Sections: Main page Security Kernel Distributions Development Commerce Linux in the news Announcements Back page All in one big page See also: last week's Back page page. |
Linux Links of the WeekWhat is CERN up to nowadays?. Sometimes dubbed the "place where the Internet was invented", CERN is currently apparently looking at LIGHT these days. That is, they are looking at Logical Information Global HyperText, a "system that automatically represents and connects information, making it available as objects on the network." The framework of the LIGHT system will be published under the GPL. For more information, check this announcement. (Thanks to Bernhard Reiter). Section Editor: Jon Corbet |
June 29, 2000 |
|
This week in historyTwo years ago, July 2nd, 1998. John Kirch published his paper on the superiority of Unix over NT. Nowadays, the Unix versus NT website continues his mission. Alan Cox drafted the Anti-Assimilation License, designed for contributing code to BSD projects yet protecting them in a manner similar to the GPL. OpenContent.org started looking at how to apply free software licensing principles to documentation and other non-software content. On the news end, Bill Gates claimed, "I've never had a customer mention Linux to me". That is one statement he is unlikely to make nowadays. Corel's Netwinder was announced, meeting a level of enthusiasm that it has failed to live up to. Caldera made the Netware server available on OpenLinux. Donald Becker's Beowulf site came back. One year ago. July 1, 1999. The Linux telephone was announced. Eric Raymond published his paper The Magic Cauldron. The Mindcraft Linux versus NT benchmarks were re-run and performance flaws in Linux that were found became a top priority and were quickly addressed.
Slashdot was acquired by Andover.net this week, becoming the first
Linux community website to draw a truly large sale price and setting a
precedent for many
future acquisitions.
The Free Practice Management Project was launched that week. Many of the folks responsible for the BugTraq full-disclosure mailing list formed SecurityFocus.com. A file corruption problem in the Linux 2.2 kernel series continued to elude developers. The Hard Hat embedded Linux distribution was announced, along with tummy.com's KRUD (Kevin's Redhat Uber-Distribution). The Apache Foundation was created to support the Apache project. Oh, and yes, Richard Stallman and Eric Raymond were fighting again. | |
|
Letters to the editorLetters to the editor should be sent to letters@lwn.net. Preference will be given to letters which are short, to the point, and well written. If you want your email address "anti-spammed" in some way please be sure to let us know. We do not have a policy against anonymous letters, but we will be reluctant to include them. | |
Date: Fri, 23 Jun 2000 09:44:57 +0000 (GMT) From: John Carter <john@netsys.co.za> To: lwn@lwn.net Subject: What We Really Need Is.... Greetings LWN, Are you aware of http://www.whatweneed.de ? A month or three ago a group of students came onto our local Linux User Group mailing list and asked, "What does Linux still need?" They were doing a project and wanted to do something useful. This started up a _long_ thread of the format... Answer 2n "What we really need now is ...." Answer 2n+1 "We've got that already see http://......" For n = 1 to about 30 I think. In one sense its excellent news. Linux now has nearly everything and http://freshmeat.net is an excellent resource for finding it if it exists. In the end the students went off and did something boring that had already been done. Sad. None of us at the time knew about What We Need. What We Need is a site where you can add items / comment on and vote for "What Linux Really Needs Now". I truly believe that Mr. Herzog's excellent site needs to be more widely known amongst the Linux community. (I have no interests in Mr. Herzog site beyond his, mine and your common desire that Linux succeeds.) Thanks, John Carter Work Email : john@netsys.co.za Private email : cyent@mweb.co.za Yell Phone : 083-543-6915 Phone : 27-12-348-4246 Carter's law of Strategic Planning. "Beware of plans that apply equally well to making pizza as to software development, for they shall neither improve thy pizza nor thy software." | ||
Date: Thu, 22 Jun 2000 10:09:30 -0400 From: John Klar <j.klar@xpedite.com> To: letters@lwn.net Subject: Your comments w.r.t Lessig's "Code and Other ..." I know it's early in the morning (for me anyway), but I think you completely missed the point of what "regulation" Mr. Lessig was referring to. My interpretation of the quote you provided was his opposition to shrinkwrap licenses that indemnify the producers of bugs (product defects). He is absolutely not advocating the code Thought Police. Next you procede with a point about Open Source having less Y2K problems. True, but is it because Open Source packages are Open Source, or because they use Unix time_t encoding, which, by the way, blows up somewhere in or around 2034. Open Source advocacy is all well and good, but be careful what features good or ill you ascribe to it. Unwarranted claim of the moral high-ground, is almost as bad as a flamewar. John Klar, for himself | ||
Date: Thu, 22 Jun 2000 10:52:44 -0400 From: Seth Gordon <sgordon@kenan.com> To: letters@lwn.net Subject: Re: your capsule review of _Code_ I haven't read Lessig's _Code and Other Laws of Cyberspace_, but your quote from the book doesn't match your fear of "government code inspectors". Lessig, in the quoted paragraph, refers to "the tort system .. holding producers responsible". That is, he wants to control software vendors with the threat of lawsuits from customers. For example, Congress could pass a law requiring software vendors to *either* distribute their software under an open-source license, *or* provide some reasonable warranty against consequential and indirect damages. Such a law would give closed-source software vendors an incentive to either improve their quality or open their code; it would provide a safe harbor for open-source software vendors; and it would not require additional government bureaucracy. -- --Why is it that most kids are attracted to computers while most adults are quite wary of computers? --Most adults are smarter than most kids. ["Ask Uncle Louie"] == seth gordon == sgordon@kenan.com == standard disclaimer == == documentation group, kenan systems corp., cambridge, ma == | ||
Date: Thu, 22 Jun 2000 14:11:31 -0400 (EDT) From: Patrick Reynolds <reynolds@cs.duke.edu> To: letters@lwn.net Subject: disabling module loading / capability bounding set In this week's LWN News page, LWN said: > For this reason, many security-conscious sites disable module loading > entirely, either via explicit kernel configuration or by using the > capability bounding set. And way back in December, LWN said something similar: > It turns out that one capability, CAP_SYS_MODULE, is required to load or > unload kernel modules. If you remove CAP_SYS_MODULE from the bounding > set, no more modules can ever be loaded - just what the doctor ordered. LWN is missing a significant weakness in the capability bounding set. The capability bounding set is useless unless you disable /dev/mem, because /proc/sys/kernel/cap-bound maps directly to the cap_bset variable in kernel memory. With a quick poke (remember peek and poke from the days of BASIC on C64s and IBM PCs?) into /dev/mem, you can reset the cap_bset variable, reenabling any or all capabilities, despite the intended one-way-ness of the capability bounding set. To get the address for cap_bset, just: $ grep cap_bset System.map c01d46b0 D cap_bset Strip off the leading 'c' (since the kernel segment maps to 0xc0000000 on x86s) and you get the raw memory address to write to. On an x86, it's a 32-bit, little-endian integer. Write 0xffffffff to it to reset all capability bounds. To make capability bounding sets at all useful, you have to disable CAP_SYS_RAWIO, which governs access to /dev/mem. Be advised that doing so will break X and any other user-space program that needs raw access to memory or I/O ports. More fun with module security... Even if you compile a kernel with module loading completely disabled, a clever attacker could still load custom, module-like code into the kernel using /dev/mem. It's trickier than changing cap-bound, but it's still feasible. I'll leave it as an exercise for the reader to figure out how. The morals of this story? Security is hard. Disable CAP_SYS_RAWIO, or don't bother with /proc/sys/kernel/cap-bound at all. --Patrick | ||
Date: Mon, 26 Jun 2000 15:06:51 +0100 (BST) To: letters@lwn.net From: Duncan Simpson <dps@io.stargate.co.uk> Subject: Commercia licences for GPLed stuff IF I am the copyright holder, as is the case with checkps and word2x in my case, I can licence under any licence I want. A GPLed copy in no way restricts me from doing that (which is probably legally difficult to manage). Similarly the FSF could licence gcc as $10000 per copy to someone, alhtough it would have to be some specularly stupid. If Hans can get all the copyright holders to agree there is nothing to stop them selling their code for vast sums per copy to anybody, and allowing free use in linux (and anything else GPL-compatible). Provided you retain the copyright one can sell ones soul and keep it too. | ||
Date: Mon, 26 Jun 2000 16:56:13 +0100 From: kevin lyda <kevin@suberic.net> To: letters@lwn.net Subject: Welcome to Enterprise Linux --wac7ysb48OaltWcw Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable It's nice that the "established publishing" industry has decided to notice us and all but I hope the following things happen: 1. People who have been involved with linux for a long time remember that companies like SSC (who publish LJ AFAIK) have been here for a long time as well. 2. That not only remember that but that we do so with our subscriptions and encouraging new linux people to do the same. 3. That older Linux companies remember how hard it was to get started, that established things like publishing had to be recreated just to get heard, and that they remember that difficulty by being open to publishing magazines (or making space in current ones) for other emerging systems (*bsd and others). the "free s/w community" (whatever that is) should remember the people and the companies they formed that stuck by linux and free software before it was "profitable." kevin --=20 kevin@suberic.net "we were goin' for breakfast. in canada. we fork()'ed on 37058400 made a deal: if she'd stop hookin', i'd stop meatspace place: work shootin' people. maybe we were aiming high." --porter, "payback" --wac7ysb48OaltWcw Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5V30dSWViC/JcvFsRARTTAJ9+Dpw4MbvC9/x/+sxx8inNSwANVwCg8NS4 3k5FdBIwxBbQN9kzl8ftXLs= =G82V -----END PGP SIGNATURE----- --wac7ysb48OaltWcw-- | ||
Date: Tue, 27 Jun 2000 11:27:35 +0530 From: Anand Srivastava <anand@aplion.stpn.soft.net> To: letters@lwn.net Subject: Crusoe: The Ultimate Linux Platform I was thinking of how a close coupling of Linux and Crusoe could give Wintel a run for their money on the server front. Till now Transmeta has concentrated on the mobile computing, because its very difficult to optimize a given operating system which you cannot change. With linux this problem is not there. It was necessary to compete with MS head on to build credibility and the Mobile computing is the right place. But now that they have done this, they could divert their energies to creating a processor for the Server side. It should be pretty easy for them to provide more than one set of registers to hold more than one processes' states. This will save some context switches, and will allow to add more pipelines, which can execute instructions from all processes. For servers throughput is more necessary, due to this some optimizations, like speculative execution of branches can be dropped in favour of executing from other processes. Also the Morphing code may be given its own register area along with dedicated special purpose pipelines. Also a special register set for the kernel. The expansion ideas are only limited by the I/O bus speed, and processor area. Since they have freed up a lot of processor area, they can afford to add more pipes and registers. I am waiting for the much improved Crusoe. -anand | ||
From: Mark Christensen <mchristensen@HTEC.com> To: jja@wallace.lusArs.net, letters@lwn.net Subject: More on licenses and loopholes Date: Tue, 27 Jun 2000 11:28:21 -0400 "I think this gentleman misses the point of the BSD license. The ability to reuse code in traditional commercial settings is not regarded by BSD proponents as a 'loophole.'" On the contrary, I think you miss his point; he was not trying to claim that code re-use is bad. In fact, he seemed quite sympathetic to the BSD style license. But the question he raises is still valid--Doesn't the GPL make the "embrace and extend" strategy significantly more difficult to implement? My take on all of this is that, if you are writing yet another internet chat client, the fact that your code could be re-used in a Microsoft product is probably not that troubling. On the other hand, if your intent is to create an internet standard, it seems perfectly reasonable to try to protect that standard from attempts by proprietary software vendors to co-opt that standard by using the GPL. Which, for example is why SGI releases all of their open source code under the GPL. It's their way of sharing their work with the community and keeping their code out of the reach of hardcore proprietary Unix vendors like Sun. Mark Christensen wwwlight@mediaone.net | ||
|