopoly.

- -

A good analogy would be with the old USA telephone system, a - monopoly run by the Bell company. Imagine the Bell company had - documented the method of sending voice signals over their telephone - lines, but not the dialing and switching protocols used to initiate - and route telephone calls. Groups attempting to make inter-operable - telephones would then either be forced to spend significant time and - effort reverse engineering these Bell proprietary protocols, or to - license them from the Bell company. Like Microsoft, Bell would claim - that "their networking protocols are open", which on the - surface appears true.

- -

The Samba Team have worked out many of these protocols in order to - create Samba, but there are still many more protocols needed in order - to enable Samba and other products to seamlessly work with Microsoft - Windows computers. Until these protocols are published, it will - always be easier to use Microsoft Windows desktops solely with - Microsoft Windows servers, thus enabling Microsoft to leverage its - monopoly from the desktop client space into the server space.

- -

In addition, Microsoft does not stand still in extending and - adding to these proprietary protocols in order to make the - inter-operability task more difficult as time goes on.

- -

File and Print services background

- -

Microsoft file and print services were created for a product - called Microsoft LanManager, which competed with the then-dominant - Novell Netware networking product. Microsoft's initial efforts in - this space were not well received, and Microsoft published a - specification for their basic file and print protocols as an X/Open - specification, http://www.opengroup.org/products/publications/catalog/c209.htm.

- -

This was the initial specification that Samba was based upon. - However, even this documentation was incomplete (no coverage of - authentication) and did not cover the "browsing" - protocols needed to create the Microsoft "Network - Neighborhood" concept. Also, there was no coverage of the (at - that time) Microsoft OS/2 extensions to provide support for - filenames longer than the 12 character limitation in MS-DOS (the - familiar 8.3 names), or coverage of the printing mechanisms used - (an obsolete variant was documented instead).

- -

This protocol, called SMB (for Server Message Block) is the - basis for all Microsoft file and print services. However, this - original document was enough to get programmers started on writing - a Microsoft file and print server although it did not cover many of - the necessary details. The protocol has since been renamed as CIFS - (Common Internet File System) by Microsoft, the rest of this - document will refer to it by this name.

- -

Since then, this document has been taken over by the CIFS working - group of the Storage Networking Industry Association (SNIA, http://www.snia.org) and has been - extended to include many of the needed details to create a working - Microsoft compatible basic file and print server. Microsoft's - participation in this (although a SNIA member) has not been one as an - equal, but rather as the "owner" of the specification. Most - importantly, they reserve the right to make changes at any time and - without notice, as indeed they have done in the past. This makes the - CIFS protocol specification very different and far less useful than - the protocols standardised by the Internet Engineering Task Force - (IETF, http://www.ietf.org which - are true industry collaborations.

- -

The big change in proprietary protocols came with the release of - Microsoft Windows NT. Windows NT added much new functionality on - top of the basic file and print mechanisms, such as:

-
    -
  • A new encrypted authentication mechanism.
    • -
  • A new print mechanism.
    • -
  • A new naming mechanism (WINS).
    • -
  • A new Access control mechanism for files and printers.
    • -
- -

Many new remote administration protocols for controlling services, - logins, current file and print activity - anything remotely - controllable on a Windows NT machine was made available via these - proprietary protocols.

- -

Leveraging the work of open protocols, the underlying basis of - all these new proprietary protocols was an open and documented - protocol known as DCE/RPC (Distributed Computing Architecture / - Remote Procedure Call). Microsoft added proprietary extensions to - this for their Lanman authentication mechanism, and to provide - encrypted transport mechanisms. Note that the DCE/RPC protocols - already had methods to provide authentication and encryption, based - on public standards (the DES encryption algorithm). Microsoft chose - to ignore this work and use a proprietary method instead, thus - making inter-operability much more difficult without large amounts - of protocol examination and on-the-wire determination.

- -

With the release of Windows NT, the bar was raised to create a - product that has the same functionality as an equivalent - all-Microsoft solution. New requirements were to discover these new - protocols to provide such things as single sign-on, probably the - most compelling feature - the ability to enter a password once to - authenticate yourself anywhere on the network. Microsoft clients - require servers supporting these new protocols in order to offer - the features they are advertised as providing.

- -

For many years, until the engineering work was done to discover - these protocols, the only servers capable of providing these - protocols were Microsoft ones. Samba has now improved (by much - work) to the point where we can support some of these features (the - new print mechanism, the encrypted authentication mechanism, the - naming mechanism, the access control mechanism) but not all of them - (many of the critical remote administration features are still - missing).

- -

Of course, over these years Microsoft has not stood still in - adding new features to Windows NT/2000/XP, and we now have to deal - with extensions to provide encrypted file system access, quota - support (limits on users disk space) and the authentication - mechanism has been replaced with the more open Kerberos system, but - with Microsoft proprietary extensions.

- -

Connected Protocols and the importance of Interface Definitions

- -

Knowing that all these new protocols are based on a standard, - DCE/RPC doesn't help at all unless you know how the new feature - requests (the "calls" in RPC parlance) are sent over the - standard. DCE/RPC is merely a transport mechanism for sending - requests to a remote machine and receiving replies from the target. - In order to specify what these requests mean, DCE/RPC uses a method - called "Interface Definition Language" (known as IDL) to - specify the requests (themselves a new protocol) that are sent - between clients and servers.

- -

Each service provided by Microsoft servers has an associated - description, in the IDL language, that completely describes how to - send and receive these requests over the network, on top of the - DCE/RPC protocol.

- -

These IDL descriptions are key for providing - inter-operability with Microsoft clients. If these IDL descriptions - were published, open and equal inter-operability with Microsoft - products would be greatly enhanced (although still not perfect).

- -

Knowing this, the Samba Team requested these IDL definitions from - Microsoft at the CIFS industry conference in Santa Cruz in October of - 1998. The Microsoft representative present, Paul Leech, responded - that this was considered a Microsoft proprietary advantage, and the - IDL definitions would not be released.

- -

Undeterred, we have requested the IDL definitions from the - Microsoft representative at every CIFS industry conference (held - annually) since 1998, most recently from the Microsoft VP of Windows - Base OS, Rob Short at the 2001 CIFS conference in Redmond, - Washington. The response we received was the same we have always - received, that is "we'll get back to you on this". No - follow-ups have ever been received to these requests.

- -

Other than these refusals, Microsoft has been ambivalent towards - the creation of Samba. Contact with Microsoft engineering staff is - generally cordial and helpful, although they are not allowed by - management to tell us the protocol details we really need to know in - order to fully inter-operate. The reports we receive from companies - using Samba who are exposed to Microsoft marketing is that of extreme - hostility, to the extent of threatening retaliation if use of Samba - is discussed publicly in press releases. These reports are similar to - those already exposed publicly in the DoJ investigation of - Microsoft's business practices.

- -

Extending authentication - the Kerberos story

- -

The original proprietary Lanman and Windows NT authentication - system has had several security problems. Microsoft solved this with - Windows 2000 as previously discussed by moving to the standard - Kerberos authentication system, developed at MIT.

- -

However, the implementation of Kerberos delivered with Windows - 2000 was extended to tie it to Windows 2000 clients, and to make - public implementations of the Kerberos protocols, such as the sample - server published as Open Source/Free Software by MIT, not able to - serve Microsoft Windows 2000 or Windows XP clients in the same way a - Microsoft Windows Kerberos server can.

- -

What they did was to embed extra, Microsoft specific proprietary - information into the protocol packet used by Kerberos (known as a - "ticket"). Windows 2000 clients were made dependent upon - the existence of this extra data within the ticket in order to - implement "single sign-on", that is the ability to have one - network user identification across multiple machines.

- -

MIT Kerberos servers, which do not provide this information, can - provide authentication to Windows 2000 and XP client machines, but - the user authenticated by the non-Microsoft Kerberos server must also - exist within an account database held on a Microsoft machine. This - causes the user account information to be held in more than one - place, the very problem that single sign-on is designed to avoid.

- -

Groups wishing to deploy the more secure authentication service - are forced to implement their account databases on Microsoft servers, - of face the consequences of not having single sign on available.

- -

As Samba does not generate Kerberos tickets, but is a consumer of - them, this extension of the standard protocol doesn't cause us - problems integrating into a Microsoft network (we just ignore the - extra data), but it is aimed directly at the MIT and Heimdal - developers.

- -

I (Jeremy Allison) publicly requested Microsoft to publish these - changes to the Kerberos protocol by speaking to Microsoft's Kerberos - project manager, Peter Brundrett at a Microsoft Professional - Developers Conference in 1997. Once again, the answer was "we'll - get back to you on this". The changes were published in a - Microsoft Word document that had been modified to include a - click-through license which required the reader acknowledge that - these changes were a proprietary Microsoft trade secret and to agree - not to implement the changes in any code form. Clearly this is a - direct attempt to prevent the public MIT Kerberos/Heimdal developers - from creating a server fully compatible with Microsoft kerberos - single sign-on clients.

- -

Network Attached Storage - Microsoft's next market

- -

In order to create a successful Network Attached Storage server - product with Microsoft clients, many more protocols than Microsoft - documents or will discuss publicly are needed to create a competitive - offering. The only way to get this needed information is to license - it from Microsoft (Network Appliance http://www.netapp.com has taken this - route), ship only Microsoft software on your hardware, the decision - taken by Compaq and other vendors who ship Microsoft's "Server - Appliance Kit" (http://www.microsoft.com/windows/powered/nas/default.asp) - or to attempt to determine the protocols needed yourself (the route - the Samba Team have taken). The vendors that ship Samba depend on us - discovering these protocols and shipping timely implementations of - Microsoft technology within Samba.

- -

It remains to be seen if Microsoft's entry into this space with - their server appliance kit will give them the same dominance they - have achieved in the desktop and groupware server (Microsoft - Exchange) space. If they are allowed to continue to tie client and - server products together with proprietary undocumented protocols - then customers requiring the advertised functionality from - Microsoft clients will be forced to purchase Microsoft server - products, and monopoly will have been successfully extended into - another product space.

- -

C.2 Open Letter to Bill Gates

- -

By Luke Kenneth Casson Leighton, Samba-TNG development team, 20 October 2001.

- -

This letter - also available online at http://advogato.org/article/354.html - - was written, in combination with other requests at other times, to - cover the "all means available" clause of EC directive - 250/90. The author received no reply.

- - 
+    
+
+    

+      Comments to Case No. COMP/C-3/37.792 of the European Commission against
+      Microsoft Corporation
+    

+
+    
Free Software Foundation Europe e.V.

+    
Essen, 21 January 2002

+
+    
Contents

+
+    
+
+    
1 Introduction

+
+    
1.1 About the Free Software Foundation Europe

+
+    

+      1. The Free Software Foundation Europe e.V. ("FSF Europe") is a
+      charitable association (e.V. in Germany) dedicated to promoting computer
+      users' right to use, study, copy, modify, and redistribute computer
+      programs in Europe. The FSF Europe promotes the development and use of
+      free (as in freedom) software - particularly the GNU operating system -
+      and free (as in freedom) documentation. The FSF Europe also helps to
+      spread awareness of the ethical and political issues of freedom in the use
+      of software.
+    

+
+    

+      2. The FSF Europe is an acknowledged sister organisation of the Free
+      Software Foundation (FSF) in Boston, USA, dedicated to the same goals.
+    

+
+    

+      3. The FSF (including the FSF Europe) has always observed and commented on
+      attempts to lock up the software market and exclude new entrants. This
+      includes many actions by Microsoft Corporation ("Microsoft")
+      that are against free competition, sometimes directly against the Free
+      Software Movement, but not limited to that. The FSF Europe's expertise
+      includes analysing the economic and technological effects of such actions
+      on the software market from an insider's point of view.
+    

+
+    

+      4. When the FSF Europe became aware of Case No. COMP/C-3/37.792 of the
+      European Commission against Microsoft, it applied for status as an
+      interested third party. This status was granted on 12 December 2001. On 27
+      December 2001, the FSF Europe received the non-confidential versions of
+      the Commission's Statements of Objections and Microsoft answers. In the
+      present paper, we are commenting on Microsoft's response (of 16 November
+      2001) of the second Statement of Objections (of 29 August 2001).
+    

+
+    
1.2 Microsoft and Free Software

+
+    

+      5. Free software, and in particular the GNU/Linux operating system (the
+      GNU system with the Linux kernel added), now holds a substantial and
+      increasing share of the operating system market. Microsoft cited this
+      system as its principal competitor and is using various methods to attack
+      the Free Software Movement. These attacks are usually performed using
+      monopolistic practices similar to those used in the conventional software
+      market. We believe that some of Microsoft's methods of attack are abusive
+      and should be brought to an end..
+    

+
+    
2 The Relevant Markets

+
+    

+      6. In ¶¶ 139-143 of its Response to the Second Statement of
+      Objections, Microsoft argues against the European Commission's definition
+      of the relevant markets..
+    

+
+    

+      7. In contrast, the FSF Europe agrees with the analysis of the relevant
+      product markets by the European Commission as stated in the Second
+      Statement of Objections, ¶¶ 94-119..
+    

+
+    

+      8. We think that Europe needs to insist that Microsoft allow compatible
+      competition for all aspects of their newly introduced software products
+      world-wide, not just in Europe, in order to get permission to
+      sell them in Europe..
+    

+
+    

+      9. The reason is that the software market is world-wide: If Microsoft is
+      the only alternative that people in the USA (say) are allowed to use, that
+      can make other alternatives commercially unviable everywhere..
+    

+
+    
3 Interoperability

+
+    

+      10. One of the main objections of the EU Commission is Microsoft's refusal
+      to disclose information about the network protocols (interfaces) necessary
+      to achieve full inter-operability with (a) Microsoft's Active Directory
+      Services, (b) Microsoft's version of the Kerberos protocol, (c)
+      Microsoft's Encrypted File System, (d) Microsoft's Group Policies, and (e)
+      Microsoft's Common Internet File System. (See the Second Statement of
+      Objections, ¶¶ 37-61.).
+    

+
+    
3.1 Microsoft's Strategy

+
+    

+      11. The Halloween Documents (see Appendix B) give
+      evidence that Microsoft employees tend to suggest to extend existing
+      protocols and to develop new, complex protocols with the intention to
+      prevent competing free software from entering into the market..
+    

+
+    

+      12. Analyses by the developers of the free software Samba and Samba-TNG
+      (see Appendix C) indicate that Microsoft's protocols
+      are designed in a highly interdependent way: Each (proprietary) protocol
+      depends on the correct implementation of another (proprietary) protocol to
+      work properly. Full functionality and inter-operability can only be
+      achieved when all protocols are known..
+    

+
+    

+      13. There are exceptions where Microsoft did disclose some of its
+      protocols (see Appendix C.3). Some of these
+      cases occurred where a lack of inter-operability would have resulted in a
+      loss for Microsoft. In some other cases, Microsoft needed third-party help
+      in order to fix a serious security hole in one of its products..
+    

+
+    

+      14. If, in some rare cases, disclosure of information was offered at all,
+      it was offered under very restrictive licensing conditions including
+      non-disclosure agreements which made it impossible to use that information
+      in free software..
+    

+
+    
3.2 Possible Results

+
+    

+      15. Appendix D cites an article describing a
+      speculative, but possible scenario how Microsoft can extend its current
+      dominance from the desktop and workgroup server market to the whole
+      Internet - i.e. all server markets - using the same methods as those
+      described in the Second Statement of Objections, ¶¶ 37-61.
+    

+
+    

+      16. We believe the scenario in the article is a possible one. Microsoft
+      has already spoken of plans to attack GNU/Linux using secret or patented
+      protocols, and it has already implemented a secret modified version of the
+      Kerberos protocol.
+    

+
+    

+      17. Of course, the article is speculation. Microsoft may not use this
+      particular scheme. It may have been planning to do this but be deterred by
+      the publication of this article. In any case, there are many other
+      possible variations that could lead to similar results.
+    

+
+    

+      18. The European Union is in position to prevent this scheme, and other
+      such schemes, through its regulatory mechanisms, if it requires that any
+      new Microsoft protocol be published in such a way that everyone can
+      implement it without restriction.
+    

+
+    

+      19. Microsoft will no doubt propose to license use of the new protocol
+      under some "nondiscriminatory license terms". Such a proposal
+      would be a trap, since these "nondiscriminatory" license terms
+      can easily be set up to prohibit free software. They would be
+      "nondiscriminatory" in the sense that they would offer the same
+      license terms to everyone, but these terms would not allow anyone to
+      develop free software.
+    

+
+    
3.3 Interoperability between Existing Software Products

+
+    

+      20. In ¶¶ 10-18, 39, 51-53, 62-70, and 94-97 of its Response to
+      the Second Statement of Objections, Microsoft states that third-parties
+      did succeed in achieving inter-operability with Microsoft's server
+      products, that the work needed to achieve this degree of inter-operability
+      was inevitable.
+    

+
+    

+      21. As the developers of Samba can confirm (see
+      Appendix Samba), the documentation provided by
+      Microsoft was by no means sufficient to achieve this degree of
+      inter-operability. Most of the information was obtained by
+      reverse-engineering. As a rough estimate, about 100 man-years of work
+      could have been saved if the protocols had been sufficiently documented.
+    

+
+    

+      22. Furthermore, as even Microsoft admits in ¶¶ 10-17 of its
+      Response to the Second Statement of Objections, existing products of
+      competitors (including Samba) do not inter-operate seamlessly with
+      Microsoft's server products.
+    

+
+    
3.4 Degrees of Interoperability

+
+    

+      23. According to Microsoft, this reduced ("loose") degree of
+      inter-operability is inevitable between the products of different vendors
+      due to differences in design.
+    

+
+    

+      24. There is a prominent example which demonstrates that full
+      ("tight") inter-operability is possible even between totally
+      different systems of independent vendors: the Internet. The existence of
+      the open RfC standards allows, for instance, email clients and servers of
+      different vendors to inter-operate seamlessly. The same holds for the
+      World Wide Web and a large variety of IP-based services.
+    

+
+    
3.5 Third-Parties' Goals

+
+    

+      25. In ¶¶ 16-19 of its Response to the Second Statement of
+      Objections, Microsoft states that the complainants' true interest was to
+      profit from Microsoft's innovations.
+    

+
+    

+      26. As programmers who know both Microsoft and its alternatives will
+      confirm, Microsoft's software is not particularly technically advanced.
+      Other people can write software that is just as good, and already do. The
+      only benefit the complainants would get from knowing Microsoft's interface
+      specifications is inter-operability.
+    

+
+    

+      27. Once in a while, Microsoft innovates. But Microsoft benefits from the
+      innovations of its competitors, including the Free Software Movement, all
+      the time. It is only fair that we should be able to use their occasional
+      innovations too. That's called "progress".
+    

+
+    
4 Discriminatory Licensing

+
+    

+      28. In ¶¶ 82-89 of the Second Statement of Objections, the EU
+      Commission describes Microsoft's licensing policy which builds momentum
+      for customers to move to Microsoft Windows servers. Microsoft's bundling
+      of its Client Access Licences with several server products is an abuse, as
+      it restricts the users' freedom to run their software (Microsoft Windows
+      2000 Professional in this case) as they deem fit (as a platform for
+      third-party server software in this case).
+    

+
+    
5 Bundling of the Windows Media Player

+
+    

+      29. In ¶¶ 26 and 125-131, Microsoft claims that bundling of the
+      Windows Media Player with the operating system is justified because
+      multimedia software is a logical feature of an operating system.
+    

+
+    

+      30. If this were the case, the software would have appeared as a new part
+      - an "improvement" - of the operating system from the very
+      beginning. However, Microsoft's bundling started after Microsoft
+      became aware of the fact that a competitor was selling the software in
+      question as a separate product.
+    

+
+    

+      31. We observe that Microsoft has redefined the "logical
+      features" of an operating system several times: In the 1980s, most
+      companies considered, for instance, development and remote administration
+      tools logical features of an operating system. Microsoft decided to
+      un-bundle these components and to distribute them as separate products.
+      This was only possible in a narrowed market where no competing operating
+      system already contained these important components.
+    

+
+    
6 Remedies

+
+    
6.1 Microsoft's Settlement in the USA

+
+    

+      32. In ¶ 150 of its Response to the Second Statement of Objections,
+      Microsoft states that according to their Settlement with the Department of
+      Justice in the USA, Microsoft is obligated to license the client/server
+      protocols to third parties, on reasonable and non-discriminatory terms.
+    

+
+    

+      33. According to an analysis by the FSF, our sister organisation in the
+      USA, Microsoft's "reasonable and non-discriminatory terms" are
+      in fact discriminatory against free software, as they require a licensing
+      scheme which is incompatible with that of free software (see
+      Appendix E). Thus, Microsoft's settlement in the
+      USA still excludes free software from access to the interfaces needed to
+      achieve inter-operability.
+    

+
+    
6.2 Interoperability

+
+    

+      34. In order to bring the infringements to an end, Microsoft should be
+      required to publish their current and future interface specifications,
+      without any restrictions or royalty requirements that would make it
+      impossible for free software to support them.
+    

+
+    
Appendix

+
+    
Glossary

+
+    

+      
Free software

+      

+        is software which gives the users the freedom to run, copy, distribute,
+        study, change, and improve the software. More precisely, it refers to
+        four kinds of freedom, for the users of the software:
+        
    
+          
  • The freedom to run the program, for any purpose (freedom 0).
    • 
+
+          
  • 
+            The freedom to study how the program works, and adapt it to your
+            needs (freedom 1). Access to the source code is a precondition for
+            this.
+          
    • 
+
+          
  • 
+            The freedom to redistribute copies so you can help your neighbour
+            (freedom 2).
+          
    • 
+
+          
  • 
+            The freedom to improve the program, and release your improvements to
+            the public, so that the whole community benefits (freedom 3). Access
+            to the source code is a precondition for this.
+          
    • 
+        

+
+        (See also:http://www.gnu.org/philosophy/free-sw.html)
+      

+
+      
FUD

+
+      

+        is the abbreviation for "fear, uncertainty, and doubt" and
+        describes a specific abusive marketing strategy used by monopolists
+        against smaller competitors.

+        (See also:
+        http://www.geocities.com/SiliconValley/Hills/9267/fuddef.html,
+        http://www.tuxedo.org/~esr/jargon/html/entry/FUD.html)
+      

+
+      
GNU

+      

+        is a Unix-like operating system which consists entirely of free
+        software.

+        (See also: http://www.gnu.org)
+      

+
+      
GNU/Linux

+      

+        is a variant of the GNU operating system which uses Linux as its
+        kernel.

+        (The GNU/Linux operating system is often misleadingly referred to as
+        "Linux".)
+      

+
+      
Linux

+      

+        is a kernel, the innermost part of a Unix-like operating system. Linux
+        was started in 1991 by Linus Torvalds and is the first operating system
+        kernel which can be redistributed and/or modified under the terms of the
+        GNU General Public License (GNU GPL).
+      

+
+      
RfC

+      

+        -- "Request For Comment" -- one of a long-established series
+        of numbered Internet informational documents and standards widely
+        followed by commercial and non-commercial, free and non-free software.
+        For instance, RfC-800 is the specification of the Internet mail-format
+        standard. The RfC documents are released by technical experts acting on
+        their own initiative and reviewed by the Internet at large, rather than
+        formally promulgated through an institution such as ANSI. It is widely
+        believed among experts that the acceptance of the RfC standards makes
+        today's Internet possible.

+        (See also:
+        http://www.tuxedo.org/~esr/jargon/html/entry/RFC.html)
+      

+    

+
+    
B The Halloween Documents

+
+    
B.1 Halloween I

+
+    

+      By Vinod Valloppillil, 11 August 1998,

+      annotated version by Eric S. Raymond, 1 November 1998.
+    

+
+    

+      This is mirrored from:

+      http://www.opensource.org/halloween/halloween1.html
+    

+
+    

+      This document by a Microsoft employee gives an analysis how free software
+      (called "open-source software" or "OSS" by the author)
+      poses a threat to Microsoft. In particular it contains the suggestion to
+      compete with free software by destroying inter-operability:
+    

+
+    

+      "By extending [...] protocols and developing new protocols, we can
+      deny OSS projects entry into the market."
+    

+
+    

+      One instance of the method suggested here is Microsoft's refusal to
+      disclose the information necessary to achieve client/server and
+      server/server inter-operability as described in the Second Statement of
+      Objections, ¶¶ 37-61.
+    

+
+    

+      Click here for a local copy of the Halloween I document.
+    

+
+    
B.2 Halloween II

+
+    

+      By Vinod Valloppillil and Josh Cohen, 11 August 1998,

+      annotated version by Eric S. Raymond, 4 November 1998.
+    

+
+    

+      This is mirrored from:

+      http://www.opensource.org/halloween/halloween2.html
+    

+
+    

+      This second document specialises from free software (called
+      "open-source software" by the author) to the GNU/Linux operating
+      system (called "Linux" by the author).
+    

+
+    

+      It adds software patents and copyright to the suggested weapons to combat
+      GNU/Linux.
+    

+
+    

+      Click here for a local copy of the Halloween II document.
+    

+
+    
B.3 Halloween III

+
+    

+      By Aurelia van den Berg, 5 November 1998,

+      annotated version by Eric S. Raymond, 5 November 1998.
+    

+
+    

+      This is mirrored from:

+      http://www.opensource.org/halloween/halloween3.html
+    

+
+    

+      This third document is Microsoft's answer to the publication of the
+      Halloween documents I and II. It says that both documents do not describe
+      Microsoft's official position on GNU/Linux and free software but are
+      designed to encourage discussion inside Microsoft.
+    

+
+    

+      If this is really the case, it shows that it is common among Microsoft's
+      employees to discuss the possible application of abusive methods of
+      competition.
+    

+
+    

+      Click here for a local copy of the Halloween III document.
+    

+
+    
C Samba

+
+    

+      The statements below have been contributed by the developers of the server
+      software products Samba (see
+      http://www.samba.org) and Samba-TNG
+      (see http://www.samba-tng.org).
+    

+
+    
C.1 A Samba Perspective on Interoperating with Microsoft Windows

+
+    
By Jeremy Allison, Samba development team, 6 January 2002.

+
+    
Background

+
+    

+      Samba is an Open Source/Free Software (for details, see:
+      http://www.opensource.org
+      and http://www.fsf.org) project that
+      provides basic file and print services from non-Microsoft based server
+      computers to Microsoft Windows based desktop computers. It is created by a
+      worldwide group of engineers known collectively as the Samba Team.
+      Recently we have expanded Samba into providing authentication services to
+      Windows desktops. The Samba project Web home page is at
+      http://www.samba.org.
+    

+
+    

+      Samba is a successful Open Source/Free Software project, shipped in
+      products by companies such as IBM, HP, Sun, SGI, Veritas and many other
+      smaller vendors. Samba is probably the most widely used non-Microsoft file
+      and print server for Windows clients.
+    

+
+    

+      Samba code has been communicating with Microsoft Windows operating system
+      based computers over computer networks for nearly ten years now. During
+      this time we have had some interactions with Microsoft management and
+      engineers to attempt to obtain the information we need to successfully
+      create an inter-operable product with Microsoft Windows operating systems.
+    

+
+    
Interoperating with Windows

+
+    

+      Writing software code to inter-operate successfully with Windows computers
+      is a very difficult task. Note this is very different from writing
+      software code that runs on Windows computers. In public relations
+      exercises Microsoft likes to claim that all the API's (Application
+      Programming Interfaces, the way third party software code running on a
+      platform talks to the platform, such as Windows) are documented and
+      available to the public. This may or may not be true. However, it is
+      irrelevant to code like Samba that does not run on Microsoft Windows based
+      systems, but needs to communicate with them over a computer network.
+    

+
+    

+      In order for Samba to be successful in working with Microsoft Windows
+      computers over a network, we do not need documented API's, we need
+      documented protocols. Protocols are the key to successful computer
+      networking. Just as a common Internet was not possible before an open and
+      fully documented communication system (the TCP/IP protocol) was adopted by
+      all computers, communication with Microsoft Windows computers is only
+      possible if open and documented protocols are used. Microsoft understands
+      this, and proudly claims that Windows supports many open and published
+      protocol communication standards, such as TCP/IP and HTTP (the protocol
+      used on the Web). In recent Microsoft Windows releases such as Windows
+      2000 and Windows XP they have claimed they are replacing older proprietary
+      protocols such as their authentication system with more open versions of
+      the same thing such as the MIT Kerberos (http://web.mit.edu/kerberos/www/) protocol, implementations of which are also developed in Europe as the
+      Heimdal project (http://www.pdc.kth.se/heimdal/).
+    

+
+    
These claims do not tell the full story however.

+
+    
Microsoft's Web of Interconnected Protocols

+
+    

+      In order to communicate on a network with Microsoft Windows computers,
+      Microsoft Windows mix open and proprietary protocols together in an
+      interdependent web which makes it impossible to use purely the open and
+      documented protocols to create products that have the same features and
+      functionality as the Microsoft ones, giving a competitive advantage to
+      Microsoft products and allowing them to attempt to leverage their desktop
+      monopoly into a server monopoly.
+    

+
+    

+      A good analogy would be with the old USA telephone system, a monopoly run
+      by the Bell company. Imagine the Bell company had documented the method of
+      sending voice signals over their telephone lines, but not the dialing and
+      switching protocols used to initiate and route telephone calls. Groups
+      attempting to make inter-operable telephones would then either be forced
+      to spend significant time and effort reverse engineering these Bell
+      proprietary protocols, or to license them from the Bell company. Like
+      Microsoft, Bell would claim that "their networking protocols are
+      open", which on the surface appears true.
+    

+
+    

+      The Samba Team have worked out many of these protocols in order to create
+      Samba, but there are still many more protocols needed in order to enable
+      Samba and other products to seamlessly work with Microsoft Windows
+      computers. Until these protocols are published, it will always be easier
+      to use Microsoft Windows desktops solely with Microsoft Windows servers,
+      thus enabling Microsoft to leverage its monopoly from the desktop client
+      space into the server space.
+    

+
+    

+      In addition, Microsoft does not stand still in extending and adding to
+      these proprietary protocols in order to make the inter-operability task
+      more difficult as time goes on.
+    

+
+    
File and Print services background

+
+    

+      Microsoft file and print services were created for a product called
+      Microsoft LanManager, which competed with the then-dominant Novell Netware
+      networking product. Microsoft's initial efforts in this space were not
+      well received, and Microsoft published a specification for their basic
+      file and print protocols as an X/Open specification,
+      http://www.opengroup.org/products/publications/catalog/c209.htm.
+    

+
+    

+      This was the initial specification that Samba was based upon. However,
+      even this documentation was incomplete (no coverage of authentication) and
+      did not cover the "browsing" protocols needed to create the
+      Microsoft "Network Neighborhood" concept. Also, there was no
+      coverage of the (at that time) Microsoft OS/2 extensions to provide
+      support for filenames longer than the 12 character limitation in MS-DOS
+      (the familiar 8.3 names), or coverage of the printing mechanisms used (an
+      obsolete variant was documented instead).
+    

+
+    

+      This protocol, called SMB (for Server Message Block) is the basis for all
+      Microsoft file and print services. However, this original document was
+      enough to get programmers started on writing a Microsoft file and print
+      server although it did not cover many of the necessary details. The
+      protocol has since been renamed as CIFS (Common Internet File System) by
+      Microsoft, the rest of this document will refer to it by this name.
+    

+
+    

+      Since then, this document has been taken over by the CIFS working group of
+      the Storage Networking Industry Association (SNIA,
+      http://www.snia.org) and has been
+      extended to include many of the needed details to create a working
+      Microsoft compatible basic file and print server. Microsoft's
+      participation in this (although a SNIA member) has not been one as an
+      equal, but rather as the "owner" of the specification. Most
+      importantly, they reserve the right to make changes at any time and
+      without notice, as indeed they have done in the past. This makes the CIFS
+      protocol specification very different and far less useful than the
+      protocols standardised by the Internet Engineering Task Force (IETF,
+      http://www.ietf.org which are true
+      industry collaborations.
+    

+
+    

+      The big change in proprietary protocols came with the release of Microsoft
+      Windows NT. Windows NT added much new functionality on top of the basic
+      file and print mechanisms, such as:
+    

+    
    
+      
  • A new encrypted authentication mechanism.
    • 
+      
  • A new print mechanism.
    • 
+      
  • A new naming mechanism (WINS).
    • 
+      
  • A new Access control mechanism for files and printers.
    • 
+    

+
+    

+      Many new remote administration protocols for controlling services, logins,
+      current file and print activity - anything remotely controllable on a
+      Windows NT machine was made available via these proprietary protocols.
+    

+
+    

+      Leveraging the work of open protocols, the underlying basis of all these
+      new proprietary protocols was an open and documented protocol known as
+      DCE/RPC (Distributed Computing Architecture / Remote Procedure Call).
+      Microsoft added proprietary extensions to this for their Lanman
+      authentication mechanism, and to provide encrypted transport mechanisms.
+      Note that the DCE/RPC protocols already had methods to provide
+      authentication and encryption, based on public standards (the DES
+      encryption algorithm). Microsoft chose to ignore this work and use a
+      proprietary method instead, thus making inter-operability much more
+      difficult without large amounts of protocol examination and on-the-wire
+      determination.
+    

+
+    

+      With the release of Windows NT, the bar was raised to create a product
+      that has the same functionality as an equivalent all-Microsoft solution.
+      New requirements were to discover these new protocols to provide such
+      things as single sign-on, probably the most compelling feature - the
+      ability to enter a password once to authenticate yourself anywhere on the
+      network. Microsoft clients require servers supporting these new protocols
+      in order to offer the features they are advertised as providing.
+    

+
+    

+      For many years, until the engineering work was done to discover these
+      protocols, the only servers capable of providing these protocols were
+      Microsoft ones. Samba has now improved (by much work) to the point where
+      we can support some of these features (the new print mechanism, the
+      encrypted authentication mechanism, the naming mechanism, the access
+      control mechanism) but not all of them (many of the critical remote
+      administration features are still missing).
+    

+
+    

+      Of course, over these years Microsoft has not stood still in adding new
+      features to Windows NT/2000/XP, and we now have to deal with extensions to
+      provide encrypted file system access, quota support (limits on users disk
+      space) and the authentication mechanism has been replaced with the more
+      open Kerberos system, but with Microsoft proprietary extensions.
+    

+
+    
Connected Protocols and the importance of Interface Definitions

+
+    

+      Knowing that all these new protocols are based on a standard, DCE/RPC
+      doesn't help at all unless you know how the new feature requests (the
+      "calls" in RPC parlance) are sent over the standard. DCE/RPC is
+      merely a transport mechanism for sending requests to a remote machine and
+      receiving replies from the target. In order to specify what these requests
+      mean, DCE/RPC uses a method called "Interface Definition
+      Language" (known as IDL) to specify the requests (themselves a new
+      protocol) that are sent between clients and servers.
+    

+
+    

+      Each service provided by Microsoft servers has an associated description,
+      in the IDL language, that completely describes how to send and receive
+      these requests over the network, on top of the DCE/RPC protocol.
+    

+
+    

+      These IDL descriptions are key for providing inter-operability
+      with Microsoft clients. If these IDL descriptions were published, open and
+      equal inter-operability with Microsoft products would be greatly enhanced
+      (although still not perfect).
+    

+
+    

+      Knowing this, the Samba Team requested these IDL definitions from
+      Microsoft at the CIFS industry conference in Santa Cruz in October of
+      1998. The Microsoft representative present, Paul Leech, responded that
+      this was considered a Microsoft proprietary advantage, and the IDL
+      definitions would not be released.
+    

+
+    

+      Undeterred, we have requested the IDL definitions from the Microsoft
+      representative at every CIFS industry conference (held annually) since
+      1998, most recently from the Microsoft VP of Windows Base OS, Rob Short at
+      the 2001 CIFS conference in Redmond, Washington. The response we received
+      was the same we have always received, that is "we'll get back to you
+      on this". No follow-ups have ever been received to these requests.
+    

+
+    

+      Other than these refusals, Microsoft has been ambivalent towards the
+      creation of Samba. Contact with Microsoft engineering staff is generally
+      cordial and helpful, although they are not allowed by management to tell
+      us the protocol details we really need to know in order to fully
+      inter-operate. The reports we receive from companies using Samba who are
+      exposed to Microsoft marketing is that of extreme hostility, to the extent
+      of threatening retaliation if use of Samba is discussed publicly in press
+      releases. These reports are similar to those already exposed publicly in
+      the DoJ investigation of Microsoft's business practices.
+    

+
+    
Extending authentication - the Kerberos story

+
+    

+      The original proprietary Lanman and Windows NT authentication system has
+      had several security problems. Microsoft solved this with Windows 2000 as
+      previously discussed by moving to the standard Kerberos authentication
+      system, developed at MIT.
+    

+
+    

+      However, the implementation of Kerberos delivered with Windows 2000 was
+      extended to tie it to Windows 2000 clients, and to make public
+      implementations of the Kerberos protocols, such as the sample server
+      published as Open Source/Free Software by MIT, not able to serve Microsoft
+      Windows 2000 or Windows XP clients in the same way a Microsoft Windows
+      Kerberos server can.
+    

+
+    

+      What they did was to embed extra, Microsoft specific proprietary
+      information into the protocol packet used by Kerberos (known as a
+      "ticket"). Windows 2000 clients were made dependent upon the
+      existence of this extra data within the ticket in order to implement
+      "single sign-on", that is the ability to have one network user
+      identification across multiple machines.
+    

+
+    

+      MIT Kerberos servers, which do not provide this information, can provide
+      authentication to Windows 2000 and XP client machines, but the user
+      authenticated by the non-Microsoft Kerberos server must also exist within
+      an account database held on a Microsoft machine. This causes the user
+      account information to be held in more than one place, the very problem
+      that single sign-on is designed to avoid.
+    

+
+    

+      Groups wishing to deploy the more secure authentication service are forced
+      to implement their account databases on Microsoft servers, of face the
+      consequences of not having single sign on available.
+    

+
+    

+      As Samba does not generate Kerberos tickets, but is a consumer of them,
+      this extension of the standard protocol doesn't cause us problems
+      integrating into a Microsoft network (we just ignore the extra data), but
+      it is aimed directly at the MIT and Heimdal developers.
+    

+
+    

+      I (Jeremy Allison) publicly requested Microsoft to publish these changes
+      to the Kerberos protocol by speaking to Microsoft's Kerberos project
+      manager, Peter Brundrett at a Microsoft Professional Developers Conference
+      in 1997. Once again, the answer was "we'll get back to you on
+      this". The changes were published in a Microsoft Word document that
+      had been modified to include a click-through license which required the
+      reader acknowledge that these changes were a proprietary Microsoft trade
+      secret and to agree not to implement the changes in any code form. Clearly
+      this is a direct attempt to prevent the public MIT Kerberos/Heimdal
+      developers from creating a server fully compatible with Microsoft kerberos
+      single sign-on clients.
+    

+
+    
Network Attached Storage - Microsoft's next market

+
+    

+      In order to create a successful Network Attached Storage server product
+      with Microsoft clients, many more protocols than Microsoft documents or
+      will discuss publicly are needed to create a competitive offering. The
+      only way to get this needed information is to license it from Microsoft
+      (Network Appliance
+      http://www.netapp.com has taken this
+      route), ship only Microsoft software on your hardware, the decision taken
+      by Compaq and other vendors who ship Microsoft's "Server Appliance
+      Kit" (http://www.microsoft.com/windows/powered/nas/default.asp) or to attempt to determine the protocols needed yourself (the route the
+      Samba Team have taken). The vendors that ship Samba depend on us
+      discovering these protocols and shipping timely implementations of
+      Microsoft technology within Samba.
+    

+
+    

+      It remains to be seen if Microsoft's entry into this space with their
+      server appliance kit will give them the same dominance they have achieved
+      in the desktop and groupware server (Microsoft Exchange) space. If they
+      are allowed to continue to tie client and server products together with
+      proprietary undocumented protocols then customers requiring the advertised
+      functionality from Microsoft clients will be forced to purchase Microsoft
+      server products, and monopoly will have been successfully extended into
+      another product space.
+    

+
+    
C.2 Open Letter to Bill Gates

+
+    

+      By Luke Kenneth Casson Leighton, Samba-TNG development team, 20 October
+      2001.
+    

+
+    

+      This letter - also available online at
+      http://advogato.org/article/354.html
+      - was written, in combination with other requests at other times, to cover
+      the "all means available" clause of EC directive 250/90. The
+      author received no reply.
+    

+
+    
   we're looking at your technology in Windows NT and, as you probably
   know, i am so impressed by it that i would like to interoperate with
   it.  i was wondering, therefore, if you could send me all IDL
@@ -816,547 +996,629 @@
   many thanks,
 
   luke
- 

-
- 
C.3 An Interview with the Developers of Samba and Samba-TNG

-
- 
By Dr. Peter Gerwinski, FSF Europe.

-
- 
In January 2002, I asked the developers of Samba and Samba-TNG
- about their co-operation with Microsoft concerning inter-operability
- of their respective products. This article is a summary of their
- answers.

-
- 
Dr. Andrew Tridgell and Andrew Bartlett have been
- working in the Samba development team on adding Active Directory
- support to Samba 3.0.

-
- 
    
-
-  
  • Interoperability between Samba and Windows is currently far from
-   being seamless.
    • 
-
-  
  • Microsoft has published some information on how a Unix-like
-   system can add itself to an Active Directory domain.
    • 
-
-  
  • The small amount of documentation from Microsoft on the CIFS/SMB
-   protocol is completely inadequate for an inter-operable
-   implementation. Without this documentation other vendors,
-   including the Samba Team, are forced to spend an enormous amount
-   of time on network reverse-engineering of basic elements of the
-   protocol.
    • 
-
-  
  • Microsoft provides some online documentation for its Kerberos
-   PAC extensions, but in order to get access to it, one must
-   accept a license whose restrictions render the documentation
-   useless for most software projects, including Samba.
    • 
-
-  
  • There is no protocol-level documentation for NT4 domains.
-   Microsoft sometimes claims that NT4 domains are documented, but
-   what they are referring to is the API documentation, which is
-   almost completely useless for non-Windows implementations.
    • 
-
-  
  • Most of the information needed to achieve inter-operability was
-   obtained by network reverse-engineering.
    • 
-
-  
  • In many cases, Microsoft creates complex protocols that make
-   network reverse-engineering difficult. It considers the
-   protocols its own private property and refuses to co-operate with
-   other vendors on standardisation, especially when non-Windows
-   platforms are involved.
    • 
-
- 

-
- 
Luke Kenneth Casson Leighton was the person in the Samba
- team who has been responsible for the NamedPipes, DCE/RPC support,
- DCE/RPC services, NTLMSSP etc. that are essential to providing
- Windows NT 4.0 Domains and furthermore are still essential as
- support to Windows 2000 Domains. He is the author of the book
- "DCE/RPC over SMB: Samba and Windows NT Domain
- Internals", ISBN 1578701503 by MTP (New Riders Group) which
- documents about 6-7 years of his work on Samba. Today he works on a
- new project, "Samba-TNG", which aims to be a successor of
- Samba.

-
- 
    
-  
  • In July 1997, Luke Kenneth Casson Leighton followed the
-   guidelines as outlined in 90/EC/250 "to obtain information by
-   means other than reverse-engineering". He has been asking
-   Microsoft for the necessary information to obtain
-   inter-operability for two months. He got no reply. 
    • 
-
-  
  • In early 2000 he asked Microsoft for the information necessary
-   to obtain inter-operability with Windows 2000 Domains. The reply
-   was that this information will definitely not be made available.
    • 
-
-  
  • Consequently, most of the information published in the book was
-   obtained by network reverse-engineering.
    • 
-
-  
  • This network reverse-engineering brought some security holes in
-   Windows NT to light which were reported to Microsoft. As a
-   result of the security fixes, the information obtained by
-   network reverse-engineering was no longer true. In order to find
-   out the new specifications needed to gain back inter-operability,
-   Luke Kenneth Casson Leighton had again to follow the
-   90/EC/250 guidelines, and finally had again to obtain
-   the information by network reverse-engineering.
    • 
-
-  
  • In one exceptional case, Microsoft itself was in need of an
-   upgrade to Samba and gave the developers some information which
-   saved them about two months of time.
    • 
-
-  
  • The protocols designed by Microsoft are highly dependent on each
-   other. They form five levels of - all undocumented - protocols
-   which are all needed to get seamless inter-operation. In
-   other words: Microsoft's protocols are designed to make
-   inter-operation difficult.
    • 
-
- 

-
- 
D The Death of TCP/IP
 
-Why the Age of Internet Innocence is Over

-
- 
By Robert X. Cringely.

-
- 
2 August 2001,
- http://www.pbs.org/cringely/pulpit/pulpit20010802.html

-
- 
As events of the last several weeks have shown, Microsoft Windows,
- e-mail and the Internet create the perfect breeding ground for virus
- attacks. They don't even have to exploit Windows flaws to be
- effective. Any Visual BASIC programmer with a good understanding of
- how Windows works can write a virus. All that is needed is a cleverly
- titled file attachment payload, and almost anyone can be induced to
- open it, spreading the contagion. It is too darned easy to create
- these programs that can do billions in damage. The only sure way to
- fix the problem is to re-stripe the playing field, to change the game
- to one with all new rules. Some might argue that such a rule change
- calls for the elimination of Microsoft software, but that simply
- isn't likely to happen. It's true that [GNU/]Linux and Apache are
- generally safer than Windows 2000 and IIS, but Microsoft products
- aren't going to go away. I promised you an answer to how to secure
- the Internet, and I mean to come through.  First, we'll start with
- the way I would do it, then follow with a rumor I have heard about
- one way Microsoft might want to do it.

-
- 
The wonder of all these Internet security problems is that they
- are continually labeled as "e-mail viruses" or
- "Internet worms," rather than the more correct designation
- of "Windows viruses" or "Microsoft Outlook
- viruses." It is to the credit of the Microsoft public relations
- team that Redmond has somehow escaped blame, because nearly all the
- data security problems of recent years have been Windows-specific,
- taking advantage of the glaring security loopholes that exist in
- these Microsoft products. If it were not for Microsoft's carefully
- worded user license agreement, which holds the company blameless for
- absolutely anything, they would probably have been awash in class
- action lawsuits by now.

-
- 
Of course, it is not as though Microsoft intended things to be
- this way. No company deliberately designs bad products. But you must
- understand that Microsoft limits its investments to things that will
- enhance a product's market share. Every feature in Windows had to
- pass the litmus test, "Does it increase market share?"
- Putting security safeguards in their products evidently failed the
- litmus test, and therefore weren't added.  While it is true that
- virus authors will target platforms that give them the most bang for
- their programming buck, the Windows platform has virtually no
- security to even slow them down. I believe the lack of security in
- Microsoft software was a deliberate business decision.

-
- 
Alas, things are only likely to get worse in the near term. So
- far, we've been lucky in that most virus authors have been impatient
- and want to see the immediate effects of their work. It is far more
- effective to be patient and let the virus spread quietly for
- months. If the virus does nothing, the defense against it will be
- slow and/or too late. If the virus does very little on one's PC (for
- awhile), it won't be discovered easily. It is also possible to make a
- stealth virus. I won't go into specifics for obvious reasons, but if
- you think about how virus detection software works, it isn't hard to
- trip it up.

-
- 
Even if 98 percent of the world's computers had current anti-virus
- software (which they don't), the remaining two percent would still be
- millions of devices capable of bringing down the entire Internet if
- infected.

-
- 
And now, we have the impending release of Windows XP, and its
- problem of raw TCP/IP socket exposure. As I detailed two weeks ago,
- XP is the first home version of Windows to allow complete access to
- TCP/IP sockets, which can be exploited by viruses to do all sorts of
- damage. Windows XP uses essentially the same TCP/IP software as
- Windows 2000, except that XP lacks 2000's higher-level security
- features. In order to be backward compatible with applications
- written for Windows 95, 98, and ME, Windows XP allows any application
- full access to raw sockets.

-
- 
This is dangerous.

-
- 
Not only is it dangerous, it is unnecessary. What is wrong with
- telling application developers, "Your application can't have
- access to raw sockets," or, "When XP ships you need to have
- a non-raw socket version ready for your customers," or, "If
- your application needs to access raw sockets, these are the security
- rules and interfaces you will have to use"? The bottom line is
- that Microsoft's choice to provide access to raw sockets was based on
- the market share litmus test, period.

-
- 
Unless this feature is changed before XP is released, it will mean
- that millions of new computers will be manufactured as perfect little
- virus machines. Virus authors who are anticipating these new PCs will
- be able to pre-position their digital vermin to take advantage of the
- socket flaw as the new machines appear. The result is that, in all
- likelihood, there will be massive data security problems, as well as
- massive damage to files and property, all as a result of Windows
- XP. But as consumers, guess what - we won't even get a
- choice. Microsoft will require the PC makers to install XP in the
- factory. It will come on your PC, and you won't have the choice or
- option to pick something different. When Microsoft issues a new OS,
- it is forced into the market.

-
- 
Here is my preferred solution for Internet security. We could
- implement a secure user identity system precisely like telephone
- Caller ID. It would be essentially an Internet ID. All Internet
- transactions could be based on it. Anyone who sends me e-mail can be
- identified. Anything I send can be traced to me. People wouldn't be
- forced to participate, but if they remain anonymous, I might choose
- to block them. I certainly wouldn't accept file attachments from
- them. I know you hate this idea, but I think the Internet needs a
- fingerprint. It does not have to have personal information, but if
- you break the law it can be traced to you. You can choose not to have
- a fingerprint, but then your ability to communicate with others may
- be limited - a price many people may choose to pay.

-
- 
I am not opposed to people being anonymous - just to anonymous
- people receiving public assistance. Send all the anonymous love or
- hate mail you like, but don't expect to attach a file.

-
- 
And what's with those file attachments, anyway? Replace mail
- clients and APIs with secure models. The new model will not run
- attachments as they do today. E-mail attachments should not have
- access to the e-mail client, APIs, etc. Attachments should not have
- access to the operating system by default. The user should approve
- the use of some APIs, like having to give permission before device
- drivers are updated.

-
- 
Any application that wants to send bits onto the Internet must
- first be permitted to do so. Applications would be registered to send
- outgoing traffic. The applications would be limited by function and
- port. You would register your e-mail program as the only application
- that could talk SMTP, POP3, etc. If Microsoft Word wanted to send an
- e-mail, your e-mail program would pop up, ask you to authenticate
- yourself and explicitly send the message. At that point, you would be
- in complete control of what was happening on your PC. For
- mail-enabled applications, there would be an application user account
- registered on the post office. The account would be unique, and
- registered to a unique application.

-
- 
If kids want to install an Internet game, the game's IP port would
- be registered and permitted to operate, hopefully by the parent. If
- kids wanted to install an Internet chat program, too bad - it
- wouldn't work if Dad didn't want it to work.

-
- 
By default, under this scenario, your PC becomes a TCP/IP
- read-only device. By running applications like Gibson's Zone Alarm
- you can - right now - severely limit the use of TCP/IP by
- applications on your PC. And what happens when you do so?  Everything
- works just fine. So rather than ripping the protocol stack wide open,
- let's do the exact opposite. Restrict access to it.

-
- 
The only e-mail activity on my PC should be initiated by me,
- personally. Nothing else should access my address book or send out
- messages without my express permission. Microsoft will of course
- reject the idea, mostly because it will fail the "increase
- market share litmus test." My answer is, "Microsoft, if you
- do not take responsibility for locking down your APIs, it will become
- obvious to the public and become a detriment to your market
- share."

-
- 
Now to the other approach, the one some people attribute to
- Microsoft. I am not making this up. The story came to me from people
- I have come to trust, and I have looked into it closely enough to
- think it might have some validity. But for the sake of keeping
- lawyers off my back, let's just call it a rumor, and only use it as a
- basis for discussion. To be perfectly clear, I am not claiming that
- the following is true - just that I have heard it from more than one
- source, and think it accurately characterises some past behaviors of
- Microsoft. Perhaps by bringing it into the light, we can ensure that
- Redmond takes a more thoughtful course. I certainly hope it is
- wrong.

-
- 
Programmers who ought to be familiar with Microsoft's plans have
- suggested that the real motive for raw socket support is for
- Microsoft to use Windows XP to exploit a bad situation, to
- deliberately make things worse.

-
- 
According to these programmers, Microsoft wants to replace TCP/IP
- with a proprietary protocol - a protocol owned by Microsoft - that it
- will tout as being more secure. Actually, the new protocol would
- likely be TCP/IP with some of the reserved fields used as pointers to
- proprietary extensions, quite similar to Vines IP, if you remember
- that product from Banyan Systems. I'll call it TCP/MS.

-
- 
How do you push for the acceptance of a new protocol? First, make
- the old one unworkable by placing millions of exploitable TCP/IP
- stacks out on the Net, ready-to-use by any teenage sociopath. When
- the Net slows or crashes, the blame would not be assigned to
- Microsoft. Then ship the new protocol with every new copy of Windows,
- and install it with every Windows Update over the Internet. Zero to
- 100 million copies could happen in less than a year, and that year
- could be prior to the new protocol even being announced. It could be
- shipping right now.

-
- 
Suppose you are a typical firm that also has some non-Microsoft
- servers. You will want to use this new protocol between your
- Microsoft and non-Microsoft servers. Microsoft could charge Sun
- millions to put TCP/MS on their systems. Microsoft can promise open
- support, but make it financially impractical. Then use it in a
- marketing attack against competitors. Zero-Footprint network drivers,
- ODBC, and MAPI are examples of Microsoft "open" standards
- that took years for non-Microsoft firms to use. Almost anyone who
- would have wanted to use these open standards has been driven out of
- business.  Second part of the push for the new protocol will be from
- AOL/Time-Warner, normally Microsoft's top competitor - but not on
- this issue. AOL isn't really part of the grand vision of the new
- protocol. It's just that if they get more of what they want (paid
- accounts, music and video royalties), they won't object to Microsoft
- pushing for secure authenticated connections.

-
- 
Third and most powerful part of the push for Microsoft's new
- protocol will be action by Congress. They'll cite concerns of
- business, and hold up the standard scare tactics of terrorists and
- child pornographers. They want all connections, all packets to be
- traceable.  Say goodbye to TCP/IP and to anonymous connections of any
- kind. Hello to Hailstorm, tracking everything down to the last mile,
- and a more business-friendly Internet with prioritised
- packet-handling.  If this seems like too much infrastructure to
- change, it isn't. Not if the old protocol has been rendered useless
- and the new one can be implemented by an upgrade to your router.
- Vines IP - in many ways the basis for TCP/MS - was sufficiently close
- to regular TCP/IP that most routers only had to have a flash upgrade
- (to IOS, in the case of Cisco) in order to route Vines IP.  This will
- be an inconvenience, sure, but marketing types will see it more like
- another Y2K bug - an opportunity to sell, sell, sell.

-
- 
But won't the Internet Engineering Task Force (IETF) stop it from
- happening? No. The entire basis for setting standards on the Internet
- is to first put the new code in service, and then seek
- standardisation. There are no IETF rules that say 100 million plus
- computers can't run TCP/MS, and there is no deadline for
- standardisation. Once the right 100 million plus computers are
- running the new protocol, Microsoft won't have any reason to seek
- standardisation. Why not? It is Possible, for awhile, to run more
- than one protocol at a time. Take as examples of the coexistence of
- IPX and IP in Netware systems, or AppleTalk and IP in MacOS systems.
- Business will push for the new protocol, and the result will be that
- TCP/MS will become a de facto standard, and Microsoft will own the
- Net.

-
- 
And all you have to do to kick it off is implement raw socket
- support in the next shipping version of Windows, with the possible
- bonus of blaming any problems on UNIX code later.

-
- 
If business feels a need for the ability to have prioritised
- packet Delivery, and government (plus the Recording Industry
- Association of America) is uncomfortable with the notion of
- untraceable packets and connections, of course Microsoft is going to
- try to fill that niche.  Haven't you noticed how their ads have been
- trying to convince people that Microsoft software is amazingly stable
- and secure, and doesn't need minding? That's the image they're trying
- to build - solid as a bank.

-
- 
MS/TCP will ostensibly be a solution to the problems businesses
- are having with the Internet. It will assign priorities to packets.
- It will insure that all connections and packets can be traced,
- authenticated, and monitored. And since all these connections to the
- Internet have to be authenticated to someone, it will likely be
- hooked into a credit card or some sort of account, from which
- Microsoft can extract its price as the gatekeeper for the
- authentication via Hailstorm, Passport and .NET.

-
- 
But how will this stop the "I just e-mailed you a virus"
- problem? How does this stop my personal information being sucked out
- of my PC via cookies? It won't. Solving those particular problems is
- not the protocol's real purpose, which is to increase Microsoft's
- market share. It is a marketing concept that will be sold as the
- solution to a problem. It won't really work.

-
- 
Statement by the FSF about the Settlement in the USA

-
- 
The Microsoft Proposed Judgment has been designed by Microsoft to
- make its provisions useless or worse for free software. The following
- are the specific provisions of the Judgment to which the Foundation
- will be formally objecting in its filing under the Tunney Act, which
- will be made on or before January 28, 2002, and will be available at
- http://www.fsf.org and http://moglen.law.columbia.edu.

-
- 
Section III(D) of the Judgment provides that:

-
- 

-  Starting at the earlier of the release of Service Pack 1 for Windows
-  XP or 12 months after the submission of this Final Judgment to the
-  Court, Microsoft shall disclose to ISVs, IHVs, IAPs, ICPs, and OEMs,
-  for the sole purpose of inter-operating with a Windows Operating
-  System Product, via the Microsoft Developer Network
-  ("MSDN") or similar mechanisms, the APIs and related
-  Documentation that are used by Microsoft Middleware to inter-operate
-  with a Windows Operating System Product.  
- 

-
- 
The "sole purpose" requirement means that Microsoft does
- not have to make any such API information available to developers of
- software like WINE whose purpose it is to make a non-Microsoft OS
- inter-operable with applications written for Windows. This therefore
- excludes all measures to assist GNU/Linux to inter-operate with
- applications written for Windows, which would provide maximum
- competition in the OS market, which should be the objective of a
- competition-law remedy.

-
- 
Section III(E) of the Judgment provides that:

-
- 

-  Starting nine months after the submission of this proposed Final
-  Judgment to the Court, Microsoft shall make available for use by
-  third parties, for the sole purpose of inter-operating with a Windows
-  Operating System Product, on reasonable and non-discriminatory terms
-  (consistent with Section III.I), any Communications Protocol that
-  is, on or after the date this Final Judgment is submitted to the
-  Court, (i) implemented in a Windows Operating System Product
-  installed on a client computer, and (ii) used to inter-operate
-  natively (i.e., without the addition of software code to the client
-  or server operating system products) with Windows 2000 Server or
-  products marketed as its successors installed on a server computer.
- 

-
- 
This provision too means that GNU/Linux software developers are
- not going to have access to information about protocols implemented
- in Windows.

-
- 
Under III(I), the Judgment requires that

-
- 

-  Microsoft shall offer to license to ISVs, IHVs, IAPs, ICPs, and
-  OEMs any intellectual property rights owned or licensable by
-  Microsoft that are required to exercise any of the options or
-  alternatives expressly provided to them under this Final
-  Judgment
- 

-
- 
GNU/Linux developers have no rights under III(D) or (E) and thus
- are not entitled to license any rights from Microsoft.  Even if
- they were, however, III(I) only gives those rights provided that:

-
- 

-  
1. all terms, including royalties or other payment of monetary
-   consideration, are reasonable and non-discriminatory;

-  

-   2. the scope of any such license (and the intellectual property
-   rights licensed thereunder) need be no broader than is necessary to
-   ensure that an ISV, IHV, IAP, ICP or OEM is able to exercise the
-   options or alternatives expressly provided under this Final
-   Judgment (e.g., an ISV's, IHV's, IAP's, ICP's and OEM's option to
-   promote Non-Microsoft Middleware Products shall not confer any
-   rights to any Microsoft intellectual property rights infringed by
-   that Non-Microsoft Middleware Product);

-  

-   3. an ISV's, IHV's, IAP's, ICP's, or OEM's rights may be
-   conditioned on its not assigning, transferring or sub-licensing its
-   rights under any license granted under this provision;

-  

-   4. the terms of any license granted under this section are in all
-   respects consistent with the express terms of this Final Judgment;
-   and

-  

-   5. an ISV, IHV, IAP, ICP, or OEM may be required to grant to
-   Microsoft on reasonable and nondiscriminatory terms a license to
-   any intellectual property rights it may have relating to the
-   exercise of their options or alternatives provided by this Final
-   Judgment; the scope of such license shall be no broader than is
-   necessary to insure that Microsoft can provide such options or
-   alternatives.

-  

-   Beyond the express terms of any license granted by Microsoft
-   pursuant to this section, this Final Judgment does not, directly
-   or by implication, estoppel or otherwise, confer any rights,
-   licenses, covenants or immunities with regard to any Microsoft
-   intellectual property to anyone.

- 

-
- 
Here subsection (1), which establishes so-called
- "reasonable and nondiscriminatory" licensing, means only
- certain wealthy developers would be entitled to Microsoft API
- information.  Sub (2) repeats that no license will be given to any
- information for purposes except inter-operability with Microsoft
- OSs.  Sub (3) means that Microsoft can use licenses which prohibit
- implementing any of their APIs in GPL'd software, because they can
- refuse to permit any relicensing to downstream users, which GPL
- requires.  The final paragraph is intended to prevent us from ever
- arguing in future that the "nondiscriminatory" clause or
- any other part of this Judgment establishes an equitable right in
- free software developers to have access to Microsoft API
- information.

-
- 
Section III(J) of the Judgment says:

-
- 

-  
J. No provision of this Final Judgment shall:

-  

-   1. Require Microsoft to document, disclose or license to third
-   parties: (a) portions of APIs or Documentation or portions or
-   layers of Communications Protocols the disclosure of which would
-   compromise the security of anti-piracy, anti-virus, software
-   licensing, digital rights management, encryption or authentication
-   systems, including without limitation, keys, authorisation tokens
-   or enforcement criteria; or (b) any API, interface or other
-   information related to any Microsoft product if lawfully directed
-   not to do so by a governmental agency of competent
-   jurisdiction.

-  

-   2. Prevent Microsoft from conditioning any license of any API,
-   Documentation or Communications Protocol related to anti-piracy
-   systems, anti-virus technologies, license enforcement mechanisms,
-   authentication/authorisation security, or third party intellectual
-   property protection mechanisms of any Microsoft product to any
-   person or entity on the requirement that the licensee: (a) has no
-   history of software counterfeiting or piracy or willful violation
-   of intellectual property rights, (b) has a reasonable business need
-   for the API, Documentation or Communications Protocol for a planned
-   or shipping product, (c) meets reasonable, objective standards
-   established by Microsoft for certifying the authenticity and
-   viability of its business, (d) agrees to submit, at its own
-   expense, any computer program using such APIs, Documentation or
-   Communication Protocols to third-party verification, approved by
-   Microsoft, to test for and ensure verification and compliance with
-   Microsoft specifications for use of the API or interface, which
-   specifications shall be related to proper operation and integrity
-   of the systems and mechanisms identified in this paragraph.

- 

-
- 
Because the phrase "authentication/authorisation
- security" is so broad, Microsoft can refuse to give any
- developer of "Middleware" meant to secure inter-operation
- of free software with .NET any information whatever, or condition
- the grant on its own decision about the "commercial
- viability" of the firm. The GNOME Foundation, FSF, dotGNU,
- and all other non-profits would of course be entirely excluded.
- And Microsoft can claim a government-blessed monopoly over all DRM
- technology it dreams up with the content oligarchs, thus excluding
- all free software OSs from the world of multimedia altogether,
- which would make both Microsoft and Hollywood very happy.

-
- 
In short, the Proposed Judgment is a strategic attack on all the
- most crucial points, a critical part of Microsoft's campaign
- against free software. It doesn't just fail the Government's own
- objective of increasing competition in the line of commerce where
- the Government proved Microsoft was an illegal monopoly, it
- increases the monopolist's hold by giving blessing to all of
- Microsoft's measures to eliminate its one remaining, unique
- competitor.

-
-
-
-
+
+ +

+ C.3 An Interview with the Developers of Samba and Samba-TNG +

+ +

By Dr. Peter Gerwinski, FSF Europe.

+ +

+ In January 2002, I asked the developers of Samba and Samba-TNG about their + co-operation with Microsoft concerning inter-operability of their + respective products. This article is a summary of their answers. +

+ +

+ Dr. Andrew Tridgell and Andrew Bartlett have been working in + the Samba development team on adding Active Directory support to Samba + 3.0. +

+ +
    +
  • + Interoperability between Samba and Windows is currently far from being + seamless. +
    • + +
  • + Microsoft has published some information on how a Unix-like system can + add itself to an Active Directory domain. +
    • + +
  • + The small amount of documentation from Microsoft on the CIFS/SMB + protocol is completely inadequate for an inter-operable implementation. + Without this documentation other vendors, including the Samba Team, are + forced to spend an enormous amount of time on network + reverse-engineering of basic elements of the protocol. +
    • + +
  • + Microsoft provides some online documentation for its Kerberos PAC + extensions, but in order to get access to it, one must accept a license + whose restrictions render the documentation useless for most software + projects, including Samba. +
    • + +
  • + There is no protocol-level documentation for NT4 domains. Microsoft + sometimes claims that NT4 domains are documented, but what they are + referring to is the API documentation, which is almost completely + useless for non-Windows implementations. +
    • + +
  • + Most of the information needed to achieve inter-operability was obtained + by network reverse-engineering. +
    • + +
  • + In many cases, Microsoft creates complex protocols that make network + reverse-engineering difficult. It considers the protocols its own + private property and refuses to co-operate with other vendors on + standardisation, especially when non-Windows platforms are involved. +
    • +
+ +

+ Luke Kenneth Casson Leighton was the person in the Samba team who + has been responsible for the NamedPipes, DCE/RPC support, DCE/RPC + services, NTLMSSP etc. that are essential to providing Windows NT 4.0 + Domains and furthermore are still essential as support to Windows 2000 + Domains. He is the author of the book "DCE/RPC over SMB: Samba and + Windows NT Domain Internals", ISBN 1578701503 by MTP (New Riders + Group) which documents about 6-7 years of his work on Samba. Today he + works on a new project, "Samba-TNG", which aims to be a + successor of Samba. +

+ +
    +
  • + In July 1997, Luke Kenneth Casson Leighton followed the guidelines as + outlined in 90/EC/250 "to obtain information by means other than + reverse-engineering". He has been asking Microsoft for the + necessary information to obtain inter-operability for two months. He got + no reply. +
    • + +
  • + In early 2000 he asked Microsoft for the information necessary to obtain + inter-operability with Windows 2000 Domains. The reply was that this + information will definitely not be made available. +
    • + +
  • + Consequently, most of the information published in the book was obtained + by network reverse-engineering. +
    • + +
  • + This network reverse-engineering brought some security holes in Windows + NT to light which were reported to Microsoft. As a result of the + security fixes, the information obtained by network reverse-engineering + was no longer true. In order to find out the new specifications needed + to gain back inter-operability, Luke Kenneth Casson Leighton had + again to follow the 90/EC/250 guidelines, and finally had + again to obtain the information by network reverse-engineering. +
    • + +
  • + In one exceptional case, Microsoft itself was in need of an upgrade to + Samba and gave the developers some information which saved them about + two months of time. +
    • + +
  • + The protocols designed by Microsoft are highly dependent on each other. + They form five levels of - all undocumented - protocols which are + all needed to get seamless inter-operation. In other words: + Microsoft's protocols are designed to make inter-operation difficult. +
    • +
+ +

+ D The Death of TCP/IP
+ Why the Age of Internet Innocence is Over +

+ +

By Robert X. Cringely.

+ +

+ 2 August 2001, + http://www.pbs.org/cringely/pulpit/pulpit20010802.html +

+ +

+ As events of the last several weeks have shown, Microsoft Windows, e-mail + and the Internet create the perfect breeding ground for virus attacks. + They don't even have to exploit Windows flaws to be effective. Any Visual + BASIC programmer with a good understanding of how Windows works can write + a virus. All that is needed is a cleverly titled file attachment payload, + and almost anyone can be induced to open it, spreading the contagion. It + is too darned easy to create these programs that can do billions in + damage. The only sure way to fix the problem is to re-stripe the playing + field, to change the game to one with all new rules. Some might argue that + such a rule change calls for the elimination of Microsoft software, but + that simply isn't likely to happen. It's true that [GNU/]Linux and Apache + are generally safer than Windows 2000 and IIS, but Microsoft products + aren't going to go away. I promised you an answer to how to secure the + Internet, and I mean to come through. First, we'll start with the way I + would do it, then follow with a rumor I have heard about one way Microsoft + might want to do it. +

+ +

+ The wonder of all these Internet security problems is that they are + continually labeled as "e-mail viruses" or "Internet + worms," rather than the more correct designation of "Windows + viruses" or "Microsoft Outlook viruses." It is to the + credit of the Microsoft public relations team that Redmond has somehow + escaped blame, because nearly all the data security problems of recent + years have been Windows-specific, taking advantage of the glaring security + loopholes that exist in these Microsoft products. If it were not for + Microsoft's carefully worded user license agreement, which holds the + company blameless for absolutely anything, they would probably have been + awash in class action lawsuits by now. +

+ +

+ Of course, it is not as though Microsoft intended things to be this way. + No company deliberately designs bad products. But you must understand that + Microsoft limits its investments to things that will enhance a product's + market share. Every feature in Windows had to pass the litmus test, + "Does it increase market share?" Putting security safeguards in + their products evidently failed the litmus test, and therefore weren't + added. While it is true that virus authors will target platforms that give + them the most bang for their programming buck, the Windows platform has + virtually no security to even slow them down. I believe the lack of + security in Microsoft software was a deliberate business decision. +

+ +

+ Alas, things are only likely to get worse in the near term. So far, we've + been lucky in that most virus authors have been impatient and want to see + the immediate effects of their work. It is far more effective to be + patient and let the virus spread quietly for months. If the virus does + nothing, the defense against it will be slow and/or too late. If the virus + does very little on one's PC (for awhile), it won't be discovered easily. + It is also possible to make a stealth virus. I won't go into specifics for + obvious reasons, but if you think about how virus detection software + works, it isn't hard to trip it up. +

+ +

+ Even if 98 percent of the world's computers had current anti-virus + software (which they don't), the remaining two percent would still be + millions of devices capable of bringing down the entire Internet if + infected. +

+ +

+ And now, we have the impending release of Windows XP, and its problem of + raw TCP/IP socket exposure. As I detailed two weeks ago, XP is the first + home version of Windows to allow complete access to TCP/IP sockets, which + can be exploited by viruses to do all sorts of damage. Windows XP uses + essentially the same TCP/IP software as Windows 2000, except that XP lacks + 2000's higher-level security features. In order to be backward compatible + with applications written for Windows 95, 98, and ME, Windows XP allows + any application full access to raw sockets. +

+ +

This is dangerous.

+ +

+ Not only is it dangerous, it is unnecessary. What is wrong with telling + application developers, "Your application can't have access to raw + sockets," or, "When XP ships you need to have a non-raw socket + version ready for your customers," or, "If your application + needs to access raw sockets, these are the security rules and interfaces + you will have to use"? The bottom line is that Microsoft's choice to + provide access to raw sockets was based on the market share litmus test, + period. +

+ +

+ Unless this feature is changed before XP is released, it will mean that + millions of new computers will be manufactured as perfect little virus + machines. Virus authors who are anticipating these new PCs will be able to + pre-position their digital vermin to take advantage of the socket flaw as + the new machines appear. The result is that, in all likelihood, there will + be massive data security problems, as well as massive damage to files and + property, all as a result of Windows XP. But as consumers, guess what - we + won't even get a choice. Microsoft will require the PC makers to install + XP in the factory. It will come on your PC, and you won't have the choice + or option to pick something different. When Microsoft issues a new OS, it + is forced into the market. +

+ +

+ Here is my preferred solution for Internet security. We could implement a + secure user identity system precisely like telephone Caller ID. It would + be essentially an Internet ID. All Internet transactions could be based on + it. Anyone who sends me e-mail can be identified. Anything I send can be + traced to me. People wouldn't be forced to participate, but if they remain + anonymous, I might choose to block them. I certainly wouldn't accept file + attachments from them. I know you hate this idea, but I think the Internet + needs a fingerprint. It does not have to have personal information, but if + you break the law it can be traced to you. You can choose not to have a + fingerprint, but then your ability to communicate with others may be + limited - a price many people may choose to pay. +

+ +

+ I am not opposed to people being anonymous - just to anonymous people + receiving public assistance. Send all the anonymous love or hate mail you + like, but don't expect to attach a file. +

+ +

+ And what's with those file attachments, anyway? Replace mail clients and + APIs with secure models. The new model will not run attachments as they do + today. E-mail attachments should not have access to the e-mail client, + APIs, etc. Attachments should not have access to the operating system by + default. The user should approve the use of some APIs, like having to give + permission before device drivers are updated. +

+ +

+ Any application that wants to send bits onto the Internet must first be + permitted to do so. Applications would be registered to send outgoing + traffic. The applications would be limited by function and port. You would + register your e-mail program as the only application that could talk SMTP, + POP3, etc. If Microsoft Word wanted to send an e-mail, your e-mail program + would pop up, ask you to authenticate yourself and explicitly send the + message. At that point, you would be in complete control of what was + happening on your PC. For mail-enabled applications, there would be an + application user account registered on the post office. The account would + be unique, and registered to a unique application. +

+ +

+ If kids want to install an Internet game, the game's IP port would be + registered and permitted to operate, hopefully by the parent. If kids + wanted to install an Internet chat program, too bad - it wouldn't work if + Dad didn't want it to work. +

+ +

+ By default, under this scenario, your PC becomes a TCP/IP read-only + device. By running applications like Gibson's Zone Alarm you can - right + now - severely limit the use of TCP/IP by applications on your PC. And + what happens when you do so? Everything works just fine. So rather than + ripping the protocol stack wide open, let's do the exact opposite. + Restrict access to it. +

+ +

+ The only e-mail activity on my PC should be initiated by me, personally. + Nothing else should access my address book or send out messages without my + express permission. Microsoft will of course reject the idea, mostly + because it will fail the "increase market share litmus test." My + answer is, "Microsoft, if you do not take responsibility for locking + down your APIs, it will become obvious to the public and become a + detriment to your market share." +

+ +

+ Now to the other approach, the one some people attribute to Microsoft. I + am not making this up. The story came to me from people I have come to + trust, and I have looked into it closely enough to think it might have + some validity. But for the sake of keeping lawyers off my back, let's just + call it a rumor, and only use it as a basis for discussion. To be + perfectly clear, I am not claiming that the following is true - just that + I have heard it from more than one source, and think it accurately + characterises some past behaviors of Microsoft. Perhaps by bringing it + into the light, we can ensure that Redmond takes a more thoughtful course. + I certainly hope it is wrong. +

+ +

+ Programmers who ought to be familiar with Microsoft's plans have suggested + that the real motive for raw socket support is for Microsoft to use + Windows XP to exploit a bad situation, to deliberately make things worse. +

+ +

+ According to these programmers, Microsoft wants to replace TCP/IP with a + proprietary protocol - a protocol owned by Microsoft - that it will tout + as being more secure. Actually, the new protocol would likely be TCP/IP + with some of the reserved fields used as pointers to proprietary + extensions, quite similar to Vines IP, if you remember that product from + Banyan Systems. I'll call it TCP/MS. +

+ +

+ How do you push for the acceptance of a new protocol? First, make the old + one unworkable by placing millions of exploitable TCP/IP stacks out on the + Net, ready-to-use by any teenage sociopath. When the Net slows or crashes, + the blame would not be assigned to Microsoft. Then ship the new protocol + with every new copy of Windows, and install it with every Windows Update + over the Internet. Zero to 100 million copies could happen in less than a + year, and that year could be prior to the new protocol even being + announced. It could be shipping right now. +

+ +

+ Suppose you are a typical firm that also has some non-Microsoft servers. + You will want to use this new protocol between your Microsoft and + non-Microsoft servers. Microsoft could charge Sun millions to put TCP/MS + on their systems. Microsoft can promise open support, but make it + financially impractical. Then use it in a marketing attack against + competitors. Zero-Footprint network drivers, ODBC, and MAPI are examples + of Microsoft "open" standards that took years for non-Microsoft + firms to use. Almost anyone who would have wanted to use these open + standards has been driven out of business. Second part of the push for the + new protocol will be from AOL/Time-Warner, normally Microsoft's top + competitor - but not on this issue. AOL isn't really part of the grand + vision of the new protocol. It's just that if they get more of what they + want (paid accounts, music and video royalties), they won't object to + Microsoft pushing for secure authenticated connections. +

+ +

+ Third and most powerful part of the push for Microsoft's new protocol will + be action by Congress. They'll cite concerns of business, and hold up the + standard scare tactics of terrorists and child pornographers. They want + all connections, all packets to be traceable. Say goodbye to TCP/IP and to + anonymous connections of any kind. Hello to Hailstorm, tracking everything + down to the last mile, and a more business-friendly Internet with + prioritised packet-handling. If this seems like too much infrastructure to + change, it isn't. Not if the old protocol has been rendered useless and + the new one can be implemented by an upgrade to your router. Vines IP - in + many ways the basis for TCP/MS - was sufficiently close to regular TCP/IP + that most routers only had to have a flash upgrade (to IOS, in the case of + Cisco) in order to route Vines IP. This will be an inconvenience, sure, + but marketing types will see it more like another Y2K bug - an opportunity + to sell, sell, sell. +

+ +

+ But won't the Internet Engineering Task Force (IETF) stop it from + happening? No. The entire basis for setting standards on the Internet is + to first put the new code in service, and then seek standardisation. There + are no IETF rules that say 100 million plus computers can't run TCP/MS, + and there is no deadline for standardisation. Once the right 100 million + plus computers are running the new protocol, Microsoft won't have any + reason to seek standardisation. Why not? It is Possible, for awhile, to + run more than one protocol at a time. Take as examples of the coexistence + of IPX and IP in Netware systems, or AppleTalk and IP in MacOS systems. + Business will push for the new protocol, and the result will be that + TCP/MS will become a de facto standard, and Microsoft will own the Net. +

+ +

+ And all you have to do to kick it off is implement raw socket support in + the next shipping version of Windows, with the possible bonus of blaming + any problems on UNIX code later. +

+ +

+ If business feels a need for the ability to have prioritised packet + Delivery, and government (plus the Recording Industry Association of + America) is uncomfortable with the notion of untraceable packets and + connections, of course Microsoft is going to try to fill that niche. + Haven't you noticed how their ads have been trying to convince people that + Microsoft software is amazingly stable and secure, and doesn't need + minding? That's the image they're trying to build - solid as a bank. +

+ +

+ MS/TCP will ostensibly be a solution to the problems businesses are having + with the Internet. It will assign priorities to packets. It will insure + that all connections and packets can be traced, authenticated, and + monitored. And since all these connections to the Internet have to be + authenticated to someone, it will likely be hooked into a credit card or + some sort of account, from which Microsoft can extract its price as the + gatekeeper for the authentication via Hailstorm, Passport and .NET. +

+ +

+ But how will this stop the "I just e-mailed you a virus" + problem? How does this stop my personal information being sucked out of my + PC via cookies? It won't. Solving those particular problems is not the + protocol's real purpose, which is to increase Microsoft's market share. It + is a marketing concept that will be sold as the solution to a problem. It + won't really work. +

+ +

+ Statement by the FSF about the Settlement in the USA +

+ +

+ The Microsoft Proposed Judgment has been designed by Microsoft to make its + provisions useless or worse for free software. The following are the + specific provisions of the Judgment to which the Foundation will be + formally objecting in its filing under the Tunney Act, which will be made + on or before January 28, 2002, and will be available at + http://www.fsf.org and + http://moglen.law.columbia.edu. +

+ +

Section III(D) of the Judgment provides that:

+ +
+ Starting at the earlier of the release of Service Pack 1 for Windows XP or + 12 months after the submission of this Final Judgment to the Court, + Microsoft shall disclose to ISVs, IHVs, IAPs, ICPs, and OEMs, for the sole + purpose of inter-operating with a Windows Operating System Product, via + the Microsoft Developer Network ("MSDN") or similar mechanisms, + the APIs and related Documentation that are used by Microsoft Middleware + to inter-operate with a Windows Operating System Product. +
+ +

+ The "sole purpose" requirement means that Microsoft does not + have to make any such API information available to developers of software + like WINE whose purpose it is to make a non-Microsoft OS inter-operable + with applications written for Windows. This therefore excludes all + measures to assist GNU/Linux to inter-operate with applications written + for Windows, which would provide maximum competition in the OS market, + which should be the objective of a competition-law remedy. +

+ +

Section III(E) of the Judgment provides that:

+ +
+ Starting nine months after the submission of this proposed Final Judgment + to the Court, Microsoft shall make available for use by third parties, for + the sole purpose of inter-operating with a Windows Operating System + Product, on reasonable and non-discriminatory terms (consistent with + Section III.I), any Communications Protocol that is, on or after the date + this Final Judgment is submitted to the Court, (i) implemented in a + Windows Operating System Product installed on a client computer, and (ii) + used to inter-operate natively (i.e., without the addition of software + code to the client or server operating system products) with Windows 2000 + Server or products marketed as its successors installed on a server + computer. +
+ +

+ This provision too means that GNU/Linux software developers are not going + to have access to information about protocols implemented in Windows. +

+ +

Under III(I), the Judgment requires that

+ +
+ Microsoft shall offer to license to ISVs, IHVs, IAPs, ICPs, and OEMs any + intellectual property rights owned or licensable by Microsoft that are + required to exercise any of the options or alternatives expressly provided + to them under this Final Judgment +
+ +

+ GNU/Linux developers have no rights under III(D) or (E) and thus are not + entitled to license any rights from Microsoft. Even if they were, however, + III(I) only gives those rights provided that: +

+ +
+

+ 1. all terms, including royalties or other payment of monetary + consideration, are reasonable and non-discriminatory; +

+

+ 2. the scope of any such license (and the intellectual property rights + licensed thereunder) need be no broader than is necessary to ensure that + an ISV, IHV, IAP, ICP or OEM is able to exercise the options or + alternatives expressly provided under this Final Judgment (e.g., an + ISV's, IHV's, IAP's, ICP's and OEM's option to promote Non-Microsoft + Middleware Products shall not confer any rights to any Microsoft + intellectual property rights infringed by that Non-Microsoft Middleware + Product); +

+

+ 3. an ISV's, IHV's, IAP's, ICP's, or OEM's rights may be conditioned on + its not assigning, transferring or sub-licensing its rights under any + license granted under this provision; +

+

+ 4. the terms of any license granted under this section are in all + respects consistent with the express terms of this Final Judgment; and +

+

+ 5. an ISV, IHV, IAP, ICP, or OEM may be required to grant to Microsoft + on reasonable and nondiscriminatory terms a license to any intellectual + property rights it may have relating to the exercise of their options or + alternatives provided by this Final Judgment; the scope of such license + shall be no broader than is necessary to insure that Microsoft can + provide such options or alternatives. +

+

+ Beyond the express terms of any license granted by Microsoft pursuant to + this section, this Final Judgment does not, directly or by implication, + estoppel or otherwise, confer any rights, licenses, covenants or + immunities with regard to any Microsoft intellectual property to anyone. +

+
+ +

+ Here subsection (1), which establishes so-called "reasonable and + nondiscriminatory" licensing, means only certain wealthy developers + would be entitled to Microsoft API information. Sub (2) repeats that no + license will be given to any information for purposes except + inter-operability with Microsoft OSs. Sub (3) means that Microsoft can use + licenses which prohibit implementing any of their APIs in GPL'd software, + because they can refuse to permit any relicensing to downstream users, + which GPL requires. The final paragraph is intended to prevent us from + ever arguing in future that the "nondiscriminatory" clause or + any other part of this Judgment establishes an equitable right in free + software developers to have access to Microsoft API information. +

+ +

Section III(J) of the Judgment says:

+ +
+

J. No provision of this Final Judgment shall:

+

+ 1. Require Microsoft to document, disclose or license to third parties: + (a) portions of APIs or Documentation or portions or layers of + Communications Protocols the disclosure of which would compromise the + security of anti-piracy, anti-virus, software licensing, digital rights + management, encryption or authentication systems, including without + limitation, keys, authorisation tokens or enforcement criteria; or (b) + any API, interface or other information related to any Microsoft product + if lawfully directed not to do so by a governmental agency of competent + jurisdiction. +

+

+ 2. Prevent Microsoft from conditioning any license of any API, + Documentation or Communications Protocol related to anti-piracy systems, + anti-virus technologies, license enforcement mechanisms, + authentication/authorisation security, or third party intellectual + property protection mechanisms of any Microsoft product to any person or + entity on the requirement that the licensee: (a) has no history of + software counterfeiting or piracy or willful violation of intellectual + property rights, (b) has a reasonable business need for the API, + Documentation or Communications Protocol for a planned or shipping + product, (c) meets reasonable, objective standards established by + Microsoft for certifying the authenticity and viability of its business, + (d) agrees to submit, at its own expense, any computer program using + such APIs, Documentation or Communication Protocols to third-party + verification, approved by Microsoft, to test for and ensure verification + and compliance with Microsoft specifications for use of the API or + interface, which specifications shall be related to proper operation and + integrity of the systems and mechanisms identified in this paragraph. +

+
+ +

+ Because the phrase "authentication/authorisation security" is so + broad, Microsoft can refuse to give any developer of + "Middleware" meant to secure inter-operation of free software + with .NET any information whatever, or condition the grant on its own + decision about the "commercial viability" of the firm. The GNOME + Foundation, FSF, dotGNU, and all other non-profits would of course be + entirely excluded. And Microsoft can claim a government-blessed monopoly + over all DRM technology it dreams up with the content oligarchs, thus + excluding all free software OSs from the world of multimedia altogether, + which would make both Microsoft and Hollywood very happy. +

+ +

+ In short, the Proposed Judgment is a strategic attack on all the most + crucial points, a critical part of Microsoft's campaign against free + software. It doesn't just fail the Government's own objective of + increasing competition in the line of commerce where the Government proved + Microsoft was an illegal monopoly, it increases the monopolist's hold by + giving blessing to all of Microsoft's measures to eliminate its one + remaining, unique competitor. +

+ + - - @@ -21,104 +17,110 @@ - - - - - + - - + - - + - - + - - + - - - - - - - - - - - - - - - (/ = %) + + (/ = %) - - + + + - - - - - - + + + + + + + + + + + + + + + + + + - - - highlighted - + + highlighted + - + + - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + - - - - diff --git a/fsfe.org/activities/pdfreaders/pdfreaders.xsl b/fsfe.org/activities/pdfreaders/pdfreaders.xsl index 2adf8cbae3..3ec9deb8e1 100644 --- a/fsfe.org/activities/pdfreaders/pdfreaders.xsl +++ b/fsfe.org/activities/pdfreaders/pdfreaders.xsl @@ -1,52 +1,63 @@ - - - - + + - + - - + - - + - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + - - - + + + + + + @@ -55,16 +66,24 @@ - - - - - + + + + + + + + + + + + + + + - - diff --git a/fsfe.org/activities/pdfreaders/petition-sig-add.sh b/fsfe.org/activities/pdfreaders/petition-sig-add.sh index 0afd4e3632..c43bc7c073 100755 --- a/fsfe.org/activities/pdfreaders/petition-sig-add.sh +++ b/fsfe.org/activities/pdfreaders/petition-sig-add.sh @@ -1,11 +1,11 @@ #!/usr/bin/env bash # This script makes it easier to update the PDFreaders signatures. -# 1. Save the automatically sent emails (subject: [PDFReaders] petition -# signature) to a local folder. In Thunderbird, it should be +# 1. Save the automatically sent emails (subject: [PDFReaders] petition +# signature) to a local folder. In Thunderbird, it should be # extracted as .eml file per default # 2. Copy this script in the same folder and run it. -# 3. Manually check the new file (per default petition-sig.xml_NEW) if +# 3. Manually check the new file (per default petition-sig.xml_NEW) if # everythings looks fine. Delete test entries # 4. Insert the new entries in /activities/pdfreaders/petition-sig.en.xml # and sort them alphabetically. Vim can help you with that. @@ -13,44 +13,39 @@ # Coded by Max Mehl # License: GNU GPL v3 and newer - -FINALFILE="petition-sig.xml_NEW" # In this file the result is printed +FINALFILE="petition-sig.xml_NEW" # In this file the result is printed rm "$FINALFILE" -for f in *.eml -do - tr -d '\015' <"$f" >"1-$f" # Convert DOS to Unix line breaks - grep -A17 "Errors-To:" "1-$f" > "2-$f" # Remove everything except the message body - sed -e 's/Errors-To:.*//' -e '/./!d' "2-$f" > "3-$f" # Delete last header line and empty lines - - # Some messages are encoded in Base64. Decode them if necessary - base64 -d "3-$f" &>/dev/null - if [ "$?" == 0 ]; then - base64 -d "3-$f" > "4-$f" - else - cat "3-$f" > "4-$f" - fi - - # Extract names and surnames and remove them from unnecessary parts - NAME=$(grep "\sname=\".*\"" "4-$f") - NAME=$(echo $NAME | awk -F= '{ print $2 }') - NAME=$(echo $NAME | sed 's/"//g') +for f in *.eml; do + tr -d '\015' <"$f" >"1-$f" # Convert DOS to Unix line breaks + grep -A17 "Errors-To:" "1-$f" >"2-$f" # Remove everything except the message body + sed -e 's/Errors-To:.*//' -e '/./!d' "2-$f" >"3-$f" # Delete last header line and empty lines + + # Some messages are encoded in Base64. Decode them if necessary + base64 -d "3-$f" &>/dev/null + if [ "$?" == 0 ]; then + base64 -d "3-$f" >"4-$f" + else + cat "3-$f" >"4-$f" + fi + + # Extract names and surnames and remove them from unnecessary parts + NAME=$(grep "\sname=\".*\"" "4-$f") + NAME=$(echo $NAME | awk -F= '{ print $2 }') + NAME=$(echo $NAME | sed 's/"//g') + + SURNAME=$(grep "surname=\".*\"" "4-$f") + SURNAME=$(echo $SURNAME | awk -F= '{ print $2 }') + SURNAME=$(echo $SURNAME | sed 's/"//g') + + # Add
  • tags + echo "
  • $NAME $SURNAME
    • " >>"$FINALFILE.temp" + + # remove temporary files + rm 1-*.eml 2-*.eml 3-*.eml 4-*.eml - SURNAME=$(grep "surname=\".*\"" "4-$f") - SURNAME=$(echo $SURNAME | awk -F= '{ print $2 }') - SURNAME=$(echo $SURNAME | sed 's/"//g') - - # Add
  • tags - echo "
  • $NAME $SURNAME
    • " >> "$FINALFILE.temp" - - # remove temporary files - rm 1-*.eml 2-*.eml 3-*.eml 4-*.eml - done # Remove duplicate entries -sort "$FINALFILE.temp" | uniq -u > "$FINALFILE" +sort "$FINALFILE.temp" | uniq -u >"$FINALFILE" rm "$FINALFILE.temp" - - - diff --git a/fsfe.org/activities/pdfreaders/petition.xsl b/fsfe.org/activities/pdfreaders/petition.xsl index 4a9da9095c..04cdf00797 100644 --- a/fsfe.org/activities/pdfreaders/petition.xsl +++ b/fsfe.org/activities/pdfreaders/petition.xsl @@ -1,48 +1,38 @@ - - - - - + + + - - -

    - - () + +

    + ()

    -
      - - - -
    - -

    - - () +
      + + + +
    +

    + ()

    -
      - - - -
    - -

    - - () +
      + + + +
    +

    + ()

    -
      - - - -
    - +
      + + + +
    + - - + - @@ -50,7 +40,7 @@ lang lang - + diff --git a/fsfe.org/activities/publiccode/bea.xsl b/fsfe.org/activities/publiccode/bea.xsl index 1a3638da2a..415242eafb 100644 --- a/fsfe.org/activities/publiccode/bea.xsl +++ b/fsfe.org/activities/publiccode/bea.xsl @@ -1,14 +1,10 @@ - - - - + + - - diff --git a/fsfe.org/activities/radiodirective/statement.xsl b/fsfe.org/activities/radiodirective/statement.xsl index 4e4732b091..cc52744f0d 100644 --- a/fsfe.org/activities/radiodirective/statement.xsl +++ b/fsfe.org/activities/radiodirective/statement.xsl @@ -1,10 +1,7 @@ - - - - + + - diff --git a/fsfe.org/activities/swpat/documents.xsl b/fsfe.org/activities/swpat/documents.xsl index 06a40ad23d..64964aa825 100644 --- a/fsfe.org/activities/swpat/documents.xsl +++ b/fsfe.org/activities/swpat/documents.xsl @@ -1,41 +1,33 @@ - - - - + + - + - - + - + - ( - + ) - - - + - - + - diff --git a/fsfe.org/activities/swpat/memorandum.xsl b/fsfe.org/activities/swpat/memorandum.xsl index f7177532f6..f7afd0fa11 100644 --- a/fsfe.org/activities/swpat/memorandum.xsl +++ b/fsfe.org/activities/swpat/memorandum.xsl @@ -1,21 +1,24 @@ - - - - + + -
    - + + + + +
      - +
    - - + + + + +
      - +
    -     diff --git a/fsfe.org/activities/upcyclingandroid/individual-signatures.xsl b/fsfe.org/activities/upcyclingandroid/individual-signatures.xsl index eb7e13f4e1..958fd1ed90 100644 --- a/fsfe.org/activities/upcyclingandroid/individual-signatures.xsl +++ b/fsfe.org/activities/upcyclingandroid/individual-signatures.xsl @@ -1,10 +1,7 @@ - - - - + + - diff --git a/fsfe.org/activities/upcyclingandroid/openletter.xsl b/fsfe.org/activities/upcyclingandroid/openletter.xsl index 7108aa78a5..817ec09841 100644 --- a/fsfe.org/activities/upcyclingandroid/openletter.xsl +++ b/fsfe.org/activities/upcyclingandroid/openletter.xsl @@ -1,20 +1,17 @@ - - - - - + + + - + - - - - + + + diff --git a/fsfe.org/activities/whyfs/whyfs.xsl b/fsfe.org/activities/whyfs/whyfs.xsl index 49cb3e4e30..812e648cd5 100644 --- a/fsfe.org/activities/whyfs/whyfs.xsl +++ b/fsfe.org/activities/whyfs/whyfs.xsl @@ -1,10 +1,7 @@ - - - - + + - + - diff --git a/fsfe.org/activities/wipo/wipo.xsl b/fsfe.org/activities/wipo/wipo.xsl index 06a40ad23d..64964aa825 100644 --- a/fsfe.org/activities/wipo/wipo.xsl +++ b/fsfe.org/activities/wipo/wipo.xsl @@ -1,41 +1,33 @@ - - - - + + - + - - + - + - ( - + ) - - - + - - + - diff --git a/fsfe.org/activities/wipo/wiwo.xsl b/fsfe.org/activities/wipo/wiwo.xsl index cb44477c16..d638dd7051 100644 --- a/fsfe.org/activities/wipo/wiwo.xsl +++ b/fsfe.org/activities/wipo/wiwo.xsl @@ -1,22 +1,22 @@ - - - - + +

    - + + +

      - +
    -

    - + + +

      - +
    -     diff --git a/fsfe.org/activities/yh4f/index.xsl b/fsfe.org/activities/yh4f/index.xsl index d6e809f842..e062c548d5 100644 --- a/fsfe.org/activities/yh4f/index.xsl +++ b/fsfe.org/activities/yh4f/index.xsl @@ -1,9 +1,7 @@ - - - - - + + + @@ -13,14 +11,12 @@ - -
    -