OSRC conducts open source training workshops and awareness-raising seminars

The OSRC conducts open source training workshops and awareness-raising seminars throughout various cities in Pakistan. In this regard, only federal, provincial or local government organizations, private organizations, NGOs and educational institutes willing to provide a training venue are eligible to apply to the OSRC. Individuals need not apply.

The training schedule for this year is currently being planned, and will soon be announced on OSRC’s website, and in newspapers. For more details, please visit http://www.osrc.org.pk/content/view/26/39/

OSRC’s launch Asterisk (Open Source PBX) Training Program

The Open Source Resource Center (OSRC) is a project of the Ministry of IT, executed by PSEB. It aims to promote open source solutions in the country. The OSRC provides technical assistance for the deployment of open source technologies. The OSRC brings together established technology vendors, start­ups, open source community members and enterprise IT users/customers to jointly explore new opportunities for OSS deployment and how to capitalize on

Majority of small/medium call centers in Pakistan are using, or are trying to use, opensource PBX, and the OSRC can fulfill the users’ demand for effective training in Asterisk.

The OSRC initially conduct its training program in the following cities:

OSRC participates in CIIT’s “Frontiers of Information Technology”

The OSRC team participated in an international conference and exhibition from 17-18 December 2007 at Marriott Hotel, Islamabad. Entitled “Frontiers of Information Technology”, it was organized by the COMSATS Institute of Information Technology (CIIT). Students presented their projects, foreign delegates presented research papers, and Brightspyre and Ikonami also displayed their stalls, among others. 

The OSRC networked among the participants, promoting awareness about open source and the OSRC’s training, migration and awareness-raising activities. Its open source software training toolkits, PSEB’s CDs regarding its various projects, and the industrial automation software, known as GBMS, prepared for PSEB by AZM, generated considerable interest at the OSRC’s stall at the event.


DocumentsDate added

MySQLhot!  MySQL, the most popular Open Source SQL database management system, is developed, distributed, and supported by MySQL AB. MySQL AB is a commercial company, founded by the MySQL developers. It is a second generation Open Source company that unites Open Source values and methodology with a successful business model.


PostgreSQL is a powerful, open source relational database system. It has more than 15 years of active development and a proven architecture that has earned it a strong reputation for reliability, data integrity, and correctness. It runs on all major operating systems, including Linux, UNIX (AIX, BSD, HP-UX, SGI IRIX, Mac OS X, Solaris, Tru64), and Windows. It is fully ACID compliant, has full support for foreign keys, joins, views, triggers, and stored procedures (in multiple languages). It includes most SQL92 and SQL99 data types, including INTEGER, NUMERIC, BOOLEAN, CHAR, VARCHAR, DATE, INTERVAL, and TIMESTAMP. It also supports storage of binary large objects, including pictures, sounds, or video. It has native programming interfaces for C/C++, Java, .Net, Perl, Python, Ruby, Tcl, ODBC, among others, and exceptional documentation.




sitemapThe basic idea behind open source is very simple. When programmers can read, redistribute, and modify the source code for a piece of software, the software evolves. People improve it; people adapt it; people fix bugs. Open source development is ideally suited to the infrastructure of the Internet and is becoming increasingly ubiquitous. It has the potential to move at speeds that put proprietary software development to shame.
What is the difference between open source software (OSS) and proprietary software?

Open source software is software where the source code is freely available. Users are free to make improvements and redistribute as long as they abide by certain conditions (see How does an open source licence work?). The most famous OSS is the operating system, Linux.
Conversely, the source code for proprietary software is generally kept secret. A user purchases only the compiled version of proprietary software and has no choice but to use the software ‘as is’.
What is the difference between source code and compiled code?

Source code is the high-level programming language that human programmers use to build computer programs. Anyone educated in a particular programming language (e.g. C++, java) can understand and edit source code in that language.
Compiled code is source code translated or compiled into a language that computers can understand (compiled code is also called binary code). No human can understand or edit compiled code. Even specialized programs, designed to reverse-compile, cannot reproduce perfect source code from compiled code.
How does open source software development work?

Sir Isaac Newton is famously quoted as saying: If I have seen further it is only by standing on the shoulders of giants. Open source software development embraces this principle. Open source is a community-centric development model, which encourages the free flow of knowledge and insight between all members. The open source model does away with organizations and central control, replacing them with open networks of individuals. Every individual can build on the work that has been done by others in the network; no time is spent reinventing the wheel.
The Open Source Model:

Figure 1: The Open Source Model: Source code is available to public. The public is free to make improvements.

The Closed Model

Figure 2: The Closed Model: The Microsoft source code is closely guarded. The User only receives a compiled version of the software. Modification is impossible.

In recent years, the linking of individuals has been enhanced by the Internet’s high-speed data capacity and omnipresence. With efficient networking infrastructure in place, the collaborative open source model has limitless potential. In fact, over the last decade open source software licences have been embraced internationally and are already in force for thousands of computer programs.

What is the free software movement?

In 1984, Richard Stallman started the GNU project. The GNU project’s goal was, simply put, to make it so that no one would ever have to pay for software. The first step was to develop a complete UNIX style operating system, the GNU system. The GNU system would become the first ‘free’ software.

In Copyleft: Pragmatic Idealism, Stallman describes the motivation behind free software:

My work on free software is motivated by an idealistic goal: spreading freedom and cooperation. I want to encourage free software to spread, replacing proprietary software that forbids cooperation, and thus make our society better.

Stallman expands on why free software makes society better:

What does society need? It needs information that is truly available to its citizens—for example, programs that people can read, fix, adapt, and improve, not just operate. But what software owners typically deliver is a black box that we can’t study or change. Society also needs freedom. When a program has an owner, the users lose freedom to control part of their own lives. And above all society needs to encourage the spirit of voluntary cooperation in its citizens. When software owners tell us that helping our neighbours in a natural way is “piracy”, they pollute our society’s civic spirit.

How does ‘free software’ differ from ‘open source’?

The difference between the movements is not concrete. The ‘open’ collaboration model used for software development is the same for both free software and open source. The only pronounced distinction is ideological. ‘Free software’ software development is motivated by an altruistic desire to improve society at large; society comes first and individual commercial gain is a distant second (to put it mildly). ‘Open source’ development is motivated by a belief that the development model is superior to proprietary models. The open source movement is an offshoot of the free software movement. It puts a more pragmatic, less dogmatic face on the development model, making it more palatable to mainstream developers. Nevertheless, much of the present success of the ‘open source’ movement is due to the Free Software Foundation doggedly championing the framework.

The Open-Source Licence

How does an open source licence work?

Traditionally, copyright has been employed to reserve all copyright for sale (all rights reserved) in connection with an original work. Conversely, an open source licence is a legal instrument used to make a work freely available. The term ‘free’ does not mean free of charge. It refers to a user’s freedom to run, copy, distribute, study, change and improve the software without the payment of a royalty or obtaining express permission.

Open-source licences make use of the copyright rights applicable to computer programs to secure several standard conditions. Anyone can copy, distribute, and modify open source software as long as they abide by the conditions. The conditions ensure that successive developments of source code may remain available for additional improvement. Anyone violating the conditions may be subjected to legal repercussions under copyright law.

How does software qualify as open source?

There is no standard licence which software must use in order to qualify as open source. The Open Source Initiative (OSI) acts as the gatekeeper for the definition of open source software. Presently, there are upwards of 40 different open-source licences who meet the OSI’s open source definition. The ten criteria for open source software are described on the OSI site. In order for software to qualify as open source, a developer must abide by the 10 criteria. The two major requirements are:

royalty-free redistribution (including source code), and
modifications and derived works.
Freely available source code

OSS software must make its source code freely-available. Royalty-free distribution of source code is integral to open source development. Without the source code, improvement on existing software is impossible.

Modifications and derivative works

The other fundamental requirement for open source software is that a user must be able to modify or otherwise create derivative works. Though not a requirement to qualify as an open licence, many OSS licences, such as the GPL, also make sharing-alike mandatory. This means that in exchange for a user being able to build upon or modify existing OSS, the user is required to make the new software, the derivative work, available under the same licence as the existing OSS. These types of open-sources licences are referred to as copyleft. Licences which do not stipulate that a licence analogous to the parent is required to be placed on derivative works are called non-copyleft licences. They do not carry any restrictions on derivative works. Both copyleft and non-copyleft are open source licences.

Copyleft licencing

Figure 3: Copyleft licencing: an open source licence (like the GPL) becomes attached to every program that incorporates open source code or code derived from open source code. Pink programs have come under the jurisdiction of the GPL.

While mandating that ‘sharing-alike’ is advantageous to the free software community because it ensures that no one can build upon the community’s code base without contributing their own modifications back to the public commons, it is also important that people be given the choice to use non-copyleft licences.

What is the difference between the open-source licences?

The expansive suite of open-source licences vary in restrictiveness and specificity. On the relaxed end of the spectrum is the Berkeley Software Distribution (BSD) licence, which allows licencees to create private derived works (i.e. commercial software with unpublished source code) and does not require that changes to the public version be published in any form.

On the other end is the GNU General Public Licence (GPL) licence, which creates an obligation to distribute, without fee or additional licence terms, the source code of all derivative works.

In between the BSD and the GPL on the spectrum of restrictiveness, is the Mozilla Public licence (MPL). Changes to MPL-covered source must be made freely available on the Internet. The MPL, however, is non-viral: additions to (as opposed to modifications of) the ‘MPL-licenced source’ to create a larger work may be licenced differently and need not be published at all.

Comparison of the three open-source licences

Figure 4: Comparison of the three open-source licences.

Can you still sell work that is available under an open source licence?

An open-source developer can commercially licence software already available under an open-source licence. The commercial licence would ‘sell’ use of the software without the conditions imposed by the open source licence. This practice is known as dual-licensing. Open-source licences are not intended to ban commercial use. As a general rule, open source can be used commercially as long as the authors get a cut. However, commercial licencing can get complicated if the OSS has multiple components by different authors and under different licences.

Are open-sources licences a waiver of rights?

No, there is no waiver of rights. The open source licence is a unilateral contract which conditionally grants permission to exercise certain copyrights.

Are open-source licences legally valid?

There has been no direct legal challenge to open-source licences in Canada or in the United States. However, open-source licences are conceptually similar to clickwrap and shrinkwrap licences. All three licences are regarded as unilateral contracts. The software developer sets the terms and a potential licensee may ‘unilaterally’ take them or leave them. The three licences differ in the ways they are presented to and accepted by a user.

Modes of Licensing

Clickwrap licences utilise popup boxes. Whenever an individual attempts to install and/or run clickwrap software, a pop-up box opens up with instructions and the text of the licence. When the individual presses an ‘OK’ button, they have signalled their acceptance of the licence.

Shrinkwrap licences are licences that are printed on the outside of software boxes or plastic ‘shrink-wrap’ packaging. Ostensibly, an individual reads the licence before opening the packaging and by proceeding to open the packaging the individual signals their acceptance of the licence.

Open-source licences can be indicated to an individual in a number of different ways: in a README document, in the source code itself, in a popup when the compiled code is executed, etcetera. An individual indicates acceptance when they modify or distribute the software.

The Case Law

Clickwrap licences have been upheld in Canada. In Rudder v. Microsoft, a clickwrap licence was found to be legally enforceable. The text of the clickwrap agreement was held to be analogous to ‘fine print’ in a written contract.

Shrinkwrap licences have not yet received judicial consideration in Canada but they have been upheld in the U.S. In ProCD v. Zeindenberg and subsequent American cases, shrinkwrap licences have been found legally enforceable so long as the consumer is provided with:

proper notice of the licence
adequate time to review and decide whether to assent to the licence’s terms
the opportunity to return the software for a full refund if the terms are unacceptable
Table 1: A comparison of the unilateral contracts used to licence software.

Presentation Acceptance Canadian Validity American Validity
Clickwrap licence Pop-up window Clicking the ‘OK’ button OK OK
Shrinkwrap licence Attached to packaging Opening the packaging Unknown OK
Open-source licence Variable: in source code, pop-up window, packaging, etc Modifying or distributing the softwareUnknown Unknown Unknown
Note that in ProCD and the other unilateral licence cases, the contentious issues were procedural. The question asked was, ‘should the licencees have known what they were getting into?’ The actual substantive terms of the licences were not in question. The terms and conditions of open source licences, such as the GPL, have not yet received judicial scrutiny and, as a result, remain legally uncertain.

Jurisdictional Issues

Most open-source licences are intended to be jurisdiction neutral; they contain no jurisdictional provisions. Jurisdictional provisions can be used to avoid jurisdictional complexity by establishing a choice-of-law rule by agreement. The presence of such provisions is helpful, but is ultimately not required.

Advantages and Disadvantages of Open-Source Software

What are the advantages of OSS?

Open-source developers have the opportunity to build on each other’s ideas. The availability of OSS source code allows a worldwide community of open-source developers to participate in peer-distribution, peer-review, and peer-production. A program can be improved and redistributed ad infinitum, benefiting the entire community. As the open source model of openness and collaboration expands, the quality of OSS products also improves.

The issue of overall quality aside, OSS has four inherent advantages over proprietary software. First, open-source software is considerably less expensive than proprietary alternatives. For example, Linux can be installed for free while Microsoft’s Windows operating system can cost thousands of dollars a month to license. Second, access to underlying source code means users can detect and fix programming bugs; also, OSS can be tailored to a user’s specific needs, and upgrades happen at a pace chosen by the user, not the vendor. Third, the transparency of OSS improves security because security flaws can be detected and corrected. Fourth, open source allows users to be flexible in their choice of vendors. If users are not happy with the service they receive from Red Hat, they can choose another Linux vendor. This prevents users from becoming overly dependent on their technology or support contracts.

What are the disadvantages of OSS?

Liability for intellectual property infringement

The typical open source project contains contributions from many people. It is almost impossible to audit the entire code base for violations of previous licence conditions. This creates many opportunities for contributors to introduce infringing code. Thus this risk in the development process is largely borne by licencees. Contributors do not vouch for the integrity of the code they contribute to the project; in fact, the opposite is true — the standard open-source licence is designed to be very protective of the contributor. The typical licence agreement does not include any intellectual property representations, warranties or indemnities in favour of the licencee; instead, it contains a broad disclaimer of all warranties that benefits the licensor/contributors.

Recent litigation in the U.S. highlights this risk. There has been a flurry of lawsuits surrounding the SCO Group’s (SCO) claim that its proprietary code was incorporated into the open-source Linux operating system. SCO has also claimed general invalidity of the GPL, although it is not clear that SCO will persist with this assertion.

No guarantee of quality or fitness

Some open source software projects, such as the Linux initiative, have one or more stewards who monitor code quality and track bugs. Other initiatives, however, are the product of hobbyists and do not enjoy the same code quality and rigorous testing protocol. Without contractual commitments of quality or fitness, the licencee must accept the risk that the software contains fatal errors, viruses or other problems that may have downstream financial consequences.

Copyleft Licencing

As mentioned above, some open-source licences, such as the GPL, require licencees to provide royalty-free copies of their derivative works in source code form for others to use, modify and redistribute in accordance with the terms of the parent licence agreement (see Figure 3). This licensing condition makes it very difficult for companies in the commercial software business to use such open source software as a foundation for a business. As a result, companies may be concerned that the use of OSS within, or in connection to, their proprietary programs may convert their entire code base into a “derivative work” which would need to be made available royalty-free.

Conference on Hacking and Security – CHASE 2007, Lahore, 1-3 February 2008

Hacking and information security is one of the fastest-growing professions in the world. The Conference on Hacking and Security – CHASE 2007, held in Lahore from 1-3 February 2008, set the stage for an assembly of professionals in this important field. 

In its two presentations, the OSRC team briefed the participants about:

  • The Government of Pakistan’s open source initiatives, its outcomes and future plans
  • Free and open source security software and tools

Apart from presentations, CHASE – 2007 conducted training workshops on two different tracks:

  • [Un]Ethical Hacking – How it all works
  • Packet Sniffing – Network traffic processing and analysis

The OSRC team distributed fifty open source software training toolkits, also available online, among the participants. The OSRC was the event’s platinum sponsor, along with eSecurity, Netmag and Nexlinx.

For more information, please visit http://www.chase.org.pk

PHP 5.2.1 and PHP 4.4.5 Released

The PHP development team would like to announce the immediate availability of PHP 5.2.1 and availability of PHP 4.4.5. These releases are major stability and security enhancements of the 5.x and 4.4.x branches, and all users are strongly encouraged to upgrade to it as soon as possible. Further details about the PHP 5.2.1 release can be found in the release announcement for 5.2.1, the full list of changes is available in theChangeLog for PHP 5. Details about the PHP 4.4.5 release can be found in the release announcement for 4.4.5, the full list of changes is available in the ChangeLog for PHP 4. 

Security Enhancements and Fixes in PHP 5.2.1 and PHP 4.4.5:

  • Fixed possible safe_mode & open_basedir bypasses inside the session extension.
  • Fixed unserialize() abuse on 64 bit systems with certain input strings.
  • Fixed possible overflows and stack corruptions in the session extension.
  • Fixed an underflow inside the internal sapi_header_op() function.
  • Fixed non-validated resource destruction inside the shmop extension.
  • Fixed a possible overflow in the str_replace() function.
  • Fixed possible clobbering of super-globals in several code paths.
  • Fixed a possible information disclosure inside the wddx extension.
  • Fixed a possible string format vulnerability in *print() functions on 64 bit systems.
  • Fixed a possible buffer overflow inside ibase_{delete,add,modify}_user() functions.
  • Fixed a string format vulnerability inside the odbc_result_all() function.

Security Enhancements and Fixes in PHP 5.2.1 only:

  • Prevent search engines from indexing the phpinfo() page.
  • Fixed a number of input processing bugs inside the filter extension.
  • Fixed allocation bugs caused by attempts to allocate negative values in some code paths.
  • Fixed possible stack/buffer overflows inside zip, imap & sqlite extensions.
  • Fixed several possible buffer overflows inside the stream filters.
  • Memory limit is now enabled by default.
  • Added internal heap protection.
  • Extended filter extension support for $_SERVER in CGI and apache2 SAPIs.

Security Enhancements and Fixes in PHP 4.4.5 only:

  • Fixed possible overflows inside zip & imap extensions.
  • Fixed a possible buffer overflow inside mail() function on Windows.
  • Unbundled the ovrimos extension.

The majority of the security vulnerabilities discovered and resolved can in most cases be only abused by local users and cannot be triggered remotely. However, some of the above issues can be triggered remotely in certain situations, or exploited by malicious local users on shared hosting setups utilizing PHP as an Apache module. Therefore, we strongly advise all users of PHP, regardless of the version to upgrade to the 5.2.1 or 4.4.5 releases as soon as possible.

OSRC conducts open source training workshops and awareness-raising seminars

The OSRC conducts open source training workshops and awareness-raising seminars throughout various cities in Pakistan. In this regard, only federal, provincial or local government organizations, private organizations, NGOs and educational institutes willing to provide a training venue are eligible to apply to the OSRC. Individuals need not apply. 

The training schedule for this year is currently being planned, and will soon be announced on OSRC’s website, and in newspapers. For more details, please visit http://www.osrc.org.pk/content/view/26/39/

Sun Solaris 10 Intermediate System Administration Training Workshop

NUST Institute of Information Technology in partnership with Techaccess Pakistan is offering a five days Sun Solaris 10 Intermediate System Administration training workshop. This training workshop is meant for professionals and system administrators from commercial and academic institutes. The Solaris Operating System (Solaris OS) is used by many leading companies to offer high levels of reliability, availability, security, and scalability. The participants will learn how to provide and maintain their domain specific application and services on systems running Solaris. Training will prepare the participants to become Sun Certified System Administrator. Such administrators are in high demand in the local and international industry. 

The course contents are:

  • Using Components of the Desktop System
  • Manipulating and Managing Files and Directories
  • Searching and Process Manipulation
  • Working With the Shell
  • Archiving Files and Remote Transfer
  • Managing File Systems
  • System Boot Procedures
  • Performing User and Security Administration
  • Managing Printers and System Processes
  • Archiving and Restoring the System
  • Intermediate System Administration for the Solaris 10 OS x64/x86-Based Systems Differences

For more information, please visit http://www.niit.edu.pk/sun.

OSRC’s Open Source Security Program, 9-11 June 2009, Karachi

The OSRC launched its free-of-cost Open Source Security Program from 9th-11th June 2009 in Karachi. Its objective is to develop awareness regarding the basic concepts in IT security, with a focus on using open source security tools. Over 40 participants represented organizations such as IBA, SUPARCO, PSEB’s member companies, Bahria University, and Balochistan University of Information Technology and Management Sciences. Sir Syed University volunteered its 60 computers’ laboratory at the professionally-managed event.