Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page All in one big page See also: last week's Back page page. |
Linux links of the weekTired of that boring old "top" display? Have a look at LavaPS as an alternative way of displaying the status of your system. A Linux box becomes a lava lamp, with processes becoming the floating blobs. The size of a blob corresponds to the amount of memory being used; its speed to the CPU utilization. The display shown here was taken as this was being written; the largest blob, fittingly, belongs to netscape. For those looking for more security information than LWN provides, have a look at LinuxLock.org. There you'll find a news stream restricted to security items related to our favorite operating system. Section Editor: Jon Corbet |
May 25, 2000 |
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
Date: Mon, 22 May 2000 21:38:47 +0000 From: Chris Waters <cwaters@cp.net> To: letters@lwn.net Subject: OpenMotif and freedom On the front page of this week's LWN, I see the following quote: "Chances are, anyway, that the license will prove good enough to get Open Motif onto the CDs of most or all of the major distributions." Maybe most, but never all! As long as the license fails to meet the requirements of the Debian Free Software Guidelines (sometimes known as the "Open Source Definition"), it will not be included with Debian GNU/Linux (or Debian GNU/Hurd, or any other Debian OSes that may appear). And I suspect most people would consider Debian to be a "major distribution." This all also raises some interesting questions with respect to the (in)famous "system libraries" clause of the GPL. It seems likely that any GPL'd software that depends on Motif will still be unable to link legally with OpenMotif in most cases, which will continue to limit the usefulness of OpenMotif. I just hope it doesn't create licensing flamewars like in the early days of KDE. Moreover, I hope it doesn't lead to widespread attempts to subvert or violate free software licenses -- too many distributors already seem to have a cavalier attitude about such things. cheers -- Chris Waters, Programmer, Madman-at-large | cwaters@cp.net or xtifr@debian.org | ||
Date: Thu, 18 May 2000 09:23:42 -0400 To: ckuskie@cadence.com Cc: letters@lwn.net Subject: Re: Programs that run random code From: Jody Goldberg <jgoldberg@home.com> On May 11 Colin wrote : > - Macro capabilities inside the open-source spreadsheets and word > processors are just as dangerous. Imagine if you could get root > to run a Gnumeric spreadsheet with Scheme/Python/Perl bindings. This is not the first time someone has raised the spectre Gnumeric's scripting being a security problem. Hopefully this rumour will die out as the authors start to use Gnumeric. All scripting support is fully under user control. A user can add new spreadsheet functions to Gnumeric using a scripting language, but they must be installed and loaded explicitly by the user. We have _intentionally_ not enabled support for Gnumeric to run scripts embedded in spreadsheets files. The capability will only be made available when it can be done securely. | ||
Date: Thu, 18 May 2000 00:15:17 -0700 From: Joey Hess <joey@kitenet.net> To: letters@lwn.net Subject: perl is not dead[In reference to this Segfault article referenced in last week's LWN -- ed] There's a reason Larry Wall became so interested in unicode a few years ago. There's a reason perl now supports unicode throughout, including unicode variable names. ;-) -- see shy jo, just another perl hacker | ||
Date: Thu, 18 May 2000 14:30:18 -0700 (PDT) From: "Alan W. Irwin" <irwin@beluga.phys.uvic.ca> To: letters@lwn.net Subject: When will KDE and Debian get together? After several years experience with Slackware and Redhat I have recently installed Debian, and I like it a lot except for the lack of *official* Debian support for KDE. You can get Debianized packages for KDE from ftp://debian.tdyc.com/ and related sites, but these are not officially supported or even referred to by the Debian site. As far as I know this is the only major open-source package that is not officially supported by Debian. I suspect this bad situation is a leftover from the old flame wars that used to erupt between GNOME and KDE supporters. It was alleged at the time of those flamewares that although KDE itself was GPLed, the package could not really be considered free since it depended on the Qt-1 library which was not. What is ironic about the exclustion of KDE from Debian now, is that the Qt-1 library is actually officially supported by Debian! I personally think this whole situation is rather petty, but I was willing to give Debian some slack so they could gracefully back down from their impossible position especially now that both Qt-2 and KDE-2 are coming out under free licenses. Thus, I was very disappointed by the interview with Martin Schulze pointed to in your 18 May issue which in Babelfish translation seemed to indicate that KDE-2 would not be officially supported under potato, but it might be under woody. The reasons might be legitimate ones but they were obscured in translation. I would appreciate LWN looking further into this mess to see if reason will prevail. By the way, I am a fairly lukewarm KDE supporter. I like some aspects of fwvm a lot more. But in the interests of fairness, I don't see why this official Debian discrimination against KDE continues. Alan W. Irwin email: irwin@beluga.phys.uvic.ca phone: 250-727-2902 FAX: 250-721-7715 snail-mail: Dr. Alan W. Irwin Department of Physics and Astronomy, University of Victoria, P.O. Box 3055, Victoria, British Columbia, Canada, V8W 3P6 __________________________ Linux-powered astrophysics __________________________ | ||
Date: Thu, 18 May 2000 02:59:16 -0700 From: Nathan Myers <ncm@nospam.cantrip.org> To: letters@lwn.net Subject: Re: proprietary distros? To the Editor, Kevin Lyda wrote: > Nathan Myers wrote: > > Perhaps once Potato is out, Debian will just take over the world; > > then all those people working on proprietary distros can go home > > and do something productive instead. :-) > > ... > redhat for one has done a great deal to increase the amount of gpl'd > code available, including but not limited to their own distribution. > to call mandrake and redhat [proprietary] is a disservice to the > entire free software community by watering down the true meaning of > proprietary. I'm not sure why I'm replying to a complaint about an obvious joke... probably because the complaint appeared in LWN. Or maybe I thought it offered an opportunity to explain something. Despite their pretty-good behavior, Red Hat and other commercial distributions are strictly "proprietary" by every dictionary definition. They are _owned_. All their decisions are made to please their owners first, their paying customers second, and anybody else last. Any other behavior is _against_the_law_, and would open them to lawsuits and prosecution. The Debian Project, and its host Software in the Public Interest, Inc., by contrast, are not beholden to absentee owners, shareholders, or the quarterly balance sheet. They are governed by their charter, and the charter gives control directly to the developers. If you want to change the way the Debian project is going, you can become a developer by a well-defined public process, and then make the change directly by coding it, or indirectly by persuading the other developers on the public mailing lists. If you want Red Hat or Mandrake to change their distribution or behavior, you have no choice but to go to them, hat in hand, and beg (or buy) their cooperation. They must weigh your request, if they pay it any attention, not by benefit to the community of Linux (or even of Red Hat) users, but against the immediate benefit to the owners. At the moment the two happen to coincide to an unusual degree, but if Red Hat comes to dominate the operating system marketplace, that must (by law!) change. The more successful Red Hat becomes in establishing market share, the more quickly that change will occur. Software licensing can be a powerful tool or a weapon. It can be used in the public interest or as a bludgeon against competitors. Free Software licenses are no less useful as corporate bludgeons than "proprietary" licenses. Thus, a corporation can release Free Software for purely selfish reasons. In the case at hand, Red Hat is using the GPL to reduce the marketplace value of operating system licenses, thus attacking a major source of Microsoft's revenue. While we may cheer them on, we should remember that it's not being done particularly for _our_ benefit. Thus, it is correct in every sense to call these commercial distributions "proprietary", even if their parent companies release lots of their code under the GPL and pay salaries to famous developers. We should laud them for doing it without becoming confused about their true corporate motivations. (The motivations of their employees is another matter entirely. Whose personal goals ever exactly match their employer's?) Many of us prefer to devote our attention and efforts to projects that are explicitly in the public interest, and that seem likely to thrive. The Debian Project is one such choice. If Corel and Stormix use Debian's better reliability and outstanding package management as a bludgeon against Red Hat, that is their right under the GPL. It doesn't affect the value to the community of our work on Debian itself. Nathan Myers ncm@nospam.cantrip.org | ||
Date: Fri, 19 May 2000 19:11:36 -0700 From: Eric B <ewbish@theriver.com> To: letters@lwn.net Subject: Nessus Security Scanner 1.0 Release A while back you made a reference to the Nessus security tool. I went to the web site and downloaded/compiled it. I just wanted to say that this is one of the finest security tools ever made. I think LWN and Open Source users everywhere owe the Nessus team a standing ovation. It is applications as solid, well put together, and robust as this that exemplify the superiority of Open Source over shrink wrap. Good job guys!!!! Eric Bueschel | ||
|