Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page
Other stuff:
Contact us
Recent features: Here is the permanent site for this page.
|
Leading items and editorialsRed Hat's Embedded Developer's Kit was announced this week. With this release, we see the fruition of Red Hat's acquisition of Cygnus - Red Hat is now a player in the (increasingly crowded) embedded Linux arena. Given their name recognition and advertising budgets, Red Hat will likely make a large splash. The EDK product itself contains much of what is needed to do embedded systems development. Heading the list is the Source Navigator interactive development environment. There is a full set of development tools for embedded x86 and PowerPC targets, and a set of stripped-down kernels for those systems. Debugging tools have been included as well. And, of course, this package comes with a full set of service offerings. There are two levels of basic support, the lower of which only allows a "limited number" of bugs to be reported and fixed. The $40,000 "platinum support" option, instead, includes unlimited incident support and a number of other goodies, though you still have to shell out an additional $25,000 if you want your own "technical account owner" assigned to you. One of the more interesting parts of this announcement, however, was buried deep in the EDK General FAQ. It seems that Red Hat has decided that all tools on the EDK should be open source and that, as a result, Source Navigator will be released under the GPL. The source is supposed to show up on the Cygnus Sourceware site within a few weeks. The opening of Source Navigator is an important contribution; look for it to show up on your favorite distribution CD shortly. The LWN Penguin Gallery has been updated after much too long a time. There are now no less than 233 penguins in the Gallery, each one unique. We're sure there's lots more out there. Please send your additions to lwn@lwn.net; please always include a URL to the place the penguin lives so that we may link to it. Many thanks to all who have contributed penguin sightings thus far. Open software required by law in France? Here is an announcement of a proposed law that would require adherence to open standards and availability of source for all software used within the French government. It would also codify the right to publish and use "compatible software" in some situations regardless of any patent or trademark claims. The effects of the law, if passed, could be wide-ranging. The requirement that open standards be used for data exchange would prohibit the government, for example, from sending around documents in proprietary formats. The idea of a law that bans Word attachments has a definite appeal, but it would certainly shake up the way the government does business. The source code requirement is there for a couple of reasons. First is the simple need to be able to access data many years after the fact, when the program that created it has perhaps long since fallen into disuse. The other is the need to be able to look for back doors - the Echelon surveillance system is explicitly cited as justification here. Note that this requirement seems to say that "source code is available to the government." It does not require that the software be open source. The third article says "any individual or moral person has the right to develop, publish and use an original software which is compatible with the communication standards of another software". This is a step in the right direction, but one can see some potential imitations here. Would DeCSS, which allows the decryption and reading of DVD disks, be protected under this clause? One could imagine lawyers arguing for years over whether DVD encryption is a "communication standard" or not. The announcement ends with the claim that "in a market economy, States can play a significant role on the economy and preserve the public interest." That may be true, though the French government appears to be limiting itself to legislating the sort of software that it will use; closed software would still be legal in the private sector. (See also: this statement from the Association Francophone des Utilisateurs de Linux et de logiciels libres supporting bill in French and English via Babelfish.) Eric Raymond, Lawrence Lessig, and others on government intervention. For those looking for more debate on the proper role of government in supporting open source software, a look at this discussion on the American Prospect site should prove rewarding. Participants include Eric Raymond:
...we share a gut-level sense, born of experience, that handing governments more power is more likely in the long term to injure the Internet (and all its potentials for human freedom and property) than to help it grow. as well as Lawrence Lessig:
I believe this movement has got to get beyond black and white. We have got to wake up from this dreamland where people believe that we neither need government nor need to pay attention to what government does. The argument that government has not played an important role in bringing about the environment within which the revolution of the Internet was possible is just wrong -- historically wrong. There are some well-expressed and important points of view there - recommended reading. (Those who still haven't had enough can head on over to this Slashdot discussion for lots more). Book Review: Thinking In Java. Jeff Berry has been kind enough to send us this review of Thinking in Java, by Bruce Eckel. This book, which is also downloadable over the net, turns out to be a good introduction to object-oriented programming and Java, and is recommended for Java beginners.
Feature: Exploring SGML DocBook. Our latest feature article is Exploring SGML DocBook, which was written, translated from the original Italian, and contributed by Giorgio Zoppi. This article looks at the important DocBook standard, with an emphasis on setting up the tools to be able to work with DocBook documents. Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
April 27, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Security page. |
SecurityNews and editorialsRed Hat/Piranha security issues: important but not a backdoor. This week, we first heard of the Piranha security problems through normal channels, this Red Hat announcement. It seems that two problems had been found and fixed in Piranha, their in-house heartbeat package, including a binary package shipped with a default password and a vulnerability in the change password function that allowed arbitrary commands to be executed. Both problems are severe and an upgrade is strongly recommended. [Editor: here is an updated version of the original advisory.]So far, the process seemed normal: bugs are found, fixes are generated and an announcement goes out. However, the bugs themselves were originally found and reported to Red Hat by ISS, who issued this press release, entitled "Backdoor Password in Red Hat Linux Virtual Server Package". This seems a bit inappropriate. A backdoor, by all definitions we've heard, is an undocumented method of getting privileged access. The authentication mechanism in Piranha is quite well documented. It was simply an error to ship a preset password for this documented "front door". Well, given last week's coverage of a back door in a Microsoft DLL, the ISS advisory initiated a small media frenzy, with press coverage from: In the end, the media coverage provided little, if any, detail that was not provided in the original security report. Despite efforts to politicize the issue, it remains a case of a couple of programming errors, not intentional back doors, which were correctly found, reported and fixed in a timely manner. Some have accused us of bias in not pursuing and reporting on this issue more aggressively, but there simply was no special issue here, no unique circumstance. If the word "backdoor" had not been introduced, this would have been one of the many security reports we cover each week, not an editorial issue. Upgrade your Piranha packages and move on.Lucent releases buffer overflow prevention library. Lucent has announced the release of Libsafe, a library which defends against buffer overflow attacks. It works by putting a wrapper (they call it "middleware") around dangerous functions that contains any buffer overflows within the current stack frame, so that the return address can not be changed. The press release commented, "Linux distributors Red Hat, Inc., Linux-Mandrake, Turobolinux and Debian GNU/Linux are working with Bell Labs to incorporate Lucent Libsafe into their software releases." This could give the impression that Libsafe will be an integral part of each distribution. In response to this, Wichert Akkerman, Debian Project Leader, clarified Debian's intentions. "David Coe is planning to make a Debian package of LibSafe which will be added to the distribution. However it will be an optional package, which means that people will be able to use LibSafe to add some security to their system if so wanted, but we won't make it an essential part of the distribution." The Slackware team quickly evaluated Libsafe and chose to add it into their "contrib" tree, reported this announcement. Again, though, this is not the same as choosing Libsafe as a default for the distribution. We do not yet have details on the plans of other Linux distributions. How does Libsafe stack up against other stack protection mechanisms? We found a couple of analyses, one from Solar Designer and another from Perry Wagle (StackGuard developer). Libsafe has an advantage over StackGuard in that recompilation of programs is not required and it can be introduced into a system with little impact. In turn, the protection provided by Libsafe is limited to the system calls strcpy, strcat, getwd, gets, [vf]scanf, realpath, and [v]sprintf, unlike StackGuard. Libsafe does not work on statically-compiled binaries and its effectiveness may be dependent on which version of glibc you link against. Slackware pointed out that the use of Libsafe would break backwards compatibility for non-glibc-based software. In addition, Libsafe will not work properly on machines that require some form of pointer alignment, as pointed out by Olaf Kirch. In summary, Libsafe is an excellent addition to the available security tools, but not a panacea, nor a full replacement for existing stack protection tools. Security Reportsopenldap tmplink vulnerability. A tmplink vulnerability was reported in openldap this week. Check Red Hat Bugzilla ID 10714 for details on this problem.This week's reports: LCDproc 0.4 vulnerability. LCDproc, a Linux LCD display driver, introduced a remote vulnerability into the driver in version 0.4. An exploit for Linux/x86 has been published. A patch against 0.4-pre9 has been made available. Alternatively, you can downgrade to version 0.3.
imapd denial-of-service. The imap locking mechanism will prevent a user from accessing their imap mailbox if a lock already exists, even if created by another user, reported Alex Mottram. By combining this vulnerability with the imap problem reported in last week's Security Summary, this produces a remotely-exploitable Denial-of-Service attack. FreeBSD issued two advisories in response to these issues, one addressing last week's reportand another addressing this week's report. No patch is available; they recommend moving to an alternate server. Additional reports of buffer overflows in imapd-wu continue to trickle in. Qpopper fgets(). This report describes a vulnerability in all versions of Qpopper, including 3.0 fc2 and earlier, in which input is improperly verified. No fix has been reported as of yet. Check BugTraq 1133 for more details. SuSE cron: arbitrary file deletion. The SuSE Linux default configuration of cron can be exploited to arbitrarily delete any file on the system, according to this BugTraq posting. No confirmation or update from SuSE as of yet. Sendmail mail.local vulnerability. An input verification problem was reported in mail.local, part of sendmail. An official patch was quickly produced and will be included in the next version of sendmail. PostgreSQL cleartext password storage. Robert van der Meulen pointed out that PostgreSQL stores usernames and passwords in cleartext in pg_shadow, allowing the password mechanism to be bypassed. Versions 6.3.2 and 6.5.3 have been reported to be vulnerable; no official word or update has been seen as of yet. FreeBSD 3.4-STABLE ncurses overflow.. It appears that FreeBSD 3.4 ncursesis vulnerable to a buffer overflow. Note that both 4.0 and 5.0 have been tested and found not vulnerable. CVS local denial-of-service vulnerability. The CVS use of /tmp for locking purposes leaves it open to a local denial-of-service attack, according to Michal Szymanski. Check BugTraq 1136 for a work-around. Commercial Software:Realserver denial-of-service attack. RealNetworks, Inc., has put out an advisoryregarding a potential denial-of-server attack in RealServer. Updated executables have been made available for RealServer 7.0 or RealServer 7.0.1. People using RealServer 6.X or earlier need to contact their customer service department. Cisco Catalyst. Unauthorized access to the enable mode has been reported in the 5.4(1) release of Cisco Catalyst. Upgrades are available and customers are urged to apply them. Cisco IOS. Security scans can cause a Cisco router to reload unexpectedly, due to problems in the Cisco IOS software, allowing a denial-of-service attack. New releases to fix the problem are either currently available or promised to be available in the near future. Adtran MX2800 M13 Multiplexer. A Denial-of-Service vulnerabilityhas been reported in the Adtran MX2800 M13 Multiplexer. Updatesimwheel. For more information, check the BugTraq vulnerability database entry. This vulnerability was first reported on March 13th, 2000.
gpm. Improper permissions handling in gpm was discussed in the March 30th LWN Security Summary.This week's updates:
emacs 20.X.. Problems with emacs 20.X (not XEmacs) were discussed in last week's Security Summary. Generic-NQS (GNQS). See the February 10th, 2000 LWN Security Summary for more details. ResourcesBruce Schneier's CRYPTO-GRAM (April 15th). The April 15th edition of Bruce Schneier's CRYPTO-GRAM covers testing of various cryptographic algorithms in preparation for NIST's choice of a standard for AES. If this will impact your work, you'll want to review his comments and send in your own to NIST. Bruce also comments on UCITA in this month's edition, pointing out that UCITA's choice to allow software manufacturers to remotely disable software in the event of a licensing dispute essentially legislates backdoors into software under the "naive conceit ... that only the manufacturer will ever know this disable code, and that hackers will never figure the codes out and post them on the Internet". Section Editor: Liz Coolbaugh |
April 27, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Kernel page. |
Kernel developmentThe current development kernel release is 2.3.99-pre6. This kernel, which came out on April 26, is the first since April 11. The fact that Linus is changing houses may have something to do with the long interval between releases. The (3.6 MB) 2.3.99-pre6 patch consists mostly of small tweaks to over 900 files; there is also more i386 interrupt handling work, a number of small Sparc tweaks, some large I2O updates, an ISDN update, a driver for LAN Media synchronous serial boards, many changes to the IA-64 support for 32-bit binaries, the removal of kernel debugger support for the IA-64, a large 3c59x ethernet driver update, numerous SCSI subsystem tweaks, some sound driver updates including the incorporation of the EMU10K (SB Live) driver, and some ATM networking updates. The removal of debugger support for the IA-64 is not entirely surprising - Linus has long had a dislike for interactive kernel debuggers. His position is that they lead developers to fix symptoms; he would rather they stare at the source and come to an understanding of the real problem. Thus, the real surprise is that KDB got in for a while in the first place. Here is Alan Cox's 2.4 jobs list as of April 25. The current stable kernel release is still 2.2.14. Alan Cox has had 2.2.15 ready to go for a while, but Linus has not yet released it. The 2.2.15 prepatch has moved forward to 2.2.15pre20, without announcement. Both pre19 and pre20 contain new security fixes that, one would hope, will see a mainline kernel release soon. Meanwhile Alan has released a first 2.2.16 prepatch with a few larger items that won't go into 2.2.15. It contains some driver fixes (especially sound drivers), some new NLS codepages, and a number of other small changes. poll() and the big kernel lock. A problem faced by any operating system once it begins to support multiple processors is controlling access to data that may be accessed by more than one processor at once. If multiple processors simultaneously manipulate the same data structures, chaos soon results. Back in the 2.0 days, Linux handled this sort of "mutual exclusion" problem with the "big kernel lock." Essentially, any time a processor went into the kernel it had to take out this lock; as a result, only one processor could be executing in the kernel at any given time. That approach works, but its performance leaves something to be desired. Even with just two processors, quite a bit of CPU time will be wasted waiting for the big kernel lock. With more then two processors, the cost becomes unbearable. Thus, much work in the 2.1 and 2.3 development series has been aimed at the elimination of the big kernel lock in favor of more fine-grained locking schemes. Much of the kernel runs without this lock at this point. One notable exception has been the implementation of the poll() and select() system calls. poll() uses the big kernel lock not because of any inherent need, but because nobody has gone through and made sure that all of the device drivers (which have a method used to implement poll() on their devices) will work without it. There are a lot of drivers out there, and auditing them all can be a long and unpleasant task. The topic came up this week after some results were posted showing that the use of the big kernel lock in poll was creating some real performance problems in certain situations - such as on a busy web server. People began to wonder if the big lock was still necessary with poll(); after some discussion, Manfred Spraul posted a patch which removes the lock_kernel() calls from poll(). Resistance to this patch came from Alan Cox, who is very much trying to work toward a stable, releasable 2.4 kernel and is not pleased by a patch that could affect many dozens of device drivers. Alan appears to have lost the debate, however: Linus has come out in favor of the patch. As a result, a few driver maintainers may have to do a bit of last-minute scrambling to be ready for 2.4, but, as has been pointed out, these drivers needed to make their own synchronization requirements anyway to be safe on multiprocessor systems. Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
April 27, 2000
For other kernel news, see: Other resources: |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Distributions page.
Lists of Distributions |
DistributionsPlease note that security updates from the various distributions are covered in the security section.
Vine Linux 2.0. Maya Tamiya, editor of ChangeLog.net, a Japanese site that provides a translated version of LWN.net material, kindly provided us with more details on Vine Linux and their recent 2.0 release. Vine Linux is a community-based project. "Vine Linux is probably the most popular community-based distribution in Japan. There was even a paper magazine's readers poll which showed the number of the Vine users was the largest of all the other Japanese distributions users including commercial ones. Project Vine claims to have distributed, via CD-ROM, at least one million copies of their previous version over about a year." For the gory details, note that Vine Linux 2.0 is based on RedHat Linux 6.1, kernel-2.2.14, glibc-2.1.2 + locale-ja and XFree86-3.3.6 + xtt. (Thanks to Toshiyuki Nakata.) Plamo Linux 2.0. Maya Tamiya also provided us with information on Plamo Linux 2.0, another community-based distribution in Japan, originally based on Slackware. Plamo is famous for the quality of their laptop support, among other features. "Plamo Linux was originally called "Plagiaware" since they borrowed many packages from other distributions, but the name gave too bad impression so they renamed it to "Plamo", short for "plastic models" in Japanese, in the hope that the distribution would grow to be a system that people can change and improve the software by themselves as they like easily." Linux From Scratch. Here's an announcement for a different sort of distribution. LinuxFromScratch is a running distribution that you put together yourself from source. The "distribution" as such consists mostly of a large, online book describing how to build the whole thing; what finally ends up on your system is up to you. An interesting resource for those who want to see how it's done, or who have never been able to find a distribution they actually liked. Blue Point LinuxBluepoint, Intel establish Chinese support center. Bluepoint Linux Software Corp. has announced a deal with Intel to establish a technical support center in Shenzhen, China. According to the announcement, Intel will contribute "technology and equipment" to the center; it's not clear that Intel's involvement goes beyond that. Corel LinuxCorel quarterly report. Corel has filed its latest quarterly report. It gives the gory details on its recent performance, and talks about the other challenges the company faces, including a suit filed on April 17 attempting to block the merger with Inprise. Debian GNU/LinuxFirst European Debian Meeting. The first European Debian Meetingwill be held in Bordeaux (France), from July 5th to July 9th 2000, invited by the French-speaking Debian developers and the Libre Software Meeting organizers (in French). The conjunction of this meeting with the Libre Software Meeting will provide a low-cost locale for the event and the opportunity for Debian developers to interact with developers from other free software projects. Debian Weekly News. A brief Debian Weekly News for this week covers the European Debian Meeting, package dependencies, Perl 5.6, and more. KRUDApril KRUD. The last Red Hat 6.1-based release of KRUD, their April KRUD CD, is now available. This contains Red Hat 6.1, all updates and many fun extras, including "FreeCIV" and "PySol". KRUD 6.2 is in development and expected to be the basis of the May KRUD release. Linux-MandrakeLinux-Mandrake 7.1beta available. Linux-Mandrake 7.1 beta is now available for download. It is a beta version, so all the usual warnings apply. Among other things, this release includes the Helix GNOME release, XFree86 4.0, and ReiserFS. Red Hat LinuxRed Hat begins shipping Motif 2.1. Red Hat has moved a little further away from its "all open source, all the time" approach with this announcement that it will be shipping Metro Link Motif with its "Enterprise Edition." Slackware LinuxNew additions to the slackware-current tree this week: XFree86 4.0, teTeX-1.0.7, teTeX-texmf-1.0.2 and GNU grep-2.4.2, in addition to the security-related additions mentioned in the Security Summary. Grep was upgraded in response to a user report of problems with the version previously included.Possibly in response to last week's announcement of the FHS 2.1 (File System Hierarchy), a discussion began in the Slackware devel forum arguing against the possible adoption of the System V init script structure over the BSD structure. Some people did not care, but others felt strongly that the loss of the BSD init script structure would alter Slackware too much, lose a valuable feature of Slackware and make it too much like every other distribution. No official response was included, but if the opinions in this thread hold, Slackware is unlikely to ever being FHS (and therefore LSB) compliant. SuSE LinuxSuSE 6.4 evaluation ISO. SuSE has released an ISO for their SuSE 6.4 evaluation CD. This is one CD out of the normal 6 CD set and obviously comes without documentation or support, but if you want to take SuSE for a test run, this should have everything you need. "As usual, it ships with KDE, Netscape and a lot of additional goodies like the new YaST2 installation and configuration tool." SuSE performs mind-share control (Upside). This Upside article looks at the challenges faced by SuSE in the U.S. "Then there's the fact that SuSE avoided the recent Linux IPO frenzy and has had to build its market share with less money and less attention from the wealth-obsessed tech media machine." Section Editor: Liz Coolbaugh |
April 27, 2000
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Development page. |
Development projectsFSF alternative to Freshmeat. The Free Software Foundation is apparently not satisfied with the existing software databases, including Freshmeat and others. They are building their own and have put out a request for assistance to the Debian developers. "The reason they are not using a happy with existing databases like freshmeat is that their database has a lot more details, and they don't want any non-free software in there." Browsers and Mail supportTradeClient 0.2beta released. Bynari International has announced the final pre-release of its TradeClient email client and personal information manager. Tradeclient is aimed at people accustomed to or currently using Microsoft Exchange. TradeClient is released under the LGPL. Note that a proprietary product, Bynari TradeXCH, is required in order to connect Tradeclient to Microsoft Exchange. EducationSEUL/edu Linux in Education Report. The SEUL/edu Linux in Education Report for April 24 is available. This issue concentrates on scheduling and timetable software for schools, but covers a number of other interesting programs as well. GamesMerchant Empires .1. Merchant Empires is a new GPL'd game that has been ported to PHP. This is a very early release; a link is provided primarily for people who may be interested in its development. GraphicsOpen CASCADE 3.0 released. Open CASCADE 3.0 has been released. This release of this extensive graphic modeling library includes a new "data exchange processors" module and extensive changes to the visualization module. Gimp Tutorial: 60 Second Reptiles, Paint lines, and Bark. Michael Hammel has put out a new Gimp tutorial over at Graphics Muse. "In this tutorial I'm going to show you the tricks you can play with noise. The Gimp is often thought of as a tool whose end product is a goal in itself. But Hollywood knows better. There, the Gimp is used as just another tool in a long list of tools to generate the final product - a special effects shot for a movie. Noise plays an interesting part in that pipeline of tools." Gimp 1.1.20. Gimp 1.1.20 is now available for download. Unfortunately, it came accompanied by a segfault-inducing bug came out with Gimp 1.1.20. A bugfix for this is now available and is highly recommended. This release is also sometimes dubbed "1.2pre", containing many features from the upcoming 1.2 release. Gimp FreeType. Sven Neumann and Jens T. Lautenbacher are working on Gimp FreeType, a project to improve font support in Gimp. (From Gimp News.) InteroperabilitySamba 2.0.7 released. Samba 2.0.7 has been released. This is the first release of Samba to include the O'Reilly Using Samba book; it also contains the beginnings of Windows 2000 support and a great many other fixes and enhancements. Office ApplicationsReviewing Linux Word Processors (LinuxPlanet). LinuxPlanet has started off a series of word processor reviews with this review of StarOffice 5.2. "We did our tests on version 5.2 of StarOffice, even though this is still a beta release. We encountered stability problems and a few bugs, which we fully expect to be ironed out by the time it goes into final release. Since StarOffice is free for download and a fairly inexpensive CD purchase, prospective users may want to consider sticking with 5.1a, and moving to 5.2 when its stability is more guaranteed." Applixware 5.0 announced. Applixware 5.0 was announced this week. The new version is based on the GTK+ toolkit. This is a commercial product; more information is available on the Commerce Page. AbiWord Weekly News. This week's AbiWord Weekly News indicates that the release of 0.7.9 is imminent and a list of features needed for the 0.9.0/1.0 release has been put together. James Ritchie was lauded for the posting of his constructive suggestions, based on what he needs, as a professional writer, in order to move from Microsoft Word to AbiWord. On the DesktopThis week's GNOME summary. Here is this week's GNOME summary by Havoc Pennington. Havoc has also announced the X Desktop Group. Its purpose is to promote collaborative work toward the improvement of the X desktop in general - it is not a GNOME-specific project. Havoc is reaching out to all developers (and writers!) in the desktop area in an attempt to produce concrete results and a better desktop for all. KDE2 is around the corner. Are you curious? (Olinux.com.br). Olinux.com.br interviews KDE hacker Mosfet. "The difference between KDE and competing projects is KDE developer funding seems to be spread over a wider group of Linux companies. You don't have one or two interests controlling an important group of KDE developers." News from KDE.org. Updates to the news section of the KDE.org site include a call for documentation writers and a heartwarming letter to KDE from The London Capitals Youth American Football Club. "I am an American who works in London with underprivileged kids. We work with the kids primarily through American football. We have maintained a website for the past 7 years. I teach the kids primarily through Linux. The KDE desktop environment has proved incredibly helpful in giving these kids a simple to understand interface with a dense operating system. " Sawmill becomes Sawfish. The Sawmill project has announced a name change, due to a naming conflict with an existing Linux log analyzer, also called "sawmill". As a result, the Sawmill window manager will become the Sawfish window manager, with an accompanying change in all websites, etc. (From GNotices.) ScienceLinux in Science Report #5. This week's Linux in Science report focuses on getting binary packages for scientific software and the need for a Linux distribution targeted for scientific users. Medicine-HOWTO. The Medicine-HOWTO has been updated, with the addition of links to additional software and resources (from Freshmeat). One of the new links points to LinuxMedNews, a new Zope/Squishdot-based news site that focuses on Linux and the medical community. It looks, perhaps, a bit too much like Slashdot ... it is almost hard to remember which site you're on. However, they are clearly working hard to get good content up. GNUMed presentation. A presentation on GNUMed, An Open Source Comprehensive Software Package for Paperless Medical Practice will be given at the July 17-20, 2000 O'Reilly's Open Source Conference by Horst Herb. Website DevelopmentZope tutorial preview available. Amos Latteier has released the first preview version of his Zope tutorial. The tutorial is a "hands on" experience, and thus requires an installed Zope server to host it. Those who are not in a hurry can wait for the next major Zope release, which will include the Tutorial. Section Editor: Liz Coolbaugh |
April 27, 2000
|
|
Development toolsCThe wonders of glib (IBM DeveloperWorks). This IBM DeveloperWorks article takes a look at the glib utility library for C, which provides data containers, portability and more. "Glib's most prominent and powerful aspect is its containers, although it is also extremely useful in writing portable code. Glib does not require you to restrict code to small subsets of functionality that work on all target platforms, nor, when you use glib, do you find yourself resorting to prayer as a method of ensuring satisfactory implementation of your functions on other platforms." (From Gnotices.) JavaBlackdown Java3D 1.1.3 status. A note added to the Blackdown Java3d Status Page on April 20th indicated progress on the port. "We are currently working on finishing the final release of Java3D 1.1.3". PerlPerlmonth Issue 11 available. Perlmonth #11 is now available, with nine new articles. The focus is very much on web applications in this issue. Perl5-porters digest. A new version of the Perl5-porters digest was released on April 23rd. It seems that whining was a major response to the release of Perl 5.6. "On the one hand were people complaining about bugs and how it was unstable and saying that nobody was going to switch, and there were some accusations that Sarathy was part of a Microsoft conspiracy to sabotage Perl. Blah blah blah. Then on the other hand were a lot of people saying that the changes were not significant enough to warrant a new version number. " This prompted Tom Christiansen to post this reply. "If this hadn't gotten out NOW, it might well NEVER would have gotten out? Why? Because Sarathy would have quit in frustration over the demands put upon him, the expectation that he and he alone would rewrite and redesign all the major subsystems for everybody's pet little feeps, from threads to unicode to the codegenerators." Work appears to be ongoing to try to salvage the working atmosphere of the group. Best of luck, guys. PHPPHP HOW-TO. An updated version of the PHP HOW-TO has been made available. PythonLinux Journal Python Supplement. The May issue of the Linux Journal apparently contains a Python supplement, with articles ranging from the silly to the strictly serious. It included a reference to the Linux Journal's Python Book Reviews, a joint review of three Python references. (From Daily Python-URL) Tcl/tkTcl/Tk 8.3.1 announced. Tcl/Tk 8.3.1 has been released. This is a patch release for Tcl/Tk 8.3 and contains over twenty different bug-fixes and added features. Section Editor: Liz Coolbaugh |
Language Links Guile Haskell Blackdown.org IBM Java Zone Perl News PHP Daily Python-URL Python.org JPython Smalltalk |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Commerce page. |
Linux and businessMiracle Linux. Oracle Japan has funded the creation of a new Linux company, called "Miracle Linux," which will operate in Japan. There is a press release available for those who can read Japanese. Miracle Linux will be "doing development and sales of Linux OS, sales of Oracle's software for Linux, and support including Linux related consulting, education and maintenance." The company, which is to commence operations at the beginning of June with 20 employees, has been funded with $2 million in capital. The plan is to top that up to $4 million soon, at which point the ownership will be 55% Oracle, 14% NEC, and 14% TurboLinux. The Miracle Linux distribution will use TurboLinux as a base. The company hopes to achieve about $2 million in sales in its first year, ramping up to about $12 million by the third year, at which point it would be profitable. (Thanks to Maya Tamiya of ChangeLog.net). VistaSource launches. Applix has announced the spinning off of its Linux division into a separate company called VistaSource. "VistaSource will operate under a blended licensing model referred to as 'Source Access,' which is different from Open Source in that it is designed to empower the customer by offering a number of source licensing options, while still being commercial software." VistaSource looks like a determined attempt to be a "half way" open source company. It has a few open source products, such as its SHELF scripting language. CoSource.com, acquired by Applix a while back, is also part of VistaSource now. But its flagship products, such as its office suite, will remain proprietary (though they make a big point of their use of the GTK toolkit within Applix). With this mix, they hope to be part of the open source world and make the money they need to thrive as a company at the same time. The new company is currently wholly owned by Applix, but intends to do an IPO of its own sometime in the future. VistaSource wasted no time in putting out its own press release announcing the launch of Applix 5.0. This version is based on the GTK+ toolkit; the word processor and spreadsheet will also be available as separate products. Announcing LinuxSolve. A company called LinuxSolve has announced its existence. LinuxSolve is another vendor of Linux-based server appliances; their particular angle seems to be an especially strong emphasis on security. Their systems run the Immunix distribution, which gives some protection against buffer overrun attacks. They also offer the usual array of consulting and support services, of course.
Userland discussion on open and proprietary software. For a relatively (relatively!) low-heat discussion of an inflammatory topic, check out this Userland posting by Dave Winer regarding the split between free and proprietary software. "I think we took a wrong turn a couple of years back, all of a sudden every hard-working software guy is on the defensive, unless he's one of the O'Reilly-annointed gods of open source. Raymond's writing put us there. O'Reilly monetized it. It's irresponsible and hurtful and it stops progress." There is a thoughtful response from Brian Behlendorf, among the others. "Pragmatically speaking, I think it's fine to have a world where open and closed source software speak - by far the most important thing is that the protocols and APIs be stable and open and free from encumberance, that the software source code is open is secondary. However I think we are approaching a future where in every software category there is an Apache equivalent, a tool that is good enough to do the job 90% of the time." SecureNet PRO for Linux. MimeStar Inc. has announced that its "SecureNet PRO" intrusion detection system is now available for Linux. It's available as a software-only product; they also sell it bundled with a VA Linux Systems server. Exile III: Ruined World. Spiderweb Software and Boutell.com have announced the release of "Exile III: Ruined World" for Linux. Exile III is a fantasy role-playing game; it is supposed to come out this spring.
Section Editor: Jon Corbet. Press Releases:
Section Editor: Rebecca Sobol. |
April 27, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Linux in the news page. |
Linux in the newsRecommended Reading Salon's Andrew Leonard has added a new chapter to his "The Free Software Project" book. This chapter, the second one to be posted, is actually Chapter 6, and covers Mr. Leonard's trip to Finland. "Finland's love affair with high technology runs deep. The closer you look, the less remarkable it seems that a 21-year-old undergraduate at the University of Helsinki cooked up some code that ended up throwing the entire software industry into turmoil." Business AsiaBizTech has an article about the founding of Miracle Linux in Japan. "The new company will develop Miracle Linux, based on Turbo Linux, which is a server Linux OS fine-tuned for the Oracle8i relational database management system (RDBMS). It will begin selling and supporting this Linux software in September targeting midsize companies. Also, the new venture will sell Oracle's Linux products, and offer training and consulting services." (Thanks to Maya Tamiya). Upside reports on ZDNet's acquisition of LinuxDevices.com. "The Linux open-platform philosophy is winning over an increasing number of converts in the overly-Balkanized embedded operating systems market..." Here's an article on the LinuxMall.com site about the FSL "Jet" cluster. "Designed and built entirely using the Linux operating system, JET will be running weather models over the next two years at a rate of 2 to 4 Teraflops." News.com has put up this article about Applix's new spinoff VistaSource. "Applix gave VistaSource a $6 million investment, but the subsidiary will seek its own venture funding and plans an initial public offering at the end of 2000 or in early 2001..." TechWeb looks at the high level of interest in IBM's Linux for the S/390. "Since December 1999, when IBM began offering free versions of the open-source Linux operating system for its S/390s, more than 1,100 copies have been downloaded. 'These folks are jumping on it as fast as they can,' said Chris Rohrbach, an IBM S/390 business executive. 'In fact, some of them-many of them-are beginning to adopt Linux for the S/390 in production workloads.'" News.com looks at IBM's plans to start selling its servers with Linux preloaded. "IBM typically lets computer retailers worry about installing operating systems, but it's altering that strategy because Linux computer buyers tend to be cost-conscious and less in need of hand-holding." Here's this week's Linsider stock summary by Michael J. Hammel. "Bluepoint Linux, up a whopping 86% from 3.625 to 6.75, announced that their offices had been visited by key Chinese officials who stated that Bluepoint Linux would be a major player in the Chinese Governments Shenzhen Special Economic Zone. Bluepoint reports they have an 80% market share in China, though Asian heavyweight TurboLinux might have something to say about that." ZDNet looks at the decline in Linux stock prices. "The low stock prices are not stopping the whirl of mergers and acquisitions as Linux firms snap up minnows, and the largest Linux concerns can point to some high-profile financial support when queried about their financial stability." The San Jose Mercury looks at the rise and fall of VA Linux Systems' stock. "Given the market's short attention span and sales from the flippers, it was almost inevitable that the money-losing Linux companies would come back to earth. The essential thesis that the Linux companies were worth a percentage of Microsoft was flawed. And even superb marketeers like Red Hat's chairman, Robert Young, faded into the noise." Here's News.com's take on the departure of Linuxcare CIO Doug Nassaur. "Growing pains at start-ups aren't unusual, particularly when outside managers are brought in to take over the company from founders. But the difficulties at Linuxcare are compounded by the pessimistic stock market and the steady decline of stock in Linux companies such as Caldera Systems, Red Hat, VA Linux Systems and Andover.Net." Here's a brief article in the Korea Herald about the "Korea Linux Council," a group of Korean Linux businesses which plans to promote the system in Korea. Among other things, they plan to distribute 1 million Linux CDs this year. StockHouse.com interviews Corel CEO Michael Cowpland; they talk mostly about Corel's Linux strategy. "Considering that we're kind of creating the desktop for Linux from scratch because up to now, people have said it was purely a server-based OS and the market didn't exist with that stuff, I think we've begun to prove that wrong and now we're beginning to develop the market for the desktop." Here's a ZDNet column by Evan Liebovitch on current events - especially the possible breakup of Microsoft. "Just about the only benefit I hear from others is that a separate Microsoft applications division would be more inclined to make versions of its business apps for Linux. I'm neither convinced that this would benefit the Linux community, nor that an independent MS Apps Inc. would even rush to embrace Linux." Resources LinuxPower looks at the GNOME Pilot Project. "The GNOME-pilot project is currently making great strides forward and from the GNOME 1.2 release and onward Palm Pilot integration will be an well functioning part of GNOME. With the groundwork now having been done and it stabilizing you can expect that many of your favourite GNOME applications will start to add Palm syncronization, at least those with developers who have a Palm :)." This week's Dear Lina, from Linuxcare, looks at devices. "My modem is connected to /dev/ttyS1. In order to dial out as a non-root user, I changed the permissions on /dev/ttyS1 to 0666. Every time I reboot, the permissions of /dev/ttyS1 are rolled back to 0600. I have to set the permissions again every time. This is a frustrating problem. How can I change the permissions of /dev/ttyS1 permanently? I am using Red Hat Linux." Upside looks at Linux journaling filesystems, and reiserfs by Namesys in particular. "Although the Gnu General Public License enforces a certain level of altruism upon companies such as Namesys and SGI, the fact that Namesys and SGI have plowed ahead with their own separate projects, rather than merging into one, offers proof that competition and open-source software development need not be mutually exclusive." Commercial document image software is now available for Linux. Michelle Head takes an indepth look at 1mage's choice to port their software to Linux. "Black Tusk Technologies, a South African application service provider (ASP) company, is using 1mage's new ability to port to their strictly-Linux server. Black Tusk uses 1mage's document imaging ability to aid their manufacturing and aviation customers, DeYoung said." The Industry Standard posted this article about the Red Hat/Piranha vulnerability. "The fact that they've been finding holes in (Unix-based) Sendmail for 20 years indicates that open-source is not the best for security..." Events Take a look at what it took to get a Linux Pavilion at FOSE, the largest computer trade show targeted specifically at the US Federal government market, estimated to be over $35 billion dollars in size. "The main-floor pavillion was the brainchild of Northern Virginia LUG (NoVaLUG) member Tim Bogart, by day a network server administrator for a major telecommunications company, and furthered by Lois Rude, industry manager with FOSE. After a Washington-area Linux exposition was cancelled nearly a year ago, Bogart asked himself and fellow LUG members 'Why don't we get in on the real action?'" Here's some Comdex coverage on the LinuxMall.com site. "On Wednesday, the Linux community showed it's lighter side when Dust Puppy from the User Friendly comic strip and Tux paired up after a press conference to take pictures with the Linux visitors. Dust Puppy was, understandably, given a wide berth, but Tux embraced members of the crowd that stepped forward to have a picture taken with the six-foot penguin." ZDNet covers Caldera CEO Ransom Love's talk at the Linux Business Expo. "Love threw a damp towel on the revolutionary sentiments surrounding the open-source operating system and instead espoused an evolutionary approach to building momentum behind Linux. His fear is that in pushing the overthrow of the existing technological infrastructure, many options could be silenced." Reviews and Interviews Jerry Pournelle reviews Corel WordPerfect Office 2000 in this Byte article, which also looks at a system from Penguin Computing. "This may be worse news for Microsoft than Judge Penfield Jackson's decision. With a decent Linux box and the Corel WordPerfect Office 2000 suite you can do a good part of what you can do with Windows and Microsoft Office, and do it without a byte of Microsoft code in your system." LinuxMall interviews Erik Hovland, founder and reigning president of the University of Southern California's Linux User Group (SCLUG). "In a recent interview with LinuxNews.com, Hovland discusses his history with Linux, his passion for robotics, his LUG with the snail mascot and Linux politics on the campus where famed hacker Kevin Mitnick once roamed free. " Finally The New York Times has this introductory article about Open-Source software. "There are thousands of open-source projects, of varying popularity and complexity. Aside from Linux, some of the most prominent include the PERL language, Apache server software, the Emacs text editor and the Sendmail e-mail routing program. Companies like Red Hat make money not from the code itself, which customers could get free, but from the products or services bundled with it." [The New York Times is a registration required site.] (Thanks to Marty Leisner) Andover.Net columnist Julie Bresnick discovers the Linux community. "An industry insider once suggested to me that Linux was simply an anti-Microsoft Jihad, that its success was propelled by hatred for the big guy. Oy, what a killjoy. Linux, Open Source, will be the next standard because that's where the smartest folks go." (Thanks to Cesar A. K. Grossmann). Salon looks at vigor, the version of vi with its very own "helpful" paper clip. "So is Vigor a sign that Microsoft-ian bloatishness will infect even the pristine world of free software? Or is it proof that irreverent hackers hold nothing sacred, to the point of blaspheming against their own holy tools?" Section Editor: Rebecca Sobol |
April 27, 2000 |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Announcements page. |
AnnouncementsResourcesLinux Hardware Database The Linux Hardware Database has announced its "Rated Linux Compatible" program for hardware resellers.The RPM System A simple introduction to the RPM System is now available from LinuxPapers. Italian Linux FAQ page Italian-speaking readers may want to bookmark the Italian Linux FAQ page, part of the ZioBudda news site. It contains over 500 FAQs and a search engine as well. EventsProtest against DMCA on May 2 A protest against the Digital Millennium Copyright Act has been announced by the New York Linux Users Group, the Washington DC Linux Users Group, and the Northern Virginia Linux Users Group. It will be held on May 2 in Washington DC. The protesters are targeting the law due to the power it gives to copyright holders to control technology, which results in messes like the DVD case.Phillip W. Katz. An obituary for Phillip W. Katz lists his date of death as April 19th, 2000. Information can be found in this ABC News article". The Slashdot coverage contains more historical information on the creation of PKZIP. Age 37. Passed away unexpectedly on Fri., April 14, 2000. Beloved son of Hildegard and beloved brother of Cynthia. Also survived by other relatives and friends. Phil was a graduate of UWM Computer Science Engineering Program. He was the author of the PKZIP/PKUNZIP software and owner of PKWARE Inc. Co." Web sitesLinuxLinks.com Announces New Search Engine LinuxLinks.com announced a new search engine based on MySQL and Perl DBI.User Group NewsInstall Fest in Luxembourg The LUG in Luxembourg is having an Install Fest on May 13th. For more information email Thierry Coutelier at Thierry.Coutelier@linux.lu |
April 27, 2000
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software Announcements
|
Our software announcements are provided courtesy of FreshMeat
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Back page page. |
Linux links of the weeki3connect.net is an ambitious, just-beginning project to create a next-generation Internet directory. The hope is to build it in a truly open and distributed manner, without central servers or central ownership of the data. Python hackers may want to have a look at the Vaults of Parnassus, a comprehensive, hierarchical collection of available Python modules. Section Editor: Jon Corbet |
April 27, 2000 |
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
Date: Mon, 24 Apr 2000 13:26:57 -0400 From: "John F. Gibson" <gibson@mae.cornell.edu> To: letters@lwn.net Subject: DOJ vs MS, law vs libertarianism Eric Raymond writes "Economic competition is ... a robust and ubiquitous phenomenon that flourishes whenever human beings need to solve scarcity problems and are not forcibly prevented from trading with each other to do it." This is quite likely true for emerging markets among individuals with comparable economic clout. However, the situation is more complex in developed economies, with economies of scale and large disparities between the players. In such an environment, a player with sufficient resources can effectively prevent trade among others, through threats, coercion, dumping, buying and squelching potential competitors, etc. Monopolies are especially capable of such tactics. This is why we have anti-trust law. Over the last ten years, Microsoft has effectively prevented trade in operating systems by secret pricing structures and threats of exclusion to manufacturers, in productivity software by closed, rapidly changing file formats and coerced bundling of Office, in browsers by dumping Internet Explorer and corrupting Internet protocols. These actions have manifestly harmed consumers, the software industry, and ultimately the U.S. economy. Mr. Raymond writes, "There are any number of counterexamples to the ... claim that government-made law is essential to economic competition. Customary law maintained by the self-interest of economic actors is quite sufficient." Perhaps examples prove that law is not necessary in every case, but they don't prove it's unnecessary in all. If so, how does one explain away the harm Microsoft has already done? We're talking about billions of dollars, warped evolution in the software industry, the paths of thousands of people's lives, and ninety percent of the country subjected, for the past twenty years, to an operating system that crashes daily! You can't claim that Adam Smith's invisible hand will ultimately prevail and right these wrongs retroactively. Clearly what is needed is more effective law and better, more timely enforcement. Lastly, the First Amendment is in fact a regulation on the behavior of Congress. It prevents Congress from making laws that restrict certain freedoms of individuals, the press, etc. The founders recognized the disparity of power between the majority, acting through Congress, and minorities. They enacted the First Amendment to ensure fair competition between unequal bodies. Kind of like antitrust law for speech. John -- John F. Gibson gibson@mae.cornell.edu Mechanical and Aerospace Engineering, Computational Fluid Dynamics Lab 288 Upson Hall, Cornell University, Ithaca, New York, 14853-7501 Tel: (607) 255 0360 Fax: (607) 255 1222 | ||
From: ghaverla@freenet.edmonton.ab.ca Date: Thu, 20 Apr 2000 09:29:44 -0600 (MDT) To: letters@lwn.net Subject: Printing and Re: WordPerfect "review" Hi! I haven't run WordPerfect (or any other word processor), but where are people getting this misconception that printing is screwed up on Linux/*BSD/...??? Printing is simple on any UNIX or UNIX-like machine, you send the print job to the lpr (or lp) program, which sends it to the print spooler (lpd), which .... The program requesting the printing doesn't have to know a darn thing about whether the printer is directly connected to "this" computer, is directly connected to some other computer, is a network printer, or is something acting like a printer. Word processors like to know what kind of device they are printing to, but this isn't a problem. They only have to look in the printcap file to find what devices are available. Maybe the information in the printcap needs to be extended a bit for word processing applications, or augmented, by another config file. But this certainly doesn't require the word processor people to run around writing drivers or any such nonsense. LPRng is actively in development. Of late, we have someone looking for a little tuning advice on having a bank of modems attached to the system (somehow) to be used for outgoing faxes, with each modem getting its own customized cover sheet (phone number of the modem). A little while ago we had someone write in about using LPRng as the spooler for a system where some kind of "ink" was placed on cookies prior to baking. Just my $0.02. Gord Matter Realisations http://www.materialisations.com/ Gordon Haverland, B.Sc. M.Eng. President 101 9504 182 St. NW Edmonton, AB, CA T5T 3A7 780/481-8019 ghaverla @ freenet.edmonton.ab.ca | ||
Date: Sun, 23 Apr 2000 06:38:02 -0700 From: Steve Powell <stevenrpowell@sprintmail.com> To: letters@lwn.net Subject: WP Office Works Great for Me I just installed WordPerfect's office suite, and while it still isn't doing everything I want, it isn't nearly as fouled up on my system as it seems to be on yours. My menus work fine -- everything works fine. The only problem I have is I can't save to a .pdf yet. I haven't done exhaustive tests but I've opened Paradox and looked around a bit in the help system and what not, and it looks good. QuattroPro opens and can perform routine tasks. I've used WordPerfect the most, and it was able to create a document, run spell and grammar checks, etc. Again, I haven't performed an exhaustive test of anything, but it certainly isn't as goofed up as your experience suggests. Sounds like something else is wrong. I installed to Corel Linux, and maybe that makes a difference. Not that that's any excuse, but in any case I don't think the package is nearly as far from functional as you found. -- ******************************************************************** Steve Powell StevenRPowell@SprintMail.com 921 Coast Blvd South Apt 1 La Jolla, CA 92037-4150 Home: (858) 551-2021 Work: (858) 505-3460 ******************************************************************** | ||
From: "Allan Stokes" <allan@stokes.ca> To: <lwn@lwn.net> Subject: soft tissue Date: Fri, 21 Apr 2000 04:19:29 -0700 Hi Liz, Story in /. tonight: << "According to this AP story, the remains of a 66 million-year-old dinosaur suggest that the extinct creatures were warmblooded - not coldblooded as once believed - and capable of the swift and sustained motion typical of modern birds and mammals. A whole site dedicated to the discovery of this specimen is here." >> Your comments about encryption: << Evidently the QNX folks decided to roll their own, closed-source, unreviewed encryption, with the usual results. >> Do you see the parallel between your logic and the logic which decided that dinosaurs were cold blooded? It's the looking under the street lamp because the light is better fallacy. Starting out with only the bones they concluded that dinosaurs were cold blooded because nothing was telling them otherwise. It's only what you don't have that is capable of arguing against you. It's exactly the same when look at the bone yard of proprietary encryption algorithms broken and ignore the "soft tissue" of proprietary encryption which hasn't been broken. Or as most people assume "hasn't been broken yet". Which is exactly what the dinosaur people assumed about the kinds of fossil fragments they had not yet found. Perhaps someday the mathematics of "provable security" will be invented and they will look back at some of the proprietary work done today and discover that some of it was actually warm blooded after all. I see this over and over again. Things which can be measured compared against things which can't be measured. The light is always better under the street lamp. Even the experts fall into this trap. Data directed encryption primitives (which Ron Rivest plays around with) are often rejected because the analytic tools available are not capable of finding defects. Yes, it's true. We reject this approach because we have not yet invented the appropriate mathematical tools for demonstrating that it doesn't work. If we can't even shoot at it we trust it even less. Encryption has become a bravado culture. You are told to wander out into the mine field of techniques which mostly fail, and you are only respected if you emerge safe after being shot at by a hundred different people. This really says a lot more about the inadequacy of our mathematical framework than it does about whether a warm blooded individual who wanders away from the mine field is capable (or not) of getting lucky with a proprietary method. Of course, anyone dumb enough to trust someone who spends too much time alone in a dark room deserves what they get. But that doesn't mean they were wrong. People spend too much time forming opinions about what is technically possible (we don't know) and then end up misplacing the emphasis which belongs entirely on the social issue of what kind of development processes we choose to trust. Allan | ||