Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page
Other stuff:
Contact us
Recent features: Here is the permanent site for this page.
|
Leading items and editorialsVersion 1.1 of the GNU Free Documentation License (FDL) is out. As is the case with other licenses from the Free Software Foundation, the FDL is an extensively thought-out attempt to codify user freedoms; this time with regard to documentation. It recognizes, however, that documents raise different issues than source code; thus many of the provisions of the FDL differ from those of the GPL and LGPL. The FDL does preserve the "viral" nature of the GPL in a couple of ways. A work covered under the FDL can not have its redistribution restricted - there can never be proprietary works derived from an FDL-licensed document. The FDL also does not combine well with other licenses; a document licensed under the FDL can only be combined with other text under the same license. Derived works can be made from documents covered under the FDL. However, the restrictions are stronger than those spelled out in the GPL. The FDL allows the specification of "cover text" (short bits of text which appear on the document covers) and "invariant sections," both of which must be carried forward unchanged into any modified version. The FDL specifies, however, that "invariant sections" must be "secondary sections," meaning that they do not directly address the subject of the document. The invariant section provisions, thus, are meant to cover author introductions, acknowledgements, rants against software patents, etc. without allowing restrictions on the modification of the technical meat of the document. The baggage of invariant sections and cover texts will likely make it hard to incorporate small sections of documents into other works, even if the latter are also licensed under the FDL. If one document contains an outstanding tutorial on "using development kernels for nuclear power plant control," that tutorial can not be added to another document without pulling along all of the cover texts and invariant sections as well. Interestingly, the FDL's requirements vary depending on the number of copies being distributed. The license calls for a "transparent" machine-readable copy (i.e. no Word or StarOffice files) to be made available on the net, but only if more than 100 copies are being made. The FDL also contains something the GPL has explicitly avoided: an attribution requirement. The authors' names must be carried along with copies. Not everybody likes the GPL, but there is little doubt that it has been one of the defining forces behind the rise of Linux. The FDL attempts to fill a gap in the licensing of documentation. It may well be that the FDL will give a similar shape to the coming wave of free documentation. XFree86 4.0 has been released, after a long wait. Since the X server provides the view that most users see of a Linux system, a major new release is interesting. Some of the highlights of this release include:
The above list is incomplete, see the release notes for the full list. But it should be clear that this is a major release. Congratulations are due to the XFree86 team, which worked long and hard to make this release happen. The story of Linux-Mandrake. Gaël Duval, creator of the Linux-Mandrake distribution, has written a feature article describing how Linux-Mandrake (and MandrakeSoft) came to be. A distribution that started as one person's project has turned into one of the major Linux players with 70 employees, venture funding, and more. It's a classic Linux success story. The Worldforge Project: A Gamer's Perspective We asked Douglas Sundseth, a dyed-in-the-wool gamer, to take a look at the Worldforge Project, an open source effort to develop a complete system for massively multiplayer online roleplaying. Here is is the result: The Worldforge Project: A Gamer's Perspective. Colorado Linux Info Quest. Now only two weeks away, the Colorado Linux Info Quest has finalized the list of speakers and lined up some prominent names for leading Birds of a Feather sessions as well, including Paul Everitt, from Digital Creations, who will be presenting a Zope demo and leading the Zope BOF, Bdale Garbee, who will be leading the Debian BOF and Tom Christiansen and Nathan Nathan Torkington, who are coming to lead the Perl BOF. For more information, check out the latest press release. Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
March 16, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Security page. |
SecurityNews and editorialsTrustix Secure Linux 1.0 released. Trustix 1.0, a "secure Linux" distribution out of Norway, has been released. It is aimed at server tasks in particular, and includes strong encryption support. The distribution is also downloadable from http://www.trustix.com. Their mission statement explains their plans in more detail. There doesn't seem to be anything earth-shattering involved, just the incorporation of many security recommendations into the default distribution. It seems to be primarily aimed at supporting their consulting and administrative services.Duplicate key IDs for PGP-signed mail. We've gotten lots of mail about this issue that we reported on last week. First of all, the problem actually reported turned out to be a case of a PGP server returning the wrong key, not one of a duplicate key, as Florian Weimer pointed out. Second, followup on BugTraq that came out after we published covered the issue of duplicate keys in detail. The PGP FAQ describes the ability to generate a duplicate key as the "deadbeef attack". It is part of the PGP specification and the reason why key signatures and fingerprints are also important parts of the PGP verification process. Here is a pointer to the information on signing your key. It was also pointed out that PGP servers should not assume that key ids are unique, according to the RFCs, and should therefore return all matches for a given keyid. For more information, check the relevant thread on BugTraq. Preventing Distributed Denial of Service Attacks (O'Reilly). The O'Reilly Network talks about prevention of DDOS attacks. "If you want to prevent distributed denial of service attacks on your hosts, the best hope you have is to prevent your own hosts and networks from being used to cause denial of service attacks on others and to encourage other network and system administrators to do the same." Security ReportsSuSE: IMAP update. SuSE has released an advisory covering a vulnerability in the IMAP server, along with an update to resolve the problem. StarOffice StarScheduler vulnerabilities. Two vulnerabilities have been reported in StarOffice's groupware server, StarScheduler. These vulnerabilities can allow remote root access, a denial-of-service attack and improper read access to files. These problems were apparently reported to Sun on February 6th, but no fixes have been made available. Disabling StarScheduler or restricting access to the relevant port (801) is recommended. mtr. Version 0.42 of mtr fixed vulnerabilities in its method of dealing with root privileges. This week, the first distribution update for mtr has become available. Security hole in ht://Dig. Originally covered in the March 2nd Security Summary, TurboLinux has released their update for this problem.
MySQL. TurboLinux also put out an update for the security hole in MySQL covered in the March 2nd Security Summary.
TurboLinux update for man. TurboLinux also put out an update for man, fixing a problem first reported in the November 2nd, 1999 LWN Security Summary. Printtool. A vulnerability in printtool as installed on Red Hat Linux 6.1 has been reported. Debian is not vulnerable to this problem. ResourcesBruce Schneier's CRYPTO-GRAM. The March 15th edition of CRYPTO-GRAM has been released. One interesting tidbit: a law case where cracking software was successfully labeled a "burglary tool".Mason mailing lists established. A set of mailing lists for the Mason automated Linux firewall builder has been announced. Mason is an interesting tool that seeks to ease the detailed process of setting up Linux firewall rules. Section Editor: Liz Coolbaugh |
March 16, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Kernel page. |
Kernel developmentThe current development kernel release is 2.3.99-pre1. The patch is quite large (4M), but that size is deceptive - much of the patch is devoted to moving files around to effect a reorganization of the block driver hierarchy. This patch also contains a new DocBook-based documentation scheme and a few new documents (all written by Alan Cox), a new, much-reworked PPP implementation, an IBM LANStreamer driver, a MultiGate COMX driver, and Andrea Arcangeli's "elevator" disk scheduling improvements. The current stable kernel release is still 2.2.14. The 2.2.15 prepatch is up to 2.2.15pre14 - a large patch with a number of new fixes. It still looks like at least one more prepatch iteration will be required before the stable kernel release happens. The pre-2.4 series is coming. Linus sent out this announcement with the 2.3.51 release announcing that he is getting ready to start the pre-2.4 series - which is why the current release is 2.3.99-pre1. At this point, presumably, a real feature freeze has taken effect, and only bug fixes will go into the kernel. Regarding what may still go in, Linus has said "There's some NFSv3 and other stuff pending, but those who have pending stuff should all know who they are, and for the rest it's just time to say nice try, see you in 2.5.x." This announcement has, predictably, brought out a number of people who have "pending" patches that they would like to see included. The biggest discussion by far was about reiserfs, Hans Reiser's new filesystem that was discussed in the November 11, 1999 LWN. Quite a few people would like to see reiserfs go in, for two reasons: (1) they are actively, happily using it, and (2) if it goes in, the 2.4 kernel can claim to have a journaling filesystem. The kernel developers are trying not to be influenced by the second reason, but it is clear that many of them would like to be able to make that claim. The inclusion of reiserfs has drawn some opposition, however, from those who do not like all of the changes that the patch makes. The leading opponent is probably Alexander Viro, who has been busy for a long time fixing up the VFS layer and fixing problems there; he sees reiserfs as being a new source of problems to fix. The reiserfs folks are trying very hard to listen to the complaints and criticisms that have been going by, and seem to be bending over backward trying to address them. They really want to see their filesystem in the kernel. Linus has indicated that the inclusion of reiserfs is a possibility - for a later 2.4 release, if perhaps not for 2.4.0. The latest 2.4 jobs list has been postedby Alan Cox. There's still a number of things to be fixed. Randy Dunlap has posted a separate 2.4 USB jobs list. The great netfilter merge is happening, and should be essentially complete within another kernel release or two. Netfilter is the new implementation of the IP firewalling and masquerading subsystems. Firewalling and masquerading have been massively reworked, and now have a new set of utilities to work with them. ipchains is passé; things are now done with iptables and ipnatctl. Netfilter actually contains a pair of compatibility modules that allow the old ipchains and ipfwadm utilities to work - so the transition should be relatively easy. But it is never too soon to think about heading over to the current way of doing things. Interested people may want to look at the iptables HOWTO and the ipnatctl HOWTO. 2.3.50 included the new shared memory filesystem. The shm filesystem cleans up the shared memory implementation, and helps in the provision of Posix shared memory segments. But its inclusion has broken a couple of things, and created some surprises for people. First, SYSV shared memory is not available in the system until the shm filesystem has been mounted. It can be mounted directly with a command like: mount -t shm shm /var/shmbut the proper fix is to put a line like: none /var/shm shm defaults 0 0into the /etc/fstab file (the proper place to mount the shm filesystem is still a matter of debate). Note that the 2.3.51 implementation shows a file named / within the shm filesystem. This file - which would prove difficult to work with - is the result of a minor bug which has already been fixed. The other surprise is that the new shared memory implementation breaks some applications. In particular, the Gimp as provided by some distributions dies an ugly death on startup. There are reports that recompiling the Gimp fixes the problem, though it is not entirely clear why. The real problem seems to be a change in shared memory semantics - one which makes Linux work more like other Unix systems. The NT filesystem is unmaintained, and will likely be marked "obsolete" in the 2.4 kernel. It evidently still works, in at least some situations (not with W2K filesystems), but others report problems. It seems that not too many kernel developers see a great need for this filesystem. Unless somebody steps up and takes over its maintenance, the NT filesystem will eventually go away. Preemptable kernel code? A continuing effort, led by Ingo Molnar, is underway to reduce the time it takes the kernel to respond to events. The low-latency work is inspired by the need to drive devices like sound cards and software modems without falling behind the data stream. The current Linux kernel, in some situations, is simply too slow to respond to do the job properly. The approach being looked at currently is to change a longstanding assumption in the kernel: that kernel code does not get scheduled out unless it explicitly sleeps. This assumption only holds, of course, on uniprocessor systems, so its demise should not really cause too many problems. Except that there will always be problems that come out with this sort of change. Linus has been pushing an approach that takes advantage of the existing SMP structure to make a preemptable kernel work. Essentially, it uses the spinlock primitives (which are currently no-ops on uniprocessor systems) to mark places where the kernel can not be preempted; any time that a spinlock is not held becomes fair game. Linus's approach explicitly changes nothing on SMP systems, on the theory that there is no need to preempt the kernel to get low latencies when there are multiple processors available. Not everybody agrees with that claim, however. Thus far there has not been a patch proposed that Linus likes. In any case, a change of this scale may well have to wait until the 2.5 series. Making the kernel preemptable has enough potential to create strange bugs that it should have quite a bit of testing time to settle out before going into a stable kernel. Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
March 16, 2000
For other kernel news, see: Other resources: |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Distributions page. |
DistributionsPlease note that security updates from the various distributions are covered in the security section. ix86 Linux for the PC. Another distribution out of Germany, ix86 Linux is dubbed "the distribution for the interested private user" (Babelfish translation). This distribution appears, from the Babelfish translation of the site, to support either a minimal 486 install or a slightly larger Pentium install with XWindows support by default, with Gnome as an option. It uses qmail for the default mailer and does not use a package manager, working instead directly with the source tarballs. Linux from Taiwan: Linpus Linux. Ambrose Li sent us a tip about another new Linux distribution, Linpus Linux, made by Linpus Technologies in Taiwan. The websites are, of course, all in Chinese, but from this picture, we were able to deduce that this is a Red Hat Linux compatible product. Corel LinuxCorel Linux Deluxe: A First Look (AboutLinux). AboutLinux reviews Corel Linux Deluxe 1.0. "Corel Linux Deluxe is the first distribution (that I am aware of) that ships with a penguin!"Debian GNU/LinuxDebian Weekly News. This week's Debian Weekly News announces another Bug Horizon on March 27th, and plans to begin the test cycle for the release of Debian 2.2 after that. It also notes that this week is the one year anniversary of the release of Debian 2.1, gives an update on new maintainers and mentions that the Debian elections close tomorrow, March 16th.Debian GNU/Hurd. The latest Hurd news is available via the Hurd Kernel-Cousin. FreeBSDFreeBSD 4.0-RELEASE announced. A new version of FreeBSD has been released. Learning, apparently, from their sibling OpenBSD, a much heavier emphasis on security shows up in this version, including support for OpenSSL, OpenSSH, encrypted telnet and IPsec support. Two new systems calls, jail(2) and jail(8), have been added "for additional flexibility in creating secure process execution environments. ". For more details, check the release notes.Rock LinuxROCK Linux 1.3.8 has been released. The Rock naming scheme follows that of the Linux kernel, so the 1.3.X tree is the development tree. It includes a new automated system setup. Check the CHANGELOG for more details. ROCK Linux is a distribution for skilled Linux/Unix Administrators who want to be able to compile all the packages for a system on the system itself at installation. ROCK in the news. This European Unix Platform (EUP) article describes how to configure a ROCK Linux System as an ISDN Dial-on-Demand Router. Slackware LinuxBSDi/Walnut Creek press release. Here's the press release from BSDi describing the merger with Walnut Creek CDROM. It contains more information on the merger, and includes a mention that Yahoo will be taking an equity investment in the new company. Walnut Creek is the parent company for Slackware, currently, which is why we mention this merger here. The Slashdot interview with Bob Bruce, president of Walnut Creek, Jordan Hubbard, FreeBSD core team member and release co-ordinator, and Gary Johnson, CEO of the new company, focuses more on the impact on FreeBSD, which will gain up to twenty new developers. Slackware, though, will also be impacted. "Our Slackware division will be spun off as an independent company: Slackware Linux, Inc. But our Linux and BSD developers will continue to work closely together. Patrick Volkerding has moved out here from Minnesota and is now managing Slackware development on a day-to-day basis. We will be releasing Slackware 7.1 by summer." Slashdot has promised an interview with Patrick Volkerding in the near future. SuSE LinuxOracle on SuSE Linux. Tips and other information on installing Oracle8i, Oracle8, WebDB, and Application Server on SuSE Linux is now available.SuSE road show. SuSE has announced a roadshow tour of Germany, starting on March 20, with stops in cities like Munich, Stuttgart, Bonn, Berlin, and numerous others. Details can be found on the roadshow schedule page, which, surprisingly enough, is in German. SuSE and Enlighten Software partner for Linux management. SuSE and Enlighten Software have announced a deal that will see Enlighten's system monitoring code bundled with SuSE's 6.4 distribution. SuSE joins up with SourceForge SuSE has announced that SourceForge will be a primary mirror for SuSE's FTP site. Seemingly in return, SuSE is also now represented on SourceForge's compile farm. TurboLinuxLutris Technologies Teams With TurboLinux to Offer Enhydra. Lutris Technologies Inc. and TurboLinux Inc. announced a joint effort to certify and distribute the Enhydra Java/XML application server for the TurboLinux operating system. Enhydra is an Open Source Java/XML application server. TurboLinux opens offices in Latin America. TurboLinux has announced the opening of offices in Argentina and Brazil. XTeamLinuxXteamLinux 3.0 launched. Xteam software (which "is honored to have the greatest potential to be 'China Red Hat'") has announced the release of XteamLinux 3.0. Not too surprisingly, multi-lingual support is high on the list for this distribution. In addition, a new configuration tool is apparently included, along with enhanced Samba support.Section Editor: Liz Coolbaugh |
March 16, 2000
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Development page. |
Development projectsApache 2.0alpha Available. In this Freshmeat editorial, Apache developer Jim Jagielski announces, "It was at the closing plenary of ApacheCon 2000, in Orlando FL, that a long-anticipated release of software was announced: an alpha release of Apache 2.0. With a few short keystrokes, the Apache Software Foundation announced to the crowd of developers at AC2K that Apache 2.0a was available for download." You can find Apache's announcement and download the new code here. VA Linux Pumps Up Developer Resources (E-Commerce Times). Here's an E-Commerce Times article about VA Linux Systems' compile farm. "CompileFarm will initially allow testing on Linux distributions by Caldera, Debian, Red Hat Linux and Slackware, along with FreeBSD. The service allows developers to switch to any supported distribution, from a single command line, for the purpose of compiling and testing programs in multiple environments." Application of the week: LavaPS (Linuxcare). LavaPS is Linuxcare's application of the week. LavaPS is described as a combination lava lamp and process listing utility. "For me, system administration has never been easier. Take a look at top next to LavaPS in the screen shot and decide for yourself which one you prefer..." BrowsersMozilla Crypto. The first crypto-enabled builds of Mozilla are now available on-line, including support for SSL, the Security Advisor, and IMAPS.O'Reilly Interviews Mozilla Leaders. The O'Reilly Network has published an interview with Mozilla manager, Mitchell Baker, and main archtect, Brendan Eich. "And one of the goals of Mozilla is to try to integrate the traditional Open Source community and methods and development styles, and the strength of that world with corporate, commercial involvement." DatabasesAndover.Net to work on MySQL. Andover.Net has announced that it is joining an effort to add database replication to MySQL.E-commerceYAMS 0.6.1 has been released. YAMS (Yet Another Merchant System) has released version 0.6.1. Besides the bug fixes and other new things, this is the first version to be placed in Sourceforge's anonymous CVS.EducationSEUL-EDU Linux in Education Report. The March 13 SEUL-EDU Linux in Education Report is now available. The primary topic this week is Linux in homeschooling environments.Embedded LinuxReport: real-time Linux at CeBIT. Bernhard Kuhn has posted a real-time Linux at CeBIT report with a summary of activities around RTLinux at this large conference.GamesDungeons & Dragons to go open-source? (Salon). This Salon article looks at the possiblity of an Open Source version of the popular role-playing-game, Dungeons & Dragons. "The plan is to release basic information on how to create characters for a D&D-like role-playing game under a license that allows anyone to build games based on those rules."The Nebula Device. Radon Labs, a developer of commercial games, is the driving force behind The Nebula Project, an SDK which they have licensed as free software. Their latest development release is 2000-03-14. NetworkingWeb100 Workshop Outcome. As a result of the Web100 Workshop, held in October of 1999 to look at ways to improve data transfer performance over large pipe networks, a three-year proposal has been submitted to the National Science Foundation to support research and development in this area. For some more background, check out our October feature article on the Web100 project."Early in the second year of the project, Web100 will produce a complete CD-based Linux distribution ... the Web100 kernel patch set, libraries and tools will be added to the selected base distribution." InteroperabilitySamba. This week's Samba Kernel-Cousin has all the latest Samba news and discussions, including an update on Windows 2000 compatibility.Wine. This week's Wine Weekly News talks about Windows API testing for Wine and support for non-Linux platforms while evolving Wine. Office ApplicationsFor a comparison of Linux wordprocessors, check out Linuxcare's product comparison chart, based on user contributed comments. They are missing feedback on LyX and currently show Corel's Wordperfect 8 at the top of the pack. It was interesting to note that the free software wordprocessors Abiword and Kword scored higher than Star Office 5.1 and Applixware 5. That is impressive, considering, for example, that Abiword is still pre-alpha software. AbiWord Weekly News. The AbiWord Weekly News for March 8 is out. Support for Hungarian has been added and Joaquin Abela's patch to dd command-line file format conversion support has been integrated, along with many other contributions. For March 15th, the AbiWord Weekly News takes a look at rulers, and Gnome integration, along with "many diverse and significant design issue". LyX Development News. News from the Lyx project is getting more detailed. Check out this week's issue for discussions of Rbook, a REBOL dialect for writing documents, and its implications for Lyx, along with other development topics. On the DesktopMagellan available for download. The first public release of the Magellan personal information manager application is now available for download. Magellan, a KDE application, looks to have some nice features; see the screenshots page for some examples. Adding shortcuts to your Gnome desktop. Linuxmonth has put out a short article demonstrating how to add a shortcut to the Gimp onto your desktop. KDE Development News. This week's KDE Development Newsindicates that KDE 1.9, a full beta of KDE 2.0, is scheduled for release in May. If that isn't enough KDE news to satisfy you, check out Mosfet's page for updates on Pixie, Konqueror, and XML based toolbar editing. The Gimp Development News. Check out this week's Gimp Kernel-Cousin for the latest Gimp news. If you're German, you may want to check out Gottfried Mueller's GIMP pages. [From the Gimp News.] GConf. Havoc Pennington writes about GConf, the new configuration data storage mechanism for GNOME 2.0 in this week's Gnome developer feature article. ScienceRlab moves to Sourceforge. Rlab is a GPL'd project that is building a Matlab-like high-level math program. They've announced a recent point release along with their move to Sourceforge. "Rlab does not try to be a Matlab clone. Instead, it borrows what I believe are the best features of the Matlab language and provides improved language syntax and semantics."Systems Administrationdump/restore development continues. Fans of the dump and restore utilities for file system backup and recovery should be pleased to see another development release, 0.4b16, just a week after the last one. Although this week's release does not include any security fixes, its release is an indication that these utilities, which are in widespread use despite the beta quality of the software, are finally getting some concentrated attention.Website DevelopmentOpenCMS. OpenCMS describes itself as an "Open Source Content Management System (CMS)". It is Java-based and is licensed under the GPL. Announced at CeBIT, development updates have been appearing on a regular basis for the past month. (Thanks to Bernhard Reiter.)Midgard Weekly Summary. This week's Midgard Weekly Summaryreports on the Repligard replication system, extensible record support for Midgard 1.2.X, a patch to support PHP 3.0.15 and other development news for this web application development platform. Zope Weekly News (March 15th). This week's Zope Weekly News is now available, with the latest development news for this web application server. Section Editor: Liz Coolbaugh |
March 16, 2000
|
|
Development toolsJavaHP wins round in Java battle (News.com). Here's a News.com article about Lynx's choice of HP's "Chai" Java implementation to bundle with Blue Cat Linux. "The deal is an important endorsement for Chai. HP's software will now be exposed to a larger audience, giving the company more leverage in its discussions with Sun about whether to call off their divisive dispute over Java. However, Linux is a new arrival in the embedded and real-time markets, and it will take time to see whether the open-source operating system will repeat the success it has had so far in the server market."Sun Microsystems to release Forte for Java source. Sun has announced the release of the source for the "Forte for Java Community edition 1.0" Java development environment. The code will be released under the "Mozilla public licensing model," which presumably means a modified version of the MPL. Code should be available "within the next 90 days." PerlPerl 5.6 Release Candidate 1. The first release candidate for the upcoming perl 5.6 has been announced. Perl Certification. A mailing list has been started to discuss Perl Certification, apparently on the theory that enough people want Perl certification that it is likely to come about eventually, therefore it would be better to step to the plate now and keep control of such certification in the Perl community. perl5-porters is back. The perl5-porters report on perl development is back, after a two month hiatus. As might be expected, it catches up on a lot of activity and discussions. PythonThis week's Python-URL. Here is this week's Dr. Dobb's Python URL. It contains info about optimizing Python programs, the Python 101 cheat sheet, and more.Tcl/tkThis week's Tcl-URL covers recent discussions on the Tcl/tk lists.Section Editor: Liz Coolbaugh |
Language Links Guile Blackdown.org IBM Java Zone Perl News PHP Daily Python-URL Python.org JPython Smalltalk |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Commerce page. |
Linux and businessCaldera Systems' initial public offering (IPO) is scheduled to happen this Friday, March 17. One publication printed that the price of the offering had been raised from the initial $7-9 level, but that appears not to be the case. Many people are looking to this IPO as an indicator of whether Linux stocks are still interesting to investors or not. There is never any way to really know what will happen until it goes out, however. Caldera has filed an updated S-1 describing the IPO. There's not much new in the amended S-1, they have mostly just updated some of the financial numbers and added a couple of forms. There is an interesting note, however, about an increase in their reserves due to slower sales of OpenLinux 2.3 than they had been expecting. In a separate filing Caldera disclosed much of its corporate documentation, including its articles of incorporation and bylaws. There is also the interesting tidbit that the IPO will cost Caldera $2 million beyond the underwriting fees. The largest line item is $600,000 for insurance premiums. Caldera has also announced a partnership with SCO to sell SCO's professional services to Caldera's customers. STFB's bogus open source license. Bernhard Reiter noticed this announcement from STFB, Inc. that was mentioned in last week's LWN commerce page. They claim: "STFB Inc. plans to change the open source market for Windows application software by offering open source licensing on all of its current and on all of its future accounting and ERP products." Mr. Reiter went through, however, and actually read STFB's licence agreement, which includes phrases like: "There are no limitations on the number of times the package may be customized and resold. The only restriction is that only the executable program and documentation, and not the source code itself, may be distributed." In other words, the "open source" claim is bogus. Since the term is not trademarked (or trademarkable), there is nothing stopping STFB from making this claim, other than public pressure. Concerned folks may want to drop a polite note to the given contact address for STFB: erricoe@stfb.com. Amazon.com calls for patent law reform Amazon.com's Jeff Bezos has put up this page with a call for reform of software and business model patents. His suggestions include a review period prior to the issuance of patents, and a much shorter period of protection (3-5 years). Not perfect, but a step in the right direction. Tim O'Reilly has put up a response to Bezos' latest. "While Jeff hasn't done what I originally asked for--to rescind his patent claims--he has most definitely engaged with the problems I was raising, thought seriously about them, and proposed an answer that works for him and his business. That being said, I don't want to let Jeff entirely off the hook. One thing about a call for action in Washington is that it could be seen as just a way of shifting the focus away from Amazon and onto the PTO." Industry leaders launch Embedded Linux Consortium. The Embedded Linux Consortium has announced its existence. Its goal is "to amplify the depth, breadth, and speed of Linux adoption in the enormous embedded computer market;" the initial leader will be Rick Lehrbaum, the guy behind LinuxDevices.com, among other things. Italy's Prime Minister on Linux. We just got a pointer to a contribution by Italian Prime Minister Massimo D'Alema to the "The action plan for the development of the information society: a project for Italy" conference which was held in January. Linux is held out as an example of how things can be done. "I find it amazing that an operating system ... has been developed by young volunteers - not tied by a contract or monetary remuneration, outside of a business organization - and that this system is able to compete with that elaborate system from a large multinational corporation, which is the richest company in the world" (Editor's translation). The full text (in Italian) is available from the Prime Minister's web site; Babelfish translations are available for the full text as well. (Grazie a Roberto Bagnara). Alan Cox on a Chip. For those of you looking for the latest in processing technology, check out Alan Cox on a Chip. It has many interesting features, including an "optional 5C00B1 D00 multimedia coprocessor." (Thanks to Lenz Grimmer) VA Linux Systems to acquire TruSolutions and NetAttach. VA Linux Systems has announced the acquisition of two more companies. The first is TruSolutions, a maker of rack-mount server systems; the second is NetAttach, which is in the network storage appliance business. TruSolutions went for 1.8M shares of VA stock plus $10 million in cash; NetAttach got 286,000 shares plus $10 million. Applix Announces growth strategy. Applix has put out an announcement describing its future growth strategy. Among other things, this strategy includes spinning off its Linux division as a separate company. Lineo gets new director, investments. Lineo has announced that John Egan has joined its board of directors, and that it has received equity investments (amounts undisclosed) from Egan Managed Capital and Motorola. Lineo to acquire USE, Inc. Lineo has announced the acquisition of United System Engineers, a Japanese engineering firm. The main purpose of this acquisition seems to be to allow Lineo to support its Embeddix distribution on a new set of hardware platforms. SAS comes to Linux. SAS Institute has pre-announced a port of SAS to Linux, scheduled to become available later this year. "Based on positive customer feedback, as well as the increasing number of Fortune 1000 companies looking seriously at Linux as a viable operating-system choice for their enterprise-wide business applications, we felt that the time was right for us to offer a Linux version of SAS software." Inprise/Borland announces JBuilder 3.5. Inprise has announced JBuilder 3.5 - the latest version of its Java development environment. VA Linux Systems quarterly report. VA Linux Systems has filed an SEC report for the quarter ending in January, 2000. In that quarter they had just over $20 million in revenues, and lost $11.5 million. There is also a copy of the consent letter signed by Linus Torvalds allowing the use of "Linux" in the company name. RealPlayer 7 beta for Linux. RealPlayer 7 beta for Linux is available for download, all you have to do is fill out the forms. (Thanks to Robert Taylor). Open content encyclopedia launched. A project (called "Nupedia") to create an open content encyclopedia has announced its existence. The Nupedia web site is up, but there does not yet appear to be much in the way of content there. Some people have expressed concerns that Nupedia's license agreement, which includes a strong attribution requirement, may make it hard to use Nupedia's content in other settings. InterBase 6 for Linux beta available. InterBase has put up the first beta release of Interbase 6 for Linux. No source code as yet - they hope to have something "real soon now"... (Thanks to Daniel Work). Section Editor: Jon Corbet.
Press Releases:
Section Editor: Rebecca Sobol. |
March 16, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Linux in the news page. |
Linux in the newsEvents The Linux Expo held in North Carolina for several years in a row isn't happening this year.Evan Leibovitch got confirmation that the show was officially cancelled and provided his reaction. "Innocence lost. With the Linux Expo fades yet another icon of Linux's innocent early years. While my first Expo experience wasn't until the third show in 1997, even then the atmosphere was one of a small family. I found the event to be quite extraordinary: echoing the nature of Linux's openness, attendance at the conference was free of charge. If you bought admission you could sit in the theater where the presentations were given, but it cost nothing to sit in one of a number of lounges and watch it on closed-circuit screens. Given that one of the lounges was outdoors, it was a pleasant way to hear the newest Linux developments ..." Products ZDNet UK reports on the release of Novell NDS for Linux. "What ZDNet US did find out was that although Novell has said at least part of the NDS for Linux code would be open source, none of it -- under any open-source licence -- is currently available. Despite years of open source lip service, the Novell Community licence remains more of a mock-up than a working model." Here's a News.com story about the announcement of Corel Photo-Paint for Linux. "But Corel has a lead when it comes to graphics software for Linux. The biggest competitor is the Gimp, an open-source program that's distributed along with several versions of Linux. On the horizon, though, is software from graphics powerhouse Adobe, which has begun translating some of its software for Linux." AboutLinux reviews Corel Linux Deluxe 1.0. "Corel Linux Deluxe is the first distribution (that I am aware of) that ships with a penguin!" Development LinuxMall.com has put up an article about resources for blind Linux users. "The innovative and cooperative spirit of Open Source is illustrated best by a group like BLinux (or Blind + Linux). BLinux and its related pages, BLinux-list and BLinux-announce runneth over with questions, comments and tips from all kinds of users and specialists." Forbes has chimed in with an article about Eazel which is cast in the light of the Gnome/KDE rivalry. "Eazel intends to stay true to the open source spirit by making its interface freely available, just as Linux is. But startups don't get $13 million in funding--Eazel's total so far--just so they can give stuff away. Eazel also has a business plan, which is to make money by using the Internet to remotely install, configure and manage Linux desktops for consumers and businesses." Simson Garfinkel sounds the alarm in this Security Focus article; according to him, a flood of Linux-based viruses is just around the corner. "No, what's stopped the spread of viruses on the Linux platform isn't technology, but the lack of interest from the virus writers. Why write a Linux virus when the same skills will let you bring up a new web-site and become a millionaire in just a few weeks? But if the economy goes south, we're likely to see a suddenly bloom of viruses from out-of-work overachievers." Wired News covers the latest in the DVD case. "With scant time to erect a defense, lawyers from the Electronic Frontier Foundation were handed a crushing defeat when a New York city judge on 20 January ordered DeCSS be yanked from the defendants' Web sites. This time, they're better prepared. The letter invokes a slew of procedural reasons arguing why the case should be dismissed -- points that likely will be raised in the New York case as well." First Monday has run a long, academic article looking at free software as an evolutionary process. "Considering the quality of human resources in corporate realms, however, neither foresight nor individual experience by itself is an adequate account for the superior quality of Linux to its rivals on the market. Nor is it a sufficient explanation that the Linux project has produced an operating system of such complexity and coherence without central planning." (Thanks to Karl Vogel). Open source software in the schools is the subject of this Wired News article. "Computer science teachers believe that open source encourages creativity and innovation among their students. Students can modify and improve on current software and they learn to be 'empowered programmers.'" Interviews ZDNet interviews Richard Stallman about UCITA. "UCITA would make it harder for us to avoid liability for bugs that turn up in the free software we develop -- while giving proprietary software developers a very easy way to avoid all liability for their products, even for faults that they know about in advance. This is grossly unfair." Infoworld has published an interview with Steve DeWitt, Cobalt's CEO, about internet server appliances. "Open source is the real value here, and the reason why you see Linux with 25-plus percent share in terms of the server side of the equation is not because people are pissed off. It's because it works. It's highly reliable." Olinux.com.br interviews Ian Clarke, creator of the FreeNet project. "A friend of mine recently asked me a similar question: 'Don't you think that making Freenet available is like giving a knife to a room full of people when you know that one of them is a murderer?'. I replied 'No, I think it is like giving some fire to a room full of freezing people even when you know that one of them is an arsonist'". The Washington Post asks what Marc Ewing is doing with all his money. Apparently being rich isn't as easy as it seems. "He has cashed out a portion worth $31.5 million and splashed out on new digs. He paid about $8 million for a 12-room apartment on the Upper East Side here. He spent nearly $7 million for the historic Pabst mansion on Chicago's North Shore. It has nine bedrooms and a five-car garage. Plenty of space for himself, his wife and young son." Business: Wired News reports on the upcoming Caldera Systems IPO. "Although Caldera only reported revenue of $500,000 for its quarter ended 31 January, analysts expect its stock will do quite well on opening day." Inter@ctive Week chimes in on Caldera's upcoming IPO. " Despite this illustrious lineage, Caldera doesn't seem to know what it wants to be when it grows up. The company started out as a distributor of Linux. Then it veered in the direction of a professional services company, such as Linuxcare. Now the prospectus says Caldera is concentrating on providing the fully buzzword-compliant 'Linux for e-business.'" The Red Herring takes a critical look at the Caldera Systems IPO. "Despite their struggles, the other four publicly-held Linux vendors have a big leg up on Caldera. Although the company has been operating since 1994, sales have been pathetically sluggish. Caldera lost $5.5 million in its recent quarter on sales of $553,000, which are up 3 percent from the period a year ago. What's even worse are gross profit margins of less than 1 percent." Nonetheless, the Red Herring lists Caldera as "Red Hot" on its IPO calendar. News.com looks at the upcoming IPO round. "'Linux companies have been getting huge pops, then the stocks settle back,' said Jeff Hirschkorn, senior analyst with IPO.com. 'Even though Caldera raised their range today, I expect to see another increase before they go out. And no matter what price they set, these companies always seem to go higher (when they debut).'" ZDNet ran this article about the declines in Linux stock prices. "What bears watching is how Linux partners handle the cooling-off period. Major enterprise vendors such as IBM and Dell Computer Corp. have bear-hugged Linux and launched major initiatives around the platform. If such large vendors believe they got caught up in the hype, they could easily recoil and scale down investment, further affecting Linux penetration in the enterprise." The Montreal Gazette reports on the snags in the Corel/Inprise merger. "Based on share prices before the announcement, Corel was to pay $1.1 billion U.S. in shares to acquire Inprise. The value of those shares has now fallen below $800 million U.S. Dale Fuller, Inprise's interim chief executive, told Corel's shareholders that this decline should be seen in the context of a weakness in the over-all market for Linux technology - especially considering that the Corel-Inprise merger is being billed as the making of a Linux powerhouse. 'I would be worried if the whole Linux community was going in the opposite direction to us,' he said." The Ottawa Citizen looks at the problems with the Corel/Inprise merger. "Originally designed to create a powerhouse in the developing field for Linux-based products, the deal has suffered because Linux-based stocks have fallen out of favor with investors." Here's a News.com article about Lineo's acquisition of United System Engineers. "The 15-year-old firm will help Lineo explain to prospective customers why they might want to switch from existing operating systems to Lineo's version of Linux for set-top boxes, factory robots and other 'embedded' devices..." Rick Lehrbaum has written a Dr. Dobb's article on why embedded Linux is interesting. "But is Linux, like Windows, too large and demanding of system resources to fit the constraints of embedded systems? Well, unlike Windows, Linux is inherently modular and can be easily scaled into compact configurations - barely larger than DOS - that can even fit on a single floppy. What's more, since Linux source code is freely available, it's possible to customize the OS according to unique embedded system requirements." The Australian Financial Review has posted an article about IBM's Linux team. "It is a team that is growing in line with a tenfold increase in IBM's commitment to Linux this year. IBM last month announced top-to-bottom support for the free software right across its hardware, software and services businesses." LinuxMall.com has run a column by Mark Bolzern looking at Microsoft's position on Linux. "Microsoft's contradictory position on Linux as a viable competitor seems indicative of the difference between the marketplace and the court. It also indicates that Microsoft senses a paradigm shift similar to the shift that allowed Microsoft to replace IBM as the dominant force in the computer industry." USA Today ran this introductory article about our favorite OS. "Linux was relatively unknown just two years ago. Today it powers 31% of all Web servers -- the machines that run Web sites -- and is used in cutting-edge devices such as pocket-size computers and set-top boxes. IBM, Sun Microsystems, Dell Computer and Intel are embracing Linux, creating products to support the operating system and investing in Linux-based businesses." Finally The latest Linuxcare 'Dear Lina' column is about PPP connections and converting over to Debian. "Now, wouldn't it be easier to put in another drive? Maybe. Possibly you were hoping it was easier than this. And just possibly, someone will put together a conversion kit for RedHat users, one rpm and boom, you're on Debian now. Or vice versa - it's just as hard the other way, you know." Fairfax IT talks with an IBM executive about how almost all college graduates have Linux experience these days. "We talked to a CIO (chief information officer) of one of the top 20 websites in the world and he said he was considering moving to Linux because he couldn't get enough people with skills for his current proprietary OS." Walter Effross reviews Neal Stephenson's "In the Beginning...Was the Command Line", calling it a new generation's "Zen and the Art of Motorcycle Maintenance." "In [Stephenson's] analysis, Windows 95 becomes a 'colossal station wagon,' Windows NT a 'hulking off-road vehicle,' Apple's operating system 'sleek Euro-styled sedans' and competitor BeOS 'fully operational Batmobiles.' Best of all, though, is Linux, an indestructible, maneuverable and fuel-efficient armored vehicle that, astonishingly, is available free." Here's an introductory article in The Hindu. "You can recognise them at twenty paces, and not just by the unwashed jeans, the unkempt hair and the thick glasses. They stand apart from other programming freaks by the sheer intensity of their commitment to their favourite operating system. For them, Linux can do no wrong." This osOpinion column takes Linux to task for its multilingual support, or lack thereof. "For all Linux lovers, I'm sorry to say this: Linux is useless for me as a work platform. I installed it out of curiosity, a desire to learn a new way of operating the machine. There are many applications - the 'No Applications' FUD cannot be waved - but for my line of work, multilingual work, Linux lacks what I need - full Unicode support." This OSOpinion piece looks at the dangers of over-commercialization in Linux education. "While I should have been grateful that Linux is mentioned as often as it is, There is a danger here... if you promote Linux as some simplified item, then the student will quickly be disillusioned and frustrated when he or she faces Linux' raw power (and sometimes in its raw fury, especially if you screw up a command as root.) A disillusioned Linux student stands a very good chance of becoming a hardened anti-Linux decision-maker further on down the road." Andover.Net has run this installation nightmare story. "I think I need a nap and a few hours to let the caffeine wear off. That's not to say that I'm having a bad time -- quite the contrary. This reminds me of the time more than a decade ago when I was first becoming familiar with DOS. It was fascinating, and learning my way around Linux is no less so." (Thanks to Cesar A. K. Grossmann). Section Editor: Rebecca Sobol |
March 16, 2000 |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Announcements page. |
AnnouncementsResourcesLinuxcare has put up a page comparing Linux word processing systems. There's also a form for readers to input their own reviews.LinuxLinks.com presents its checklist for newbies - a page of information on how to get started with Linux. It's in FAQ format, with questions like "what is the best Linux distribution?" and "how do I download Linux?" The tenth issue of PerlMonth is now available. Linuxer is a new magazine, in Chinese which covers Linux and BSD. (Thanks to Ambrose Li) EventsAndover.Net announced that it will sponsor the Geek Pride Festival being held in Boston from March 31 through April 1.Here's a press release hyping the upcoming Linux Business Expo in Chicago. "On April 19, John A. Johnson, Director of Information Services for Papa John's International, Inc., will discuss the pizza restaurant's migration to the Linux environment." Web sitesinternet.com has announced the addition of a Chinese version of LinuxStart.com, and a new French news feed as well.User Group NewsSwedish/Danish SSLUG recently welcomed its 5000th member.JobsWirex has three jobs, one for a Linux Developer, a Compiler Specialist, and a Network/VPN Engineer. |
March 16, 2000
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software Announcements
|
Our software announcements are provided courtesy of FreshMeat
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Back page page. |
Linux links of the weekAre you stuck behind an oppressive firewall? When things get really desperate, have a look at MailTunnel, which somehow actually manages to tunnel TCP/IP connections through a series of email messages... The i-opener is a $99 flatscreen computer system sold by Netpliance. The system runs a special version of QNX, and is intended to make money via ISP fees - it only connects to Netpliance's proprietary service. People have figured out, however, that, with the addition of a cheap disk drive, these systems can be made to run Linux. For information on how to make a bargain-basement Linux system, see this page on linux-hacker.net (where you can also buy the needed drive bracket and cable), or the i-opener Linux page. (Thanks to Dub Dublin and Gordy Perkins). Section Editor: Jon Corbet |
March 16, 2000 |
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
Date: Thu, 9 Mar 2000 16:50:01 -0500 To: lwn@lwn.net Subject: Something to think about... From: Zygo Blaxell <zblaxell@genki.hungrycats.org> This is possibly an abuse of statistics...no, wait, I take that back. This is _definitely_ an abuse of statistics. But it's interesting to think about this nonetheless, especially in light of FUD-generators who like to point out that Linux is "unstable", meaning that it changes often, as if that were something undesirable. The obvious question to ask a FUD-generator is "how stable does software have to be, before it becomes good?" The following may be an answer, and I think it'll catch a lot of FUD-generators off guard... I was recently auditing some data I had collected from the Debian project and came across the following statistic: Code changes are submitted to or accepted by the Debian project once every 13 seconds to 7 minutes (depending on time of day). In other words, in the time it takes to dial a 1-800 number, someone may have fixed a bug in or added a feature to Debian, sometimes before the first ring, and definitely before you finally get off the holding queue and talk to a real human being. By contrast, the Linux kernel often sits idle for just under 6 minutes at a time without anyone even discussing, much less submitting, patches for it. Bug fixes can take several hours to get integrated. (This data comes from the debian-devel-changes@debian.org and linux-kernel@vger.rutgers.edu mailing lists. If the results are reproducible at all, the errors are at least one order of magnitude.) Interestingly enough, many people feel that Debian is a Linux distribution that is technically superior to a number of similar Linux distributions which are revised less often. Apparently having a very high revision rate does not by itself have a negative affect on software quality, or Debian is doing something else which compensates for this effect. Perhaps a future Debian project slogan should be: "Debian: the most unstable software of all time." Unfortunately, many people would require re-education before they are able to interpret that statement correctly... -- Opinions expressed are my own, I don't speak for my employer, and all that. Encrypted email preferred. Go ahead, you know you want to. ;-) OpenPGP at work: 3528 A66A A62D 7ACE 7258 E561 E665 AA6F 263D 2C3D | ||
Date: Fri, 10 Mar 2000 12:05:37 -0500 (EST) To: erricoe@stfb.com Subject: the meaning of "open source" From: kragen@pobox.com (Kragen Sitaker) I understand you are claiming http://www.stfb.com/fagreement.html is an "open-source license". As applied to software licenses, "open source" is a term invented by Christine Peterson a couple of years ago to denote a specific kind of license: licenses that give all users the freedom to use, modify, copy, and redistribute the software, for profit or otherwise, in source-code and executable forms. The detailed definition is at http://www.opensource.org/osd.html. Your license prohibits users from redistributing your software for profit and prohibits redistribution of the source code. It is, therefore, not an open-source license. Your claim that it is an open-source license is confusing to people new to open-source software. When they encounter software that is correctly labeled as "open-source", they will not understand the guarantees this gives them until they understand that your software is not open source. I understand that there are many software developers who see the advantages of open-source development and would like to join our community. I assume that your efforts in this direction are honest, and I hope the flood of flames that is surely descending upon your mailbox due to your premature labeling doesn't discourage you. -- <kragen@pobox.com> Kragen Sitaker <http://www.pobox.com/~kragen/> The Internet stock bubble didn't burst on 1999-11-08. Hurrah! <URL:http://www.pobox.com/~kragen/bubble.html> The power didn't go out on 2000-01-01 either. :) | ||
Date: Sat, 11 Mar 2000 19:07:47 GMT From: Cor Gest jr <cor@clsnet.nl> To: letters@lwn.net Subject: Opensource vs GPL Often I see comments on ads which advertise non-free programs which balk at the fact that although "Open-Sourced" they are not GPL'ed also. But Hey, get real: GPL'ed software is always Open-Source but not all Open-Source software has to be GPL'ed by default. It would be nice, but even coders have to eat. I rather pay for a non-GPL'ed piece with Source-Code-Included than a free (as in beer) binary without and thus being at the mersy of the makers. All cars are motorised-vehicles but not all motorised-vehicles are cars ! just my 2 euro-cents cor | ||
Date: Mon, 13 Mar 2000 09:09:49 -0600 (CST) From: Dave Finton <surazal@nerp.net> To: letters@lwn.net Subject: Thoughts about "We Teach Linux Too!" This is in response to the OSOpinion article "The Dangers of Over-commercialization" at http://www.osopinion.com/Opinions/TJMiller/TJMiller17.html I think the person writing the article might be a bit paranoid about teaching Linux to students. Granted, Linux shouldn't be misrepresented as something as "easy to learn" as Windows (use-of-use is more of a personal bias... I think that Linux is *much* easier to *use* than Windows, which is why I use it). However there are a couple of items to keep in mind: TJ Miller writes: "Unix is usually taught at the collegiate level, and most *ix professors seem to thrive on intimidating their students into utter shock (well, mine surely did...) On the other extreme, all this cooing and singing about Linux as being 'no big deal' to learn, does just as much harm to the novices as scaring them would do." That has nothing to do with the complexity of the system. That Unix professor he mentions comes from a strange and distant culture where it took balls and talent to even so much as get an account on a Unix machine, let alone own one for yourself. Those days are far gone. The type of arrogance you once saw in the old-school Unix culture is still around, but those days are numbered. A larger and larger portion of the normal people like himself and many others are using Unix now, in the form of Linux usually. The old elite culture won't last too long in that environment, and you'll see teaching methods changing from "here's a few commands, now go compile yourself a C program" to more comprehensive programs. Things like certifications, etc. will help in this regard a great deal. Another question I have to ask is: Why is Unix taught at the collegiate level only? Why not at elementary school or at high school? Before you say it's because kids won't understand anything so complex, remind yourself who exactly it is that first figures out to program the time on the VCR in your average household so that it won't blink 12:00 all the time. The early years are ideal for learning this stuff, because it shows kids how a well-engineered system is designed. And since kids soak up knowledge like sponges (well, at least they do during the pre-teenage years), it makes sense to teach the young folk how to use a "hard" system before they even figure out what a "hard" system is supposed to look like. The problem lies at the teaching level. It's not the kids who are to worry about. It's the grown-ups teaching the kids. If a teacher has a negative experience with something (like Linux) they can easily transfer that dislike to the kids with little effort. The solution is, of course, advocation of the Linux certification programs out there, as well as good training courses. That will do the hand-holding that T.J. Miller desires. Well that was a tangent, so I'll finish with this parting thought: "Beware MCSE's offering Linux candy." :^) - Dave Finton --------------------------------------------------------- | If an infinite number of monkeys typed randomly at | | an infinite number of typewriters for an infinite | | amount of time, they would eventually type out | | this sentencdfjg sd84wUUlksaWQE~kd ::. | | ----------------------------------------------------- | | Name: Dave Finton | | E-mail: surazal@nerp.net | | Web Page: http://surazal.nerp.net/ | --------------------------------------------------------- | ||
Subject: Stallman interview To: lwn@lwn.net Date: Mon, 13 Mar 2000 16:46:24 -0700 (MST) From: woods@ucar.edu (Greg Woods) In a recent online interview, Richard Stallman was quoted as saying: "That movement studiously avoids mentioning idealistic concepts such as freedom and community, and as a result most of the newcomers have no idea that you can think of free software in those terms." You *can* think of free software in those terms, but the reality is that only the religious fanatics actually do. The vast majority of ordinary people, especially in the business world, *will* think about open source software as being in direct competition with pay-for closed-source software. Is it cheaper and/or better, does it give us more bang for the buck. Those are the questions they will be asking, not is this politically correct or does it help the environment :-) You can argue the religion all you want, but in the end, this is how open source software will succeed or fail. Take my own case. I have a Linux server at home, not because I believe in the open source religion, but because I can run a mail and web server on it and use it as a masquerading firewall. Commercial software to perform those functions would cost more than my PC and be less efficient and reliable to boot, so I use Linux, simply because it is *better* than the alternative. Sure, if I have a chance to, and should I ever develop something worthy of it, I would want to contribute back to the open source community, but I am in no way *obliged* to do so. Here at work, I would like to introduce Linux into our environment, but to do that, I can't argue the open source religion, or my managers will look at me like I'm nuts. I will have to present practical arguments about capability, reliability and cost savings. *That* is what they will listen to. I particularly dislike people who imply that there is something evil about being paid to develop software or to make a profit from developing software. Not all of us are trust fund babies, some of us have to worry about putting food on the table. I would say that if enough value is present in closed source software to make it worth the price they are asking, I'll buy it. If there isn't, I won't. --Greg | ||
Date: Tue, 14 Mar 2000 17:42:41 +0000 From: kevin lyda <kevin@suberic.net> To: letters@lwn.net Subject: Big mouth, little code... A few years or so ago he pointed out a process table attack in the finger daemon shipped on most linux boxes. He bitched and moaned a year later that no one had fixed it. So I did, and dropped it into Red Hat's Bugzilla. It was about a dozen lines of code. (including a little comment that Mr. Garfinkle was an ass, it does my heart good to know that millions of cd's around the world have that encoded on them...) I think it's great that he can spot all these problems. I think it's lame that he doesn't get off his ass and offer solutions. If a person spots a problem with a closed system the author of the software has forced the user to comment mode. With free software the author is saying, "here, use this fine piece of software that was worked great magic for me. I want it to work great magic for you, and I am providing you with source so that you can make better magic if you feel up to it." That includes security fixes. Free software doesn't get written by little elves on the north pole after all. I might also mention that the rpm format (and I think the deb format) for binary packages allows for gpg/pgp signatures. Anyway, the moral of this letter? The GPL should be changed. It should state that all reviews should be prefaced with a commentary on the programming skill level of the author. That way I could finally know the answer to the question, "Is Simson Garfinkle too lazy to learn to code, or too lazy to code?" Kevin -- kevin@suberic.net "we were goin' for breakfast. in canada. we fork()'ed on 37058400 made a deal: if she'd stop hookin', i'd stop meatspace place: home shootin' people. maybe we were aiming high." --porter, "payback" | ||
Date: Tue, 14 Mar 2000 13:53:58 -0900 From: "Tony Taylor (ISD)" <tony@searhc.org> Subject: Virii, and Mr. Garfinkel To: letters@lwn.net Mr. Simson Garfinkel seems to have quite a list of credentials. However, he seems to lack logic. He claims there is a coming plague of Linux virii. He claims the current lack of virii for Linux (and Unix in general) is a lack of interest in those able to write them. He lists some basic requirements for a successful Linux virus: It must install itself as root OR: It must propogate through holes in security He lists "root abuse" and casual use of root for the first case, and major server security holes (such as the Sendmail hole that allowed the Morris worm to propagate years ago, and the recent Red Hat IMAP hole) as examples for the second. His logic fails, however, when he does not analyze why there are so many virii for the MS-Windows platform. He doesn't realize that the *only* reason MS-Windows machines are so vulnerable to virii is that *nobody's fixed the holes* that allow these virii to propagate. There are boot sector virii, macro virii, .com and .exe virii, and in every case, Microsoft hasn't closed the holes that allow them to spread. Although there are thousands of strains of virii, there are really only a dozen or so propagation mechanisms. In every case, if the fundamental problem were fixed (for instance, turning off the autoexecute of macros in programs, instead of making it harder for users to turn it off themselves), there would be no way for *any* virus of that class to spread. Why haven't we seen any more Morris-like worms? Because that hole was plugged within days of discovery. Why isn't the IMAP worm around? Because that hole was also plugged within a few days of discovery. There may be short-lived virii in Linux's future, but the solution won't be stop-gap prophylactics; the holes will be closed, and the virus will die a natural death. And the virus detection software will die a natural death along with it. - Tony | ||
Date: Sat, 11 Mar 2000 12:25:24 -0600 From: Dylan Griffiths <Dylan_G@bigfoot.com> To: letters@lwn.net Subject: Misquoting PGP informationg. "This issue will need to be dealt with, and quickly. The existence of a duplicate key ID could allow falsified mail. If a duplicate key ID can be generated by accident, presumably it can also be generated on purpose, as well. Network Associates was not directly informed of the problem, which was posted today, so no response from them is yet available." Not so. The OpenPGP standard allows this. From: Tobias Haustein <haustein@INFORMATIK.RWTH-AACHEN.DE> "As said, the key id is calculated from the key. A V3 key id consists of the lowest 64 bits of the public modulus ot the RSA key, whereas a V4 key id equals the lowest 64 bits of the fingerprint of the whole key. However, the OpenPGP standard (RFC 2440) explicitly says that: "Note that it is possible for there to be collisions of key IDs -- two different keys with the same key ID. Note that there is a much smaller, but still non-zero probability that two different keys have the same fingerprint." (page 53)" So it's all a matter of the non-zero probability that two different keys have the same fingerprint. Two passwords that are not alike could also have the same MD5 hash. -- Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread! [Editor: Correct. Please see the security section for an update on this topic.] | ||
From: Collins_Paul@emc.com To: letters@lwn.net Subject: Duplicate PGP key IDs Date: Mon, 13 Mar 2000 11:57:39 -0500 Dear Editor, The best way to resolve the duplicate key ID issue is to use the key fingerprint, a twenty-byte number of which the key ID is the last eight bytes. Duplicate key IDs are only a problem with regard to the key servers, and to users who do not make sure that the keys they use are genuine. Duplicate key IDs do not affect the fundamental security of PGP itself. Two keys with the same ID do not have the same fingerprint, and are not the same. Signatures generated by one will not verify with the other. If a user uses a key from a keyserver without checking the fingerprint with the supposed recipient, or checking the other signatories to the key, they are in any case violating best practices. Of course, there are (elaborate) ways to circumvent the security of public-key cryptography, some involving man-in-the-middle attacks using fake keys. However, if the recipient has the real key of the sender (and not the fake one), the attacker will not be able to generate a fake signature, since that requires access to the sender's private key. See "Applied Crypography" by Bruce Schneier for details. Note that GNU Privacy Guard is an implementation of the OpenPGP specification, and hence should have been mentioned for clarity. Yours sincerely, Paul Collins. -- Please note that I speak for no-one but myself. | ||