Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page
Other stuff:
Recent features: Here is the permanent site for this page.
|
Leading items and editorialsThe source code to Solaris will be released under the Sun Community Source License (SCSL). Solaris, of course, is Sun's proprietary Unix operating system; it may well be the strongest of the proprietary systems out there currently. This announcement is interesting from a few different viewpoints. What is really happening? Details at this stage are scarce, but a few things have come out. The code to Solaris will be released, but nobody has said just when. It appears that it may come out in a number of different pieces over a fairly long period of time. It is possible that some portions of the system may never be released, due to third-party licensing constraints or other reasons. Since Solaris will be released under the SCSL, it can not be regarded as free software. The SCSL divides users into three different classes, and requires licensing fees for any sort of commercial use. It is not generally possible to pull pieces out of SCSL code to incorporate into other systems. What is Sun trying to do? Clearly they are after some of the benefits of open source software, in that they would like external people to improve their operating system for them. They also probably want to keep current Solaris users from defecting to Linux. And, in fact, there are certainly Solaris shops out there that will benefit from the availability of the source. Is this release good or bad for Linux? For the most part, it probably does not matter a whole lot. Solaris has not become an open source operating system, it does not have a Linux-like developer community, and is not likely to be a stronger competitor to Linux as a result of this release. The open source operating system landscape has not changed significantly. Linux hackers may even benefit from seeing how things have been done in Solaris. It is, after all, a large example of the construction of a high quality Unix system. However... Solaris source code presents a trap to unwary Linux hackers. Without care, licensing problems could rapidly turn into a legal nightmare for Linux developers and businesses. Please see our separate article, The Solaris Trap, for a discussion of how things could go wrong. It must be Halloween again. Microsoft put up a page intending to address what it sees as "Linux myths". It is strongly written, and goes straight for the jugular. Anybody who wondered if Microsoft was taking Linux seriously need only glance at this document. It is worth noting that it differs from some previous attempts by that company to attack Linux. This one is (relatively) well researched and well written. It is the product of a great deal of effort. For a critical look at this document, please see our response. We had to conclude that it is not a fundamentally dishonest effort; it also will apply very poorly to the Linux of tomorrow. In the end, Linux is moving very quickly, and will overtake Microsoft's criticisms in short order. And, of course, Microsoft passed over one of the most important points: freedom. They have no answer to the advantages that free software brings, so they simply do not bring up the issue. There is a crying need for the Linux community to produce a similar document. It too must be well researched and well written, and it should make the Linux (and free software) case in a factual manner. The Linux case is strong, but, unless it is presented in a similar form, it will not be seen by many people trying to decide which system to use. The time has come for Linux to develop its own slick marketing materials. (See also: responses by Martin Brooks, Martin Hebrank, Jamin Philip Gray, David Mentré, and Mandrake). LinuxWorld Conference and Expo for Japan was held last week. Matthew Cunningham, from Linuxcare, was kind enough to forward to us his conference report. Linux is going to be big in Japan ... but also very different! Next week, Atlanta! The Atlanta Linux Showcase will be held next week, in Atlanta, Georgia. The Linux Weekly News will be there, with a few firsts for us! We'll be there with our first booth (still have openings for a few volunteers ...) and our first official show page. Keep your eye out for the LWN/ALS Show Page, created in cooperation with the Atlanta Linux Showcase, which will feature information about the show, news updates and reports from the floor. It will be a busy week, but we're very much looking forward to it. Keep your eye out for Liz Coolbaugh and Dennis Tenney, both members of the LWN team who will be present at the show. Liz will also be giving a talk on Thursday, October 14th at 11am on Linux Distributions, to which you all are invited, of course. Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
October 7, 1999
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Security page. |
SecurityNews and editorialsA truly free ssh? This week's Debian Weekly News contained a link to this posting by James Troup. It seems that ssh 1.2.12 was published under a license that was still compatible with the Debian Free Software Guidelines (DFSG). OpenBSD has picked up that version of ssh and is working on "ripping out the patented algrothims (IDEA, etc.)" and, of course, they will have to fix the security problems in this older version. It is far enough along that OpenBSD has added it to their base system. This is excellent news! If anyone has more direct experience or knowledge with what OpenBSD is doing here, we'd love to hear about it.What does "Secure" mean? A couple of new products showed up this month, both making claims to that word. The first, titled Secure DSL, made this editor wonder if perhaps an encrypted DSL line service was being offered. Closer perusal of the product description shows that it is simply the addition of firewalling capabilities: "The system works by securing each DSL line with network-based, packet firewalls, so precluding outside attacks." Now, firewalls are a good and necessary thing, but all the evidence of the past year clearly proves that they do not guarantee a "secure" line. With a starting price of $30,000 (aimed at ISPs), it is not a low-end solution, either. The second product that caught our eye was the BRICKhouse from SAGE, a Linux-based web server appliance that they claim provides a "bullet-proof" web-site solution. This one was more interesting to examine. "BRICKHouse is a highly scalable Linux-based Web server that raises the standard on Internet security by incorporating an innovative approach to security called Process-Based Security (PBS)." By limiting access to files on a per-process, rather than per-user, basis, they believe they can prevent both malicious damage to the site and potential down-time. It is an interesting approach and deserves closer investigation. Do watch out for the marketing, though! One person's "secure" is another person's "insecure". Stick with the rule that "security is a process, not a state". That said, if either product enhances your current security or addresses your needs, it will be worth a look (with a particular bias towards the Linux-based BRICKhouse :-). In the on-going cryptography battles, the US Federal government has achieved one of their short-term goals, winning a new hearing on the issue of whether or not they have the right to regulate encryption, this time in front of an eleven-member panel of judges. "The existing regulations 'allow the government to restrain speech indefinitely, with no clear criteria for review,' said Judge Betty Fletcher in the 2-1 ruling. That, she wrote, prevents professors such as Bernstein from engaging in valuable scientific expression." Here's hoping that their new hearing only re-affirms the status of cryptography as a form of free speech. ZDNet Labs admitted it was their choice not to apply security patches to the Red Hat system used in the recent PC Week challenge. LinuxToday waxed eloquent on that choice, which has called the integrity of ZDNet Labs into question, since they did choose to apply the latest service packs to the NT box. Security Reportskvt: A buffer overflow in kvt was reported to BugTraq this week. However, it seems the KDE Team was already aware of the problem, since the most recent version of KDE now ships without kvt. No patched version of kvt seems to currently exist and most people seem to be using other alternatives, such as xterm. Note, though, that if you want to keep kvt around for some reason, you'll need to save it off before applying the latest KDE updates. Otherwise, it will disappear during the upgrade process.mirror: The mirror package contains a perl script which is used to duplicate directory hierarchies across machines and is popular for maintaining "mirror" sites. A vulnerability in this package can allow a remote site operator to create or overwrite files on the local machine. Vendor fixes for this problem are starting to come in. Check below in the updates section for details. mutt: A buffer overflow has been found which can allow someone to send an email message containing commands that are then executed as the user. An immediate upgrade to mutt 1.0pre3 is recommended. Several vendor updates have already come out; check below. UpdatesAll the following are security-related updates.mirror updates: mutt updates: netscape updates: sccw:SuSE has released yet another new update to sccw, which fixes a vulnerability in this (setuid root) utility. Upgrades are recommended. Note that this is a different sccw update than the one that came out last week - more problems have come up since then. ResourcesEthereal 0.7.5 was released on September 24th. Although clearly still pre-release, ethereal has started garnering mentions on newsgroups, where people apparently have found its protocol analysis capabilities very useful.Section Editor: Liz Coolbaugh |
October 7, 1999
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Kernel page. |
Kernel developmentLinus still has not resurfaced on linux-kernel, though there are now some signs of his continued existence. In particular, 2.3.19 was released this week, thus far without any sort of announcement. There is still no sign of the much-awaited 2.2.13 stable kernel as of this writing, though a release should be happening before too long. Meanwhile, Alan Cox's 2.2.13 pre-patch is up to 2.2.13pre15. The "final" version of "The Wonderful World of Linux 2.4" has been released by Joe Pranevich. This documentdescribes the new features to be found in the upcoming stable kernel release. Access control lists (ACLs) for Linux are one of the missing security features that Microsoft criticized in its "Linux Myths" document. ACLs allow for more control over file access by allowing the granting (or removal) of permissions to individual users and groups. In even slightly complicated situations, this kind of control over file access becomes important; that is why many operating systems have had ACLs for decades. A number of ACL projects for Linux exist. Perhaps one of the most advanced is the Posix ACLs for Linux project, led by Andreas Grünbacher. This group has set out to implement ACLs conforming to the draft Posix standard. Their goals include the creation of an easy and well-defined framework so that ACLs can be added to any filesystem, the ability to support existing ACL structures in other filesystems (NTFS, AFS, etc.), and, of course, a stable ext2 implementation. The Posix ACLs project has produced working code, but they have run up against a snag. Deep filesystem code like this requires a great deal of testing before one can even consider submitting it for inclusion into the mainline kernel. There just have not been enough people testing out the ACL code. Until people run it and find the problems, the confidence just is not there to press forward. If you would like to help out with Linux kernel development, but have not been able to dig into the code, here is your chance. Grab the ACL patch, run it, and send your experiences back to the development team. With some help, this project can move forward and close up one of the big holes in the Linux security model. USB device names and numbers are under discussion again. The Universal Serial Bus presents certain naming problems which stretch the Linux notion of devices toward the breaking point. Allocation of device numbers is one of the problems that comes up. A typical /dev contains a lot of "devices" which do not actually exist on the system. The device major and minor numbers (and, incidentally, the names in /dev) have all been preallocated and are there waiting for the device to show up. USB's flexible way of dealing with devices makes this static allocation hard to maintain. A USB port can contain up to 127 devices, and many systems already have more than one such port. Consider, for example, an ISP that would like to populate a system with dozens of USB modems. That actually looks like a reasonable and cost-effective way to set up a modem bank. But how can Linux allocate enough device numbers to accommodate that application while still allowing for all the other possible USB device configurations? Clearly device management on the USB has to be a more dynamic thing. So, of course, some people immediately proposed devfs as the solution to this problem. The conversation then wandered into the usual devfs debate; we have been there before. Whether or not devfs is involved, some sort of solution to dynamic devices needs to be found. The final solution is likely to involve some sort of hook into the kernel whereby a user-space daemon process is notified when a device is added to (or removed from) the USB. That process can then tweak things in /dev to its heart's content, taking into account any local policy (i.e. device permissions) that may be applied. Another network security vulnerability was found this week by Andrey Savochkin. This one happens at the Internet Protocol (IP) level, and takes advantage of the fact that the generation of IP packet identifier numbers is done in a predictable way. Normally the ident field is used to properly reassemble fragmented packets, but a suitably sneaky adversary can use this vulnerability to slide in spoofed packets from another source. There is still some discussion over the proper fix for this problem. Currently no exploits are known to exist. Other patches and updates released this week include:
Section Editor: Jon Corbet |
October 7, 1999
For other kernel news, see: |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Distributions page. |
DistributionsPlease note that security updates from the various distributions are covered in the security section. Expert Linux 1.0 was announced this week. This is a product, not a distribution, a version of Linux built on a CD to run directly from the CD. You can pop on over to Amazon.com for more information or to order it. Expert Linux is based on DemoLinuxand all bug reports, suggestions or contributions will be fed back to the DemoLinux project. Conectiva LinuxLinux In Brazil interviews (in Portuguese) the staff of Conectiva Linux. English text is available via Babelfish.Definite LinuxDefinite Linux 7.0, a "100% Red Hat compatible" distribution produced in the UK, has been released. Among other things, this distribution includes StarOffice and, as usual, all the cryptographic goodies that can't currently be shipped with Red Hat, due to U.S. export laws.Debian GNU/LinuxTwo crippling bugs were introduced into the development version of Debian this week and quickly fixed. Some weeks are like that! For more information, check this week's Debian Weekly News.Also reported this week was a new Debian SGML/XML HOWTO. The debian-hurd Kernel Cousin for October 6th is available, with lots of nice detail on the development project for those of you who have been wondering how this project was going. Linux-MandrakeThe power pack edition of Linux-Mandrake 6.1 is now available. This version includes an applications CD, along with two CD's of commercial and demo applications.Red Hat LinuxRed Hat 6.1 hit the Red Hat FTP site and mirrors this week. Happy downloading! We hear the official version won't start shipping until October 18th. Presumably a few copies will be roaming the Atlanta Linux Showcase floor next week, though.From the LinuxViews mailing list, we found an excellent report on Red Hat 6.1. Some minor problems are mentioned, but overall the reaction seems pretty favorable. Here is a round-up of the official press coverage: First, the official announcement for Red Hat 6.1. News.com reports on the Red Hat 6.1 release without going much beyond the press release. "Red Hat Linux 6.1 also provides customers with fast access to the latest software technology from Red Hat through the Red Hat Update Agent, an online customer service application for retrieval and management of software updates." Internet.com reports on Red Hat 6.1. "Coming on the heels of Sun's recent decision to open-source its Solaris operating system, this latest version includes automatic software update notification, improved management and installation tools, and the Linux 2.2.12 kernel." InfoWorld looks at Red Hat 6.1. "Responding to criticism from the Linux community at large about the difficulty many have in getting timely updates to the operating system, Red Hat is introducing the Red Hat Update Agent. The new software combines RPM package management technology with the inherent Internet capabilities of Linux so users can get continuous access to customized updates available across the Linux development community, officials said." ZDNet looks at Red Hat 6.1. "But what will prove more interesting, if it works as advertised, is Red Hat's inclusion of Intel Preboot Execution Environment (PXE) 2.0 technology. PXE, as part of Intel's Wired for Management Baseline 2.0, is supposed to enable a network administrator to remotely configure systems, with a PXE complaint BIOS, from a bare hard drive to a functioning Red Hat system without lifting a finger at the local workstations."
Slackware LinuxNetscape 4.7 has been integrated into "current", the development version of Slackware, along with KDE 1.1.2, and the Gtk/Gnome packages.SuSE LinuxThe Weekly Globe and Mail has discovered SuSE 6.2. "SuSE 6.2 brings Linux to the desktop. It has success written all over it. In my experience it makes Linux as smooth as silk, which is exactly what corporate information technology and home-users need. And I found the results addictive, particularly the feel of dealing with raw computing power."Section Editor: Liz Coolbaugh |
October 7, 1999
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
Lists of Distributions |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Development page. |
Development projectsWest Virginia University is using Mozilla for the basis of a class "to track and study the creation of a full-scale 'real-life' software project." For more information, check the reference on Mozillazine. This is a great idea and a great way to introduce students to the development of free software. As one person commented, think about working with your own alma mater to get such courses into place! Apache and PHP came in for some praise in this Network Computing article on picking a web server to suit your needs. Platforms considered included Netscape, Microsoft and Apache. The article is well-balanced, acknowledging faults and accomplishments in each of the products. Embedded LinuxLWN editor Liz Coolbaugh attended a meeting held this morning at the Embedded Systems Conference that launched the "Embedded Linux Advisory Board." This group, sponsored initially by Lineo but intended to be vendor-neutral, will work to bring about better recognition of Linux in the embedded arena. Please have a look at Liz's reports from the conference for details.Here are two sites that you may want to take a look at, for more information on Embedded Linux: GnomeHere is this week's GNOME summary by Havoc Pennington.High AvailabilityA new mailing list, linux-ha-dev, has been created specifically for covering the details of defining and developing community-based HA software, like heartbeat.MidgardThe folks at the Developer Shed have interviewed the developers of the Midgard web application platform. "Goals for the year 2000 include support for mobile computing and PDA's, integration with desktop software, better content management tools, and perhaps work-flow and other advanced business features."For more Midgard News, check out this week's Midgard Weekly Summary. MozillaThis week's Mozilla Status Report was published Sunday, October 2nd. There doesn't seem to be any big news this time around, just lots of steady progress in many areas.MySqlCreating websites that use MySql is the focus of this LinuxPlanet tutorial. MySql is not a free software product, but is free for use for some applications and requires only a small licensing fee ($200) for others.WineThe Wine Weekly News for October 4th is available. It seems Wine has been a bit of a victim of its own popularity; web hits have doubled in the last six months, leading to some server problems over the past week.And for even more Wine news, check out this week's Wine Kernel Cousin. ZopeFolks wanting to learn about Zope may want to note that there is a training class offered by Digital Creations in Colorado Springs, CO in a couple of weeks. They apparently have just a couple of seats left.Squishdot 0.3.0 has been released. Squishdot is a Slashdot-like news site framework used at sites like Technocrat. For a total wrap-up, check out this week's Zope Weekly News, from Amos Latteier. Section Editor: Liz Coolbaugh |
October 7, 1999
|
|
Development toolsJavaIn last week's issue, we mentioned JBuilder and called it "Inprise's just-in-time compiler". This was inaccurate. JBuilde is a full IDE; JBuilder JIT is Inprise's just-in-time compiler. [Thanks to Kelly Harrison]PerlThe fifth issue of PerlMonth has been released.PythonHere is this week's Python-URL by David Ascher. Python-URL is evidently now sponsored by Doctor Dobb's Journal.Das Python-Tutorium, the German translation of Guido's Python tutorial, is now available in its finished state. Tcl/tkDr. Dobbs' Tcl-URL! for October 6th has been published.Section Editor: Liz Coolbaugh |
Related Links Guile Guile homepage Java Blackdown Team Perl Perl Mongers Perl News Python Python website JPython Smalltalk Smalltalk website Squeak Smalltalk |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Commerce page. |
Linux and businessTiVo, Inc. has been added to the LWN Linux Stocks Page. TiVo just went public last week, while we were not watching. Their product is a "digital VCR," which makes it easy to record, manipulate, and play TV programs. Their central server network which supports the product is based on VA Linux Systems servers, and the set-top box also runs Linux. TiVo may look like a consumer electronics vendor, but they are in the business of selling Linux boxes. This is the face of Linux in the embedded world. Linux in French schools. Jean-Paul Smets writes to us about the deployment of a Linux-based network in a school in Saint Dié, France. It is an interesting description of both the adoption of Linux in a public institution and the network architecture put together by the people at Linbox. Worth a read. Selling Unix to suits Nicholas Carroll has written up a speech he uses to sell Unix (and Linux) systems to business customers. "You can try to sell them Linux right off, if you want. However, suits aren't into 'cool' much. They like established, accepted, winners. In the Internet, Unix is the winner. Linux is still a flavor coming into its own. If you want to pitch Linux, I think it makes more sense to make the Unix case first, and then pitch the Linux." Siemens announces SAP R/3 benchmark record Siemens issued this release proclaiming its benchmark results with SAP R/3 on a Linux server. This claim has proved to be a bit controversial, since there is, in fact, an existing benchmark that got faster results on NT. The point seems to be this: the Siemens benchmark ran with R/3 4.0, while the NT benchmark used an earlier version. Apparently R/3 4.0 is somewhat slower than its predecessors, so lower benchmark results are to be expected. This issue will not be resolved until benchmarks with identical systems have been performed. Linux banned from "large corporation". Here's an amusing (and disturbing) posting in the RISKS digest regarding "a large corporation" that banned Linux systems after a misconfigured Samba server created difficulties on their network. Of course, Linux has nothing to do with the problem... The Computer Underground dumps Intel The Computer Underground, a vendor of Linux-installed systems, has announced that it will henceforth sell no more Intel-based systems. Press Releases:
Section Editor: Jon Corbet. |
October 7, 1999
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Linux in the news page. |
Linux in the newsRecommended Reading: This article in Al Fasoldt's "Technofile" looks at Microsoft and how Linux is giving it grief. "Linux pushed Microsoft into the third phase. Suddenly we were able to see the emperor clearly, and we could see that he had no clothes. Nothing that Microsoft says seems believable any more. An operating system that cannot perform properly is not acceptable any longer. We have a choice." Here's a Wall Street Journal article, via ZDNet, on Sun's plans to release the Solaris source. "Sun hasn't yet worked out the timing of the community source release of Solaris, which is likely to phase in over a long period of time" LinuxToday talked with Michael Tiemann of Cygnus Solutions at the Embedded Systems Conference. "So Tiemann is saying that there is a big part of the embedded space where Linux as we know it will do just fine. Without any risk of fragmentation, Linux will scale down into all those cell phones, digital cameras, personal digital assistants, and set-top boxes that are complex enough to need software with two or more processes to run them." Sun Solaris: Here's a ComputerWorld article assessing the potential impact of the Solaris source announcement. "Ultimately Sun's move is unlikely to amount to much, agreed Jonathan Eunice, an analyst at Illuminata Inc., a consultancy in Nashua, N.H. 'If they had done something like this years ago, they would have probably been a leader of the open revolution,' Eunice said. 'Now it looks like they are chasing the Linux tail.'" Computer Reseller News ran this article about Sun's intentions toward Linux with their release of the Solaris source code. "The hardware and software giant, while confirming it will release the source code to Solaris, its implementation of the Unix OS, said it is not trying to destroy the growth of the Linux OS." Here's The Red Herring's take on Sun's plans to put the Solaris source out. "This does not mean Sun is giving up the rights to its software. Sun's code will be available free for download, but if developers incorporate any of it into a commercial product, they will owe Sun a 'community-source' licensing fee. Some analysts don't equate community source licensing with open-source distribution." News.com says that Sun will be releasing the source to Solaris under its "Community Source License." That means, of course, that it will not be truly free software. Would Linux survive if Solaris were free? osOpinion answers the question: "The answer is no. Why re-invent the wheel? Solaris is a fully operational, scalable and reliable OS. Linux would have no place in a world were Solaris was free. Sorry, that's the truth." Here is Dave Winer's take on Sun's Solaris announcement (scroll down a ways). "But it's OK for Raymond and the open source purists to reject this offer. It wasn't designed to please them. It was designed to please Sun's customers. Look at it this way, Solaris is the perfect operating system for Sun customers. It's a live and let live answer. Sun says they don't have to be Linux, and it leaves room for Linux to find a multitude of niches that Solaris can never occupy because of its economics and how it's developed." Red Hat: TechWeb reports on Red Hat's European plans. "Linux vendor Red Hat expects to be the dominant market player in Europe within eighteen months, its chief operating officer, Tim Buckley, said on Wednesday." Salon Magazine interviews Red Hat's Marc Ewing. "[Linux-Mandrake] doesn't necessarily bother us. Clearly if there were no other Linux distributors besides us and we had 100 percent of the market we'd be pretty happy. But in a sense the task is a lot larger than that, if you think about what the competition really is. The competition really is Windows NT." Here's an interview with Masanobu Hirano, leader of Red Hat Japan, and Bob Young which ran in AsiaBizTech. "Red Hat of the United States has been studying the possibility of establishing a subsidiary in Japan since January 1999. As a result, we noticed two serious problems. First, Linux support for users, especially for enterprise users, have not been sufficient. Second, 'Red Hat Linux' enjoys more than 50 percent share of the Linux distribution market in the United States, but here in Japan, we only have less than a 20 percent market share." Performance Computing reviews Red Hat 6.0, a little belatedly. "One of the biggest bullets fired from the anti-Linux crowd is that it is an OS without applications. While an OS can be a novelty, the inability to do anything with it can be quite a hindrance. Red Hat addresses this issue head-on by including a CD containing almost 400 applications." Caldera: Here's a News.com article that speculates on Caldera's IPO plans. "However, sources familiar with Caldera Systems' plans tell a different story, saying the IPO is scheduled for the end of November. The company has set aside special stock for the open-source companies that have helped Caldera--the KDE programmers who have improved Linux user interface options and Troll Tech programmers who helped Caldera with its Lizard installation routine." E-Commerce Times reports on Fujitsu's partnership with Caldera. "According to International Data Corp., there were 2,200 Linux-based servers in Japan in 1998. That number is expected to increase to 10,000 by the close of this year, moving to 65,000 by 2003. The predictions are based on a 97 percent compound annual growth rate." PC Week reports on the Caldera/Fujitsu deal. "But there's more to the story than just another company adopting Linux on its servers. Fujitsu also has signed on for Caldera's educational and service offerings and is moving toward preloading OpenLinux on desktops, handhelds and other devices." Business: PC Week looks at a number of Linux-related events involving Red Hat, Lineo, and Sun. "Amid all the action, Sun Microsystems Inc. has opened its Solaris operating system under its own Community Source license, which hasn't received the popular support from the open-source community that one might expect." Upside Magazine looks at the Question Exchange. "For years, the primary knock against Linux, both within the tech media and corporate circles, has been the seeming lack of organized user support. Users who didn't want to take out a one-year multi-incident contract with Red Hat have traditionally braved the free Internet relay chat channels and Usenet sites. But in users' bargain basement searches places the only way to tell the difference between unqualified and qualified 'experts' was by the amount of scorn qualified Linux veterans heaped on clueless newbies." This article in AsiaBizTech looks at LASER5 - Red Hat's former partner and present competitor in Japan. "Prior to the cancellation of the agreement, Red Hat said that they wanted to purchase our Japanese version, but we could not agree on a price. We are ready to put it back on the table if appropriate terms and conditions are to be discussed." Here's a Computer Reseller News article about LinuxPPC. "...earlier this year, LinuxPPC caused a splash when, at a LinuxWorld expo, it provided the operating-system software that the IBM RS/6000 group used to demonstrate its RISC-based system running Linux." News.com ran this article on the LinuxOne IPO filing. "What observers find interesting, however, is that some passages of the LinuxOne filing read like a mirror image of Red Hat's filing. Indeed, many of the descriptions LinuxOne provides of its strategy and market opportunity are identical to the words found in the earlier Red Hat filings." Here's an article in ZDNet UK about Amdahl's Linux plans. "The Fujitsu-owned systems integrator announced support for Linux on its singleand dual-Intel Pentium III-based Fujitsu Teamservers. It also introduced 24-hour global telephone support for Linux-based hardware and software, and professional services for setting up and customising the Linux operating system and open source products such as the Apache Web server." (Found in NNL). Inter@ctive Week looks at Macmillan's Linux activities including the new "PlaceForLinux" web site. "'Thirteen percent of Macmillan's revenue comes from the sale of Linux books and software,' said Steve Schafer, Linux software title manager. Macmillan first began adding Linux disks to books four years ago, he added." Here's an Inter@ctive Week article about Macmillan's new web site at PlaceForLinux.com. (Said site currently opens with a form asking for name and address information). "Aiming to become a supplier of Linux to consumers, computer book publisher Macmillan has opened a Web site offering Linux information and support, with plans to sell a Mandrake variation of Linux in book and software stores." CNN looks at recent developments in the Linux world. "Separately, development tool vendor Inprise is trying to fill the Linux applications gap. Early next year the company will go into beta testing with a native rapid application development tool for Linux, code-named Kylix. The tool is a component-based, drag-and-drop environment with support for multitier databases and the Internet." News.com looks at Compaq's new thin client systems. "Though Compaq is committed to Linux, it is betting the bank on Windows CE." Computer Reseller News discusses Linux on laptop systems. "Although the open-source nature of Linux is attractive to a Web-minded IT community, most in the industry agree that the operating system cannot compete with Microsoft Corp.'s Windows on notebook computers." Here is a New Zealand Herald article about how a set of NT systems is being replaced by Linux systems in the New Zealand housing agency. "The selection of Linux has proved something of a master stroke because the pilot has demonstrated the substantial licence fees, upgrades and maintenance costs inherent in the previous NT-based approach can all now be side-stepped," (Thanks to Ian McDonald). Federal Computer Week ran this article about the large Linux cluster being purchased by NOAA's Forecast Systems Lab. "According to NOAA officials, the cluster will involve 277 workstations capable of crunching 300 billion arithmetic operations per second -- a capability that is 20 times more powerful than the lab's current system. The cluster will represent one of the most powerful computers in the world, they said." (Found in LinuxToday). The Chicago Tribune looks at Linux jobs and certification. "To date physical credentials have consisted of a beard or ponytail, complemented by a T-shirt saying 'Will write code for Chinese food.' As with most obscure technical jobs, hiring has been done on a techie-to-techie basis." Here's a Computer Weekly article about an interesting corporate deployment. "A Kent-based insurance firm is overhauling its IT infrastructure by rolling out about 200 desktop PCs on the Linux operating system. Reliance Mutual Insurance's decision to deploy Linux on desktops demonstrates the business viability of open source code in a commercial environment." (Thanks to Alan J. Wylie). Hack PC Week: ZDNet admits it did not apply the security updates to the Linux box that was part of its "hack PC Week" challenge. (See last week's Security section for a discussion of how the system was cracked). "Large companies often spend weeks or months testing NT service packs from Microsoft Corp. before they are deployed. Imagine the work involved in integrating 21 separate fixes into a change process to be deployed across an enterprise. Red Hat Inc. and other large open-source companies will have to make fixes available in a more manageable manner if they expect organizations to adopt Linux on a larger scale." This osOpinion piece looks at the "Hack PC Week" silliness. "To me, the whole hacking contest smacks a little bit too much of Mindcraft III; worse, PC Lab's reputation has been tarnished." Linus: InternetNews.com reports on Linus Torvalds' talk at Internet World. "He also forecast that user interfaces will diverge from the operating system in order to allow people to mix and match according to their own requirements, and to end the unnecessary development of interfaces for systems which do not require them, such as servers and embedded systems." The San-Jose Mercury asked Linus what he thought was the most important development of this century. "I think the most important development of the 20th century has been the advances in physics and our understanding of how the world works -- quantum mechanics and the theory of relativity from earlier in this century." Finally: Here's a brief article in ZDNet UK about Microsoft's 'Myths' document. "The 'Linux Myths' page seeks to redress misinformation spread by those evil Linux advocates and tackles issues such as reliability, stability and affordability of the fastest growing operating system in the market place." (Found in LinuxToday). The fifth issue of PerlMonth has been released. ZDnet pitches the Linux Business Expo, which will be attached to Comdex next month. "The technical track will feature cool kid Miguel de Icaza, coordinator of the GNOME Project, on the future of the GNU Network Object Model Environment;" LinuxPlanet ran an interview with Tim O'Reilly. "I also don't believe that necessarily you get a lot of benefit in the same way from making documentation completely free. At the end of the day, a book is its own source code, it's not as though the content is hidden in some way." Web Techniques ran this column on how some people are responding to the commercial success of Linux. "If we add marketing to the picture, then our hacker's utopia will become contaminated. With commercialization, one starts dealing with money and then greed and envy, along with competition. We will become the opposite of what our ideals are, and end up where we don't want to go." ZDNet has figured out that "Jesux" was a joke. "Sm@rt Reseller spoke to several developers, who wish to remain anonymous because of what they see as the anti-Christian hysteria Jesux caused in some circles, who claim they plan on implementing many of Jesux's ideas. So, the idea of a 'Christianized' Linux lives on." Section Editor: Rebecca Sobol |
October 7, 1999 |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Announcements page. |
AnnouncementsResourcesThe first Italian Linux portal site. We got this announcement (in Italian) for Linux Valley, which claims to be the first Italian Linux portal site. Here are Babelfish links for the announcement and the site (though Babelfish appears to be choking on the site itself currently).Help requested with Printing HOWTO. The maintainer of the Printing HOWTO support database sent us a note asking for volunteers to help him keep up with the range of printers out there. If you have a moment, and are up on the printer world, please consider giving him a hand. Version 2.0 of the Linux Laptop HOWTO has been released. The Online Troubleshooting Resources HOWTO is now available. Finishing out the pile of HOWTO news: The Linux Wireless LAN HOWTO has been updated. EventsThe Linux Writers and Publishers BOF will be held at the Atlanta Linux Showcase on Thursday, at 5:00 PM in the Brayton room. If you write about Linux, or would like to meet some of those who do, add this one to your calendar.Eric Raymond in Arizona. Eric Raymond will be at the Arizona Internet Professional Association (AZIPA) Monthly Meeting on Monday, October 18. Info & RSVP at www.azipa.org. The Atlanta Linux Showcase has announced that the proceeds from their benefit dinner and T-Shirt sales will go to the Pediatric Oncology Group. It looks like a good time for a good cause. Report from Pluto Meeting 1999. Here's a report (in Italian) in opensource.it on the Pluto Linux meeting held in Padova, Italy, in September. "...tutto quello che un appassionato Linux avrebbe sempre voluto sapere ma non ha mai osato chiedere" ("everything a Linux fan always wanted to know but never dared ask"). English text available via Babelfish. (Grazie a Carrer Yuri). Web sitesThe Wait State is a new news site created by former PC Pro columnist Dave Evnull. It's based on Zope and Squishdot, and includes occasional Linux coverage. It may well be worth watching as it grows. (Thanks to Bill Cory).User Group NewsA new LUG is forming in Auburn, Alabama. See the announcement for details on the first meeting, which is happening on October 20.A new LUG is forming in Belfast, Northern Ireland. |
October 7, 1999
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software Announcements
|
Our software announcements are provided courtesy of FreshMeat
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Back page page. |
Linux links of the weekThe Linux Cross Reference project has put together an extensive, web-based interface to the Linux kernel source code. Everything is heavily indexed, making it easy to jump from one section of the code to another. It is a useful resource for those who wish to get into how the kernel actually works. The Linux User Groups Worldwide page has been reworked with new technology. If you are ever trying to find a Linux user group for a particular place, this is the place to look. Section Editor: Jon Corbet |
October 7, 1999 |
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
From: reynolds@cs.duke.edu Date: Wed, 6 Oct 1999 22:44:01 -0400 (EDT) To: corbet@eklektix.com Subject: Microsoft myths, correction/addition Jon, Microsoft said this: > Linux security is all-or-nothing. Administrators cannot delegate > administrative privileges: a user who needs any administrative > capability must be made a full administrator, which compromises best > security practices. To which you (on LWN) replied thus: > There is some truth here. The "superuser" model has a number of > problems, and utilities like "sudo" are a sort of fragile kludge made > necessary by this model. The Linux kernel has increasing support for > capabilities, which provide the sort of fine-grained privileges needed, > but support for capabilities at the user level will be a while in > coming. Access control lists (ACLs) are also in development and in a > testing mode. There are irony and hypocrisy there that you (having not administered NT in a large, distributed-administration environment, I assume) didn't pick up on. NT's fine-grained administration delegation isn't much better off than Linux's! It's well-intentioned but almost useless. For example, a user can be given the right to add NT machines to an NT domain, but this right turns out to have little practical use, because users with this right cannot remove or refresh machines in an NT domain. (So reinstallations, ever common in the NT world, are not a possibility without full Domain Admin privileges.) Another example: a user can be given the right to add new accounts, but this right does not include related tasks such as deleting accounts or resetting the password on existing accounts. To be fair, being able to remove machines from a domain or reset other users' passwords has huge security implications if not done right: you could replace a backup domain controller using the former privilege and take over administrative accounts using the latter. So I'm not saying the solutions are easy. But administrative privileges as they now stand in NT aren't much better than in Unix. And now a bit of purely anecdotal evidence: I spent a couple of summers as an NT administrator, and for a while I was charged with the task of creating machine- and user-administration web scripts. This allowed a user that the web script authenticated to add/remove/refresh machines in the NT domain or create/delete/reset user accounts (with certain machines, such as domain controllers, and certain accounts/groups, such as administrators, protected). By making it a web script, we could make it run as the administrator but provide our own authentication and limited functionality -- much like the much-maligned SUID feature of Unix, but with the added nuisance of a web server. (A footnote to that story is the nastiness that web servers run with administrative privileges, so hacking an Active Server Page or the server itself yields far more privilege than hacking Apache on a Linux box. If NT has such great fine-grained security, why does the web server run with Administrator/Service privileges?) There is apparently at least one (expensive) third-party product to provide finer-grained administrative delegation. My ex-employer didn't buy it, though, so I'm not sure what approach it takes. Since it is a kludge, and not part of the core system, it hardly counts... --Patrick | ||
Date: Wed, 06 Oct 1999 16:11:20 -0400 From: Bob <general@gis.net> To: letters@lwn.net Subject: Linux At Home,LA Times, 9/23/99 edition LWN This article mentioned that Intuit gets insignificant numbers of requests for ports of their popular Quicken program to Linux. Why bother with Quicken for Linux when you can simply download ,at no cost, a very nice program called CBB which seems to give all the functionality that Quicken does for working with checking and savings type accounts. A very nice html style tutorial even explains the simple act of exporting .qif files from Quicken into CBB and vice versa. My goal is to bring my Linux setup to the point that all my needs are filled there and then there will be no need for Windows anylonger. Programs such as CBB make that event seem much closer on the horizon. Bob Lee general@gis.net | ||
Date: Fri, 01 Oct 1999 10:45:55 -0700 To: letters@lwn.net From: Seth Cohn <sethcohn@yahoo.com> Subject: Learned opinions on GPL.. Cc: Bernd Paysan <bernd.paysan@gmx.de>, rms@gnu.org, esr@thyrsus.com Letter to the Editor of Linux Weekly News (for publication) Sirs, When this 'Corel beta' turmoil arose, I emailed RMS himself as well as 'Open Source' advocated Eric Raymond (among others), looking for clarification on just when GPL 'kicked in' According to _both_ of them, all of the 'hardcore' GPL advocates who are saying 'any distribution at all is covered by GPL terms' are misguided at least. I asked: Is an internal ONLY change to a GPLed program subject to GPL copying and distribution requirements, source providing requirements, etc? >From: Richard Stallman <rms@gnu.org> >Subject: Re: GPL question... >If it is truly internal use, within one organization, our view is that >that is not distribution. and >From: "Eric S. Raymond" <esr@thyrsus.com> >Subject: Re: Fwd: GPL question... >No, in my opinion. GPL requirements trigger when you distribute binaries >to a third party. There are some definitional questions about what >constitutes an 'internal-only' release, but the principle is clear. Based on those answers, Bernd Paysan (lwn.net letter to editor on 10/31/99) is wrong when he claimed: > This also covers "internal projects", which usually restrict rights of > recipients of informations by NDAs or other contracts. These contracts > are null and void if the information given to them is a GPL'd program - > or the license to use the GPL'd program terminates immediately. Note > that the GPL is an individual license (it talks about "the recipient"), > thus the program isn't licensed to a company, but to persons. Moving a > disk from cubicle 318 to cubicle 319 is a distribution in the terms of > the license, and henceforth any restriction or limitations are null and > void *and* cause the license to terminate. > > In other words: IMHO the current treatment of "internal projects" with > modified GPL'd software are based on the goodwill of the participants, > as nothing prevents them to redistribute the software they get under > GPL. More so for less internal projects like a public beta test, where > nobody risks getting fired. According to both RMS and ESR, they see that 'internal' is a valid limitation on GPL. If I choose to give my employees software which I've custom modified for them for company use, they shouldn't be able to hand those changes out if I request they don't. Not honoring this will stop larger companies from using GPL code for important sensitive projects, customizing to their particular needs, or creating NDA projects (even when they intend to release them under GPL eventually, but want to wait till it's ready to distribute in a 'good' form). Maybe it's time for GPL Version 2.1 which can put some definition on 'distribution'. Since all previous GPL licenses give you the option of choosing a more current license, this would resolve the issue painlessly. Defining 'distribution' and 'copying' seem to be required issues for more mainstream usage of GPL. Better for RMS and the FSF to define them than to leave it to the courts, lawyers and so on. using GPLed code at work, a lot of it, Seth Cohn network administrator | ||
Date: Thu, 30 Sep 1999 07:10:41 -0400 (EDT) From: Kyle Sparger <ksparger@dialtoneinternet.net> To: letters@lwn.net Subject: Re: Anti-Corel Article in National Post (http://www.lwn.net/1999/0930/backpage.phtml) Regarding the trolling by "news" sites, I have a fairly easy-in-theory, more-difficult-in-practice way of solving this: Someone could run a web page with news sites that tend to run inflammatory editorials, that "we" feel are inflammatory primarily to increase circulation. Make this web site "known" -- announce it's purpose, etc. Form a "boycott" of such web pages. Make the community at large aware of it. (Or at least try) However, don't hit them where it doesn't hurt -- don't not-visit the web sites (sorry for the double negative). Visit them all you want. However, members who want to participate in this project (I imagine there would be quite a few), would pledge to NEVER, EVER, regardless of the circumstance circumstances, click through on banners, or purchase from a company as a result of those banners. Then make the companies doing the advertising aware of the effort. Let's assume we have 150,000 pledges visit an article on a site known to publish inflammatory editorials -- it wouldn't suprise me if we got more (or less), but let's assume that that's how many we get. If the web site makes money per-click through or if the company sells something as a result of the advertisement, then they just served up 150k web pages to no avail. It was a waste of effort and resources on their part. Make sure they know it. Maybe the editors will get a clue, and start pressuring their editorial writers to write up some useful content. Mentioning the offending authors by name might help too. If the web site makes money per display of a banner, let the advertising party know. I'm sure they'll be none too happy knowing that they just paid for 150,000 views that had absolutely no chance of making a sale. Simply put, hit them in the bank account. Done properly, this might just eliminate all incentive to troll for circulation. Kyle | ||