Bringing you the latest news from the Linux World.
Dedicated to keeping Linux users up-to-date, with concise
news for all interests
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page
Other LWN stuff:
Archives/search
Recent features: Here is the permanent site for this page.
|
Leading items and editorialsLinuxMall.com and EBIZ to merge. LinuxMall.com and EBIZ have announced that the two companies have signed a letter of intent to merge. The new company, which will retain the LinuxMall.com name, will be positioned as the largest Linux "shopping mall" on the net, with large product lines on the hardware and software sides both. Even though LinuxMall.com will end up in control of the new company, it is being structured as an acquisition of LinuxMall.com by EBIZ. Things are being done this way because EBIZ is already a public company. LinuxMall.com had an IPO process in the works, but current market conditions are not all that friendly to Linux IPOs. By joining with EBIZ, LinuxMall.com gets a quick path to a publicly-traded stock and doesn't have to go through the whole, long IPO routine. The details: there are currently just over 8 million shares of EBIZ outstanding, traded on the over-the-counter market. By the time the deal is done, that number will go up to approximately 24 million. EBIZ has been trading in the $2-3 range since April. If the combined company can get that value up over $4 for at least a month, the stock will qualify for listing on the NASDAQ (where they evidently want the symbol "LINX" - the same one LinuxOne wants). LinuxMall.com management and "affiliates" will have a one-year holding period on their new EBIZ stock, so much of the new stock will not hit the market for some time. This deal is an important milestone on a very long road for LinuxMall.com, which is truly one of the original Linux companies. It started out as "Work Group Solutions," founded by Mark Bolzern. WGS, back in 1993, was looking for a stable environment for its business, and gave Linux a try. Shortly thereafter, Mr. Bolzern discovered the "Clipper" language, which was then available on SCO systems. He talked with folks at Multisoft, who produced the "Flagship" Clipper compiler, and managed to convince them to do a Linux port; WGS then resold the resulting product. Mr. Bolzern tells us that it was, to the best of his knowledge, the first commercial product ever to run on Linux. There was just one problem: the Slackware system that almost everybody was using in those days was a hard platform to support products on. Linux was young, and things were changing all the time: file layouts, libraries, etc. In order to have a more stable system, WGS put together a distribution called "LinuxPro"; it was based on Slackware, but was developed and maintained to be more consistent and not break commercial products. To Mr. Bolzern's surprise, LinuxPro quickly began to outsell Flagship. It grew to the point that it won a "Best of Show" award at the 1995 Comdex. The 1995 Comdex show was also a watershed event in that it was the first to feature a Linux Pavilion. The separate area for Linux was also a result of Mr. Bolzern's work; he pushed for and organized it in the belief that it was best for the fledgling Linux commercial sector to show a unified front and grow the market share of Linux as a whole. Subsequent events have certainly supported this view. As other early Linux distributors, such as Caldera, emerged, LinuxMall.com slowly withdrew from that market. LinuxPro is actually still available - though in 1995 it changed its base to become perhaps the first commercial distribution to add on to Red Hat. But LinuxMall.com decided to focus on reselling the products of others. It has played a crucial role in providing a market for Linux products, large and small. There is a large and vibrant Linux market now; LinuxMall.com laid much of the foundation that allowed that market to exist. The respect shown in the long-term Linux community can be seen in the makeup of LinuxMall's advisory board: Michael Cowpland, Alan Cox, Gael Duval, Adam Goodman, Jon "maddog" Hall, Miguel de Icaza, Ronny S.L. Ko, Ransom Love, Don Rosenberg, Linus Torvalds, and Ted Ts'o. Mr. Bolzern fears some will be disappointed that, with this merger, the opportunity to do a directed share program with its IPO has been lost. That may well be, but LinuxMall.com has already done much to bring about the current success of Linux - and it did this many years ago, when there was far less money flying around. Mr. Bolzern also thinks that the merger with EBIZ may provide a better way to reward people: he sees EBIZ stock as being currently heavily undervalued. Nobody can say for sure, but the combined company may prove to be worth substantially more. Says Mark: "I hope instead of a huge bounce, that this approach will bring solid long term growth in a stock worth holding." PHP 4.0 has been released. The announcementfor this long-awaited release came out on May 22. PHP is perhaps the most common Apache add-on, running on millions of web sites. It is the motor behind no end of dynamic, database-driven sites and the basis of the Midgard application server. So a new PHP release will eventually affect a large portion of the web. There is actually relatively little in the way of new features with this release - the big changes are mostly hidden under the hood. At the top of the list is the new "Zend" engine, which is said to greatly speed the execution of PHP code. Zend also brings reference counting (leading to better memory utilization), better object support, and even a boolean type. PHP 4.0 also features a new "server abstraction layer" that makes it easier to host PHP on servers other than Apache. The 4.0 release is currently supported on Apache and IIS. One other nice feature of PHP 4.0 is backward compatibility. It should be possible for most sites to upgrade without having to dig into their scripts and fix things. The change to version 3 was not so easy; it is nice to say that fewer problems await PHP webmasters this time around. Congratulations are due to the PHP team for this milestone release. See the PHP web site for more information. Lineo has filed for an IPO. The company seeks to raise on the order of $60 million from the offering. No offering time has been set, of course, but it generally takes about two months from the filing for the stock to actually go out. Thus, one can maybe expect Lineo to go public sometime around mid-July. LWN has posted an analysis of Lineo's IPO filing as a feature article. These filings always give some interesting insights into how a business works, and Lineo's is no exception. In some ways, Lineo looks less like a Linux company and more like a traditional software company. It plans to make its money on the sale of proprietary software components - in this case its embedded web browser and the "Embedix Software Development Kit." The core of Embedix - Lineo's embedded version of Linux - must remain free, but there will be proprietary add-ons there as well. In any case, Embedix itself receives little play in the IPO filing; it looks like the loss leader which drives the sales of the other products. Lineo's proprietary model will certainly not endear it to the purists in the free software community. At first reading, Lineo's "GPL statement" seems not to help:
There is often ambiguity regarding the exact meaning of certain clauses or conditions of the GNU General Public License (GPL). Lineo goes on to state that it does not see a number of types of code - such as kernel or Apache modules - as "derivative works" that are covered under the GPL. Lineo can thus extend the kernel via modules and keep the extensions proprietary. One may not like that interpretation, but it does agree with what others - and Linus Torvalds in particular - have said. There is probably very little in Lineo's GPL statement with which a lawyer would be able to argue. Lineo intends to push the GPL as far as it can - but no farther. The fact that Lineo has actually thought about the issue and put together a policy statement is probably a good sign. The timing of this IPO is interesting. The market is being, shall we say, not entirely friendly to Linux stocks in this period. The LWN Linux Stock Index, which came out at 100 in September, 1999, and which peaked over 200 last December, now stands below 60. A number of Linux companies which wanted to go public have not even filed. Linuxcare's IPO died a horrible death. Will Lineo be able to pull it off in this environment? Not even LWN is foolish enough to try to predict what the market will do. But it seems clear that Lineo has taken a difficult and risky path. Lineo's response to the considerable competition it faces (MontaVista, Red Hat, LynuxWorks, TimeSys, plus a whole crowd of well-established, non-Linux players) has been to grow quickly through acquisitions. After having consumed six companies, Lineo stands at a full 200 employees. This is not a bad performance for a pre-IPO company. But those six companies sold with the understanding that Lineo's stock would be worth something sometime soon. And keeping all those employees paid is expensive. Both of these factors will certainly push Lineo toward going public sooner rather than later - even if the timing is perhaps not the best. What happens if this IPO fails? If the market remains grim, a failure is a distinct possibility. Lineo is depending on the IPO cash to keep operating - they say it's enough to keep them going for 15 months. Without that money, Lineo starts to look a lot like Linuxcare: a high burn rate and a shrinking bank account. The company currently has $30 million in the bank, thanks to all the investments it has received. That's a big stash, but 200 employees could burn it up in a hurry. For the sake of Lineo and its stash, one hopes that this gamble (and an IPO is always a gamble) works out. Inside this week's Linux Weekly News:
This Week's LWN was brought to you by:
|
May 25, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Security page. |
SecurityNews and editorialsSecurity in New Places. This week, we took a look at a security report on a commercial product based on Linux. Stephen Friedl placed a posting on BugTraq regarding security problems he saw in Standard and Poor's Comstock's multiCSP, used within a virtual private network to provide real-time stock quotes. This was not the first such report; Kevin Kadow posted a similar, though less scathing review of the security of these systems in March, after contacting the company about the problems in January. Following the thread, it appears that Standard and Poor's was slow to respond to these security reports. A version of the server "burned" in February had, indeed, somewhat improved security, but a customer letterwas not sent until yesterday, May 24th. No effort appears to have been made to fix already deployed servers in the meantime. We contacted Standard and Poor's last week and received a response from them yesterday. They were not yet ready to acknowledge the accuracy of Stephen's original report, in which he documents being able to access and obtain root access on other mCSPs on the VPN after gaining root access on the initial device. They did promise to quickly address other reported security problems, but of course, having been slow to respond to them so far, only the availability of complete fixes in the near future will fulfill this promise. They also stated that they were actively pursuing the issue with Stephen to see if the remote access vulnerability could be confirmed (at which point, they promised to address the problem swiftly). A quick check with Stephen elicited the information that they had indeed contacted him to follow up the report -- after our phone call. We expect that Stephen's report will be verified. Meanwhile, CNet posted an article Wednesday, entitled, "Flaws in S&P service could put companies' data at risk". Standard and Poor's had run out of time to deal with the reported security problem before facing adversarial media scrutiny. This is an example of education through experience. Security issues have real consequences and one area where they can have impact is the potential undermining of customer trust. Enabling clear procedures for handling security reports, verifying them in a timely fashion and keeping customers and the public informed can minimize the potential damage. Standard and Poor's Comstock just had an object lesson to this effect. They get little sympathy from BugTraq members, who have previously educated companies in many other industries and situations. They will get even less if these problems are not addressed in the near future. Web-site defacements, sorted by OS. Attrition.org has made available an interesting set of charts. Provided are moving 29-day averages of the number of reported web-site defacements, sorted by operating system. Add this to your statistical fodder, for comparing the security of various operating systems. Of course, the preponderance of defacements on Microsoft-based servers could be based on personal biases of the defacers, rather than the ease of the defacement. Sendmail, Inc. on ILOVEYOU. Sendmail, Inc. has issued this press release stating that the ILOVEYOU virus attack demonstrates the need for server-level protection of the variety that is available from, well, Sendmail, Inc. Those who read closely will note the absence of a claim that Sendmail's products would have actually prevented the ILOVEYOU episode. Sendmail, Inc. has also announced the opening of an office in Germany. Guide to Home Networking (justLinux). Here's a look at home-network security from justLinux. "Now, the network's probably not bulletproof, but it is tighter than before the attack. It's about 3 a.m. by the time I get back online. I head to bed feeling like I've done all I could do to stop further attacks. Little did I know that intruders had already setup residency on my box." (Thanks to Jay R. Ashworth) Security ReportsXserver: nasty denial-of-service vulnerability. Chris Evans reported a nasty denial-of-service vulnerability in XFree86-3.3.5 where a malformed packet sent to port 6000 TCP causes the Xserver to lock up the system. This has been confirmed on Red Hat 6.2 and OpenLinux 2.3 and 2.4. For more information, check the SecurityFocus database entry. Note that the problem also occurs with XFree86-3.3.6 and XFree86-4.0, though the behavior is slightly different. qpopper 2.53. Both the FreeBSD and Linux versions of qpopper 2.53 are reportedly exploitable and can be made to provide a remote attacker with shell access (uid=mail). An upgrade to qpopper 3.1 is recommended. Note that not everyone is comfortable with the security of 3.1 which is still in beta. fdmount. Arend-Jan Wijtzes reported an exploitable buffer overflow in fdmount. The potential exploit requires that fdmount be installed suid root and is only exploitable by someone in the "floppy" group. An exploit has been published. Slackware 4.0 and 7.0 and Linux-Mandrake 7.0 were reported vulnerable. Slackware 3.5 and Debian 2.X were reported not vulnerable. PGP 5.0. A security flaw has been reported in the Linux and some BSD implementations of the PGP 5.0 protocol. PGP 2.X and 6.5 are reported not to share this problem. MDBMS. A remote exploit for MDBMS has been published on the BugTraq mailing list, along with an unverified patch to fix the problem. gdm. A buffer overflow vulnerability has been reported in Gnome gdm. No distributions have been found vulnerable so far because they are shipped with "Enable=0" in the gdm configuration file. You may be impacted if you compiled Gnome from source. Modifying the configuration file will resolve the problem. Check the SecurityFocus vulnerability database entry for more details. Commercial products. The following commercial products were reported to contain vulnerabilities:
Updatesmailman. The mailman mailing list manager, as shipped with Red Hat Secure Web Server 3.0, 3.1 and 3.2, is reported to contain several security vulnerabilities (no details provided). An upgrade to mailman-2.0beta2 is recommended to close these holes. dump. Security-related buffer overflows in dump were reported originally in the March 2nd, 2000 LWN Security Summary. For more details, check the SecurityFocus database entry.
Kerberos. We mentioned that multiple, exploitable buffer-overruns had been reported in the MIT and Cygnus Kerberos implementations in last week's Security Summary. This week, an additional Kerberos patchwas provided. This will only be needed if you are compiling krb5-1.1.1 from source with the "--without-krb4" option. If you are, be sure to apply the patch. The results without it are reported to be "disastrous". CERT has also issued an advisoryregarding the Kerberos vulnerabilities. It contains additional information about the NetBSD and OpenBSD Kerberos implementations, which are based on the KTH implementation and therefore believed to not be vulnerable. Chris Evans also posted a followup, with information on other potential problems with Kerberos that he provided a few weeks ago. Netscape SSL. Problems in the manner that Netscape handled invalid SSL certificates have been fixed in Netscape 4.73. Check last week's Security Summary for details. lynx. After a series of reported security problems with the lynx text-based web browser dating back to September of 1999, the code has at last undergone a thorough audit. The latest version, lynx-2.8.3pre.5, is believed to close all major holes. xemacs. A couple of problems in xemacs have been fixed, including the insecure creation of temporary files and snooping of other users' keystrokes. Although not confirmed, these may be related to similar problems reported with emacs in April. gnapster/knapster. For more information, check out the security report in last week's Security Summary. openldap tmplink vulnerability. A tmplink vulnerability was reported in openldap. Check the April 27th LWN Security Summary or Red Hat Bugzilla ID 10714 for more details.This week's reports: Previous reports:
ResourcesOpenSSH Linux port. A new version of the Linux port of OpenSSH has been released. It includes a large number of bugfixes. checkps. Development on checkps, a Linux rootkit detector, has recommenced. A new version is now available via CVS, containing a fix for a non-exploitable buffer overrun, in addition to other small fixes and features. EventsJune security events. June 12-14, 2000. NetSec 2000, San Francisco, California, USA. June 25-30, 2000. 12th Annual First Conference, Chicago, Illinois, USA. June 27-28, 2000. CSCoRE 2000, "Computer Security in a Collaborative Research Environment", Long Island, New York, USA. Section Editor: Liz Coolbaugh |
May 25, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Kernel page. |
Kernel developmentThe current development kernel release is 2.3.99-pre9. Most of this patch is a large MIPS64 update; also included is a rewrite of the parallel port documentation, a new ST TDA7432 audio processor chip driver, a number of IDE driver tweaks, a devfs update, an NFS update, a large Digi Accelport USB serial driver update, IPv6 support in netfilter, and the usual array of small tweaks. 2.3.99-pre9 also contains the results of continued work on the memory management problems that have afflicted recent kernels. Progress has been made - 2.3.99-pre9 is far more responsive than 2.3.99-pre8 was. There are still complaints about poor I/O behavior, however; some work remains to be done. A 2.3.99-pre10 preprepatch is available, in its third revision as of this writing. It contains a pair of drivers from H. Peter Anvin that provide access to the x86 "model specific registers" and CPUID information, a SiS 300/630/540 frame buffer driver, and some Sparc tweaks. Alan Cox posted a new 2.4 jobs list on May 25. The current stable kernel release is 2.2.15. The 2.2.16 prepatch is at 2.2.16pre4. There is currently no word on when the official 2.2.16 release might come out - it will probably be a while yet. Eric Raymond hacks up a new kernel configuration scheme. The Linux kernel is a complicated beast, with a great many different ways in which it can be built. Anybody who has ever built their own kernel has had to deal with the kernel configuration mechanism (kbuild), which deals with all of these options. This mechanism selects which capabilities are to be built into the kernel, handles dependencies (i.e. no ethernet cards if the kernel isn't built with networking), and presents three different interfaces (command line, curses, and X) to the user. Kbuild, in handling all these tasks, has evolved into a complicated piece of code in its own right. It's also a twisted mess of shell scripts, Tcl/Tk scripts, awk scripts, perl, and C code. It's hard to maintain, hard to understand, and unable to be adapted to meet the user interface needs of a large number of Linux users. Not everybody really wants to plow through many hundreds of individual, detailed configuration options, after all. Eric Raymond tried to do some of this interface work back in March, and finally posted a frustrated message to the linux-kbuild list in which he said: I've been examining the existing kernel configuration system, and I have about concluded that the best favor we could do everybody involved with it is to take it out behind the barn and shoot it through the head. Eric, of course, is well equipped to do exactly that. The very same day, long-time kbuild maintainer Michael Elizabeth Chastain posted a note saying that he could no longer keep up with maintaining the system; a new maintainer was requested. Quite a bit of discussion followed, but absolutely nobody spoke in favor of retaining the existing code. So Eric went off to start hacking on a new kbuild system. On May 24, he released the new implementation, which he calls "CML2." CML2 is a new "mini-language" which is designed for the specific task of configuring kernels. A "ruleset" is written in CML2 which describes all of the available kernel options and their dependencies; a compiler is then run on the ruleset to create the "rulebase." Any of a number of configuration front ends can then read this rulebase and use it to configure a kernel. The CML2 language has a number of advantages, not the least of which is that it was designed as a coherent whole, rather than slowly growing into a big mess. It is claimed to be more expressive; the 7000+ lines of old configuration code are reduced to 2400 lines of CML2, though one should also probably count the almost 2000 lines of CML symbol definitions which define the various options. The new scheme also makes a clear distinction between the configuration language and the user interface, allowing the two to be developed independently. Eric's hope is to get people playing with the new system now, with an eye toward inclusion in the 2.5 development series. It can coexist with the current kbuild system, and, as has been noted, the current scheme has few defenders. Thus, if CML2 works, one might anticipate that it would be adopted with little trouble. The one sticking point may be that it's written in Python; not everybody wants to have to keep a Python system around. Thinking toward the future. A number of people posted articles on possible future developments this week. They include:
Other patches and updates released this week include:
Section Editor: Jonathan Corbet |
May 25, 2000
For other kernel news, see: Other resources: |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Distributions page. |
DistributionsPlease note that security updates from the various distributions are covered in the security section. Embedded DistributionsThe embedded Linux market heated up this week, most likely in response to the Lineo IPO announcement (covered on this week's front page). As a result, we saw an increase in both press releases and articles on embedded Linux players, including the following:
New distributionsCafe Linux. A new distribution, called Cafe Linux, has been announced. Cafe Linux is a Spanish-language distribution produced in Colombia. A quick look at the FTP site shows the signs of a Red Hat-derived distribution. More information (in Spanish) may be found on the Cafe Linux web site. Bastille LinuxBastille Linux 1.1.0.pre5. A typographical error in the source code for Bastille 1.1.0.pre4 caused the text user interface to break. This has been fixed in the new version. Caldera OpenLinuxCaldera Systems reports second quarter results. Caldera Systems has announced its second quarter results - the first such announcement since the company went public. For the quarter ending April 30, they brought in $1.4 million - up from $544,000 a year ago. They managed to lose $9.2 million during the quarter. The analysts seemed pleased with the results, as exemplified by the increased Caldera estimate in Robertson Stephens Daily Growth Stock Update. "We believe Caldera is first to market with its strategy to expand past the standardized desktop Linux into Linux for eBusiness, specifically servers and eCommerce. As companies require the most scalable and robust systems for their eCommerce activities and server needs, Linux becomes an important option, in our view." Debian GNU/LinuxDebian Weekly News (May 24). This week's Debian Weekly News reports the end of the first test cycle and what they learned from it. Packages with release-critical bugs will be removed on the 25th and 26th and the next test cycle will begin on May 29th. This will allow them to get a full release kernel in place, rather than a pre-release kernel, and fix some problems with the boot-floppies. Other news touched on the upcoming Debian Conference in France (planned to be a roving annual event), the ftp.debian.org server, which has been connected to an International backbone in preparation for the next release, and more. Elfstone LinuxElfstone Linux ISO image available. First announced in the February 24th, 2000 LWN Distributions Summary, Elfstone Linux is currently available in beta form. They have released their the first ISO image of that beta, calling themselves "the World's First Motif-Enabled Linux Distribution". That, of course, is not counting old versions of Red Hat that used to include Motif support. Check the Slackware section below to see another Linux distribution that has quickly become "Motif-Enabled".LinuxPPCExpanded RPM archive. LinuxPPC has announced the update and expansion of their RPM archive at ftp.linuxppc.org. LuteLinuxTraining and Certification. LuteLinux put out two press releases this week, one on their training and certification and another one their trainer certification. It appears that they are setting up yet a third certification authority, not in coordination with either the Linux Professional Institute (LPI) or Red Hat. Red Hat LinuxSurvey.com study reports Red Hat lead. Survey.com has released a study, aimed at IT decision-makers, which reports 64.2% of them name Red Hat as the primary "open source Unix distribution" they use. The study also indicates that, among companies not currently using an "open source Unix distribution", 80% of them are considering Red Hat. The 600 study participants were only in the United States and generally represented large companies, some of them in the Fortune 500. Bill Gates files to sell some Red Hat shares (Reuters). According to this Reuters article, Cascade Investment LLC has filed to sell $450,000 worth of Red Hat shares. Cascade is evidently controlled by none other than Bill Gates. Slackware LinuxSlackReiser 2. New disk images to support the installation of Slackware 7 on a Reiserfs partition have been announced. Updates to current. Gdb 5.0 and OpenMotif 2.1.30 were added to the Slackware current tree this week, among other actions. SuSE LinuxSuSE now distributing Loki's Heavy Gear II. Loki and SuSE happily announced that SuSE is now distributing Loki's most recent release for Linux, Heavy Gear II, which uses the LGPL'd OpenAL library. "Linux games play a significant role in the success of the desktop market. Through the common efforts of the Linux community, most recently with OpenAL and the XFree86 version 4.0, ensuring enhanced 3D graphics card support, decisive steps forward have been taken." TurboLinuxTurboLinux and RSA Security announce deal. TurboLinux has announced a deal with RSA security wherein TurboLinux will offer RSA's "BSAFE SS-C" software with its server distribution. Section Editor: Liz Coolbaugh |
May 25, 2000
Please note that not every distribution will show up every week. Only distributions with recent news to report will be listed.
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Development page. |
Development projectsNetscape and ActiveState sign deal. Netscape and ActiveState have announced a deal where they will cooperate on their development projects. ActiveState gets Javascript, while ActiveState will donate its Python and Perl work to the Mozilla project. Soon you'll be able to script your browser in Python. Add to that ActiveState's choice of Mozilla as a cross platform development framework for Komodo, its Perl and Python integrated development environment (IDE). This endorsement has made a lot of Mozilla supporters happy. The benefits that led ActiveState to choose Mozilla were the facts that it is open source, cross platform , standards compliant and exemplifies a next generation, component architecture. MDC-XSL version 0.1. Minoru Development Corporation has announced the release of MDC-XSL, an XML to HTML converter, under the GPL v2. "MDC-XSL is written in C++ making it highly portable and easily linked directly into other applications. It is the first implementation of XSL technology to be designed specifically as an add-in to other applications." O'Reilly to open source X books?. Bruce Perens reports on a conversation with Tim O'Reilly wherein Tim says that he would be willing to open-source the classic series of X Window System books. What's needed is somebody to put some effort into updating and preparing them for distribution. "Suppose some knowledgeable author wrote a grant proposal to pay enough to maintain the documents for another 5 or 10 years and keep them online?" BrowsersCreating a Mozilla Skin, Pt. 1 (MozillaZine ChromeZone). Chris Nelson, MozillaZine editor, has published the first installment of a nine-part series on building your own Mozilla skin. O'Reilly's Mozilla DevCenter. O'Reilly opened their Mozilla DevCenter on May 19th. DatabasesInterbase 6.0beta news. Interbase is keeping an active list of development tidbits for its upcoming 6.0beta release (under an open source license). EducationSEUL/edu Linux in Education Report. This week's SEUL/edu Linux in Education Report is out. It includes a quick report from LinuxCanada and a bunch of other education-related stuff. GamesInstallation test of Linux games. zocks.de has an article (in German) on installing Linux games. Here's a Babelfish translation. Merchant Empires beta test. Merchant Empires is setting up a beta test for June 10th and is looking for players. Contact Bryan Willett if you are interested. InteroperabilityKernel Cousin: Samba (May 18th). The latest Kernel Cousin: Samba is out. It discusses the Microsoft Kerberos issue and its impact on Samba development, finishing up with this editor note: "[If any of you are like us and a lot of that was a bit over your heads, just nod quietly and agree with Chris Hertel: "What pleases me most about this conversation is that we seem to have some very knowledgeable folks on the list and that there is progress being made. Time for me to go into learn mode. Thanks everyone!"]" Wine Weekly News (May 23). This week's Wine Weekly News reports on the latest Wine development and discussions on the Wine mailing list, including OpenGL optimization and MFC compilation (and license change). NetworkingOpenNMS Update (May 23). The latest update from the OpenNMS network management project is now available. It seems they've finally decided to work with a relational database system (RDBMS). Bind 9.0 b3 released. Developers working with IPv6 or DNSSEC may want to check out the latest beta release of bind. At least one more beta release is expected before a release candidate for bind 9.0 is seen. OpenNMS and North Carolina State University announce collaboration. On May 2nd, OpenNMS and North Carolina State University (NCSU) announced a collaboration. NCSU will be deploying the OpenNMS open source network management software on their campus network across several different platforms. "'We have spent months configuring our legacy management systems -- and we still are unable to generate many of the reports we need to satisfy our service level agreements. With OpenNMS, we can get customizable shareware and focus our limited resources on providing the responsiveness and service that our customers want,' said Emer." Office ApplicationsAbiWord Weekly News. This week's AbiWord Weekly News is out. Siag Office 3.3.6. Colour printing for European users and updated German and Danish translations are the major points in this minor release. On the DesktopHelix GNOME packages for Debian. The long wait is over: a set of Helix GNOME packages for the Debian distribution has been released. Writing Gnome Panel Applets (LinuxDev.Net). Part I and Part II of the LinuxDev.net series on writing GNOME panel applets are now available. Web site DevelopmentMidgard Weekly Summary (#39). The Midgard Weekly Summary provides news and information from the Midgard web development platform project. Midgard is a PHP-based open source project. This week, CodeSnippet has been added to the CVS archive, mail archives have been added to the web site and the two-day Midgard Developers Meeting has been scheduled for June 18-19th, 2000 in Karlskrona, Sweden. Zope Weekly News (May 23). This week's Zope Weekly Newscovers the new Zope 2.2 alpha release and links to discussions about Zope and Law Office information, Pyro and security issues. DocBook V4.0 released. DocBook V4.0 and DocBook XML 4.0 have been released. "DocBook is an SGML DTD maintained by the DocBook Technical Committee of OASIS. It is particularly well suited to books and papers about computer hardware and software (though it is by no means limited to these applications)." For more information on DocBook, check their description page, which also contains a brief history of DocBook. May Netcraft Survey. According to the May Netcraft survey, Apache is still the predominant web server at 60.4% of the market, but has lost approximately 1% of its lead. Microsoft was also down, but only slightly. (Thanks to Fabian Wauthier). Section Editor: Liz Coolbaugh |
May 25, 2000
|
|
Development toolsCGDB 5.0 and Insight 5.0 released. GDB 5.0, a new release of the GNU debugger, and Insight 5.0, a graphical interface to GDB, have been announced. C++ support has been enhanced in the new GDB and new configurations have been added for the ARM and PowerPC platforms. [Editor note: the link to the Insight announcement on Appwatch is unstable. In case it does not work when you try it, here is the Insight homepage]. JavaJava 2 Platform Enterprise Edition is Linux Ready. Java 2 Platform Enterprise Edition is Linux Ready, announces this java.sun.com article. "'In reality, it was very easy to make the port,' says Ken Saks, a member of Sun's J2EE technology team. 'It was surprising just how trivial it was to get J2EE technology-based applications to run in the Linux environment.'" Perlperl5-porters (15-21 May 2000). The latest summary from the perl5-porters mailing list is now available. Check it out for hints as to future perl development directions, including a couple of slightly different efforts to support perl on the Palm Pilot. The Perl Journal Vol. 5, No. 1. Perl News reports on the latest issue of The Perl Journal. PHPPHP 4.0 released. Here is the announcement for the long-awaited PHP 4.0 release. Source for PHP 4 for Linux is now available from the PHP web-site. For more information on this release, check our front page coverage. PythonThis week's Python-URL. Here is this week's Dr. Dobb's Python-URL, with the latest from the Python development world. Among other things, Python has now moved to SourceForge. What They're Saying About...The Python Open-Source Language (Software Development). Software Development has collected together opinions from authors, developers and the media on Python and put them together in this short feature article. "'Python is almost bearable (in comparison to either C++ or Java).' -Kent Beck, Smalltalk enthusiast, quoted by Larry Constantine at SD 2000." (From Daily Python-URL). Phil Thompson puts Python and Qt together (SunWorld). Cameron Laird and Boudewijn Rempt profile Phil Thompson, author of PyQt, in this article. "Perhaps it wasn't so surprising. Thompson's career suggests he's comfortable taking technologies to places neither he nor they have been before. In that earlier case, his original intent was to freshen a small application he wrote to manage his household finances. Having written it in C for GEM and DOS, by the late '90s he wanted a Qt-based graphical user interface (GUI) for it. " Tcl/tkDr Dobbs' Tcl-URL (May 23). This week's edition addresses nesting instincts and who should take out the garbage. Section Editor: Liz Coolbaugh |
Language Links Guile Haskell Blackdown.org IBM Java Zone Perl News PHP Daily Python-URL Python.org JPython Smalltalk |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Commerce page. |
Linux and businessScriptics changes name to Ajuba Solutions Scriptics, the company that was once John Ousterhout's vehicle for the commercialization of Tcl/Tk and related technologies, has announced a name change to "Ajuba Solutions." The change in name goes along with a change in the company's focus. Tcl/Tk is no longer a primary focus, now it's XML. Where once the company focused on tying together disparate programs within an organization, now the focus is on business-to-business integration. The company has also renamed its flagship product from Scriptics Connect to Ajuba2. John Ousterhout, Founder and Chief Technology Officer, is quoted in the press release. "This is a natural evolution for a company that was founded on the vision of enabling organizations to integrate complex business processes, technology and devices. The acceptance of Internet and XML technologies provides the springboard to move beyond expensive, proprietary solutions to an open, standards-based platform for business-to-business integration solutions." Ajuba2 is, however, a proprietary product. (Found in Portalux News).
Collab.Net and Opendesk.com sponsor project management specification. Collab.net and Opendesk.com have announced that they are sponsoring the development of an open source project management system - at least through the specification stage.
Three announcements from SGI.
MontaVista's Moves. MontaVista Software has announced the hiring of Gregory Haerr as "Chief Strategist, GUI Technologies." Mr. Haerr is the leader of the open source Microwindows project, which provides both the X11 and Win32 (subset) APIs in a small package. MontaVista also announced a port of its Hard Hat Linux embedded distribution to the "Programmable Intel Compute Appliance." They claim the port took less than 90 minutes.
Mission Critical Linux announces Palm-based monitoring package. Mission Critical Linux has announced a new support mechanism which allows system administrators to monitor their networks with a wireless Palm system.
Red Hat. Red Hat has announced the expansion of its support program to include a new per-server pricing scheme. The Red Hat Center has announced the awarding of its first set of grants. In keeping with the times, the grants are relatively political in nature: they went to the Electronic Frontier Foundation, probono.net, and the Center for Media Education.
VA Linux Systems. VA Linux Systems has announced its revenues for the quarter ending April 28. Their revenue was $34.6 million for the quarter. Services revenue was up to $1.5 million - still a small piece of the total at just over 4%, but growing quickly. On a lighter note, VA Linux Systems announced that its servers ran the "static web page content" behind the Victoria's Secret Fashion Show Cannes 2000 Fashion Show Webcast on May 18.
Intrinsyc unveils Linux-based platform . Intrinsyc has announced its "CerfBoard" - a small, StrongArm-based single-board computer that comes with Linux installed.
Cobalt Networks announces 'StaQware'. Cobalt Networks has announced its "StaQware" product - a high-availability clustering setup for web serving applications.
Caldera to bundle Legato NetWorker. Legato Systems has announced that Caldera Systems will be bundling the NetWorker and Cluster products with the eServer distribution. Press Releases:
Section Editor: Rebecca Sobol. |
May 25, 2000
|
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Linux in the news page. |
Linux in the newsRecommended Reading Here's a Washington Post article on Gnutella. "At a time when the general assumption is that the World Wide Web's destiny will be guided by international conglomerates such as AOL, Amazon.com Inc., Yahoo Inc. and Microsoft Corp., Gnutella is the unexpected variable. Its very existence is a statement about the wild nature of the Web and how difficult it will be for anyone to tame it. It is also a dramatic display of how easily the Internet can be transformed or at least shaken by smart computer programmers who are barely old enough to drink or drive." Just for contrast, it's worth including a second quote from later in the article: "As Gnutella's popularity grows, its corporate parent has taken notice. In a recent interview, Time Warner's Levin and AOL President Bob Pittman suggested the technology could be harnessed, given time. Pittman said the interest in the project simply represents 'consumer demand before the launch of a product,' meaning a controlled system for distributing copyrighted information." No comment. GNULinux.com posted this interview with Richard Stallman. "You see, companies could engage in kinds of business that respect our freedom and promote our freedom. And they could also engage in kinds of business that take away our freedom. It's the people who might be their customers who control which direction the companies actually choose. This means it's all the more important for the software users, in their millions, to be thinking about issues of freedom and not just of short term convenience." LinuxMall/EBIZ Merger Forbes reports on the LinuxMall/EBIZ merger. "Jeffrey Rassas, founder and CEO of eBiz, will become president of the combined company. He says the merger came together after investment banker Chase Hambrecht & Quist, convinced that LinuxMall could not mount an IPO anytime soon, suggested the companies talk to each other. In other words, the lousy market drove LinuxMall into the waiting arms of eBiz." The Rocky Mountain News also covered the LinuxMall/EBIZ merger. "The deal combines two companies that own some of the most visited Linux sites on the World Wide Web. LinuxMall.com records about 20 million page visits per month at its online shopping site and affiliated sites. eBiz, out of Scottsdale, Ariz., owns TheLinuxStore.com and LinuxLabs.com, among others." Lineo Here's a lengthy Upside article about Lineo's IPO filing. "Still, the parallels between Linuxcare and Lineo are there. While some might consider it bad luck to bring up the comparison, investors who still buy into the notion that Linux and the open source development model are changing the software world forever should feel comfortable with the similarities." Of probable interest to any of you following the Lineo IPO, Rick Lehrbaum has published an interview with Lineo CEO, Bryan Sparks. "Bryan: We believe a royalty-based business model is the Linux model that will have the greatest long term revenue potential, while still respecting and supporting open-source and the rules of GPL." The Salt Lake Tribune reports on Lineo's IPO filing. "Lineo, based in Lindon, has hired more than 140 people since September and now employs about 160. It also has been on a bit of a buying spree, acquiring six Linux companies so far this year. Including those acquisitions, the company would have lost $9.9 million on sales of $4.6 million in its last fiscal year." VA Linux Here's a News.com article about the latest from VA Linux Systems. "The company today will introduce model 2130, a single-processor, 3.5-inch thick rack-mounted machine with starting prices less than $1,400, said Brian Biles, director of marketing at VA. In the longer term, VA has ambitions to steal market share for more expensive systems away from Sun Microsystems. 'I don't think (Sun) can sell effectively anymore' to companies setting up large numbers of computers for high-traffic Web sites, said Biles, who in his last job plugged Sun network software. 'They're turning into a mainframe company.'" Upside looks at VA's latest quarterly results. "After weeks of serving as the poster child for disappointing market performance, VA Linux (LNUX), the same company that epitomized last year's Linux frenzy, finally had some financial numbers to throw back in critics' faces Tuesday." Here's a brief article about VA Linux hosting the Victoria's Secret online fashion show. "In the world of Open Source software and Linux, these two do not have to be restricted to the back of the enterprise. Linux can be as sexy as the next pretty girl walking down the catwalk." Business According to this News.com article, Alpha Processor Inc. plans to move into the Linux systems business, with an emphasis on clusters. "Alpha Processor's new machine will consist of a collection of smaller, two-processor Alpha computers, each running its own copy of Linux but the whole system acting essentially as a single large server, [Alpha CTO Gerry] Talbot said. The machines will have from 16 to 30 two-processor systems, though the design will work for machines with hundreds, he said." News.com reports on the IA-64-related announcements from HP, SGI, and Red Hat. "The three announcements illustrate the cooperative nature of the Linux movement: All the companies involved, as well as others, can take advantage of the software its competitors are releasing. By comparison, Microsoft and Sun are working separately to develop Itanium versions of their own operating systems." ZDNet has put up a lengthy report on the trouble at Linuxcare. "What went wrong at Linuxcare? Just about everything, as this exhaustive investigative report by Sm@rt Reseller reveals. Interviews with more than one dozen current and former Linuxcare employees--most of whom spoke under the condition of anonymity--paint a dramatic picture of a company that was doomed from the moment it left port." Here's a ZDNet article on IBM's support of Linux on the S/390. "IBM said it was providing more input to the open-source development effort than its rivals. UK senior consultant Clive Druett said IBM has already had several enhancements -- to performance tools, file system journaling and file serving -- accepted by the committee that controls Linux." Upside looks at Linux for the S/390. "Linux on mainframes? Crazier things have happened. Still, for an operating system that has built its reputation in the low-cost server market, the jump to big iron offers interesting evidence of market forces at play." The same article also has reports on the Slashdot/Microsoft confrontation and the death of the Corel/Inprise merger. Here's a story in the Montreal Gazette about Corel's problems. "Of course, the desktop Linux market might come alive, at which point Corel will be exceptionally well positioned. The question is, will it be too late?" The Ottawa Citizen looks at Corel's problems. "The latest Corel silver bullet is Linux, the alternative open-source computer language that is finding markets in products ranging from the big server computers that run corporate Web pages and electronic commerce operations to a promising new generation of cheap hand-held and table-top computer appliances." Newsbytes reports that Corel could run out of money within days. "A report in the Toronto-based Financial Post newspaper today said Corel employees are flooding local technology companies with resumes as the financial prospects of their employer appear to be worsening." Napster and other Intellectual Property issues Alan Cox has added his voice to the ongoing debate about napster. He points out that the same technology could be used to legally distribute free software. "Cox is not impressed by the way Napster is being targeted by the music industry. 'Those attacking Napster are trying to set a very dangerous precedent. Instead of attacking pirates they are attacking the technology. Imagine if it had been five years earlier, they would have been trying to shut down the Internet.'" The New Republic looks at the Microsoft vs. Slashdot affair and the freedom issues behind it. "If a website somewhere on the Internet is violating Microsoft's copyright by handing out free copies of Microsoft Word, Gates's team of natty attorneys would be justified in suing to pull the plug. But claiming that hyperlinks to potentially illegal materials are themselves illegal? That's contrary to the openness upon which the World Wide Web was built." Microsoft's claim to trademark status for their Kerberos extensions is under fire by Clifford Neuman, the principal author of the original MIT version of Kerberos. "Far from regarding Microsoft's protected code as a "trade secret," Neuman, who is also a senior research scientist at the University of Southern California, considers it to be wholly derivative. Neuman said he personally described its essentials in a 1993 scientific paper. " Here's a BBC article looking at the security ramifications of the UCITA "remote shutdown" provision. "Thomas Olafson, chief technology officer for ethical hacking group Defcom, said hackers would take it as a challenge if they knew that programs had backdoors built in. 'What hackers do best is spend time finding security weaknesses and a backdoor is a weakness,' he said." (Thanks to Dan York). Scotty Orr wrote in about this Advogato discussion on free software and business. Worth a read. "Free software is best done on a personal scale. It's really an artistic, literary pursuit, done person to person. It isn't easily formulized and it definitely isn't easy to scale it to an industrial size. Big companies don't do 'art'. Real musicians have day jobs." Here is an osOpinion article on intellectual property. "Open Source advocates are usually careful to make a distinction between the types of freedom ("free speech" or "free beer"), but they are less careful with the concepts of ownership, and it is here that the fulcrum of our future rests. Free and open code is not of interest only to programmers and engineers; it is vital to everyone, from middle-class Americans to struggling families in Africa and China. When I proclaim that a piece of software I have created is "Open Source", I am not saying that I own it; I am proclaiming that *all of us* own it." Reviews and other Resources GNULinux.com has run a review of Corel Linux 1.1. "Where Corel Linux really shines is the KDE desktop. Corel has taken KDE and extended it with their own enhancements. If you work in an environment with lots of windows machines Corel may be your distribution of choice." LinuxPapers talks about Linux command documentation. "Most commands come with online help, manual pages or documentation files in various formats. In this article, we will learn how to read manual pages using the man command." O'Reilly is taking an interesting approach to marketing some of their Windows books (Windows 95 in a Nutshell and Windows 98 in a Nutshell). They took a look at their statistics and realized how many Linux people also have to use Windows and figured that this was the audience that would care about what they are offering in their books. "I was recently looking over the shoulder of a very well-known perl hacker as he picked his way through the cascading Windows Start Menu to find a program he wanted to run. He didn't realize that if you have an Address Toolbar running as part of your Taskbar, and know the name of the program, it's as quick to run a program as it is from a UNIX shell." Stepping back to look again at the Red Hat piranha security report of a few weeks ago, ZDnet UK reports on the process that produced the problem. "Lead developer Philip Copeland complained in an online diary that 'the Piranha package was literally nailed together a day before the CD had to be finalised, so there was less than 24 hours for other people to review the code.'" This interview with Joachim Kempin, a Microsoft Senior Vice President in their OEM Division, is primarily about Microsoft's plans but includes some interesting tidbits on their view of Linux, including this quote, likely to become a favorite: "And naturally, we know it's [Linux] there on the server." Finally Take a look at the success of Linux, from a lot of angles. This article builds an impressive list. Nonetheless, the final comment in the article summed it up for us: "...in the end, fun may well be what ensures Linux's success, precisely because fun, the ultimate carrot on a stick for hard-core programmers, cannot be bought and sold." (From WideOpenNews). Here's an article on LinuxPlanet about the Marblehead Inn in Marblehead, Ohio. "I know what she was thinking too. She thought to herself, 'Here's a place at least, where this guy can relax and forget about Linux and work for a while.' Little did she realize that I would get a hardware review out of the deal. You see it turns out that unknown to her, and to my incredible delight--the Marblehead Inn runs Linux." (Thanks to Jay R. Ashworth) Fred Mobach wrote and told us about another Linux Hotel. This one is in Germany. LinuxMall.com has this article about a Detroit area law firm that switched to Linux. "Unique Systems, Inc., a programming and network design firm based in Holland, Ohio, installed a thin-client system running on a Linux server for the law practice of Cummings, McClorey, Davis and Acho (CMDA). CMDA latched onto the Linux scheme, afraid that proprietary software would keep them locked into an unsupported platform and the need for an on-site IT staff. " The Irish Times ran this article raising the familiar "fragmentation" fears. "Will success spoil Linux? After a spectacular rise from a little known, hobbyist operating system to the fastest growing operating system in the computing market, Linux is at the centre of some collective soul-searching." Section Editor: Rebecca Sobol |
May 25, 2000 |
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Announcements page. |
AnnouncementsEventsLinuxUniversity offering Introduction to Perl. LinuxUniversity will be offering an Introduction to Perl class, beginning June 6 in Nashville, TN. The class will run for approximately 8 weeks. It will meet at NLUG's regular meeting place. There is no charge, but donations to NLUG or to the instructor's beer and grocery fund are welcome.Embedded Processor Forum. Cahners MicroDesign Resources (MDR) announced its Embedded Processor Forum, June 12 through 16 at the Fairmont Hotel in downtown San Jose. This year features a panel of experts assembled by the Embedded Linux Consortium who will entertain questions from users, analysts, and members of the press in a no-holds-barred Embedded Linux Affinity Session. Linux track at Inprise/Borland. This year's 11th Annual Inprise/Borland conference will be featuring an entire track devoted to the Linux platform, according to their latest announcement. It will be held July 8th through the 12th in San Diego, California. ApacheCon Europe 2000. The Apache Software Foundation has announced a new conference entitled "ApacheCon Europe 2000," which will be held October 23-25 in London.
Pictures from the DMCA protest. LWN is happy to mirror a set of pictures from the Digital Millennium Copyright Act protest held at the Stanford Law School on May 18. These pictures were originally posted by protest organizer Don Marti - all credit goes to him. User Group NewsCentral Ohio Linux Users Group (COLUG). COLUG will meet Wednesday, May 31. Several speakers are expected.Employment OpportunitiesLinuxMall.com. LinuxMall.com has a number of positions open, especially for developers with PHP experience and junior systems administrators. Interested parties should send a resume to employment@linuxmall.com.bivio. bivio is seeking software designers skilled in building robust, secure, high-performance transaction processing systems using Linux, Apache, mod_perl, and Oracle. |
May 25, 2000
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Software Announcements
|
Our software announcements are provided courtesy of FreshMeat
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page See also: last week's Back page page. |
Linux links of the weekTired of that boring old "top" display? Have a look at LavaPS as an alternative way of displaying the status of your system. A Linux box becomes a lava lamp, with processes becoming the floating blobs. The size of a blob corresponds to the amount of memory being used; its speed to the CPU utilization. The display shown here was taken as this was being written; the largest blob, fittingly, belongs to netscape. For those looking for more security information than LWN provides, have a look at LinuxLock.org. There you'll find a news stream restricted to security items related to our favorite operating system. Section Editor: Jon Corbet |
May 25, 2000 |
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
Date: Mon, 22 May 2000 21:38:47 +0000 From: Chris Waters <cwaters@cp.net> To: letters@lwn.net Subject: OpenMotif and freedom On the front page of this week's LWN, I see the following quote: "Chances are, anyway, that the license will prove good enough to get Open Motif onto the CDs of most or all of the major distributions." Maybe most, but never all! As long as the license fails to meet the requirements of the Debian Free Software Guidelines (sometimes known as the "Open Source Definition"), it will not be included with Debian GNU/Linux (or Debian GNU/Hurd, or any other Debian OSes that may appear). And I suspect most people would consider Debian to be a "major distribution." This all also raises some interesting questions with respect to the (in)famous "system libraries" clause of the GPL. It seems likely that any GPL'd software that depends on Motif will still be unable to link legally with OpenMotif in most cases, which will continue to limit the usefulness of OpenMotif. I just hope it doesn't create licensing flamewars like in the early days of KDE. Moreover, I hope it doesn't lead to widespread attempts to subvert or violate free software licenses -- too many distributors already seem to have a cavalier attitude about such things. cheers -- Chris Waters, Programmer, Madman-at-large | cwaters@cp.net or xtifr@debian.org | ||
Date: Thu, 18 May 2000 09:23:42 -0400 To: ckuskie@cadence.com Cc: letters@lwn.net Subject: Re: Programs that run random code From: Jody Goldberg <jgoldberg@home.com> On May 11 Colin wrote : > - Macro capabilities inside the open-source spreadsheets and word > processors are just as dangerous. Imagine if you could get root > to run a Gnumeric spreadsheet with Scheme/Python/Perl bindings. This is not the first time someone has raised the spectre Gnumeric's scripting being a security problem. Hopefully this rumour will die out as the authors start to use Gnumeric. All scripting support is fully under user control. A user can add new spreadsheet functions to Gnumeric using a scripting language, but they must be installed and loaded explicitly by the user. We have _intentionally_ not enabled support for Gnumeric to run scripts embedded in spreadsheets files. The capability will only be made available when it can be done securely. | ||
Date: Thu, 18 May 2000 00:15:17 -0700 From: Joey Hess <joey@kitenet.net> To: letters@lwn.net Subject: perl is not dead[In reference to this Segfault article referenced in last week's LWN -- ed] There's a reason Larry Wall became so interested in unicode a few years ago. There's a reason perl now supports unicode throughout, including unicode variable names. ;-) -- see shy jo, just another perl hacker | ||
Date: Thu, 18 May 2000 14:30:18 -0700 (PDT) From: "Alan W. Irwin" <irwin@beluga.phys.uvic.ca> To: letters@lwn.net Subject: When will KDE and Debian get together? After several years experience with Slackware and Redhat I have recently installed Debian, and I like it a lot except for the lack of *official* Debian support for KDE. You can get Debianized packages for KDE from ftp://debian.tdyc.com/ and related sites, but these are not officially supported or even referred to by the Debian site. As far as I know this is the only major open-source package that is not officially supported by Debian. I suspect this bad situation is a leftover from the old flame wars that used to erupt between GNOME and KDE supporters. It was alleged at the time of those flamewares that although KDE itself was GPLed, the package could not really be considered free since it depended on the Qt-1 library which was not. What is ironic about the exclustion of KDE from Debian now, is that the Qt-1 library is actually officially supported by Debian! I personally think this whole situation is rather petty, but I was willing to give Debian some slack so they could gracefully back down from their impossible position especially now that both Qt-2 and KDE-2 are coming out under free licenses. Thus, I was very disappointed by the interview with Martin Schulze pointed to in your 18 May issue which in Babelfish translation seemed to indicate that KDE-2 would not be officially supported under potato, but it might be under woody. The reasons might be legitimate ones but they were obscured in translation. I would appreciate LWN looking further into this mess to see if reason will prevail. By the way, I am a fairly lukewarm KDE supporter. I like some aspects of fwvm a lot more. But in the interests of fairness, I don't see why this official Debian discrimination against KDE continues. Alan W. Irwin email: irwin@beluga.phys.uvic.ca phone: 250-727-2902 FAX: 250-721-7715 snail-mail: Dr. Alan W. Irwin Department of Physics and Astronomy, University of Victoria, P.O. Box 3055, Victoria, British Columbia, Canada, V8W 3P6 __________________________ Linux-powered astrophysics __________________________ | ||
Date: Thu, 18 May 2000 02:59:16 -0700 From: Nathan Myers <ncm@nospam.cantrip.org> To: letters@lwn.net Subject: Re: proprietary distros? To the Editor, Kevin Lyda wrote: > Nathan Myers wrote: > > Perhaps once Potato is out, Debian will just take over the world; > > then all those people working on proprietary distros can go home > > and do something productive instead. :-) > > ... > redhat for one has done a great deal to increase the amount of gpl'd > code available, including but not limited to their own distribution. > to call mandrake and redhat [proprietary] is a disservice to the > entire free software community by watering down the true meaning of > proprietary. I'm not sure why I'm replying to a complaint about an obvious joke... probably because the complaint appeared in LWN. Or maybe I thought it offered an opportunity to explain something. Despite their pretty-good behavior, Red Hat and other commercial distributions are strictly "proprietary" by every dictionary definition. They are _owned_. All their decisions are made to please their owners first, their paying customers second, and anybody else last. Any other behavior is _against_the_law_, and would open them to lawsuits and prosecution. The Debian Project, and its host Software in the Public Interest, Inc., by contrast, are not beholden to absentee owners, shareholders, or the quarterly balance sheet. They are governed by their charter, and the charter gives control directly to the developers. If you want to change the way the Debian project is going, you can become a developer by a well-defined public process, and then make the change directly by coding it, or indirectly by persuading the other developers on the public mailing lists. If you want Red Hat or Mandrake to change their distribution or behavior, you have no choice but to go to them, hat in hand, and beg (or buy) their cooperation. They must weigh your request, if they pay it any attention, not by benefit to the community of Linux (or even of Red Hat) users, but against the immediate benefit to the owners. At the moment the two happen to coincide to an unusual degree, but if Red Hat comes to dominate the operating system marketplace, that must (by law!) change. The more successful Red Hat becomes in establishing market share, the more quickly that change will occur. Software licensing can be a powerful tool or a weapon. It can be used in the public interest or as a bludgeon against competitors. Free Software licenses are no less useful as corporate bludgeons than "proprietary" licenses. Thus, a corporation can release Free Software for purely selfish reasons. In the case at hand, Red Hat is using the GPL to reduce the marketplace value of operating system licenses, thus attacking a major source of Microsoft's revenue. While we may cheer them on, we should remember that it's not being done particularly for _our_ benefit. Thus, it is correct in every sense to call these commercial distributions "proprietary", even if their parent companies release lots of their code under the GPL and pay salaries to famous developers. We should laud them for doing it without becoming confused about their true corporate motivations. (The motivations of their employees is another matter entirely. Whose personal goals ever exactly match their employer's?) Many of us prefer to devote our attention and efforts to projects that are explicitly in the public interest, and that seem likely to thrive. The Debian Project is one such choice. If Corel and Stormix use Debian's better reliability and outstanding package management as a bludgeon against Red Hat, that is their right under the GPL. It doesn't affect the value to the community of our work on Debian itself. Nathan Myers ncm@nospam.cantrip.org | ||
Date: Fri, 19 May 2000 19:11:36 -0700 From: Eric B <ewbish@theriver.com> To: letters@lwn.net Subject: Nessus Security Scanner 1.0 Release A while back you made a reference to the Nessus security tool. I went to the web site and downloaded/compiled it. I just wanted to say that this is one of the finest security tools ever made. I think LWN and Open Source users everywhere owe the Nessus team a standing ovation. It is applications as solid, well put together, and robust as this that exemplify the superiority of Open Source over shrink wrap. Good job guys!!!! Eric Bueschel | ||