![[LWN Logo]](http://old.lwn.net/images/lcorner.png)
![[LWN.net]](http://old.lwn.net/images/bigpage.png)
|
|
|
Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
 Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page
Other stuff:
Contact us
Recent features: Here is the permanent site for this page.
|
Leading items and editorialsIf somebody invited you to see one of the biggest Linux systems on the planet would you go? We didn't have to think long about that one, ![[cluster boxes]](/2000/0323/lboxes.jpg)
especially since the system in question (NOAA FSL's "Jet" cluster) is in
our home town. This system, put together by HPTi, consists of 276 Alpha-powered nodes
in its first phase; it is used for numerical weather modeling
applications. What we saw can be found in this feature article, along with some
pictures of the system. Have a look to see how a state-of-the-art Linux
supercomputer is put together and what it is used for.
IBM is installing a Beowulf cluster at the University of New Mexico. This cluster is claimed to be the largest such in the world, and the 24th fastest supercomputer overall (though the Jet cluster may yet surpass it in its later phases). This cluster is called "Los Lobos," which may cause confusion with the longstanding LoBoS (Lots of Boxes on Shelves) cluster running at NIH. Los Lobos will eventually be part of a nationwide network of such clusters, managed as a large "virtual cluster" and made available to researchers. (See also: articles in Wired News, LinuxPlanet, News.com, and from Reuters). Both of these clusters highlight an increasingly obvious point: traditional supercomputers are in deep trouble. Old-style "big iron" remains unmatched for some tasks, but it simply can not compete with commodity hardware clusters in processing power for the money. For universities, most companies, and many governments there is simply no choice: the only way to get high-end supercomputer performance is via a cluster system. Companies like HPTi and IBM have seen the money to be made in this area, and are pursuing it vigorously. Expect others to join them. With luck, this activity will lead to more free clustering software as well; the current state of the art is still somewhat primitive. Current clusters tend to run a relatively small number of highly specialized applications; future clusters should be easily usable in a more general way. One step in that direction might be found in this announcement from Mission Critical Linux. They are preparing a cluster system which is aimed at the financial market. As a result, their PR talks about things like data integrity and high availability. The product will be available (as a two-node cluster) in June. While Linux clustering still has some ground to cover, there is little doubt that it will get there; the market forces are that strong. The CyberPatrol case. CyberPatrol is a web-filtering package sold by Microsystems Software, Inc. Included in the package is a list of sites to be blocked; this list was encrypted via a proprietary, closed-source scheme. As is often the case with such schemes, it was poorly done and easily cracked. Two hackers, Eddy L. O. Jansson and Matthew Skala, broke the scheme, and wrote a little utility that people could use to actually look at the CyberPatrol block list. A full analysis of the scheme is available; among other things, it uses an encryption key that is all of eight bits long. People immediately had a field day, of course, playing with the list. As might be expected, many sites have been blocked for reasons that are, say, unclear. But Microsystems Software and its parent Mattel are not amused. They have hit the courts in an attempt to block the spread of the "cphack" program. Predictably once again, they have succeeded only in calling attention to cphack and spreading it all over the net. It's the DVD story all over again. They are also sending subpoenas to sites that have put up the software, or that have even linked to it. Among other things, they want lists of everybody who might have downloaded cphack. So much for privacy; hit the wrong link and you can be reported, by court order, to a hostile corporation. The CyberPatrol people are basing their actions on the reverse engineering clause in CyberPatrol's license. They have sold inferior software that is alleged to protect children; now they want to make it illegal to reveal just how bad that software is. The hood of this car is truly welded shut; it is against the law to look inside to see what you bought. Companies like Mattel are making the case for free software in a way that the Free Software Foundation can only dream of. Every case like this one - and be sure that there will be more of them - drives home the point: proprietary software restricts freedom in increasingly dangerous ways. It really is a matter of basic freedom. As software plays an ever-larger role in all our lives, do we really want to trust ourselves to something we can't even look at? (See also: the PoliTech CyberPatrol page and the OpenPGP.net censorship page). Feature Article: MaxOS Linux. When we heard of yet another Linux distribution, MaxOS Linux, we started routine enquiries to get an idea of the purpose of the distribution and the people behind it. This feature article, MaxOS: A New Linux Distribution from the Ground Up, plumbs into those issues and more in a look at this new distribution out of the frozen north. Netcraft: Apache now at 60%. The latest Netcraft survey is out. This one shows Apache running on just over 60% of the web for the first time; all of the other major web servers have fallen in market share. Pre-registration for the CLIQ. Attendees for the Colorado Linux Info Quest are urged to pre-register for the conference by mail or via the secure online registration system. The latest press release anticipates an uncomfortable crowd the morning of the show. "... getting all those people registered in time to catch the keynote will be difficult, even with our automated registration system." Also, credit card payments will only be accepted for pre-registration. Check or cash will be required the day of the event. Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
March 23, 2000
|
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Security page. |
SecurityNews and editorialsProcess hiding in the 2.3.X kernel series? Pavel Machek posted a note to BugTraq about possible process hiding in the 2.3.X development kernel series. Pavel Kankovsky forwarded this concern to the security audit mailing list pointing out that the vulnerability had come about as a result of work done to close the kernel against pid recycling attacks.
This concern was originally posted to linux-kernel, but garnered no response as of yet. A bit of careful thinking will be needed to fix this problem properly without reintroducing the older vulnerability or creating yet another new one. Obstacles to Cryptographic Code Exportation Lifting. This LinuxMall article responds to the governmental relaxation regarding cryptographic export regulations. "While encryption restriction and patent law issues are not completely resolved yet, the playing field with the rest of the world is levelling. Better still, the Open Source and Cryptographic software communities are finally seeing real progress in these areas." Developers Blasted on Security. Rich Pethia, director of the Computer Emergency Response Team (CERT) at Carnegie Mellon University in Pittsburgh, blasted software developers for marketing flawed software in an address to a Congressional panel covered in this Wired news article. "Pethia did not criticize any companies by name in his prepared statement to the panel." Very tactful of him ... Building a Robust Linux Security Solution (Network Magazine). Here's a Network Magazine article on building secure Linux systems. "If you want to grant your remote users VPN access to your Linux gateway, but you don't want to install (or maintain) IPSec software on their laptops, you are in luck: PopTop is a freely available Point-to-Point Tunneling Protocol (PPTP) server that can act as an end-point for VPN sessions from standard Windows desktops." (Thanks to Flemming S. Johansen). Security Reportsabuse.man web manager kit. abuse.man is a perl-CGI script for managing virtual hosts. A vulnerability in abuse.man has been reported which can allow both remote and local users to execute arbitrary commands on the webserver. The manufacturers website has been notify. Disabling abuse.man or patching it to use relative links instead of absolute paths is recommended, but no patch has been provided.FreeBSD posted advisories this week for the orville-write port, (local root compromise) and lynx, (remote execution of arbitrary code). They provide a simple workaround for the orville-write port, but recommend removing lynx from the system altogether. "The lynx software is written in a very insecure style and contains numerous potential and several proven security vulnerabilities (publicized on the BugTraq mailing list) exploitable by a malicious server." Lynx problems were most recently discussed in the September 23rd, 1999 LWN Security Summary, at which point SuSE and Yellow Dog Linux provided updates for this program. Exploits for the pam-0.68-7 package are being passed around for both Red Hat 6.X and Mandrake 6.X. RPMs for pam-0.68-10 have been around for two months, guys. If you have not already updated, you need to do so now. A note to people using automated tools such as autorpm for installing Red Hat updates: Red Hat has not been linking new updates into the older directories, just providing links to the latest directory in their advisory. As a result, your tools may not be picking up all the updates that they need. The updates for pam-0.68-10 and usermode-1.18 are examples of this. The Apache project: Jakarta Tomcat. A serious bug has been reported when Tomcat and the Apache web server are used together in order to serve Java Server Pages and Java servlets. Tomcat 3.1 beta 1 has all required fixes applied. Commercial updates. Cisco has issued an advisory concerning their Secure PIX Firewall concerning its handling of FTP server and client commands which can lead to inappropriate connections being made across the firewall. A fix has been made for its handling of FTP server commands, while the FTP client issue still being worked on. For additional information, check out the BugTraq thread on Extending the FTP "ALG" vulnerability to any FTP client. Note that other firewall products are also likely vulnerable. UpdatesThe following issues have been previously discussed, but new updates have been made available for them in the past week.mh/nmh. See discussion in the March 9th, 2000 LWN Security Summary.
mtr (multi-traceroute). See discussions in the March 16th, 2000 LWN Security Summary. dump/restore. See discussion in the March 9th, 2000, LWN Security Summary. This is the first distribution update seen for this problem. Overall, updates for specific Linux distributions appear to be coming more slowly, not more quickly. Of equal concern, the updates that are coming out are not getting installed (witness the pam discussion above). As a result, we are all losing ground as far as security is concerned. ResourcesShaft DDOS tool analysis. An analysis of shaft, yet another distributed denial-of-service tool like Trinoo, TFN, Stacheldraht, and TFN2K, has been made available by Sven Dietrich at the NASA Goddard Space Flight Center and others.Security Audit FAQ update. An updated version of the Security Audit FAQ has been released. Jeff Graham asked people to note in particular that the address for FAQ submissions has changed to lsap@demit.net. EventsCall-for-Papers RAID 2000. A last Call-for-Papers for the RAID 2000 conference has been issued. Deadlines start on March 31st, 2000.Call-for-Papers ACSAC. The call-for-papers for the 16th Annual Computer Security Applications Conference (ACSAC) has been released. ACSAC will be held December 11 - 15, 2000, at the Sheraton Hotel, New Orleans, Louisiana. Deadlines for papers, panels, tutorials and case studies come up in May. Section Editor: Liz Coolbaugh |
March 23, 2000
|
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Kernel page. |
Kernel developmentThe current development kernel release is 2.3.99-pre2. This patch includes integration of the new netfilter code, many architecture-specific tweaks, USB updates, and a number of other small changes. There is a 2.3.99-pre3 prepatch (a pre-prepatch?) available, in its seventh version as of this writing. The patches are actually beginning to look like something from frozen code: this one is made up mostly of a lot of little fixes. There is also a new "hotplug" master configuration option (which controls PCMCIA and other such technologies), 3Dfx Banshee/Voodoo3 frame buffer support, nVidia Riva framebuffer support, a master configuration option for WAN devices, a USB Mustek MDC800 digital camera driver, Sun 3x support, an IEEE-1394 update, a PCMCIA Xircom Tulip ethernet driver, IDE layer tweaks, and a partial merge of NFSv3 client support. As part of the process of getting 2.4 out, Alan Cox has posted the latest 2.4 jobs list. The current stable kernel release is still 2.2.14. The latest 2.2.15 prepatch (2.2.15pre15) was released with a comment of "Ok this should be it. I hope." We'll see. Will 2.4.0 be a "brown paper bag" release? Here's a Technocrat posting that raises that fear. "However, major packages won't compile on it. UDF has serious bugs, causing kernel hangs. In the 2.3.99 stage, the entire filesystem directory tree and initialisation code is being heavily re-written. The kernel configuration code is being re-organised. That is NOT where a program needs to be, when it's just about to be released as a stable package." It is true that a number of major changes have gone into the kernel in recent times. But nobody (except this LinuxGram story) thinks that the current code will be released as 2.4.0. The quality of what goes out depends very much on the current shakedown period. The more people who test out the 2.3.99-pre kernels and report on their experiences, the better the end result will be. The addition of master configuration options for broad subsections of the kernel code is still going on, and creating a bit of confusion. 2.3.99-pre1 added the CONFIG_IDE configuration option; if this option is not set, the entire IDE subsystem is compiled out of the kernel. A number of people are evidently missing this option when upgrading, then wondering why their systems don't boot anymore. When upgrading to the 2.3.99-pre kernels, pay attention to the new options. A new reiserfs patch is available, see the announcement for details. The reiserfs debate continues, with its proponents still hoping to get it into the 2.4 kernel. The reiserfs folks seem to be reaching some sort of understanding with the VFS people, which is a good sign. The latest issues have to do with how reiserfs interacts with NFS; evidently it should work OK for now, but planned changes in the future could change that situation. Ethernet disconnect. Donald Becker's name is known to just about anybody who is familiar with the kernel code. He has singlehandedly written a large parcentage of the ethernet drivers in the system. Chances are that this web page came to you by way of one of his drivers. Donald's work also did a lot to get the early Beowulf clusters off the ground. It is safe to say that he is one of the founding fathers of Linux. It is thus unfortunate to see Mr. Becker increasingly isolated from - and in conflict with - the kernel development community. The loss of an important kernel developer seems likely. This state of affairs is the result of a conflict in working styles between Donald and most of the rest of the kernel developers. It's an example of how managing open source development is not always as easy as it might seem. Donald likes to maintain his drivers separately from the kernel. They have their own web page, mailing lists, and release cycles. Donald's drivers are explicitly portable across kernel versions, so that even very old kernels can run modern versions of the driver if need be. His preferred mode of operation would be to simply drop new versions of the drivers into the kernel occasionally as releases dictate. He is unhappy that the driver API has changed a lot (as it has), making cross-version portability difficult. He also seems disgruntled that one of his API changes got rejected in favor of a different implementation. Linus, instead does not like this mode of operation at all. He always prefers to see small, incremental changes to code that he can understand (and modify or reject if he thinks it's right); getting a whole new driver in one chunk does not suit him. He claims that keeping the driver development separate deprives it of a whole community of testers; putting driver changes into the kernel more often will get them exercised by everybody who installs new kernels, and not just those on the driver development lists. Linus doesn't like to see drivers filled with backward-compatiblity code, and does want to see them updated quickly to new interfaces. Finally, Linus has no qualms about changing interfaces and requiring such updates - the alternative, according to him (and many others) is a kernel that slowly fills with cruft and old, broken interfaces and becomes unmaintainable. The reason that this issue is coming to a head (again) now is that others, such as Jeff Garzik of MandrakeSoft, have essentially taken over as the maintainers of some of Donald's drivers. To some it may look like a sort of power grab. But the developers involved feel that something had to be done, since the drivers in the kernel simply were not working. The situation almost looks like a code fork. Donald has his versions off in one corner, while the kernel code is proceeding in a different direction under new maintainers. Depending on your point of view, it could look like an unfortunate rift caused by personality and work-style differences, or like an open source project reacting to fix something that wasn't working. Either way, it is hard on some of the people involved. The shared memory changes are still causing problems, as reported last week. The main difficulty is an interface change; before it was possible to attach to a shared memory segment that had been removed (as long as you had its ID), the new implementation does not allow this. Anybody who has actually had to work with the unpleasant SYSV shared memory interface knows how easy it is to clutter up the system with dead shm segments that persist forever; the ability to delete them up front is a nice feature. The latest victim of this change would appear to be XFree86 4.0, which takes advantage of this feature to avoid leaving segments around in the case of an unplanned exit. The number of complaints has been such that it appears, as of this writing, that the old behavior will be restored in 2.3.99-pre3. The mount-time ext2 block/inode checks are going away if this patch by Ted Ts'o goes in. The check is a simple integrity check performed at mount time; it's why Linux seems to take so long to mount a disk. It has been possible to override the check for years with the check=none option, but that is not the default. The thinking now is that the check serves no useful purpose - fsck does a much more thorough job. So, in the interest of faster boots and smaller kernel code, the checks look like they are on their way out. Overcommitting of memory by the Linux kernel continues to consume massive amounts of linux-kernel bandwidth, though very few of the participants at this point are actually developers. Memory overcommitting was covered in the March 9 LWN and not much has changed since then. One exception is the creation of the strict memory project, which hopes to inspire the creation of a patch which disables memory overcommitting. Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
March 23, 2000
For other kernel news, see: Other resources: |
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Distributions page. |
DistributionsPlease note that security updates from the various distributions are covered in the security section. MandrakeSoft frees the Bochs x86 emulator. MandrakeSoft, parent of the Linux-Mandrake distribution, has announced their purchase of the Bochs x86 emulator and its subsequent release under the LGPL. In addition, Kevin Lawton, lead developer for both Bochs and the Plex86 project, a free alternative to VMWare, has joined the MandrakeSoft team. He will be continuing to move forward with the development of Plex86, now with access to the code base for Bochs to speed his team's implementation. "MandrakeSoft recognizes the value brought to our Linux users, by offering them an open source way to concurrently run Windows or other PC operating systems", commented Jacques Le Marois, President of MandrakeSoft. This is certainly a wonderful example of a commercial interest paving the way for the "Right Thing" to happen. It could also be done without money, but in this case, it will happen faster and more easily with the commercial support. In the end, we will all benefit from another free software application with extensive potential uses. Chinese Linux Extension 0.9 released. Version 0.9 of the Chinese GNU/Linux Extension has been released. This patch brings Chinese language capabilities to much of the Linux system, including GNOME and KDE; the latest version adds a lot of stuff, see the announcement for details. (Thanks to Chih-Wei Huang). CLE is a GPL'd project, currently optimized for Red Hat and using RPM, but with a Debian port underway. Although not a distribution in and of itself, at least not yet, CLE is included in some Chinese distributions to provide full Chinese support right out of the box. Along that same lines, Donovan Software has announced its own 64-bit Chinese Linux Distribution, covered in this (Singapore) Business Times article. The new distribution will be called the Chinese Penguin64. A website for the distribution was not provided, though it is supposed to be available for download from http://www.penguin64.org. Although it is not specified in the article, it seems likely that the Chinese Penguin64 distribution is for the UltraSparc platform, as opposed to the Alpha platform or other 64bit systems. This is a conjecture based the information on the website. Rick Collette starts deepLinux. Rick Collette, formerly the guy behind the SPIRO-Linux distribution, has announced the launch of his new venture, deepLinux. DeepLinux will be primarily focusing on the OEM market, but will include embedded projects involving game systems and network appliances. ZipSpeak, a Talking Linux Distribution. ZipSpeak, an "Easy-to-Use, Talking Linux Distribution", has been announced. "ZipSpeak is a talking mini-distribution of Linux for blind and visually impaired people, based on version 7.0 of the ZipSlack distribution and version 0.08 of the Speakup screen reader. ZipSpeak is designed to be easily installed on an existing MS-DOS or Windows system, so that the user can start using a talking Linux system with a minimum of difficulty." When The Big Boys Come To Town (MacDiscussion). Here's a MacDiscussion column about the arrival of new distributions for the PowerPC. "Both Debian Linux and SuSE Linux have in the works distributions that will run on all PCI or better powermacs and various other selected PPC machines. This is where things get interesting. You see, Linux PPC and Yellow Dog Linux are relatively new upstart companies when it comes to the Linux world, and they just do not have the corporate power and user base that both Debian and SuSE boast." Of course, using the word "corporate power" in conjunction with the volunteer Debian project may seem a bit strange, but given that VA Linux, SGI and O'Reilly have issued joint Debian CDs, it is actually accurate. It will be interesting to see if distributions that are tied to a specific non-Intel platform will continue to thrive as the larger distributions expand their platform support. Note that they very well may continue to survive ... the availability of more manpower to support applications on their platform will help them and companies that heavily depend on a particular hardware platform may find they get better support from a company that also uses their platform exclusively. LinuxWars: Distribution War III.2 (AboutLinux). AboutLinux has updated its Distribution War article to include Corel's distribution. Bastille LinuxBastille Linux update. Bastille Linux 1.0.4.pre4 has been released. This contains only minor fixes for this security hardening script for Red Hat Linux. We also noticed that we missed the opportunity to announce Spiro-Bastille, a similar script for Spiro Linux adapted from Bastille Linux.Caldera OpenLinuxOpenLinux e-Desktop Preceeds Caldera IPO (TechWeb). According to this TechWeb article Caldera e-Desktop 2.4 is supposed to have hit the shelves yesterday. "The latest operating system product to ship from the Provo, Utah-based Linux developer packages a browser-based administration utility, office productivity applications, Internet configuration tools, MetaFrame client capabilities, and beefed-up security." (Thanks to "jhb").Check out the Commerce Page for more coverage of the Caldera IPO. Debian GNU/LinuxSun donates Sparc system to Debian. The Debian Project has received a donation of an UltraSparc 60 dual-CPU system from Sun, accompanied by a large storage array. Linux-MandrakeMacmillan ships Linux-Mandrake Secure Server 7.0. Macmillan has announced that Linux-Mandrake Secure Server 7.0 is now shipping.Red Hat LinuxRed Hat 6.2 beta (piglet). A lot of people are having fun playing around with the ISO image for the beta version of Red Hat 6.2, available from several different sites, including sunsite.unc.edu. If you decide to check it out, remember, this is beta software and definitely has bugs! You should also subscribe to the piglet mailing list to report problems and get help with this distribution. To subscribe, send an email message to "piglet-list-request@redhat.com" with the subject "Subscribe", then send your messages to "piglet-list@redhat.com".Slackware LinuxSlackware Devel forum. Slackware has added a new forum to their website: Slackware Devel. " Drop in and give us your two cents on what you'd like to see in Slackware, see what kind of progress we're making on various projects, and generally feed us lots of input. We like input."New -current version. Courtesy of the new developer forum, we have an announcement of another slackware-current update. "The big one this time is a glibc 2.1.3 package". SuSE LinuxSuSE Linux 6.4 release coming early April. SuSE has announced that version 6.4 of its distribution will be released on April 3 in Germany, and "approximately two weeks later" elsewhere. SuSE claims great improvements in its YaST administration tool. 6.4 will also include XFree86 4.0 as an optional package for those who want to play with it. Eye2Eye: Dirk Hohndel of SuSE Linux, Part II (ZDNet). ZDNet UK continues its talk with SuSE's Dirk Hohndel. "I see Windows 2000 as a big chance. If you look at the administration interface, everything changes. Many old applications don't work anymore. So, if a company is considering moving to Windows 2000, they're considering retraining their staff... moving to new applications. That is the point in time when we need to talk to them." TrinuxNot dead, just in a coma .... Matthew Franz posted a note explaining the quiet period in Trinux development and offering updated and new packages for Nmap, Ngrep, Zombie Zapper and Nstreams.TurboLinuxTurboLinux releases IA-64 distribution. TurboLinux announces that an early-release version of its IA-64 distribution is available for download. TurboLinux unveils system for Intel's Itanium chip (News.com). News.com reports on TurboLinux's IA-64 distribution. "Even Microsoft is paying attention; it was one of the companies that downloaded the TurboLinux OS, said Lonn Johnston, TurboLinux vice president of corporate communications." WinLinuxWinLinux 2000 ships. WinLinux 2000 is now shipping. WinLinux is a distribution which can run on top of Windows. Section Editor: Liz Coolbaugh |
March 23, 2000
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Development page. |
Development projectsNEdit 5.1 released under the GPL. Many people working in the scientific community are familiar with NEdit, a multi-purpose text editor for the X Window System. This editor, while freely available, was formerly tied up in a licensing arrangement that prevented Linux distributions from any desire to package it with their systems. Meanwhile, though, NEdit continued to provide intensive support for development in a wide variety of languages with a graphical interface that made it useful for just about any other task, as well. Now the red tape has been cut and NEdit can join the free software community. We haven't taken a look at it yet, but the feature set is extremely promising. Application of the Week: vigor (Linuxcare). Linuxcare's application of the week this week is vigor. "While you try to get work done with vigor, the paperclip pops up random sayings inside dialog boxes. Of course, you can't continue editing your file until you click the 'OK' button and dismiss the dialog box. Some of my favorite random sayings are, 'Vigor: a compelling argument for pencil and paper,' 'Vigor: because hell was full,' and 'Vigor: putting new limits on productivity.'" (Thanks to author Brett Neely, who says "Sorry this article was a bit late. The paperclip kept interrupting me as I wrote the article!"). BrowsersNetscape's Gecko PR. Netscape has issued a press release saying that the Gecko HTML rendering engine is being adopted by a number of companies, including IBM, Intel, Liberate, NetObjects, Nokia, Red Hat, and Sun Microsystems. "Netscape Gecko is revolutionary because it gives Web developers maximum power to create more powerful Web content and Web applications. It is open source, allowing individual developers to tailor it to their own use, and is designed to operate across multiple platforms, so that it can be deployed on the widest possible range of devices. In addition, Gecko is considerably smaller than the engines of traditional browsers. " Simultaneously, they also announced that the beta for Netscape version 6, their new Gecko-driven Internet browser, would be made available to the public in the next 25 days. For a reaction to the latest announcement, check out the comments on Mozillazine or this CNet article. EducationEduWare for KDE mailing list. A new mailing list has been started by KDE developer Uwe Thiem to allow teachers and programmers to get together and start coordinating projects aimed at education. LinuxForKids has started a logo contest, for the artists of all ages. Entries are due by April 22nd and prizes are mentioned but not specified. Linux Professional Institute newsletter. Here is the latest weekly newsletter from the LPI. They have some big news to report this time around: their "exam 102" is now complete, and will be available on April 17. This completes the LPI's exam development for its first level certification. They have also begun development on their second certification level. Certification and the Linux Professional Institute (LinuxPower). LinuxPower interviews Evan Leibovitch about the Linux Professional Institute. "We can't stress enough that certification, in itself, is only one element in a person's skills assessment. No certification program takes the place of reference checking or thorough interviews. Anyone who hires/contracts someone solely based on certification, ours or anyone else's, is likely to be dissatisfied." GamesOpen Game Source looks at Beasts. Open Game Source looks at the game 'Beasts', which is not currently under development. "Every gamer, who has been playing for a couple of years, fondly remembers some of his old games. Invariably game programmers attempt to recreate these classics. Beasts is Kevin Turner's remake of one such game. Like many older games the premise is simple yet captivating. 'Push the blocks around and squish the beasts.'" Heavy Gear II is on the way. Loki Games is now accepting pre-orders for Heavy Gear II for Linux, their first Linux game to support 3D-Audio using OpenAL. It is expected to start shipping on March 31st, 2000. "Get ready for the ultimate in mech experiences: a thrilling combat adventure pitting robot against robot in the distant future is waiting for you. Pit squads of your best mechanized warriors against the enemy to save Terra Nova -- but sheer firepower won't be enough. Use your guile and wits to get behind enemy lines and use your resources to their fullest, before it's too late... " (Thanks to Michael Simms at TuxGames.) Shadowbane RPG petition. Shadowbane, the first massively-multiplayer online RPG by Wolfpack Studios, is scheduled for release this summer on the Mac and PC platforms. Wolfpack Studios is apparently following the Shadowbane for Linux Petition with interest, since providing a Linux version is a possibility. If you would purchase a copy of Shadowbane for Linux, adding your name to the petition will likely help. Beta release of the COG Engine. The first beta release of the Cycon Online Gaming Engine (COG) has been announced. "The COG (Cycon Online Gaming) Engine is an Open Source project aimed at simplifying the creation of online video games." Hand HeldsPiloting Your Palm With Linux (Web Review). Here's a lengthy Web Review article on how to use a Palm Pilot with Linux. "Palm Pilots are not intended to be your sole computing platform, but instead are designed to be satellite devices for when you're away from your desk. And if your desk features a Linux box (or any brand of Unix, for that matter), you'll be pleased to know that the Palm Pilots are well supported on this platform."High AvailabilityLinuxFailSafe Seminar. The first LinuxFailSafe seminar for the open source LinuxFailSafe High Availability project has been scheduled for March 31st, 2000, in Westminster, CO. Developers from SuSE, SGI, TurboLinux, Red Hat and Mission Critical Linux are expected to attend. Due to the timing and proximity to the Colorado Linux Info Quest (CLIQ), we are hopeful that many of them will also attend the High Availability BOF at the CLIQ the next day, Saturday, April 1st.InteroperabilitySamba Kernel-Cousin. The latest Samba Kernel-Cousin covers issues through March 16th.Wine Weekly News. Well, we had problems getting through to Wine headquarters this evening, so we are linking to the Wine Kernel-Cousin instead. From what we've seen in previous weeks, the two are actually identical. So if you can't get to Wine headquarters, trying rolling over to Linuxcare and checking there instead. Network ManagementOpenNMS.org launches. The Open Network Management Software project has put out a press release announcing its existence. "In three weeks since OpenNMS.org went on-line, more than 275 contributors have joined the consortium, more than 350 people have downloaded the source code, the website has received 5,000 page hits a day..."Of course, we first announced OpenNMS.org on March 9th, 2000. Office ApplicationsHancomLinux develops Chinese word processor (Korea Herald). Here's an article in the Korea Herald about a new Chinese word processor for Linux. "HancomLinux unveiled the beta version of its "Wenjie" program yesterday for Chinese users. Its final version will be marketed from early April after completing tests with 1,000 Chinese users, the company said."Siag Office 3.3.0. An updated version of the Siag Office Suite has been released. This GPL'd suite includes the spreadsheet Siag, the word processor PW, the animation program Egon, the text editor XedPlus, the file manager Xfiler and the previewer Gvu. The new version is minor, but we wanted to remind people of this package. If you are reviewing free software office packages, Siag should be on your list for consideration. The reports back that we've heard have been mixed, but the issues are somewhat stylistic. Siag was not designed to be a drop-in replacement for people accustomed to the style of the Microsoft or Corel offices suites, but may suit some technical users just fine. AbiWord Weekly News (March 22nd). This week's AbiWord Weekly News reports good news for namespace support, the LaTex exporter and the Danish translation. On the DesktopKDE Development News (March 18th). The latest edition of the KDE Development News covers March 13th through March 18th, 2000. New KDE Icons, experimental Red Hat RPMs, a new programming book for KDE 2.X and more are covered. More KDE news can be found in the LinuxUK Weekly KDE Roundup, by Jono. "It's good to see a non-core developer's perspective on what we are doing :)", commented Mosfet. Speaking of which, his site, http://www.mosfet.org/, has gone through a nice remodel and he welcomes comments. We like the new design, ourselves, since it makes it easier to link back to specific items that he puts together. Gimp slides from GUADEC. Sven & Mitch have made available their slides from their Introduction to the Gimp talk at GUADEC. It includes information on upcoming Gimp 1.2 features. (From GUADEC is over!. The GNOME Users and Developers Conference in Paris was declared much fun and a great success. Havoc Pennington covered the event in this week's Gnome Summary. It appears that a lot of important decisions were made at the event: a nine-person Gnome steering committee was appointed and a Gnome Foundation is being created. " All decisions will still be discussed on gnome-hackers or gnome-devel-list as appropriate. That is, the committee will basically just gather information and maybe come up with proposals, it won't be actually making decisions." Also in this week's Gnome news was the issuance of the first Telsa Gwynne Bug Crusher Award to Jason Leach. "Telsa wrote in to nominate Jason Leach as the bug-fixing hero of the hour. Jason cleaned a number of pesky gnome-core and gnome-applets bugs out of bugs.gnome.org in a very short timeframe; moreover they were the kind of spit-and-polish bugs that really need to get fixed to give GNOME that finished, professional look." Search Enginesht://Dig update. Geoff Hutchison wrote in with another development update for the ht://Dig search engine. He reports that they're still working on squashing a few reported bugs for version 3.2.0b2, which will be coming out shortly. Recently, the subject of indexing double-byte/Unicode documents came up again. Though the main developers still have their hands full, they agree that they'd help anyone interested in working on this. A proposal will likely go up on CoSource.com in an attempt to solicit some interest. Last, a series of "architecture overview" documentation has started to help ease the learning curve for interested new developers, with about one new write-up a week. The documentation is archived at http://dev.htdig.org/internals/. ScienceWebsite DevelopmentZope Enterprise Option to go open source. Digital Creations has announced that its Zope Enterprise Option package will be released as open source. ZEO was formerly a proprietary add-on to Zope that enables the creation of distributed servers. Thus, ZEO allows Zope-based servers to scale across both processors and continents. It's another great contribution from DC, and can only help encourage the continued success of the Zope platform.Zope 2.1.6 released. Zope 2.1.6 has been released. It fixes a few problems created by last week's 2.1.5 release, which contained security updates. An upgrade is recommended. Zope Weekly News. Here's this week's Zope Weekly News, by Mike Pelletier. It covers the new zope releases, and mentions the new Spanish translation of the ZWN. Section Editor: Liz Coolbaugh |
March 23, 2000
|
|
|
Development toolsThe GNU Fortran 95 project. Toon Moone wrote in to point us at the GNU Fortran 95 project. These folks intend to take the successful g77 code and update it to the latest Fortran standard. They have a way to go yet, but never underestimate the determination of a Fortran programmer. There is code downloadable now, but don't expect it to gracefully handle your Fortran 95 code quite yet. JavaBlackdown Java3D 1.1.3 API. The Blackdown team announced the release of the Java3D 1.1.3 API (RC1) on March 10th. The Tritonus Java Sound API. Version 0.1.90 of Tritonus, the Java Sound API implementation for Linux was release on March 18th. New features include the Java Sound API 1.0 interface, full integration of the mp3 decoder, full-duplex recording that works and lots of new MIDI features. Javascript 1.5 Release Candidate. Javascript 1.5 has reached the release candidate stage. Simon Phipps, IBM's XML and Java Evangelist. IBMDeveloperWorks has published an interview with Simon Phipps, proclaimed "XML and Java Evangelist" for IBM. "I'm still looking for the source of the quotation that an American president once said: "It is easiest to persuade a man of that which is obvious." We're not telling the industry to use TCP/IP, Web servers, Java, and XML. We're observing they do use these technologies, that they do fit together, and that there is one unifying philosophy underlying them: making things work in a connected world. And we're just going out and doing it." Multi-threading in Java programs. Neel V. Kumar talks about how easy it is to develop and use threads in Java programs. "Using multiple threads in Java programs is far easier than in C or C++ because of the language-level support offered by the Java programming language." PerlPerl 5.6 RC3. Release Candidate 3 for Perl 5.6 has been announced. This summary describes the changes since RC2.Perl drives the US Census Gathering. Perl News reported on the use of Perl in the US Census Bureau. "Lisa Nyman of the U.S. Census Bureau wrote in a note to the Perl advocacy list that 'The Census 2000 Internet Form is a great example of a government agency implementing essential (Constitutional even) operations with perl.'" PerlMonth #10. The latest edition of PerlMonth is out, complete with a new column by Jeff Boes. PHPPythonNo Python-URL this week. Dr. Dobbs' Python-URL apparently did not make it out the door this week. To get your Python fix, step on over to Daily Python-URL. No big announcements this week, but lots of nice links to interesting discussions.Tcl/tkDr. Dobbs' Tcl-URL. This week's edition of Tcl-URL promises "All the Tcl, none of the Blarney.."First European Tcl/Tk User Meeting. The first European Tcl/Tk User Meeting will be held in Hamburg-Harburg on the 15th and 16th of June, 2000. Registration is open and a preliminary schedule is available. Section Editor: Liz Coolbaugh |
Language Links Guile Blackdown.org IBM Java Zone Perl News PHP Daily Python-URL Python.org JPython Smalltalk |
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Commerce page. |
Linux and businessCaldera Systems went public, after a short delay, on March 21. The stock, which was offered at $14/share began trading at $26 and closed at $29.44. It thus registered a 110% gain on its first day. This gain, of course, falls far short of those turned in by companies like Red Hat, VA Linux, and others. Some people are certainly disappointed by that. But this result should not be seen as disappointing in any way. Consider:
(See also: Caldera's press release announcing the IPO). Do depressed Linux stock values signal the end of the party? One could easily tend toward pessimism. LWN's Linux Stock Index, which peaked at over 200, is now below 120. VA Linux systems is down below a quarter of its peak value; Red Hat, Cobalt, and Andover are below half their peaks. It must be hard times in the world of Linux business. Or maybe not. One could just as easily say that the stock values of last December were an irrational aberration and that some sort of reality is now returning to the field. Was Red Hat ever really worth almost $20 billion? The values of most Linux stocks are still high in any sort of absolute terms. If they had reached their current values from below, how many people would really be disappointed? The return of reality can only be a good thing. Linux will not take over the world tomorrow. No one company will ever dominate the Linux market. It makes no sense to value Linux stocks so highly, and it distorts a lot of things. It attracts companies like LinuxOne. Maybe now Linux company CEO's can dream a little less about becoming instant billionaires and get on with the business of making their companies actually work. New Linuxcare S-1 filing Linuxcare has submitted a new S-1 (IPO) filing ending a period of silence from that direction. There is little exciting to be found therein - the price range remains $11-13. The new filing does much more strongly emphasize that the director and officers will own 57.7% of the company; states that they are now approved to use the LXCR symbol; lists, among the risk factors, that the widespread use of the term "Linux" could cause confusion; removes references to agreements with Creative Computing, Informix, and Viviance; removes the staff list showing their prominent developers; and lists expiration dates for their big contracts (all in 2000). SourceForge - with a twist? A site called Asynchrony.com has announced its existence. Asynchrony seems to think that it can harness open source style software development methodologies for proprietary projects; it seems that perhaps they do not entirely understand what makes open source work. Asynchrony hosts development projects, much like SourceForge does. Only, in most cases, the source code is kept proprietary; only developers who have been accepted into the project have access. Each developer is assigned a number of "shares" in the project. If and when the project makes money, it gets paid back to the developers based on how many shares they have. Marketing and sales are handled by Asynchrony. The company also, crucially, claims ownership of all code hosted on its site. Asynchrony may well establish itself as a way to publicise and recruit developers worldwide for proprietary projects - there might just be a market there. But, despite its pretensions, it is not hosting anything that looks like an open source development process. It is simply providing outsourcing for a number of aspects of the proprietary software business. Too bad they feel the need to splash "Linux" all over their press releases. Corel announces first quarter results. Corel has announced its first quarter results. They lost $12.4 million on $44.1 million in revenues. The announcements includes a prediction that similar losses will prevail for the next couple of quarters as well. The press conference was characterized by an almost whiny performance by CEO Michael Cowpland, who wanted to know why his company was expected to make money when all those other Linux companies, with high market capitalizations, didn't have to. Corel has also announced that WordPerfect Office 2000 for Linux is now shipping, and will show up in stores in early April. TurboLinux developing custom Linux for Chinese Space Agency. TurboLinux has announced that it is developing a custom version of its distribution for the China Aerospace Corporation. No word on what will make this custom version special. Troll Tech to preview embedded Linux GUI. Troll Tech has announced the preview of a new graphical user interface development library for embedded systems. The library evidently provides the Qt interface to applications, but runs without the X window system. There is no mention of licensing in the press release. Lineo acquires Moreton Bay. Lineo has announced that it is acquiring Moreton Bay, an Australian firm that does a lot of virtual private network work. SGI announces digital media SDK. SGI has announced the availability of its digital media software development kit, which works with Irix and Linux both. "dmSDK provides a bridge to enable digital media developers to migrate their applications to Linux." eSoft and Intel sign network appliance deal. eSoft has announced a deal with Intel to provide its Linux-based "redphish" software for Intel's "Entry-level Communication Applicance Reference Design" platform. Together the two will be marketing the software to OEMs as a ready-to-go system. 'Jini in a Nutshell' released. O'Reilly and Associates has announced the release of Jini in a Nutshell. They have put one chapter on the net for those who want to sample the book. SCO announces new corporate structure. SCO has announced a corporate restructuring that will, it claims, better enable it to pursue Linux opportunities (among other things). In a separate release, SCO also announced that its second quarter results will be "significantly lower" than expected. They blame the post-Y2K period for their problems... Teamware Office for Linux 5.3 Edition 2. Teamware Office is a commercial product from Fujitsu that has been ported to Linux and is available on a free trial basis. Checking out the product comparison page, it has an interesting list of features, including its own web server, backup softare, billing software and more. Not all features are currently working on Linux, but if you've been stymied in your Linux transition by the absence of an equivalent for a proprietary package in these areas, you may want to take a look. Some folks were amused by the Perl OS spoof we mentioned in the March 9 LWN. In a "truth is stranger than fiction" move, a company called Aestiva has announced a thing called "HTML/OS" - claimed to be the first operating system for the web. "Development is done with HTML, the "Hypertext Markup Language" documents which form the basis for all Web sites. This kind of focus on the Web cannot be accomplished with conventional operating systems since they are hardware-centric, not Web-centric." Upon a closer look, HTML/OS appears to not be an operating system at all, but another processing language which can be embedded into web pages. Sort of like PHP, except that the language is BASIC... But it does run under Linux. Section Editor: Jon Corbet.
Press Releases:
Section Editor: Rebecca Sobol. |
March 23, 2000
|
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Linux in the news page. |
Linux in the newsRecommending Reading LinuxPlanet ran this review of Napster clients for Linux. It's a good discussion of why more openness would be good for the music industry in general. "...without bootlegs, the Grateful Deal and Phish would be playing the blues in some dumpy bar in South San Francisco. Indeed, with the band's official support of sharing performances, it could be argued that the real source of everything Open Source is the Grateful Dead." The Atlantic writes about software quality or the lack thereof. "The current version of GNU Emacs, version 20.5, comes with many, many additional features -- you can more or less run your computer with it. But -- this is a key point -- you can remove the bells and whistles without breaking the program. By contrast, Microsoft's purpose in expanding Windows is to clamp the new pieces and the old into a seamless whole. Indeed, an important issue in the Microsoft antitrust trial is whether Internet Explorer can be extracted from Windows without crippling the rest of the operating system" (Thanks to Phil Austin). The American Prospect has run a special issue with several articles on open source. These include Storming the gates by Nathan Newman and Innovation, Regulation, and the Internet by Lawrence Lessig. "The law in open code means that no actor can gain ultimate control over open-source code. Even the kings can't get ultimate control over the code. For example, if Linus Torvalds, father of the Linux kernel, tried to steer GNU/Linux in a way that others in the community rejected, then others in the community could always have removed the offending part and gone on in a different way. This threat constrains the kings; they can only lead where they know the people will follow." Caldera Here's USA Today's take on the Caldera IPO. "Industry watchers say that while the market for Linux is still strong, the field is getting crowded, and most Linux companies are unprofitable and have meager revenues. Investors are growing cautious about the prospects for companies that sell what is essentially a free operating system." News.com looks at Caldera's IPO. "Despite the performance differences, Caldera plans to follow in the footsteps of other publicly traded Linux companies that have used their high stock valuations to acquire other firms in an effort to expand as quickly as possible..." Here's another News.com take. "While those prices represent an 80 plus percent increase, the company's share price has yet to jump in initial trading like shares of rival Red Hat, the first Linux seller to go public, or fellow Linux companies Cobalt Networks, Andover.Net and VA Linux Systems. Whether or not this means the investor momentum behind Linux is fading, there likely will be a great deal of speculation and analysis over the stock's performance today." ZDNet chimed in with this article about the delay in Caldera's IPO. "The raised range of Caldera's five million shares signals strong demand for the offering, which may enjoy the Linux euphoria that vaulted Red Hat (Nasdaq: RHAT) and VA Linux (Nasdaq: LNUX) shares." Here's an Upside column which is skeptical about many current IPOs, and Caldera in particular. "Caldera could have a great future eventually, once it proves itself. Right now, I don't think Caldera is ripe for an IPO. It was really formed in its current state in late 1998 and still has not finished building its management team. If it didn't have the Linux buzzword behind it, I sincerely doubt it would be going public now." News.com reports on Caldera's IPO process. "That schedule means the IPO likely will take place the same day Caldera releases a new version of its desktop edition of Linux, called eDesktop. The version is part of a two-tier strategy Caldera is taking with its software, aiming one version at servers and one at client computers." Here's the Deseret News' take on the Caldera Systems IPO. "David Menlow, president of IPOfinancial.com, an IPO newsletter for individual investors, said Caldera is 'at the upper end of the stocks we expect to do well at the beginning.' But, industry insiders agree Caldera will have to do more than make a good first impression." ZDNet UK sneers at the Caldera Systems IPO. "Put simply, there's nothing terribly distinguishing about Caldera, which is why we're in for a potential so-so IPO. VA Linux and Red Hat have gobbled up much of the mind share, and there may not be room for many more players. Caldera said growing a brand is one of its biggest priorities. And it will need a strong brand to rise above the noise." Distributions Upside takes a look at MandrakeSoft. "MandrakeSoft, the company Duval, Lemarois and a few other inside developers built up to take advantage of this phenomenon, has followed a similar trajectory, adding 50 employees in the less than a year. If anything, the company's quick ascent is a sobering indication that the Linux operating system market may be the easiest online marketplace to crash since amateur pornography." LinuxMall.com looks at the new BSDi. "While highly complimentary, [BSDI marketing director] Rose takes a more challenging tone; he hopes to see BSDI supplant Linux as an operating system by 2001. He gave away no plans to 'steal' people from Linux and acknowledged that many developers write code for both. Instead, he wants to present a 'more compelling case' than Linux in terms of higher visibility, technical support and better services." Business Here's News.com's take on the Los Lobos cluster. "Though UNM and its partners in the National Computational Science Alliance intend to use LosLobos for scientific purposes, IBM has its own, more commercial agenda. It believes LosLobos will help researchers adapt this 'cluster' approach to running IBM software for business tasks such as email, database hosting, instant messaging or e-commerce..." News.com looks at the Netpliance Linux hack. "Netpliance didn't appear to be too worried about the hacks, either. Instead, they're thinking about tapping into the kind of engineering expertise that's hard to hire at start-up companies. 'We are interested in putting together a program to collaborate with the Linux community that essentially harnesses their knowledge,' said Munira Fareed, a spokeswoman for the company." Here's an article on LinuxMall.com looking at a new Internet TV product. "This year, the Irish can witness every minute of the fashion atrocities Americans commit in their name, thanks to a company based in France called NetGem. NetGem uses a Linux-based open software platform and a thin-client access device to bring the Internet, email, and all the news fit to post to Irish consumers through a box they already have in their homes--the television." The Ottawa Citizen looks at Corel's latest results. "[Corel CEO Michael Cowpland] urged analysts and shareholders to be patient while waiting for revenues from new Linux-based products, though he admitted the timing 'is not easy to nail.' 'It's not really affecting the values of all the other companies in Linux so I don't see why we should be the only company that has to be currently profitable when none of the others are.'" News.com looks at VA's latest acquisitions. "VA Linux plans more acquisitions to bolster its Linux computer line, its services and its programming talent, [CEO Larry] Augustin said. Linuxcare, a seller of technical support and consulting services for Linux planning an initial public offering next week, would make sense as an acquisition, but 'I don't think we've had any detailed discussions,' Augustin said." Here's a TechWeb article about Linux in electronic business applications. "In a CRN survey of 200 solution providers, 49 percent said they will be deploying more e-business solutions on the Linux platform. Forty-one percent said their Linux deployments will stay the same, 8 percent said they were not sure and 2 percent said they expect to deploy fewer e-business solutions on Linux." For those who haven't already seen it, here's the New York Times article about IBM and Linux. "Yet IBM's strategy can succeed only if Linux, which is distributed free, does become a genuine alternative to Windows or Solaris, thereby putting real pressure on their prices. And Linux has a long way to go.... Even IBM, which plans eventually to use Linux as its unifying Unix platform (shelving AIX), says Linux's true ascendance may not come for five years or so -- until Linux is built up to become more powerful and reliable." (The New York Times is a registration-required site). (Thanks to Marty Leisner). This osOpinion column sees some potential pitfalls ahead for Linux. "In the United States, a manufacturer of a product ultimately assumes liability for the product that it sells. But in the case of GPL'ed software, no one can be held accountable for the case in which the use of the software results in the loss of life or damage to property or goods. A court might well decide that the use of Open Source software is illegal in the U.S. since no one can be held accountable." The geeks are taking over, according to this Andover.Net column. "Money begets power and power begets money...and money begets money and power...well, you get the idea. But what of character? Geeks have always been outcasts, tormented, approached with everything from disdain, to fear, to indifference, to not approached at all. Now, suddenly, praise and power fills the void forever left by a lack of nurturing." (Thanks to Cesar A. K. Grossmann). The Electronic Frontier Foundation has issued an alert for further comments on the Digital Millenium Copyright Act (DMCA). "The US Copyright Office in the Library of Congress has the job of ensuring that implementation of the DMCA does not negatively impact legitimate activities that should remain exempt from DMCA's prohibition on 'circumvention of technological measures that control access to copyrighted works.' The Copyright Office is asking for public comments on its proposed rules and, in this instance, for 'reply comments' on previous comments submitted in an earlier round of testimony." The comment deadline is March 31, 2000. Check it out and help if you can. (found on Slashdot) AboutLinux did a followup on Microsoft's "seeUthere case study", which profiled a company that had a hard time with Linux. "While I am certain that they had reasons for the design decisions they made, I believe the major portion of their delays would have been eliminated by a different choice of tools, and were not per se a result of choosing Linux; but more due to design and implementation decisions." ZDNet UK suggests that Microsoft may start giving away Windows CE given all the pressure they are feeling from Linux in the embedded arena. "Microsoft needs to tread cautiously, however. If the company were to claim that making Windows CE available to embedded licensees for free is equivalent to making it open source, then it would incur the wrath of open source advocates. Microsoft rival Sun Microsystems found this out the hard way when it initially attempted to equate its Sun Community Source Licence with the GNU public licence." As quoted in Wide Open News: in an answer to a question from the audience at Esther Dyson's PC Forum, Steve Ballmer managed a little praise for Linux. "Without elaboration, Ballmer said Microsoft sees Linux as a serious competitor. 'We'll meet in the marketplace,' he said. 'And that will be a better thing for both us and for the Linux community.'" Here's an article (in German) in MSNBC.de about the German Koordinierungs-und Beratungsstelle fur Informationstechnik, a governmental advisory panel, which has recommended the use of Linux in the German government. English text is available via Babelfish. (Thanks to Berthold Seidel). Here's a Wired News article about AOL's shutdown of the "Gnutella" project's web site. "After installing the program, users would connect to other 'servant' computers, creating a chain of participating users. This architecture would allow for one-to-one or many-to-many connections, and makes it difficult for administrators to block the software, which occurred recently with Napster on college campuses." Education Here's an article on the LinuxMall.com site about the use of Linux in the Beacon School in New York. "There are still other benefits to using an Open Source program. [Beacon School admin Chris] Lehmann says the kids at Beacon learn much more from Linux than computer programming. The Open Source philosophy seems to be contagious." Doug Loss and Pete St. Onge of SEUL talk about using Linux in education in this Freshmeat editorial. " One of our big dreams is that LUGs around the world will create educational outreach programs where they adopt local schools or school districts and provide the maintenance and support the schools will need. This would be beneficial to the LUGs too, of course, since they'd be creating enthusiastic new users by making Linux work smoothly for the schools. A local LUG/school relationship could make for both stronger LUGs and stronger schools, besides making Linux advocacy easier." This week's Linuxcare "Dear Lina" column is about automatically starting up programs at boot or login time. "Debian calls the ~/.xsession file when startx, xinit, or xdm is launched, so you can have a consistent X environment. Kudos to the Debian folks for this one!" LinuxMall.com has put up this article on getting a Linux-related job. "Don't expect to get a job using Linux in a bank, a manufacturing company, or a major retail chain. While you might get lucky, the market isn't quite there yet." Fragments Jesse "I always said Linux would be successful" Berst now talks about the skeleton in the Linux closet. He raises the fragmentation attack again, and talks about declining stock values as well. "Now come rumblings that Linux may not be able to sustain that momentum. That it may become another niche OS like Unix, from which it is derived. Incompatible versions -- or forking -- may jeopardize its standing in the IT community. Wall Street is already retreating." Here's one of those Linux will fragment articles; this one is by ZDNet's Charles Babcock. "Linux advocates, such as evangelist Chris Dibona at VA Linux, and some analysts, say these doubts are unfounded. There are hidden disciplines working beneath the sometimes anarchic surface of the open source code movement to keep Linux from forming competing branches." Finally LinuxPlanet reviews ThinkFree Office. "ThinkFree's service premise is simple: give users free software that runs on any platform and provide free Internet-based storage. Now a user can run the application on almost any PC and files can be stored and downloaded from the Internet. This means that users of any operating system--including Linux, which is explicitly supported by ThinkFree--can access office applications remotely without having anything installed locally." (Thanks to R. McGuinness). A potential poetic epitaph for our current age? Thomas Scoville presents a poem, "Howl.com". "I saw the best minds of my occupation destroyed by venture capital, burned-out, paranoid, postal, dragging themselves through the Cappuccino streets of Palo Alto at Dawn looking for an equity-sharing, stock option fix ..." (Found through EGR.) Silicon.com has found some "experts" to say that Linux is not secure. "Clive Longbottom, strategy analyst at Strategy Partners, agreed with his analysis, saying the problems are preventing its adoption in secure areas. He said: 'Security needs to be built into the architecture of the operating system. This cannot happen if your source code is publicly available.' He added that the issue could lead to proprietary versions of Linux being developed." Section Editor: Rebecca Sobol |
March 23, 2000 |
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Announcements page. |
AnnouncementsResourcesLinuxLinks.com has announced the launch of its "Linux Reviews" page, which provides reviews of Linux software packages.LinuxMonth has posted a pair of brief articles on adding shortcuts to your desktop and more ways to add shortcuts to your desktop. They also have an article about the Red Hat Package Manager (RPM). Linuxvision.com presented SHEBA, "The Complete Arabic/English Enterprise Global Web Solution" on a Linux server. EventsDonnie Barnes has posted the story of Linux Expo on the web. It covers the history of the event, and why it isn't happening this year. "So, it needs to have its name changed and be moved. Some say that there are also too many technical conferences like this per year and that situation isn't good for Linux. All of a sudden it does start to sound like it shouldn't really happen, at least not this year."The real news is at the end of the document: Linux Expo is merging with the Atlanta Linux Showcase. The Extreme Linux Workshop will be held as part of the Atlanta Linux Showcase next October. A reminder call for papers has gone out; there is now less than a month before the April 17 deadline. Web sitesLinux Valley launched an updated Italian Linux Portal at LinuxValley.it.EBIZ Enterprises Inc. announced the addition of the "LinuxWired Classifieds" service for www.LinuxWired.net. User Group NewsThe Central Ohio Linux Users Group (COLUG) will meet on Wednesday, Mar 29th. In this meeting Paul Hostetler continues the RPM March Madness. |
March 23, 2000
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
Software AnnouncementsSoftware
|
Our software announcements are provided courtesy of FreshMeat
 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Back page page. |
Linux links of the weekHere's your chance to check out Microsoft Rat Head Linux 6.2 on www.microsoft.eu.org. "Due to the horrible licensing in Linux, we have to make the source of some of our extensions to the Linux operating system, such as the bluescreen module, available to all our customers, and permit them to re-use it. Like GNU, though, we demand that you call any redistribution of Linux containing our modifications Microsoft/Linux or Microsoft/GNU/Linux instead of just Linux." (Found on Portalux News). In a more serious vein, the CounterPane Cryptographic Article Database is the definitive collection of current literature in the cryptographic field. Abstracts are available for the papers, and many (if not most) are available in their entirety. There is much Linux-related material there. Section Editor: Jon Corbet |
March 23, 2000 |
|
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
Date: Thu, 16 Mar 2000 19:51:03 +0000 From: Adam Rice <wysiwyg@glympton.airtime.co.uk> To: woods@ucar.edu Cc: letters@lwn.net Subject: Re: Stallman interview In a letter to LWN, you wrote: > You *can* think of free software in those terms, but the reality is > that only the religious fanatics actually do. *I* think of free software in those terms, and I take great offense at being referred to as a "religious fanatic". I have come to accept the ethical argument for free software after many years of using it and listening to the philosophy of Richard Stallman and others. If you'd spent any time on free software mailing lists, you'd realise that thousands of people much smarter than you or I have come to the same conclusion. Of course, I don't use the ethical arguments at work, but fortunately "it's free" is remarkably effective by itself. > I particularly dislike people who imply that there is something evil about > being paid to develop software or to make a profit from developing > software. Please go to http://www.gnu.org and read everything there, particularly the philosophy section, before spouting your mouth off and showing your ignorance. > Not all of us are trust fund babies, some of us have to worry > about putting food on the table. I found this particularly offensive. Richard Stallman has sacrificed more than you can possibly imagine to preserve the freedom and the joy of sharing software. You don't have to agree with the free software philosophy to use it. We are not tyrants. But please, at least do us the courtesy of trying to understand where we are coming from. -- Adam Rice -- wysiwyg@glympton.airtime.co.uk -- Blackburn, Lancashire, England | ||
Date: Thu, 16 Mar 2000 08:01:28 -0500 (EST) From: glouis@dynamicro.on.ca To: letters@lwn.net, woods@ucar.edu Subject: lwn letter Hi. Greg Woods wrote, in this week's lwn: > Here at work, I would like to introduce Linux into our environment, > but to do that, I can't argue the open source religion, or my > managers will look at me like I'm nuts. I will have to present > practical arguments about capability, reliability and cost savings. > *That* is what they will listen to. Certainly. I was lucky; late in 1994 I put up a Linux box as the main gateway when our company first went on the Internet, and I never had to argue: the capability, reliability and cost saving were all so obvious as to make argument unnecessary. Had it been otherwise, the open-source ideology (it's not a religion per se) would have influenced no-one. > I particularly dislike people who imply that there is something evil > about being paid to develop software or to make a profit from > developing software. Being paid to develop software is something most of the open-source and even of the free-software folks hope for; not many of them would buy into your claim that they call it evil. Making a profit from developing software is fine too. I think what many of those people regard as evil is taking developed software, charging a high price for it without providing adequate support, without fixing bugs in reasonable timeframes, and without otherwise making sure that there is some market value in it; and by legal restrictions preventing the users from taking any steps of their own to correct those defects. I rather sympathize with that moral stance, though I have for much of my own working life been paid to develop software, and do not consider myself to be or to have been evil as a result. > I would say that if enough value is present in closed source > software to make it worth the price they are asking, I'll buy it. If > there isn't, I won't. Fine if you can tell. A cautionary tale: A company for which I work paid big bucks for ERP software in 1997. ERP (Enterprise Resource Planning) is complex; a thorough test is scarcely possible prior to purchase. When installed, the software (which had seemed to be suitable based on demos and on interviews with other user companies) rapidly proved to be a crock of oats that had already been through the horse. Much of its functionality was inaccessible to the users, owing to software defects that the vendor was "fixing," apparently on a timescale of years; the VAR wanted us to pay them consulting rates to assist in debugging. In due course we wrote that one off, mounted a much more skeptical, critical and (we thought) thorough evaluation, bought and installed a second ERP package, and this time we're much happier -- except that we can't run an MRP requirements calculation: it locks up in an endless loop and generates thousands of bogus job recommendations till the run is cancelled. It appears, after many hours of diagnostic effort on our part, that the product we bought can be run in any environment other than ours. MRP runs with an NT server, with a SCO Unix server, on a standalone Win98 test system -- but it fails on the high-end operating system for which we bought the ERP software, on which it was claimed that the software was supported. I don't think that (at least on this second occasion) a lack of due diligence contributed significantly to the dilemma in which we now find ourselves: buggy software, no prospect of rapid resolution of our showstopper problem, and no way to take action ourselves to find and correct the software defect. Open source would have provided us with that latter option, as well as with access to other user/developers whose experience and expertise could have contributed to a solution. Caveat emptor, you say? That worked in Roman days, when the commodities were reasonably inspectable and the playing field was level. Today's closed-software emptor -- unless he's a Fortune 500 company -- has no reasonable way to evaluate the product really thoroughly before buying, and no reasonable recourse when the purchasing gamble fails. The only safe assumption, therefore, is that closed source entails a high risk of failure that has to be factored into the cost-benefit analysis to which you allude. Regards.............. -- | G r e g L o u i s | pgp: keys.pgp.com | | http://www.bgl.nu/~glouis | id glouis@dynamicro.on.ca | | "Knowing what thou knowest not is, in | 2BC6 4F5A 6657 FF4E 9FBC | | "a sense, omniscience" -- Piet Hein | 5DAA 2304 76A9 CCA6 5B45 | | ||
Date: Fri, 17 Mar 2000 05:08:46 +0000 From: Ruben Leote Mendes <etruben@ua.pt> To: letters@lwn.net, woods@ucar.edu Subject: Re: Stallman interview This is a comment on the letter written by Mr. Greg Woods published in Linux Weekly News. In that letter Mr. Woods wrote: > In a recent online interview, Richard Stallman was quoted as saying: > > "That movement studiously avoids mentioning idealistic concepts such > as freedom and community, and as a result most of the > newcomers have no idea that you can think of free software in those terms." > > You *can* think of free software in those terms, but the reality is > that only the religious fanatics actually do. I am very thankful that some "religious fanatics" as you call them put their time and effort working to make sure that we gain freedom or that we keep the little freedom that we still have. If it weren't for Stallman and the free software movement there would be no Linux today and we would all be stuck with non-free solutions. > Sure, if I have a chance to, and should I ever develop something worthy > of it, I would want to contribute back to the open source community, but I > am in no way *obliged* to do so. No one is forcing you to do so. What Stallman is requesting is that the people behind the movement talk about freedom so that newcomers are aware that freedom is one (in my opinion the main) characteristic of our software. Then they can think about it and decide if software freedom is important for them or not. > I particularly dislike people who imply that there is something evil about > being paid to develop software or to make a profit from developing > software. Stallman doesn't think that being paid to write software is evil and the proof is that the Free Software Foundation hires programmers and pays them to develop software and documentation. That last time I looked they even had a web page that companies can use to post job openings for free software developers. > Not all of us are trust fund babies, some of us have to worry about putting > food on the table. I think there is enough evidence already that you can make money writing free software. I don't think I have to provide any references, just scroll up and read LWN. -- Ruben Leote Mendes - etruben@ua.pt | ||
From: Collins_Paul@emc.com To: letters@lwn.net Subject: Use of the term "viral" in refernce to the GPL and FDL Date: Thu, 16 Mar 2000 07:26:33 -0500 The use of the term "viral" with reference to the GPL (and now the FDL) is unfair and prejudicial. The GPL is not a virus. The GPL is written the way it is because otherwise, others would be able to take away freedoms that you explicitly grant when you choose to use the GPL. If you don't like the GPL or the FDL, don't use it. The choice is yours. Paul. -- Please note that I speak for no-one but myself. | ||
Date: Fri, 17 Mar 2000 13:09:37 -0500 To: letters@lwn.net Subject: Virii, Mr. Garfinkel, and users with bad habits From: Zygo Blaxell <zblaxell@genki.hungrycats.org> Linux viruses do not need to install themselves as root; simply getting normal user privileges under Linux is quite enough to be a very successful and damaging virus. Remember that Melissa worked without any privileges except those necessary to run itself, look up email addresses in a directory, and send email to them. "Unprivileged" Unix user accounts have all those privileges and more. Most unsophisticated (read: non-paranoid) users have the same basic bad habits that can undermine the security of any operating system. These users do not understand the requirement for minimal privileges, nor do they understand the requirement modify their own behavior accordingly. When I explain the concept of minimal privilege to new users, most of them agree that it's a good idea in principle, but few will actually stick to that principle in practice. =20 This is the acid test: If you were given some amazing new program without source code or other strictly technical mechanisms for auditing and controlling the behavior of the program, would you _absolutely_ refuse to use it except in isolation on a stand-alone, non-networked, dedicated piece of hardware? If your answer is no, you are a potential virus host, and probably a DOS threat to the Internet at large to boot--shame on you! If your answer is that you would go to the local used computer vendor and buy a $50 Pentium system with no network card, just to run the one application in the isolation it deserves, there's hope for you yet. Unfortunately, Linux is mostly as vulnerable to virus problems as the Microsoft operating systems we all love to hate. Linux is based on a 30-year-old security model which assumes that the user of the system is the primary security threat, and a threat to other users of the system. This used to be the case when the ratio of users to applications was many-to-one. Today, the ratio of users to applications is one-to-many. Most machines have only a single user (or 1.5 users if you count root separately) and run dozens of different applications by different authors with different levels of security awareness. Sadly, the applications themselves are now usually the greatest security threat, and a thanks to the Internet they are a threat to other systems as well as other users. Future operating systems must take this threat into account by implementing access controls based not only on the user's credentials, but also those of the application itself. Java, with all its intrusive type checking, code verification, and restricted linking features, is ultimately the right idea, although not the best possible expression of that idea. Capabilities flags in the Linux kernel are the same idea expressed at a different level in the application->library->OS->hardware heirarchy. These mechanisms need further development and better integration by Linux distributors before we will see significant benefit from them. Attention marketing types: Fear of viruses could provide user-level demand for progress in this area. Hint. Hint. ;-) Virus detectors will never go away until all software is perfect on its first release, all hardware never fails, and all users are trustworthy; however, the virus detection industry as we know it today will radically change. We should expect generic virus prevention and containment features (e.g. automated binary cryptographic signature checking and much stricter and more fine-grained access controls) to become part of the operating systems and applications we use; however, when these systems fail (and they will always fail, sooner or later), we'll still need some kind of virus detection software to assess the level of damage and/or assist with cleanup after the root cause of the problem has been eliminated. [Insert horrible vision of future versions of Windows bundled with Microsoft Virus Explorer here...] Opinions expressed are my own, I don't speak for my employer, and all that. Encrypted email preferred. Go ahead, you know you want to. ;-) OpenPGP at work: 3528 A66A A62D 7ACE 7258 E561 E665 AA6F 263D 2C3D | ||
Date: 20 Mar 2000 22:25:17 -0000 From: Eric Smith <eric@brouhaha.com> To: letters@lwn.net Subject: Clive Longbottom's Linux security claims On March 20, LWN Daily referenced Silicon.com's finding that "Linux is not secure", and specifically quoted Clive Longbottom's statement that "Security needs to be built into the architecture of the operating system. This cannot happen if your source code is publicly available." This statement demonstrates that Mr. Longbottom has no clue whatsoever as to what makes systems secure. It is the case that security vulnerabilities in Linux distributions are found regularly. The same is true of closed-source operating systems. Fixes for vulnerabilites are issued regularly for both open-source and closed-source operating systems. I've only seen one article comparing response times from the detection of vulnerabilites to the issuance of fixes, and it showed that in most cases the fixes for open-source operating system were available sooner than for closed-source. The availability of source code does not inherently make an operating system more secure. But it does allow the security to be audited by far more people than will audit a closed-source operating system, and it allows for far more people to offer fixes for vulnerabilities. One might expect that with a closed-source operating system, even if potential vulnerabilites exist, they might be less likely to be found. However, if you look at Microsoft's track record, it is clear that they have suffered from *more* detected vulnerabilities than Linux or BSD variants. Mr. Longbottom's preference for closed-source operating systems appears to be based on the concept of "security through obscurity". Almost all professional security experts agree that security through obscurity is not very good security at all. A proper security system or protocol is secure even though attackers have intimate knowledge of how the system works. I wonder if Mr. Longbottom would make similar claims about Sun's Solaris operating system, for which source code is also available (although it is not "free software" or "open-source" as those terms are normally defined). The same Silicon.com article quotes Malcolm Beattie of Oxford University Computer Service as saying that "the open source nature of the OS [...] is actually its best defence." Mr. Beattie obviously has a much better grasp of the nature of system security than Mr. Longbottom. Sincerely, Eric Smith | ||
Copyright © 2000
Eklektix, Inc., all rights reserved