PostNuke

Dear Vanessa and All Other Members of The Fabulous PostNuke Community:

I am an attorney-at-law, licensed by the State of Florida, and the United States District Court for the Southern District of Florida to engage in a multi-jurisdictional copyright and trademark practice. My practice focuses on cyberlaw (see http://cyberlaw.info). Nothing contained herein is legal advice, nor should it be relied upon without independent research and consultation with a licensed attorney. The following discussion is limited to the laws of the U.S.

I have been asked to comment upon the following hypothetical. If a person or entity (jointly and severally referred to hereafter as "Party A") creates a theme utilizing, or adds an original image or code to a GNU GPL program that was copyrighted subject to the GNU GPL ( see http://www.gnu.org/licenses/gpl.txt ), may another person or entity (Party "B") distribute Party A's distribution containing the new material without the permission of Party A because the entire work (including the new material added by Party A) has now become subject to the GNU GPL?

Also, you have asked me to assume the following notice appears on Party A's
work:

// ----------------------------------------------------------------------
// Copyright (c) 2002-2003 Party A
// http://partya.com
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
// See the GNU General Public License for more details.
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------

The pertinent portions of the GNU GPL are as follows:

"0. ... the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does."

"2. ... mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.

Pertinent Sections of United States Copyright Law:

Copyright protection extends to an "original work of authorship fixed in any tangible medium of expression. 17 U.S.C. 102 (a) at ( http://www4.law.cornell.edu/uscode/17/102.html ).

Copyrights are divisible (i.e. you can retain certain exclusive rights, but transfer others). See Section 17 U.S.C. 106 ( http://www4.law.cornell.edu/uscode/17/106.html).

Discussion:

The above license purports to convey via the GNU GPL rights to the "program."

Since copyright is divisible, we must first determine the meaning of the word "computer program." A definition for the term "computer program" is actually a question of fact that would need to be determined by a Court or jury. Dictionary.com defines computer program as follows: "computer program n : (computer science) a sequence of instructions that a computer can interpret and execute; "the program required several hundred lines of code" [syn: program, programme, computer programme]".

It can be argued that an image (which has been stored on digital media) is not a "program." It is data which is called by a program. It would be an anomalous argument to propose that a copyrighted picture taken by the owner of the program and was included in his distribution of his GNU GPL program could be used unless the owner consented.

Similarly, it follows that a presentation, template or display, which is created utilizing copyrighted programs, may not in and of itself be a "program."

Very generally, there is no impediment to obtaining independent copyrights for original works of authorship created by utilizing programs. If there were, Microsoft would be able to prosecute every author who submitted an original manuscript to a publisher in Word format and digital artists would be unable to copyright their works because they used a paint program.

Similarly, if someone creates a theme or skin that artistically rises to the level of an original work of authorship utilizing a program, the resulting theme or skin should be copyrightable separately from the program that created it. It could be argued that the skin, theme, or result is a new, original work of authorship fixed in a tangible medium of expression, and not a derivative or compilation of the original program (i.e. Word, Paint Shop Pro, or, for that matter, Autotheme).

Turning to paragraph 0. of the GNU GPL, licensing a program or work under its terms does not make all files included with the distribution subject thereto See paragraph 0., supra. In our hypothetical, the notice only refers to the "program", and not any particular resulting theme or image therein.

Turning to paragraph 2. of the GNU GPL, "the mere aggregation" of an original work of authorship which is not a derivative or compilation of the program with the program (or with a work based on the Program) on a ... distribution medium "does not bring the other work under the scope of the License." In plain English, this means that just because a distribution contains some files which are subject to the GNU GPL, NOT ALL files contained in the distribution may be so subject. This argument should also apply to data entered into the program to make it display an original work of authorship.

With respect to the language contained in the notice contained in Party A's distribution, a reasonable interpretation of same should lead a Court and/or jury to determine that a program is not the resulting theme, skin, etc., but a set of instructions that the "artist" utilizes to create same. Just because core code is distributed with additional files, or data is entered into existing code to make, draw or display the new skin on screen, should not, in and of itself, make the new files or data subject to the license. See GNU GPL paragraphs 0 and 2 above.

Pursuant to 17 U.S.C. 106, copyrights are divisible (i.e. you can retain certain exclusive rights, but transfer others). Accordingly, it could be argued that Party A's copyright in and to the theme or skin or image remains the sole and exclusive property of Party A. If the argument succeeds, those who violated Party A's exclusive rights (17 U.S.C. 106) in the resulting theme, display, image, skin, etc., face exposure to federal suit for copyright infringement.

Notwithstanding, the program code and modifications made thereto which are considered to be derivatives or compilations ARE subject to GNU GPL, unless the additional code merely "plugs-in" to the preexisting code, is "not based on preexisiting code," and is capable of "standing alone." Note, early cases did not hold telephone manufacturers liable for patent/copyright infringement because their pin out to wall jacks was identical to that of the other's pin out, allowing access to the other's network.

It would logically follow that a third party can utilize GNU GPL code to create an original work of authorship (i.e. a new theme) and obtain a copyright in the new material. However, if the resulting theme, display, image, and or template is similar to that which the artist has not released under the GNU GPL, the third party could be prosecuted for copyright infringement if that third party did not get consent (provided other procedural requirements are fulfilled).

It is worth mentioning that the creator of a program who initially released it under certain conditions, may be able to revoke same at any time (but this would require further research and is a topic for another discussion).

Elliot Zimmerman, Esq.
The Law Offices of Elliot Zimmerman, P.A.
5353 North Federal Highway, PH 405
Fort Lauderdale, FL 33308
http://cyberlaw.info
legal@cyberlaw.info

In this course he will start with a short introduction about PostNuke. Next he wil give a basic tutorial of how CE works and eventuallly will go indepth to the more advanced features of this module. Afterwards we all go to the pub and have a beer.

Date: May 15, 2004
Location: Amsterdam
Max number of people: 20 *
(at time of posting just 15 available spots left)

Cost: 10 euro (includes lunch, coffee and tea)
More info: http://postnuke.opencms.nl

Everybody is invited, but since the course is in Dutch and held in Amsterdam, I don't suppose many are interested...

To register for this course, see the posting on the main page of http://postnuke.opencms.nl

--- For the Dutch People----
BraveCobra, Projectleider van Content Express zal een IRL (In Real Life) presentatie houden over de mogelijkheden van Content Express.

In deze presentatie beginnen we met een korte introductie van postnuke. Vervolgens legt hij de basisfunctionaliteiten van Content Express uit, waarna we uiteindelijk nog dieper duiken in de meer geavanceerde mogelijkheden die Content Express kan bieden. Na afloop kan je vragen stellen en gaan we met zijn allen naar een barretje in de buurt (moet lukken in Amsterdam:) )

Datum: 15 mei
Locatie: Amsterdam
Max aantal inschrijvingen: 20 *(nog 15 plaatsen vrij als ik dit post)
Kosten: 10 euro (inclusief lunch,koffie en thee)
Meer info: http://postnuke.opencms.nl

Iedereen die klein beetje weet wat postnuke is en ga e.e.a. wat verder zou willen ontdekken is van harte uitgenodigt. (of als je gewoon een keer gezellig een biertje wilt doen met medepostnukers.)

Om je in te schrijven, zie de posting op onze hoofdpagina : http://postnuke.opencms.nl

The basic operation of ModSecurity is to sit in between the person requesting the webpage, and the webserver itself. There it analyses all requests coming to the webserver and checks them against a set of definable rules.

If the request passes all these checks then the page is served to the end user. If there is a match then ModSecurity can take a number of actions, including doing nothing, logging the request, or simply denying the request with an error message.

I highly recommended ModSecurity as a tool against hackers, it says it has a slight performance hit but in my testing it wasn't noticable at all. Obviously ModSecurity is only for those people who have root access to the server where their site is hosted, as it's a plugin module for Apache.

It's really a layer 7 firewall for your webserver and it does an excellent job. I've had a number of people try to exploit a website I run with a PostNuke hack (now fixed by the recent patch), it was stopped by ModSecurity though because the exploit when it connects to your site doesn't send a browser version and I had ModSecurity configured to deny all attempts to connect if no browser version was present.

Setting it up is quite easy, there's a few basic filters that come with it out of the box but you'll want to modify those and add new ones as you see fit.

I won't go into anymore detail here, if you're interested then please take a look at the ModSecurity website, it has everything you need to get ModSecurity setup and working to your needs.

Finally, another tool for those of us using Linux to serve up their PostNuke sites is a kernel patch called grsecurity. I won't go into all of it's features but it really is a brilliant piece of code. Should your webserver get hacked, grsecurity properly configured would make it very hard for the hacker to get themselves a rootshell or install any backdoors. If you understand how to compile your own Linux kernel you should really look at this patch, I use it on all my production servers.

I hope this short article will help some of you with the security of your PostNuke sites.

Regards,
Tim

petition: http://petition.eurolinux.org/index_html?LANG=en
participate: http://demo.ffii.org/online.php
demonstration: http://demo.ffii.org/brussels.php

The following are the changes in RC3:

Fixed : Missing quote in Xanthia init script preventing successful install under certain configurations
Fixed : Removed unneeded short urls global from all theme.php's
Fixed : Added ADODB error checks to queries during engine initialisation (pnuserapi.php). See note 1.
Fixed : Added check for valid engine object after engine initialisation (all theme.php's). See note 1.
Fixed : Added missing </head> tag in piterpanv2 theme (master.htm)
Fixed : Correct smarty variable case in table1 and table2 templates - prevented old style module output from displaying.
Fixed : .7x category/theme overides now work in Xanthia themes.
Updated : Many functions how have internal in memory caches to avoid repeated db queries. This enhances performance.
Updated : Xanthia themes now include header and footer html so master.htm now represents an entire page.
Updated : Xanthia now uses new database connection method (credit to Eric Barr for this code).
Updated : Output filters now only operate on the final master template to avoid repeated replacements on sub templates.
Updated : Engine now uses assign by reference on all dynamic content - reduces memory usage.
New : Caching of block zones, palettes and theme settings in pnTemp/Xanthia_Config via Generate Config Cache admin option.
New : Full page caching available via admin panel. Modules can be excluded from full page caching via the admin panel.
New : modulestylesheets plugin allows loading of per module stylesheets (stored in modules/<modname>/pnstyle).
New : New plugin to generate standard PN header and footer (additional_header, pagerendertime, lang, keywords, charset).
New : visual editor plugins for typetool v55 (PN .72x), typetool v8 (larsneo's new version) and htmlarea (.8x).

Download it here

One hurdle that eluded me for a while was how to offer translated phrases and words for labels in the database. In other words if I set what would normally be "General Forums" as "_GENFORUMS" in the database, how could I get the page to pre-process this translation correctly and pull the translation from PN's language files. The answer was fairly simple:

echo eval("return ".$cat_title.";");

Some of the other feature/benefits I wanted to accomplish were:

- The ability to set multiple languages and have them all display to the user (within whatever SITE language interface they normally used).

- The ability to select and store favorite sub-groups in any forum so that they see only those groups they have selected on return visits.

- The ability to designate moderators based on forum, group, and language.

- A file caching system for the main forum page to quicken loading (the group scan query is a bit long).

I still have some additional items to add of course. But I wanted to share this forum with the PN developer community as a source for ideas, etc. As my site is based on v7.03 (and heavily modified from that point) I don't think my code would be of much benefit in the new API scheme of things. I am not against sharing it if there is a demand. Provided those requesting it understand that it will NOT run on PN v7.2+ as it is. Nor would it even run on something older unless you made considerable db changes. Nothing I have done in this app is extremely complicated, in fact my code is likely full of amateurish stuff. But to me it's the idea that counts.

JIM STARKWEATHER (staff_jim@armorama.com)

Footnote: 1

The National B2B Centre provides free training in PostNuke and a free hosted PostNuke development environment for growing businesses to learn how to use PostNuke and develop their site. The Centre is currently helping 15 companies who are changing their current website into PostNuke or starting from scratch with PostNuke.

One of the companies the Centre has worked with is Salsa Dance Holidays (www.salsadanceholidays.com), a local company who changed their website, under training from Centre consultants, from basic HTML to a PostNuke website. You can read the case study at http://www.nb2bc.co.uk/pdfs/salsa.pdf.

To promote the free service and to raise awareness of open source content management systems, such as PostNuke, the Centre is running events about content management systems for small and mid sized companies. The first of these events ran recently with over 50 people attending.

Other open source applications are also being used by growing businesses through the guidance of The National B2B Centre. GIMP is being used for manipulation of images for the websites, Filezilla is being used for FTP and Nvu is being used as an HTML WYSIWYG editor.

The Press release for the free service can be found here: http://www.nb2bc.co.uk/pdfs/control.pdf

More information on the free service can be found here: http://www.nb2bc.co.uk/modules.php?op=modload&name=PagEd&file=index&page_id=15

If you’re a small to medium sized company in the West Midlands, UK and want to sign up for the free service please click here: http://www.nb2bc.co.uk/signmeup.