Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page
Other stuff:
Recent features: Here is the permanent site for this page.
|
Leading itemsThe trademark "Linux" has been registered in Germany by a company called "Channel One Gmbh." Needless to say, this registration stirred up a bit of excitement - any attempt to take over the Linux trademark anywhere in the world is sure to annoy a lot of people. In this case, it would appear that there is no cause for alarm. This press release (in German) (unreliable Babelfish translation here) from Channel One says that they registered the mark because they had learned that some other (unspecified) company, with less benign intentions, was about to put in a trademark registration of its own. Rather than let the "Linux" trademark be taken over, they picked it up themselves. The proof of Channel One's intentions, of course, can be measured by how quickly they transfer the trademark over to Linus Torvalds. Meanwhile, it seems certain that this sort of problem will come up again. There are a lot of countries out there. "Linux" likely remains unregistered in many of them. Chances are good that somebody with poor intentions will pick up on one of them eventually. Even if such a registration can be overturned, it is a major waste of effort to have to do that. Tracking the status of the Linux trademark seems like a job made to order for Linux International. Some effort put in now could go a long way toward avoiding unpleasant incidents in the future. IBM has announced a "Red Hat Certified" laptop. The announcement that the Thinkpad 600E has been certified generated quite a bit of press interest, and this certification was held up as an advance for IBM and Linux both. In theory, this certification means that "no special effort" is required on the part of the user to make Linux run on that particular system. Interestingly, that is very much not the case with this laptop. A look at IBM's guide to installing Linux on the Thinkpad 600E will make it clear that some special effort will indeed be required. The document is lengthy and detailed, containing the various steps required to get sound, APM, and PCMCIA working properly. These steps involve creating a new init script and updating both the kernel and the PCMCIA subsystem. Hard-core Linux nerds will not find these steps to be much of a "special effort," but many other users are likely to feel differently. Perhaps most significantly: no amount of "special effort" will make the modem work. It is a "WinModem" - a modem that requires most of the signal processing to be done by the central processor. There is no reason why such modems shouldn't work under Linux, except one: the interface information for these modems has not been made available by their manufacturers. This information is all protected under non-disclosure agreements; thus, no Linux driver can be written. IBM is to be commended for providing such a highly-detailed page on how to make Linux work on their hardware. If all manufacturers behaved this way, life in the Linux World would be much easier. This information is a step above what is normally available, and it is welcome. But it seems inappropriate to certify this system as "Red Hat compatible." It can only be made to run that distribution after a substantial amount of effort, and a crucial component - the modem - can not be made to work at all. This is, it would seem, a weak definition of "compatibility." If Red Hat is willing to award "compatible" status to a system which is this difficult to make work, they will be doing harm to both themselves and the Linux community as a whole. "Red Hat Compatible" is a promise that Linux will work on this system. Laptops, still, are not cheap. Any user who invests a chunk of money based on the "compatible" promise, and who subsequently discovers that very little works out of the box, will feel deceived. The numbers of disappointed (possibly ex-) users will increase, and "Red Hat compatible" will be recognized as having little meaning. One other question that has come up is why is the Thinkpad certified only by Red Hat? Some fear, once again, that Red Hat is taking over everything. The straightforward answer, though, would seem to be that no other distribution has established a similar certification mechanism. If only Red Hat certifies hardware, hardware will only have Red Hat certification. The one alternative that is worth a look here is KeyLabs' Linux certification program. KeyLabs claims to be vendor-neutral, though readers of their web pages may suspect a relatively close relationship with their neighbors at Caldera. Their Linux Compatible Hardware page shows a fair number of systems which have been tested against one or more distributions. Vendor-independent testing by companies like KeyLabs is a hopeful way forward. Currently, however, very few people have heard of KeyLabs, and most consumers do not look for the KeyLabs seal of approval prior to making a purchase decision. Perhaps some sort of serious marketing campaign is needed before people will start looking for this certification. Update: Dave Sifry at Linuxcare wrote in to slap us (gently) upside the head for not mentioning the Linuxcare Labs certification program, which also does vendor-neutral hardware certification. See their list of certified hardware to see what they have been up to. LWN regrets the omission. (See also: press articles in Salon, ZDNet, and News.com; and the certification report on Red Hat's site - unavailable as of this writing due to Hurricane Floyd). The Atlanta Linux Showcase is less than a month away. The LWN will be there, with our first booth on the exhibit floor. As a result, we're also looking for volunteers, both those willing to help us with booth duty and those interested in helping put together reports from the conference talks, interviews from exhibitors on the floor and more. If you've always thought doing a little bit of writing for the LWN would be fun, here's your chance! This Week's LWN was brought to you by:
|
September 16, 1999
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Security page. |
SecurityNewsDebian has released a new stable version of Debian Gnu/Linux, version 2.1r3, primarily to bundle together all the security-related updates that have come through since the release of Debian 2.1. This release does not contain new functionality, just bug fixes, and is highly recommended for any site currently running 2.1 if you don't already have all related patches installed. If you want to install Debian from scratch, this update should save a lot of post-installation work to get in all the needed security updates.Postfix, and why it is a preferred alternative to sendmail, is the focus of this article, by Kurt Seifried. He focuses on the improvements postfix brings in security and configurability and the ease of which postfix can be dropped in as a replacement for sendmail. " find a typical Postfix conversion takes around 10 minutes for most sites (assuming you use an RPM and don't have to compile it), and have yet to encounter any major disasters (although I have found several small to medium sized glitches). " He also reports back on the current state of the postfix license, which caused some initial concern. "Previous versions had a rather ugly termination clause, which prevented wide spread acceptance of Postfix, however this has been removed and Postfix is now "safe" to use. You can distribute the software, develop it, make changes and so forth, the only catch being that you must contribute any changes back to IBM (rather reasonable since they paid Wietse to develop it). " Security ReportsA shared memory-based Denial-of-service attack has been posted to BugTraq and demonstrated on Linux systems. Currently, there are no effective limit on shared memory currently exists, since shared memory segments can be created without being bound to a process. Henrik Nordstrom posted a patch for Linux 2.2.12 which adds a procfs entry for "tuning the limit of shared memory allocable", freeing unreferenced shared memory pages and getting information on when they were created and by whom. A minor bug in gftpd can result in the display of your password in plain text or saved in plain text to your logfile. The author of gftp has released an update to fix this. For more information, check out Oscar Haeger's BugTraq posting. Last week's release of ProFTPD 1.2.0pre5 has quickly been followed by the release of ProFTPD 1.2.0pre6. Details on the changes in the latest version have not yet been posted, but they are again security related. Given the length of the list of changes made in pre5, this may just be catching some minor oversights. Commercial software reports have come in on Netscape Enterprise Server 3.6, and CDE. The CDE problems resulted in the release of this CERT advisory, since the vulnerabilities can result in unauthorized access to root privileges. UpdatesLinuxPPC has issued new updates for problems with INN and ProFTPD. The ProFTPD updates contain the latest version, 1.2.0pre5.Some buffer overrun problems have turned up in the mars_nwe (Netware) package. So far, we've seen updates from Yellow Dog Linux and Red Hat. Yet more updates to XFree have come out from Red Hat. These include the XFree 3.3.5 packages, but are marked as security-related, so an update is recommended. SuSE released a new PINE update to fix the PINE vulnerabilities reported in June. The new package fixes a problem with the original update which broke support for IMAP. ResourcesLinux Administrator's Security Guide has been moved over to Security Portal and is now available in HTML form (previous versions were distributed in PDF form). Major updates to the Guide are also promised in the near future.Stack Shield 0.5 has been announced. Stack Shield is an alternative to Stack Guard; both help make a system less vulnerable to buffer overflow and related problems. Linux Audit Beta 0.1 is an early release of a package to support auditing under Linux. It requires Linux kernel 2.3.5, plus a patch, to run. The unix-virus mailing list has been started. The charter indicates that it will be discusses the "virus in the unix environment". This may, of course, be aimed towards anti-virus developers who are now supporting code to run on Unix and Linux systems and find Windows or MacIntosh viruses. Although not theoretically impossible, it seems unlikely that a mailing list could keep active talking about Unix-based viruses ... Also note that the URL provided for the list was incorrect. An update, posted later, indicated that the website for the mailing is http://virus.beergrave.net/. EventsSection Editor: Liz Coolbaugh |
September 16, 1999
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Kernel page. |
Kernel developmentThe current development kernel version is 2.3.18, released on September 10. This is a relatively small patch for modern times - just over 1MB uncompressed, changing 401 files. But it has some interesting stuff:
All of the above, however, was overshadowed by the other news: the 2.3 feature freeze is now in effect. Linus announced his intention to get the freeze off to a solid start by taking a two-week vacation, and dumping all of his mail when he gets back. So there is no point in even trying to get him to incorporate new features into the system. The plan is that the freeze turns into a hard code freeze in a couple of months, with a release still set for the end of the year. Maybe we really will have a "stocking stuffer" kernel for Christmas this time around. Alan Cox has restarted his "ac" kernel patch series in the hope of having a coherent set of fixes to pass to Linus after the vacation. The "ac" series is intended to only include patches which fit within the feature freeze constraints, so there will be no exciting new features found there. The current patch of this writing is 2.3.18ac5. The current stable kernel release remains 2.2.12. Alan Cox is active in this field as well; he has a 2.2.13 prepatch up to version 8. Alan's stated intent is to try to make a "rock solid" 2.2.13 - something which would certainly be much welcome in the user community. If that works out, then 2.2.14 can get the knfsd patches (discussed last week). Low latency and multimedia applications. Paul Winkler pointed us this week at Benno Senoner's low-latency mini-howto out there on the web. Latency, in this case, is the period of time that an application has to wait to get access to the CPU when it has something to do. Multi-user operating systems have tended to have relatively long latencies, making it hard to run applications that must respond to events within one millisecond (or less). Benno has recently posted some results from his latest tests, which incorporate the work of, primarily, Ingo Molnar. His results: sub-millisecond response times are now possible with Linux, and even the longest latency (500 microseconds) looks like something that should be fixable, once somebody can figure out what is going on. The end result is that Linux is well on the path toward becoming a solid multimedia platform, without the need for real-time hacks and other trickery. Other patches and updates released this week include:
Section Editor: Jon Corbet |
September 16, 1999
For other kernel news, see: |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Distributions page. |
DistributionsPlease note that security updates from the various distributions are covered in the security section. Time for this week's new distribution: Armed Linux has made its existence (and a beta version) known. Their plan seems to be to create "the easiest to use distribution" for first time users. "Armed Linux, a small group of professional developers, has experience in software and web design and support. Currently unfunded, they are open to offers for venture capital." CalderaIt's been a busy week for Caldera, both good and bad. The Caldera's official announcement that OpenLinux 2.3 is shipping came out, along with a press release from Motorola's computing group, announcing that their systems are shipping now with OpenLinux 2.3.InfoWorld ran this story about the release of Caldera OpenLinux 2.3. "The new version allows corporate IT shops to carry out remote mass installations, and has all of its new features tested for the year-2000 changeover." On the downside, Erik Ratcliffe, from Caldera Systems, dropped us a note to point out that their User to User Forums are curently off-line due to a major hardware failure on their mailing list server. They hope to have the system back up and functioning by mid-week. A check on the site prior to publication found no new information.
Complete LinuxReviews 'r' Us has run this look at Macmillan's Linux Operating System 6.0 release (which is built on Linux-Mandrake). "The best Distribution of Linux available yet. If you have ever wondered what Linux would be like, Buy this now. Its cheap, and all you will ever need to buy for a lifetimes Linux use. Incredible value, and the best documentation by far."CorelCorel has issued a call for beta testers for its upcoming (Debian-based) distribution. Here's your chance to get the jump on a slick-looking product.DebianIn followup to last week's BIND 8.2 feature, we are happy to report that Debian and ISC appear to have found an amicable solution. A bind-norsa package will be distributed along with the bind package. Kudos to all parties for handling this issue in a mature manner! The end result benefits us all. For more information on the issue, check out last week's LWN and the comments that followed on Slashdot.Good progress on GNU/HURD has apparently been made over the last week, with over 44 updated packages going in. Meanwhile, that's having an impact on other Debian development discussions. For example, it has been proposed that Debian move to GRUB for the default boot loader. Pros and cons of the issue were discussed, with no final decision. Check the the Debian Weekly News for September 14th for more details. DemoLinuxThe first DemoLinux CD is out. DemoLinux is a project to create an entirely CD-based Linux system that people can try out without the need to do any sort of installation at all.LinuxPPCLinuxPPC 1999 Q3 has just been announced. Lots of new stuff is included, included support for Mac G3 systems.MandrakeReports were floating around that Mandrake 6.1 was already available for download, although it has not been announced. The Mandrake Download page states unequivocally, " WARNING! Linux Mandrake 6.1 (Helios) is not out yet!". A quick check of the ftp sites did confirm that a 6.1 directory has popped up. Presumably, they are busy getting all their ducks in a row before making a formal announcement. At this point, use the software on the download area only at your own risk; if they haven't announced it, they may not yet have finished testing the ftp site after moving over the new software.Red HatRed Hat has sent out an update describing their status and actions as they prepare to be flattened by hurricane Floyd. Currently the web and FTP servers are up, the mailing lists are not. We wish them luck.SlackwareCurrent progress with Slackware can be checked via the Changelogs. The past week doesn't show anything too exciting.SuSEThe Guardian looks at SuSE 6.2. We think they liked it. "My view is that, if you study SuSE Linux, you'll see a revolution in the making that will devastate current hi-tech business models, causing a fundamental shift in the computing world. I found that Linux was the Aladdin's Cave of computing."Yellow DogTerra Soft has announced "Yellow Dog Champion Server 1.1," which is optimized for a set of IBM RS/6000 server systems.Section Editor: Liz Coolbaugh |
September 16, 1999
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
Lists of Distributions |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Development page. |
Development toolsCompaq has announced a public beta test of its C (and Fortran) compilers for Linux Alpha systems. The license is somewhat restrictive (this is not free software), but people who have been in need of better compiler performance on Alpha systems may wish to have a look.
JavaThe JDK 1.2 Known Bugs Page has been updated. Due to their habit of not dating changes to the page, we can't easily report to you what's new on the page, but if you're having problems with the JDK 1.2, you should check the page again.An interview with James Gosling, the "father of the Java programming language", according to the article, contains some interesting comments. On the question of whether Sun will ever make the Java code open source, he says, "It's unlikely that we will go totally open source in the way some people use that phrase. We're pretty close to it. The main issue for us is that one of the real strengths of Java is that it's a very strong cross-platform. We try to make it as free as possible but still enforce interoperability. On the other hand, when the question of Java on Linux came up, he pointed the finger back at the Linux community for the problem. "he inter-operability problems with Linux are just horrible. You have to be excruciatingly careful because all the different flavours of Linux are all slightly different." When these comments were mentioned on the java-linux mailing list, the reaction was mostly puzzlement. To the best of the knowledge available, the problems with the current Java port have nothing to do with differences between Linux distributions. Cees de Groot commented in this posting, "Well, he's right that it is horrible, but not right about the reason. The port is hard because of differences between Solaris and Linux (threads, signals, X11, SMP, stuff like that - it's a horrible mix). The differences between Linux glibc releases are there, 2.0, 2.1 and 2.1.2(?) are binary incompatible, but as far as I can tell these differences are actually due to support for the stuff that the JVM needs getting better." PerlLinuxWorld tells us about what's new in Perl 5.6. "One of the neatest (and, at least at my job, one of the most talked-about) features in Perl 5.6 is the ability to find nested parenthetical-style expressions recursively."PythonHere's this week's Python-URL by David Ascher, full, as usual, of lots of good Python stuff. Note that it seems to be expanding a bit from its normal coverage of the python mailing lists and newsgroups to included pointers to other Python-related news out in the world.Tcl/tkThis week's Tcl-URL! has a pointer to some ideas about what Tcl 9.0 should be.Section Editor: Liz Coolbaugh |
September 16, 1999 |
|
Development projectsIf you are interested in CADD programs under Linux and you're familiar with the CADD platform from Bentley, you might want to take a look at this announcement of support for the Academic version of the Bentley platform, including AccuDraw, SmartLine, MicroStation BASIC, plotting resymbolization, and even MDL, digitizer and OpenGL support. It seems a lot of students have been asking for it. In addition, if they believed there would be sufficient numbers of commercial purchasers interested in the full commercial products, a port of those might be forthcoming as well (Thanks to Lee Guigar). Both the GNOME and KDE weekly reports are on hold for the next week, so expect double reports next time around. In addition, with the hurricane hitting North Carolina, many websites supported by Red Hat were down while this issue was being developed, so news from those projects may be missing or behind. We'll try to get caught up next week. AOLserverYou do remember that AOLserver is now open source? If you're interested in what's out there, now that you can get your hands on it, you might want to take a look at this article, the first in a series of four articles on AOLserver being published by LinuxWorld. This first part covers some of the history of AOLserver and the reasons why you might want to consider using it.GnomeInterested in CORBA? You may want to check out Introduction to CORBA, Part 1, the first of a two-part series of articles from LinuxWorld.High AvailabilityWe received a report back from Alan Robertson on the state of the heartbeat code. It sounds like it may make it into Red Hat 6.1 and a push to make it work smoothly under Debian as well. Also note that development on heartbeat 0.4.3 has been frozen and it may have been released by the time you read this.Maintenance of the Linux-HA FAQ has moved over to Volker Wiegand, as noted in this note from Harald Milz, the former maintainer. Slides from Lars Marowsky-Bree's talk on LVS, given at the Linux Kongress '99, are now available (in MagicPoint format). KDEKDE 1.1.2 has been released, the first KDE release with full Themes support, through the KDE Themes Manager. Kmail and Kfm have also been improved and stabilized and KDE now supports over 35 different languages.The second annual KDE Developers Meeting has been announced for October 7-10 at the University of Erlangen, in Germany. Caldera Systems and SuSE are sponsering the meeting. MidgardThe Midgard Weekly Summary for September 14th has rolled off the line, reporting on the Midgard web application development platform. Midgard 1.2.2has also been released and the Bugzilla bug tracking system has been brought in to handle bug reports.Mozilla/NetscapeReady to take on programming for the new Mozilla but you're not sure where to start? Check out the Codestock two day developer seminar, scheduled for September 21st and 22nd. It promises to cover:
MozillaZine has a report up from the Jazilla project, which, you may remember, is building a Java-based version of Mozilla. Matthew Schmidt reports, "In the last few months, Jazilla has gained speed has the programmers that were involved have regained interest in light of recent motivation and some new interest in the project. Work has begun on an open source pure Java renderer, but the project needs help. Anyone with experience on the Swing Text package or the Swing HTML package is definitely wanted, although we will take anyone who wants to help." WineThe latest Wine Weekly News looks better than ever. New formatting has given the page a cleaner look and made it easier to navigate.Since the latest snapshot still dates back to August 15th, the news this week focuses on development, including a port to BeOS, integrating the OpenGL libraries with Wine, and thread safety. One piece of good news: Ove Kaven received $600 in funding from CoSource and with it, has started development on the 32bit Winsock, very good news since the current Winsock "is still from the Win16 days". ZopeThe new Zope.org community portal is now on-line at http://www.zope.org. The new site is running Zope 2 and making "heavy use" of the Portal Toolkit, the Catalog and ZClasses. With it, you can become a member and create your own Zope objects to help personalize the site.A Zope Birds of a Feather session is being planned for the Atlanta Linux Showcase next month. Check out this week's Zope Weekly News for other Zope tidbits. Section Editor: Liz Coolbaugh |
Project Links Gnome High Availability ht://Dig KDE MagicPoint Midgard Mozilla PHP Wine Zope More Information Freshmeat LinuxDev |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Commerce page. |
Linux and business3Com releases a driver. For the first time, 3Com has actually provided its own Linux driver for one of its networking cards. This announcement describes the driver, which works on some of their newer cards (3C905B, 3C905C, 3C980B, 3C980C, 3C900B), and which has been released under the GPL. 3Com heavily credits Donald Becker for helping with this driver, and for having created so many network drivers that preceeded it. It thus appears that 3Com has understood an important point: if their hardware works well with Linux, then Linux users will buy their hardware. The value of their software is in its ability to bring about hardware sales; thus it makes complete commercial sense for them to release it under a license like the GPL. (Using the GPL in particular, of course, will enable the driver's inclusion into the mainline kernel). Cobalt Networks files for IPO. VA Linux Systems was supposed to be the second Linux IPO, but Cobalt quietly slipped in and announced its own while nobody was looking. They hope to pick up $86 million - about the same amount Red Hat went for. Unlike Red Hat, however, Cobalt has lost quite a bit of money - $22 million thus far. Getting started in the hardware business is hard. Gluttons for punishment can read through Cobalt's S-1 filing describing the IPO. Some items of interest found therein:
Another Linux print magazine is coming: Maximum Linux has announced its existence and its plans to start with a 100,000 copy run. They will also be bundling a CD with Linux-Mandrake 6.0. Version 6.0 is already obsolete, of course, but that is the print business. One wonders how many print magazines the Linux community can support. The Linux Journal and Linux Magazine are already out there and established. The major trade publishers have yet to get into the act, but they can be expected to as soon as they see enough money there. Some sort of shakeout in the Linux magazine business seems almost inevitable sooner or later. Press Releases:
Section Editor: Jon Corbet. |
September 16, 1999
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Linux in the news page. |
Linux in the newsRecommended Reading: Upside Magazine interviews Bruce Perens. "With the Internet, we're as powerful as political lobbies used to be. We have the power of the press. We don't need the New York Times to print something to get people to hear about it. Let's build on it. I'm just trying to turn that power onto things that hackers don't traditionally like." Thresh's Firingsquad, a gaming site, ran this introductory article which is long and quite positive. "The three biggest draws to Linux are it's stability, versatility, and raw performance. When compared to the OS's most people are used to, Linux is an extraordinary stable system." (Thanks to John Thacker). The Red Herring looks at Red Hat's stock price. "Red Hat's success means that Linux could now be safe for corporate America, and Linux products will no longer be whispered about in wired closets but openly discussed in corporate boardrooms." See also: this Washington Post article about V-One's stock. "It used to be that the word 'Internet' was what it took to blast a stock into outer space, but this week it was 'Linux' that sent shares of V-One Corp. rocketing like the World War II buzz bomb of that name." Hmm...it must be about time for another one of those "free software as communism" articles. This one is in Salon Magazine. "But Barbrook's analysis does jibe well with fears expressed by some software programmers concerning the possibility that free software could prove to be an economic disaster for the software industry. As these programmers see it, the GNU General Public License that ensures that source code to GPL-protected programs will always remain free is a real-live communist virus designed to wipe out profitability in the software biz." Cobalt, Unify and Other Stocks: Here's a News.com article about Cobalt's IPO filing. "Cobalt's IPO filing puts the company a step ahead of VA Linux, another manufacturer of Linux computers. VA's chief executive, Larry Augustin, predicted in August that his company would be the second Linux IPO after software seller Red Hat." (Thanks to Cesar A. K. Grossmann). Inter@ctive Week ran this article about Cobalt's IPO filing. "Besides counting on Linux's popularity surge, Cobalt is trusting the validity of Dataquest's predictions that the server market will grow from 1999's 2.2 billion to $15.8 billion by 2003." CBS Marketwatch looks at Unify's stock price. "The Linux party was in full swing when Unify decided to arrive fashionably late. Shares of Unify (UNFY: news, msgs) soared 21 percent when news of an extended relationship with Red Hat hit the tape." E-Commerce Times looks at Unify's latest announcements and partnership with Red Hat. "The move, which builds upon a strategic developer partnership established in May, will allow users of Unify's eWave Engine and Unify WebNow! to tap into the power of open-source through Red Hat Linux 6.0 package. The two companies, according to their original agreement, will also be developing co-marketing initiatives." The Rocky Mountain News looks at eSoft's stock price. "ESoft Chief Executive Jeff Finn said investors are probably eyeing his company as an inexpensive Linux play. 'Brokers and investors have started looking for alternatives in the marketplace since stocks like Red Hat have become so expensive,' Finn said." Reviews: TechWeb looks at Compaq's new thin client systems. "The desktop system will be available in the fourth quarter, with two models, one running Windows CE and another running Linux. The Linux system will be designed for users who require a browser resident on the thin client itself, rather than the Windows NT server.... The Linux model will also be designed for users who desire a product without the taint of Microsoft." (Thanks to Martin Eskildsen). Computer Reseller News looks forward to the 2.4 kernel. "These developments, made possible by kernel improvements, likely will help dispel the notion that Linux is not ready for corporate prime time, advocates hope." Sm@rt Reseller looks at operating systems for the Merced processor and concludes that nothing will be ready for a while. "Once Intel lifts its Merced nondisclosure agreements, Trillian plans to put the entire IA-64 Linux source tree on the Web. Then the group will approach Linux founder Linus Torvalds about including its work in the next Linux build." Here is a lengthy review of VA Linux Systems' VARServer S3500e system in Performance Computing. "VA's technical support proved to be excellent. We really tested out VA's support-because of a glitch, the company shipped a misconfigured system. The S3500e systems come with Linux preinstalled, though, so most users won't have to deal with any of this." Linux and the US Federal Government: Here is (until it moves) the Federal Times story about how the U.S. government is going to look into ways to better use free software and diversify away from Microsoft products. "Linux, an open-source operating system similar in functionality to Microsoft Windows, is being given serious consideration as an alternative for government computer users, the official said. Access to the Linux source code 'gives us some confidence,' the White House official said, adding that it simplifies patching security breeches and correcting routine errors." Linux grabbing more federal biz says Federal Computer Week. "In one of the first public pronouncements by a government official of the advantages of Linux, Przemek Klosowski, a scientist at the National Institute of Standards and Technology, said the history of Linux - a 1960s-vintage operating system - shows that it has made a 'sneaky entry' into the government." Sneaky indeed, if it has been there since the 1960's... See also this OS Opinion editorial on the subject. "Uncle Sam dropped a bombshell this weekend on the Internet. An article from the Federal News web site publicly told Microsoft that its software was expensive, its OS was buggy and both were as secure as a porcelain piggy bank with a cork in its belly." The Linux Revolution: Money's to be made in the Linux revolution says the Globe and Mail. "Now, many people are eager to discount the potential of Linux to create wealth because it is obtainable for free and isn't owned by a person or company. I beg to differ: The massive global adoption of Linux under way throughout many sectors of the high-technology community means there's plenty of money to be made, even as its fundamentally free philosophy remains intact." (Thanks to Peter Koster). Here's a Computer Reseller News article about Gateway's entry into the Linux systems market. "[Gateway manager] Berger left open the possibility Gateway would offer other vendors' Linux operating systems in the future. 'At this stage, we're concentrating on Red Hat,' he said. 'That brand, that company, has a leading market share, and market momentum. But if that changes, we could work with someone else in the future.'" Also in Computer Reseller News: this look at SGI's future. "One move illustrative of the new Silicon Graphics is its contract to provide a 128-node Linux cluster for the Ohio Supercomputer Center, Columbus, Ohio. The system will be preloaded with SGI Linux Environment with Red Hat Linux 6.0 on an SGI 1400L server." From PC Week: Linux enters adolescence. "The outlaw operating system that was developed by geeks with too much free time on their hands is perched on the edge of the invisible dividing line between its early-adopter childhood and late early-adopter adolescence. Corporate IT managers no longer risk their jobs by admitting publicly that they are testing Linux--maybe even deploying it in some back-room application." ComputerWorld ran this article about the pros and cons of open source software in business. "Hazier future: Software developed by a consensus of part-time programmers is unlikely to ever have the razor-sharp focus on the future that you'll get from a company like Microsoft Corp. Open-source software tends to follow trends: As developers find a use for something, they add the code. Commercial software can help define trends by creating uses and anticipating problems before customers even know they exist." Red Hat: Red Hat's Japan office wants to make $9 million in sales its first year, according to this AsiaBizTech article. Given that the U.S. office sold just a little more than that last year, they are being ambitious. "However, at a press conference, there was no concrete explanation about the business plan, nor were questions regarding the amount of capitalization and other aspects of business management answered." PC Week interviews Red Hat's Bob Young. "This term "Linux community" and the implication to outsiders that the community is cohesive -- it has never been cohesive. It is, far and away, the most argumentative, acerbic group I have ever had the misfortune to be a part of. But don't get me wrong. That has been good for the technology. It's a community that values the truth and values engineering excellence over marketing and compromise." Finally: 21st Century Penguin (aka LinuxPower) presents Making Movies with Linux, Part 5, which deals with adding sound to video clips. Time speculates on what Transmeta is doing. But they don't know any more than the rest of us. "Like many start-ups, Transmeta has no announced products. But unlike those other IPO-seeking missiles, it has never issued a press release. Nor does it have a p.r. department. No one even knows how many people work there. Or what they're working on." Michael Dell says that NT will prevail over Linux, according to this article on IDG.net. "'I don't think it will happen,' responded Dell, when asked when he thought the much-talked-about Linux operating system will ship in more Dell servers than Microsoft's NT." (Found in NNL). Nicholas Petreley gives a possible future for the proprietary software business as a mafia-style protection racket in this InfoWorld column. "The best way to illustrate how this works is through a sample sales pitch. Imagine being paid a visit by a rather large fellow (about the size of a minivan) in a dark suit with a white tie. He opens the conversation with, 'The Don gives youse guys his sincerest regards and wants to know how his software is working for your business.'" PC World ran one of those "live a week without Windows" experiments. "For a week, I created and edited files using StarDivision's free StarOffice 5.1 suite (with word processor, spreadsheet, and more), browsed the Web and sent mail with Netscape Communicator, and even played Quake II. But I couldn't quite cut the umbilical cord to Redmond." Here's a free version of the Wall Street Journal article about FreeBSD. "BSD buffs like to think of themselves as a slightly more grown-up version of the 'open source' movement, which distributes underlying programming instructions so users can study and modify software. Although Torvalds has full control of Linux, for example, FreeBSD is overseen by a 15-person group called the 'Core.' What's more, the various BSDs say that their software, by virtue of its head start on Linux, is more mature and stable." (Thanks to Paul Dickson). The Washington Post has this article about the Microsoft trial. The Linux Defense is back... "A Microsoft attorney said the company will point to the remarkable financial success of Red Hat Inc., a leading vendor of the upstart Linux software operating system. Red Hat stock has soared from $14 on its first day trading last month to close Thursday at $123.25." (Thanks to Dan York). Why I hate Linux is the title of the latest troll in osOpinion. "I took a big step back, and realized that if all code was free, no programmers would eat, or at least very few of them would. Of course, thinking thoughts like that is unacceptable, and may be cause to put on your asbestos suit because if you challenge the Gnu Public License, the flames are going to get you."
Section Editor: Rebecca Sobol |
September 16, 1999 |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Announcements page. |
AnnouncementsResourcesPerfect beast perfected. Paul Everitt of Digital Creations has put an updated version of his talk Funding The Perfect Beast: Open Source, Business Models, and Venture Capitalism on the web. (Note that there is a table of contents on the left side, use that for navigation when in doubt). This talk will next be given at the Atlanta Linux Showcase; it is much worth seeing.The Cash and the Calling is a paper by Brian Marshall which looks at the development of commercial artificial intelligence applications. He concludes that a hybrid approach - where parts of the system are developed in an open-source mode - could work well in this realm. "Programmers with a calling and/or a desire to make a name for themselves will do original research, write new open-source software and start open-source projects. Much unconventional thought will be brought to bear on various problems in artificial intelligence.... the effect of the open-source movement on the state of the art of AI may be the next great thing that happens in the world of computers." EventsDanish Demo Day pictures. 150 pictures from SSLUG's Linux Demo Day in Denmark have been posted by Hans Schou. "We had a great party with a lot of demo's, gifts and of course FreeBeer(tm). Free software, free entrance and free beer."Linux Demo Day in Toulouse, France will happen on September 18. Details in the announcement, which is in French. An installfest at will be held in Sergipe, Brazil on October 3. See the Linux-SE web pages for details. Web sitesTuxFinder.com announced a new logo and a new look for their web presence.User Group NewsThe Hellenic Linux Users Group, Hellug, will be one of the exhibitors in the Infosystem 99 expo, in Thessaloniki, Greece, from Thursday 7 to Monday 10 October 1999.
Linux Install Fest at Sergipe-Brazil |
September 16, 1999
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software Announcements
|
Our software announcements are provided courtesy of FreshMeat
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Back page page. |
Linux links of the weekThe CLUE Linux Centre is an actual bricks-and-mortar place, but it's worth an electronic look as well. Based in Toronto, their purpose is to become a permanent research and demonstration center for Linux - the first in the world, they claim. They have also undertaken the "Learnux" project - taking old castoff computers, installing Linux, and donating them to schools and students. The Linux Bulletin Board is set up to host Linux-related discussions on a number of topics. The number of messages thus far is low...let's see of LWN readers can stir things up a bit for them... Section Editor: Jon Corbet |
September 16, 1999 |
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
To: letters@lwn.net, gnu@toad.com Subject: Debian FSG vs. DNS Security license for BIND Date: Thu, 09 Sep 1999 23:22:22 -0700 From: John Gilmore <gnu@toad.com> As the person who negotiated the DNSSEC license that permits BIND to use patented RSA technology, let me clarify the intent involved. Debian is free to put in as much effort as it wants in eliminating this 'DNSsafe' code, but I believe it won't exist in BIND after the patent expires in October 2000 anyway. I therefore suggest living with it for a year as the easiest and most beneficial course. The reason the BIND authors licensed the code, and the reason RSA licensed them to use it, was for the mutually beneficial purpose of jump-starting a public key infrastructure centered on the Domain Name System. Debian should not undermine this goal if it can see a way to support it. The DNSsafe code is copyrighted by RSA and requires custom licensing, unlike the rest of BIND. If the BIND authors continued to use the RSA code in BIND even after the patent expired, it would make BIND distribution and maintenance more cumbersome. They are far more likely to replace it with code that is unencumbered. Debian contributors could perhaps best use their time by writing a free, compatible, and extremely fast replacement for this code. This would provide ISC with a ready-made free alternative as soon as they are released from having to license the patent. Given the US Commerce Department's erratic interpretation of the export regulations, I recommend having a non-US contributor write it, even though the regulations make it clear that authentication code is not covered by US export controls. (An earlier prototype of BIND that used RSAREF for authentication was denied access to the authentication exemption; this denial was administratively appealed by Hugh Daniel, the applicant, and is awaiting a determination from the US Bureau of Export Administration.) As a firm believer in free software I don't want Debian to undermine their stand for freedom. The question at hand is what's the best response when the unfree code is temporary. John | ||
From: "David Jao" <djao@sc-24018.fas.harvard.edu> Date: Thu, 9 Sep 1999 03:44:40 -0400 (EDT) Subject: Caldera and GPL To: hoserhead@bigfoot.com > Caldera says "Ok, if you want to get your hands on this CD you've > got to sign this piece of paper which says that you have decided to > not exercise your rights under the GPL Section 6 of the GPL (attached below) states very clearly that under no circumstance may Caldera impose _any_ further restrictions on the end-users rights under the GPL, even if the end user has signed a document permitting Caldera to do so. The end user has no legal authority to give up their end-user rights. Those rights are mandated by the original licensor (i.e., the software author), and only the original licensor of the software can give permission for Caldera to restrict those rights. > 6. Each time you redistribute the Program (or any work based on > the Program), the recipient automatically receives a license from > the original licensor to copy, distribute or modify the Program > subject to these terms and conditions. You may not impose any > further restrictions on the recipients' exercise of the rights > granted herein. You are not responsible for enforcing compliance by > third parties to this License. The end user can certainly agree not to sue for their rights, but the original licensor is under no such restrictions. No matter what the end user has signed, the original licensor of the software could sue Caldera, and would have a pretty strong legal case. -David | ||
Date: Thu, 09 Sep 1999 13:51:45 -0600 From: Bruce Ide <nride@us.ibm.com> To: letters@lwn.net Subject: Security and Kernel Modules Please note that at the time the kernel module is installed, the intruder already has root access to your system. I think a bigger issue is the simplicity of obtaining root access once you've compromised a user account. In my humble opinion, distribution maintainers are far too free with those setuid bits. Packages requiring setuid access to the system should undergo thorough and documented third party source code auditing, as should the C library itself and any other components that the setuid package relies upon directly. Closing the buffer overflow hole would be a huge step in the right direction too, perhaps through the implementation of something like the Linux-Privs project. No one takes security seriously enough and I believe that a major disaster is going to be the result of this lazyness. I'm not talking about just Linux either. Will it take a bank losing several billion dollars or some group shutting down a huge portion of the nation's electrical grid before we start taking security seriously? Will we take security seriously even if that happens? It's only a matter of time before something like this happens, and I only hope there won't be a huge loss of lives in the process. As far as kernel modules go, perhaps some mechanism could be put in place to allow cryptographic signing of the modules and the execution of only signed modules. Of course, this would be pretty difficult to implement given the US Government's asinine stance on crypto but I'm sure our friends in free countries like Finnland or Russia could come up with a set of patches that could be downloaded and applied to a kernel. -- ---------------- Bruce Ide nride@us.ibm.com | ||
To: "LWN letters" <letters@lwn.net> Date: Thu, 09 Sep 1999 10:15:33 -0700 From: " " <lkollar@my-Deja.com> Cc: Subject: Kernel feature thrashing > The natives on linux-kernel are starting to get > restless. These patches are considered necessary > by many just to get a working system. Why do they > not find their way into the mainstream kernel? That's a valid question, but IMHO another question that should be asked is "are people upgrading because they have to, or because a new version is out?" One of the reasons people use Linux and other open-source software is to step off that "upgrade treadmill." Why apply that commercial-software thinking here? If the kernel you're using does the job you need, maybe you should consider keeping it until you have a good reason to upgrade -- especially if you have to hand-patch in features you consider essential. Old habits die hard, I guess. I guess the anti-Linux camp will have a field day with this issue. I can see the quotes now: "Linux is having growing pains" or "Linux is collapsing under its success" or "Linux failures underscore need for commercial support." Yuuuuuck-o. All this <b>really</b> means is that Linux users should examine their needs and determine whether a new kernel release meets those needs before upgrading. (If you want to be a guinea pig to help the cause, that's a different story.) After all, it's not like you won't be able to find working software just because you don't have version 2.2.10 or greater. In fact, you could use kernel 2.0.37 and not be left behind, except for a few specialized admin tools. This <b>is</b> Linux we're talking about, not Windows. Larry "Dirt Road" Kollar | ||
Date: Thu, 09 Sep 1999 10:13:04 +0200 From: Michael Thayer <michael.thayer@student.uni-tuebingen.de> To: letters@lwn.net Subject: New code in stable kernels I can see that people are reluctant for major changes to be made in stable kernels. However the RAID and NFS problems might be solved by creating a new stable line (something like 2.2b) when 2.2 has settled down - a sort of "half major" release like Debian is planning. Yours, Michael Thayer | ||
To: letters@lwn.net Subject: User space utilities that depend on kernel version Date: Thu, 09 Sep 1999 14:12:30 +0100 From: Andrew Stitcher <astitcher@orchestream.com> It has seemed to me for as long as I have been using Linux (since 0.99 and SLS days) that there is a problem in the way that utilities that are intimately bound up with the kernel are distributed. There are quite a number of user space utilities that depend on a particular version of the Linux kernel to function and vice-versa for some things the kernel depends on the correct user space program - for instance update, insmod, ps, procinfo. mount and similar things. As the kernel and these utilities can't really be separated it makes sense (to me at least) that they should all be distributed together and maintained in the same source tree, that is the kernel source tree. If this were done the days of getting a kernel patch to fix NFS or RAID say and then needing to go search the web for the correct versions of the user space tools would be over. What do other people think? Andrew | ||
Date: Sat, 11 Sep 1999 21:41:00 -0500 (CDT) From: <surazal@is.toofarnorth.com> To: letters@lwn.net Subject: Thoughts on sort-of-open-source Star Office (long) I've been brewing over this Star Office deal for a while and have come up with some thoughts on the matter... I've always had sort of an ambivalent attitude towards Sun the corporation. While they do produce some really good software (about an order of magnitude better than MS's usual crud), and have played an extremely important role in the Unix world, their political plays in the free software world leaves me wondering. Sun seems to want to have their cake and eat it too. On the one hand Sun played a key role in helping to legitimatize Linux in a number of ways. They were one of the early players to join up with Linux International. They sponsor an excellent service at http://www.sunfreeware.com by providing packages for the GNU tools so that us poor saps who have to administer Sun boxen don't have to recompile the tarballs all the time. All this and many other "small favors" do add up in the long run. But on the other hand we got this SCSL thing: all the disadvantages of commercial software combined with none of the advantages of free software. Why? Let me elaborate a bit: Back in the dawn of the century, there was a popular type of music called Ragtime that was all the rage with younger folks (and was condemned as Satan's music by some older folks :^). If you actually took a close look at Ragtime music, you noticed two immediately apparent things. One, the inherent structure of the music was hideously complex. Two, all ragtime tunes were hideously complex in a rather identical manner. In other words if you wanted to write a ragtime song, you had to follow some rules that were set down in stone. Ragtime did not entirely allow for a lot of flexibility. Needless to say, ragtime didn't last for very long. For one, all the songs sounded the same (go figure :^), and so it got a little old with the listeners. For another, song writers had mostly migrated to a new type of music that was gaining ground: Jazz. Jazz was nice in that you could pretty do what you wanted to do. Granted, there were some basic rules you had to follow, but the flexibility of Jazz allowed it to survive for nearly a century (and it's still going strong). Similarly, Rock music has the same sort of flexibility (more or less), and thus it too has lasted decades longer than ragtime could ever hope to. Which brings me back to the SCSL. Now the SCSL is Sun's answer to free software. They say "We give you the source, but we control everything you do, and you have to play by our rules." Well, having rules is fine. But the restrictiveness of the license puts Sun's license in the same position that Ragtime had when Jazz started to become really popular. The GNU license provides flexibility in that if, say, Red Hat ever decides for whatever reason to drop GNOME, a group of developers can pick it up and continue using it and working on it. Not so with Star Office. I am at Sun's mercy, which is no better than being at MS's or AOL's mercy. Heck I got into Linux because I was no longer shackled by what some faceless corporation thought was best for me. That's why I feel that Star Office, though it may end up being somewhat successful, won't take the steam out of any free software office suite. There's more flexibility and freedom over there. :^) Just like how I might be able to listen to a Ragtime song or two every now and then, I'll pick one of the many flavors of Jazz that have come down the pipe over the decades to listen to any day. - Dave Finton | ||