See also: last week's Back page page.

Linux links of the week

Tired of that boring old "top" display? Have a look at LavaPS as an alternative way of displaying the status of your system. A Linux box becomes a lava lamp, with processes becoming the floating blobs. The size of a blob corresponds to the amount of memory being used; its speed to the CPU utilization. The display shown here was taken as this was being written; the largest blob, fittingly, belongs to netscape.

For those looking for more security information than LWN provides, have a look at LinuxLock.org. There you'll find a news stream restricted to security items related to our favorite operating system.

Section Editor: Jon Corbet

Letters to the editor

Date: Mon, 22 May 2000 21:38:47 +0000
From: Chris Waters <cwaters@cp.net>
To: letters@lwn.net
Subject: OpenMotif and freedom

On the front page of this week's LWN, I see the following quote: 

"Chances are, anyway, that the license will prove good enough to get
Open Motif onto the CDs of most or all of the major distributions."  

Maybe most, but never all!  As long as the license fails to meet the
requirements of the Debian Free Software Guidelines (sometimes known as
the "Open Source Definition"), it will not be included with Debian
GNU/Linux (or Debian GNU/Hurd, or any other Debian OSes that may
appear).  And I suspect most people would consider Debian to be a "major
distribution."

This all also raises some interesting questions with respect to the
(in)famous "system libraries" clause of the GPL.  It seems likely that
any GPL'd software that depends on Motif will still be unable to link
legally with OpenMotif in most cases, which will continue to limit the
usefulness of OpenMotif.  I just hope it doesn't create licensing
flamewars like in the early days of KDE.  Moreover, I hope it doesn't
lead to widespread attempts to subvert or violate free software licenses
-- too many distributors already seem to have a cavalier attitude about
such things.

cheers
-- 
Chris Waters, Programmer, Madman-at-large  |  cwaters@cp.net or
xtifr@debian.org

Date: Thu, 18 May 2000 09:23:42 -0400
To: ckuskie@cadence.com
Cc: letters@lwn.net
Subject: Re: Programs that run random code
From: Jody Goldberg <jgoldberg@home.com>

On May 11 Colin wrote :
> - Macro capabilities inside the open-source spreadsheets and word
>  processors are just as dangerous.  Imagine if you could get root
>  to run a Gnumeric spreadsheet with Scheme/Python/Perl bindings.

This is not the first time someone has raised the spectre Gnumeric's scripting
being a security problem.  Hopefully this rumour will die out as the authors
start to use Gnumeric.

All scripting support is fully under user control.  A user can add new
spreadsheet functions to Gnumeric using a scripting language, but they must be
installed and loaded explicitly by the user.  We have _intentionally_ not
enabled support for Gnumeric to run scripts embedded in spreadsheets files.
The capability will only be made available when it can be done securely.

Date: Thu, 18 May 2000 00:15:17 -0700
From: Joey Hess <joey@kitenet.net>
To: letters@lwn.net
Subject: perl is not dead

There's a reason Larry Wall became so interested in unicode a few years
ago.

There's a reason perl now supports unicode throughout, including unicode
variable names. 

;-)

-- 
see shy jo, just another perl hacker

Date: Thu, 18 May 2000 14:30:18 -0700 (PDT)
From: "Alan W. Irwin" <irwin@beluga.phys.uvic.ca>
To: letters@lwn.net
Subject: When will KDE and Debian get together?

After several years experience with Slackware and Redhat I have recently
installed Debian, and I like it a lot except for the lack of *official*
Debian support for KDE.  You can get Debianized packages for KDE from
ftp://debian.tdyc.com/ and related sites, but these are not officially
supported or even referred to by the Debian site.

As far as I know this is the only major open-source package that is not
officially supported by Debian.  I suspect this bad situation is a leftover
from the old flame wars that used to erupt between GNOME and KDE supporters.
It was alleged at the time of those flamewares that although KDE itself was
GPLed, the package could not really be considered free since it depended on
the Qt-1 library which was not.  What is ironic about the exclustion of
KDE from Debian now, is that the Qt-1 library is actually officially supported
by Debian!

I personally think this whole situation is rather petty, but I was willing
to give Debian some slack so they could gracefully back down from their
impossible position especially now that both Qt-2 and KDE-2 are coming out
under free licenses.  Thus, I was very disappointed by the interview with
Martin Schulze pointed to in your 18 May issue which in Babelfish
translation seemed to indicate that KDE-2 would not be officially supported
under potato, but it might be under woody.  The reasons might be legitimate
ones but they were obscured in translation.  I would appreciate LWN looking
further into this mess to see if reason will prevail.

By the way, I am a fairly lukewarm KDE supporter.  I like some aspects of
fwvm a lot more.  But in the interests of fairness, I don't see why this
official Debian discrimination against KDE continues.

Alan W. Irwin

email: irwin@beluga.phys.uvic.ca
phone: 250-727-2902	FAX: 250-721-7715
snail-mail:
Dr. Alan W. Irwin
Department of Physics and Astronomy,
University of Victoria, P.O. Box 3055,
Victoria, British Columbia, Canada, V8W 3P6 
__________________________

Linux-powered astrophysics
__________________________

Date: Thu, 18 May 2000 02:59:16 -0700
From: Nathan Myers <ncm@nospam.cantrip.org>
To: letters@lwn.net
Subject: Re: proprietary distros?

To the Editor,

Kevin Lyda wrote:
> Nathan Myers wrote:
> > Perhaps once Potato is out, Debian will just take over the world;
> > then all those people working on proprietary distros can go home 
> > and do something productive instead. :-)
>
> ...
> redhat for one has done a great deal to increase the amount of gpl'd
> code available, including but not limited to their own distribution.
> to call mandrake and redhat [proprietary] is a disservice to the
> entire free software community by watering down the true meaning of
> proprietary.

I'm not sure why I'm replying to a complaint about an obvious joke...
probably because the complaint appeared in LWN.  Or maybe I thought 
it offered an opportunity to explain something.

Despite their pretty-good behavior, Red Hat and other commercial
distributions are strictly "proprietary" by every dictionary 
definition. They are _owned_. All their decisions are made to 
please their owners first, their paying customers second, and 
anybody else last. Any other behavior is _against_the_law_, and 
would open them to lawsuits and prosecution.

The Debian Project, and its host Software in the Public Interest, 
Inc., by contrast, are not beholden to absentee owners, shareholders,
or the quarterly balance sheet.  They are governed by their charter, 
and the charter gives control directly to the developers.  If you 
want to change the way the Debian project is going, you can become 
a developer by a well-defined public process, and then make the 
change directly by coding it, or indirectly by persuading the 
other developers on the public mailing lists.

If you want Red Hat or Mandrake to change their distribution or 
behavior, you have no choice but to go to them, hat in hand, and 
beg (or buy) their cooperation.  They must weigh your request, 
if they pay it any attention, not by benefit to the community 
of Linux (or even of Red Hat) users, but against the immediate 
benefit to the owners.  At the moment the two happen to coincide 
to an unusual degree, but if Red Hat comes to dominate the 
operating system marketplace, that must (by law!) change.  The 
more successful Red Hat becomes in establishing market share, 
the more quickly that change will occur.

Software licensing can be a powerful tool or a weapon.  It can be 
used in the public interest or as a bludgeon against competitors.  
Free Software licenses are no less useful as corporate bludgeons 
than "proprietary" licenses.  Thus, a corporation can release 
Free Software for purely selfish reasons.  In the case at hand, 
Red Hat is using the GPL to reduce the marketplace value of 
operating system licenses, thus attacking a major source of 
Microsoft's revenue.  While we may cheer them on, we should 
remember that it's not being done particularly for _our_
benefit.

Thus, it is correct in every sense to call these commercial 
distributions "proprietary", even if their parent companies 
release lots of their code under the GPL and pay salaries to
famous developers.  We should laud them for doing it without 
becoming confused about their true corporate motivations.  
(The motivations of their employees is another matter entirely.  
Whose personal goals ever exactly match their employer's?)

Many of us prefer to devote our attention and efforts to projects
that are explicitly in the public interest, and that seem likely 
to thrive.  The Debian Project is one such choice.  If Corel and 
Stormix use Debian's better reliability and outstanding package 
management as a bludgeon against Red Hat, that is their right under 
the GPL.  It doesn't affect the value to the community of our work 
on Debian itself. 

Nathan Myers
ncm@nospam.cantrip.org

Date: Fri, 19 May 2000 19:11:36 -0700
From: Eric B <ewbish@theriver.com>
To: letters@lwn.net
Subject: Nessus Security Scanner 1.0 Release

A while back you made a reference to the Nessus security tool.  I went
to the web site and downloaded/compiled it.  I just wanted to say that
this is one of the finest security tools ever made.  I think LWN and
Open Source users everywhere owe the Nessus team a standing ovation.  It
is applications as solid, well put together, and robust as this that
exemplify the superiority of Open Source over shrink wrap.  Good job
guys!!!!
Eric Bueschel