[LWN Logo]
[LWN.net]

Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise news for all interests


Sections:
 Main page
 Security
 Kernel
 Distributions
 Development
 Commerce
 Linux in the news
 Announcements
 Back page
All in one big page

Other stuff:
Daily Updates
Calendar
Linux Stocks Page
Book reviews
Penguin Gallery

Contact us
Archives/search
Use LWN headlines

Recent features:
- RMS Interview
- 2001 Timeline
- O'Reilly Open Source Conference
- OLS 2001
- Gaël Duval
- Kernel Summit
- Singapore Linux Conference
- djbdns

Here is the permanent site for this page.

Leading items and editorials


A quick report from the Linux Business Expo. Your editor managed to make a pass through the Linux Business Expo in Chicago on Wednesday. This LBE is somewhat smaller than the Las Vegas version, which is not entirely surprising: the Comdex event in general is quite a bit smaller. A number of fairly high-profile Linux companies (i.e. Red Hat, VA Linux) were not to be found on the exhibit floor. Nonetheless there was a good turnout, and the LBE floor was busy enough to make walking difficult. Doubtless it was helped by being physically located on the same floor as the rest of Comdex, rather than in a separate building.

A few notes from the show:

  • The Linux Professional Institute was doing a good business administering its certification examinations. The fact that the exams were free will have been helpful in that regard. Your editor took both of the level 1 exams, and found them to be reasonably challenging. Since the exams are still in their beta period, scores are not yet available...so don't ask...

  • Gnucash had a well-staffed booth, and is looking good. Recent versions have added a wealth of new features, including better report generation, lots of customization, and check printing. Much more is planned for the future, including online banking. The gnucash folks weren't really talking about it, but somebody has invested in them and is funding the development of the program. Prediction: Linux systems will be routinely used for personal finance by the end of this year.

  • Speaking of investment and funding, there was a huge BSD booth on the LBE floor. It came complete with handouts, loud videos, and a photo setup so you could get a picture of yourself with one of the (in)famous BSD daemons. It is interesting that somebody has coughed up enough money to promote BSD in this way, and that the booth was not specific to any particular flavor of BSD. The BSD folks are pushing hard.

  • One would have expected to see some long faces in the Linuxcare booth, but the opposite was the case. Talks with several Linuxcare employees turned up a strong consensus that the recent changes there (including the recently-announced departure of CIO Doug Nassaur, incredibly described as being "completely unrelated" to the sudden departure of CEO Fernand Serrat two weeks ago) were a much-needed housecleaning, and that Linuxcare's future is much brighter than it was a month ago. The Linuxcare people are a pleased and optimistic bunch.

Once one got bored with Linux, the first booth one stumbled across was pushing wrist rests with a built-in telephone - something many of us were not aware of needing...

Microsoft's FrontPage back door. Most LWN readers will by now have seen the news that Microsoft's FrontPage server software, shipped with a number of versions of Windows, contains a back door deliberately inserted by a Microsoft engineer. This hole is amazing not only in its simple existence, but also in that it has been there for years. It says a lot about the security of closed-source systems; see Eric Raymond's take on the issue for one view.

Nobody would say that free software is immune from security problems. And some fear that the availability of source makes some sorts of problems easier for crackers to find. But it really is true that open source makes this sort of deliberate back door difficult to get away with. And it is almost inconceivable that a back door would remain undetected for years. (Do see, however, this week's LWN Security page for a chilling example of a deliberate back door in source-available code. And yes, Ken Thompson's paper demonstrates that there are no guarantees, no need to send the URL to us again).

Lest we laugh too much at Microsoft's expense, it is worth reflecting on the fact that Linux has vulnerabilities of its own. Open source is great, but very few people build their systems from source. Does that RPM or .deb file really contain a binary built from the source in the source package? Only your trust in the package builder can determine how you feel about that. One might assume that an engineer building packages for a Linux distributor is more strongly motivated to do the right thing than a Microsoft engineer, but that is never guaranteed. Sooner or later, somebody will probably get burned by a bad binary package. It can happen to us too.

Update on Corel Word Perfect Office 2000. Last week's mini-review of Corel's recently released Word Perfect Office 2000 product drew a fair amount of attention, and a small amount of criticism. It also got us the attention of some engineers at Corel, who were most interested in tracking down the problems that we reported.

One result of that conversation is that we owe Corel an apology for saying that Word Perfect did not show up in the GNOME menus. The reviewer simply did not look in the right place. Corel's preferred environment is KDE, of course, but they have worked hard at supporting GNOME as well. Installing WPO 2000 does, in fact, fix up the GNOME applications menu in the proper way.

Corel recognizes some residual problems with interactions with the Enlightenment window manager. The file opening problem we reported was confirmed, though it (surprisingly) has to do with files served via NFS, rather than ownership issues. Sample files have been sent back to Corel to enable them to reproduce the QuattroPro crashes.

They were unable to provide a date for a new release with fixes for the problems we (and others) have experienced. But Corel's engineers were clearly responsive, interested, and wanting to make things better. Even if the first release turns out to be a little rocky for some people (not everybody has reported problems), the indications are good that subsequent releases will be more stable.

Inside this week's Linux Weekly News:

  • Security: Another back door, emacs, XFree86, imapd, xfs bugs and more.
  • Kernel: The return of devfs flames.
  • Distributions: Nuclinux, a new floppy-based distribution.
  • Development: FHS 2.1, Cscope becomes free, important GNU Pth update.
  • Commerce: The end of the Linux stock party; lots of Linux deals.
  • Back page: Linux links and letters to the editor.
...plus the usual array of reports, updates, and announcements.

This Week's LWN was brought to you by:


April 20, 2000

 

Next: Security

 
Eklektix, Inc. Linux powered! Copyright © 2000 Eklektix, Inc., all rights reserved
Linux ® is a registered trademark of Linus Torvalds